Amidst today’s ever-evolving cybersecurity landscape, various threats have surfaced, including Looney Tunables’ Linux vulnerability, EvilProxy’s Microsoft 365 phishing, Mirai-derived botnet variants, Google’s October Android security patch, malicious npm packages, and Qualcomm’s zero-day exploits.
Embarking on a cyber journey, incidents like Lorenz Ransomware at Allcare Pharmacy, a data leak at San Francisco Transportation Agency, Estes Express cyberattack affecting freight operations, and Fauquier County Schools’ defense against LockBit ransomware unfold, exposing vulnerabilities in the digital realm.
Venture into the cybersecurity terrain with the UK’s passport database for crime prevention, the EU’s technology risk assessment and export controls, Indiana Attorney General’s lawsuit against CarePointe, enhanced journalist protections by the EU Parliament, and voices like Tom Hanks and Gayle King opposing AI-driven ads.
π¨Β Cyber Alerts
1. Linux’s Looney Tunables Vulnerability
A newly unearthed Linux security vulnerability, dubbed “Looney Tunables,” has raised alarms within the cybersecurity community. Discovered in the GNU C library’sΒ ld.soΒ dynamic loader, this flaw, tracked as CVE-2023-4911 with a CVSS score of 7.8, is a buffer overflow residing in the processing of the GLIBC_TUNABLES environment variable. Cybersecurity firm Qualys, the entity behind the disclosure, pinpointed a code commit in April 2021 as the source of the vulnerability.
2. Phishing Campaign Hits Executives
A recently discovered phishing campaign is specifically targeting high-ranking executives in U.S.-based organizations who use Microsoft 365 accounts. The attackers are exploiting open redirects on the Indeed job listing website to send phishing emails that appear legitimate. By using the EvilProxy phishing service, these cybercriminals can collect session cookies, allowing them to bypass multi-factor authentication and gain full access to victims’ accounts.
3. Evolution of Mirai Botnet
NSFOCUS identified several new botnet variants derived from Mirai, with hailBot, kiraiBot, and catDDoS being particularly active and posing significant threats. These botnets exhibit various characteristics and attack methods, with hailBot, for instance, focusing on exploratory test attacks and expanding its command and control infrastructure.
4. October 2023 Android Security Update
Google has rolled out its October 2023 security updates for Android, tackling a total of 54 distinct vulnerabilities, with a special focus on addressing two actively exploited ones. CVE-2023-4863, a buffer overflow vulnerability in libwebp, affects various software, including Chrome, Firefox, and Microsoft Teams. On the other hand, CVE-2023-4211 is a use-after-free memory issue in Arm Mali GPU drivers, posing risks to multiple Android device models.
5. Counterfeit npm Packages Threaten Developers
A significant threat to developers has emerged as over three dozen counterfeit npm packages, discovered in the npm package repository, have been found to be capable of exfiltrating sensitive data from developer systems. These malicious packages are designed to steal valuable secrets, including Kubernetes configurations, SSH keys, and system metadata, posing a severe cybersecurity risk.
6. Qualcomm’s Zero-Day Vulnerabilities
Hackers are actively exploiting three zero-day vulnerabilities in Qualcomm’s GPU and Compute DSP drivers, according to a warning from the American semiconductor company. Google’s Threat Analysis Group and Project Zero teams alerted Qualcomm to these vulnerabilities, which include CVE-2023-33106, CVE-2022-22071, and CVE-2023-33063. Qualcomm has released security updates to address the issues, and it has notified impacted OEMs to deploy these updates promptly.
π₯ Cyber Incidents
7.Β Lorenz Ransomware Hits Allcare Pharmacy
The infamous Lorenz ransomware group has claimed responsibility for a data breach at Allcare Pharmacy, laying bare a substantial portion of the company’s database, including sensitive customer information and confidential files. Allcare Pharmacy, a prominent name in the pharmaceutical industry known for its commitment to customer welfare and data security, now faces a significant challenge to its data protection measures.
8. San Francisco Transit Data Breach
A serious data leak at the Metropolitan Transportation Commission in San Francisco has resulted in the exposure of over 26,000 files, including clients’ home addresses and vehicle plate numbers. The leak, caused by a system misconfiguration, put sensitive information at risk, with PDF files of Bay Area Rapid Transit (BART) carpool parking permits among the exposed documents. This incident not only raises concerns about identity theft but also the potential for malicious actors to engage in car plate cloning, a fraudulent activity that could lead to legal troubles for the victims of such scams.
9. Estes Express Cyberattack Impact
Estes Express, a major LTL carrier based in Richmond, Virginia, has confirmed that it fell victim to a cyberattack, though specific details about the nature of the attack remain undisclosed. While the company assured that its terminals and drivers continue to handle freight operations, their IT infrastructure outage has disrupted normal business functions. With Estes being the fifth-largest LTL carrier with an annual revenue of approximately $4 billion, this incident has raised concerns about its impact on the already disrupted LTL market and the potential ripple effects on other carriers as they release October volume data later this month.
10. Virginia School Thwarts Ransomware
Despite a ransomware attack by the notorious Russian gang LockBit, Fauquier County Public Schools in Virginia has managed to keep its classrooms open. The attack occurred on September 12, and the district immediately engaged cybersecurity experts and notified law enforcement agencies. While LockBit demanded a ransom for undisclosed data, the school district claims minimal impact, with no evidence of compromised personal student or staff information.
π’ Cyber News
11. Privacy Concerns Rise Over UK Passport Data
UK’s crime and policing minister, Chris Philp, revealed plans to leverage the country’s passport database, comprising over 45 million facial images, to identify suspects in criminal investigations. While the police already have access to this database, a new data platform is set to streamline its usage within the next two years. The platform aims to integrate various databases, including biometrics for foreign nationals, enabling law enforcement to search for matches using images from CCTV, doorbell cameras, or dashcams.
12. EU Identifies Key Technology Risks
The European Commission has identified four key technologies, including artificial intelligence, advanced semiconductors, quantum computing, and biotechnology, as potential risks to the bloc’s economic security. These technologies will undergo risk assessments by the end of the year, as part of the European Economic Security Strategy. While the Commission emphasized that it isn’t prejudging the outcomes, it aims to ensure a united EU position on technology risks, emphasizing the importance of technological edge and addressing dependencies in the global landscape.
13. Legal Action Against CarePointe
Indiana Attorney General Todd Rokita has filed a lawsuit against CarePointe, a medical office in northwest Indiana, for a ransomware incident that exposed personal and protected health information of approximately 45,000 Indiana patients in 2021. The lawsuit alleges that CarePointe was aware of security risks identified in a HIPAA risk assessment conducted by an IT vendor in January of that year, but the issues were not resolved before the data breach in June.
14. EU Enhances Journalist Protections
The European Parliament has taken steps to enhance protections for journalists from government surveillance as part of the proposed European Media Freedoms Act. Originally, the law aimed to prohibit the surveillance of journalists and their families, along with banning spyware use on their devices except in specific circumstances. However, the amended legislation now includes a near-total ban on spyware within the EU, considering it a threat to privacy rights. Negotiations between the Council, Commission, and Parliament will determine the final text of the law later this month.
15. Hollywood’s AI Imposter Concerns
Acclaimed actor Tom Hanks and CBS talk show co-host Gayle King raised concerns about the proliferation of advertisements featuring AI-generated imposters. Hanks shared his frustration, emphasizing that he has no association with a dental plan promotion featuring an AI version of himself. King, in a similar vein, posted a video urging viewers to explore her supposed weight loss “secret” while disavowing any involvement with the product or the AI-generated content.
Copyright Β© 2023 CyberMaterial. All Rights Reserved.
