In today’s episode, we delve into the latest cybersecurity developments, including Tech Giants Combating HTTP/2 Zero-Day, Microsoft’s October Patch Tuesday, Mirai Botnet Advancements, CISA’s Open Source Security Guidance, and Adobe’s Software Updates.
Recent events encompass a cyberattack on Air Europa, suspected sabotage of a subsea cable and gas pipeline, NoEscape Ransomware’s latest targets, an ex-banker’s $2.2 billion cyber heist, and the Russian Cyber Army’s claim of the Seiska cyberattack.
In a series of recent developments, alarming online risks for minors, Vietnamese hackers targeting US notables, young workers’ risky cybersecurity habits, Google’s passkey adoption, and North Korean hackers’ espionage focus are in the spotlight.
π¨Β Cyber Alerts
1. HTTP/2 Rapid Reset Vulnerability
Amazon Web Services, Cloudflare, and Google have taken measures to combat an alarming wave of distributed denial-of-service attacks that leveraged a novel exploit known as the HTTP/2 Rapid Reset Zero-Day Vulnerability. These layer 7 attacks, first detected in late August 2023, were disclosed as CVE-2023-44487, carrying a CVSS score of 7.5 out of 10. Google’s cloud infrastructure faced an onslaught peaking at 398 million requests per second, while AWS and Cloudflare encountered attack volumes exceeding 155 million and 201 million RPS, respectively.
2. Microsoft’s October 2023 Security Updates
Microsoft’s October 2023 Patch Tuesday arrives with a comprehensive set of security updates, addressing a total of 104 vulnerabilities, including three actively exploited zero-day vulnerabilities. While the patches include fixes for forty-five remote code execution bugs, only a dozen vulnerabilities have been rated as ‘Critical,’ and all of them belong to the RCE category.
3. Mirai Variant IZ1H9’s IoT Exploits
The IZ1H9 Mirai botnet variant has ramped up its capabilities by incorporating 13 new exploits, specifically targeting vulnerabilities in devices from major manufacturers such as D-Link, TP-Link, Zyxel, and more, as reported by Fortinet. This variant, known for its aggressive exploitation of unpatched IoT device vulnerabilities, has steadily evolved since its discovery in August 2018 and currently boasts around 30 distinct exploits.
4. CISA Strengthens Open Source Security
CISA, in collaboration with the FBI, NSA, and the Department of the Treasury, has released crucial guidance aimed at bolstering the security of open source software within operational technology and industrial control systems. The recommendations align with CISA’s Open Source Security Roadmap and cover essential areas such as supporting OSS development, vulnerability management, and adopting cybersecurity best practices. In conjunction with this guidance, CISA has introduced the “Securing OSS in OT” web page, which underscores the significance of the Joint Cyber Defense Collaborative’s OSS planning initiative to foster public-private sector collaboration in enhancing OSS security in OT/ICS environments and fortifying defenses against cyber threats in these critical sectors.
5. Critical Flaws in Adobe Products
Adobe has issued a series of critical security updates as part of its Patch Tuesday release, addressing a total of 13 vulnerabilities in various product lines. Of particular concern are 10 severe flaws affecting Adobe Commerce and Magento Open Source, potentially allowing arbitrary code execution, privilege escalation, and other malicious activities. Additionally, Adobe has addressed a critical-severity flaw in Photoshop, identified as CVE-2023-26370, which could enable code execution attacks on both Windows and macOS systems.
π₯ Cyber Incidents
6.Β Air Europa’s Security Breach
Spanish airline Air Europa has fallen victim to a cyberattack that targeted its online payment system, potentially compromising the credit card details of some customers. While the airline has contacted affected customers and informed relevant financial institutions, it refrained from disclosing the exact number of individuals impacted or estimating the financial consequences of the breach. Fortunately, Air Europa reassures that no other sensitive information has been compromised, and there is no evidence of the breach being exploited for fraudulent activities.
7. Subsea Cable and Gas Pipeline Damage
The Finnish government has raised concerns about possible deliberate damage to a subsea telecommunications cable and gas pipeline connecting Finland and Estonia. The investigation into the damage began after network operators detected an unusual pressure drop, leading the Finnish authorities to suspect “external activity” as the cause. While the cause remains unclear and Finland’s Prime Minister Petteri Orpo emphasized the need for a thorough investigation, there are suggestions that Russia may have been involved in the damage to the pipeline.
8. NoEscape Ransomware Hits Again
The notorious NoEscape ransomware syndicate has claimed two more victims in their cyber onslaught, Penfield Fire Company and Centre du Sablon, adding to their growing list of targets. What intensifies the concern is the group’s assertion that they possess a substantial 86GB cache of data belonging to Centre du Sablon, though they have not specified the extent of the breach concerning Penfield Fire Company. As we seek to unearth more information about the Centre du Sablon breach, accessing the company’s website has proven to be an arduous task for The Cyber Express.
9. Billion-Dollar Heist Investigation
An ex-banker and a group of individuals are accused of orchestrating a staggering $2.2 billion heist by hacking into a payment gateway service provider company’s account, as reported by the Thane Police. This audacious cybercrime operation spanned an extended period, utilizing various bank accounts to siphon off funds. While the initial complaint pertained to a $33.5 million heist, further investigation unveiled the colossal $2.2 billion robbery, prompting an FIR against multiple suspects, including the ex-banker, under various sections of the Indian Penal Code and Information Technology Act.
10. Seiska Cyberattack by Russian Group
The notorious Cyber Army Russia has claimed responsibility for a cyberattack on Seiska, a prominent Finnish entertainment magazine headquartered in Helsinki. While Seiska had not confirmed the cyberattack at the time of this report, the Russian Cyber Army left their mark by posting details about the breach on social media, complete with a link to the magazine’s website and its IP address.
π’ Cyber News
11. Rising Online Risks to Children
A recent report by Thorn, a technology nonprofit dedicated to defending children from sexual abuse, highlights a concerning surge in certain online risks faced by minors. The “Emerging Online Trends in Child Sexual Abuse 2023” report reveals a growing trend of minors sharing sexual images of themselves, both consensually and coercively, as well as increased risky online interactions with adults. John Starr, VP of Strategic Impact at Thorn, emphasized that child sexual abuse material is now easily shared on widely used platforms.
12. Youthful Workers and Cybersecurity
A $12,288 bounty has been announced for anyone who can crack the NIST elliptic curves seeds and unveil the original phrases that were hashed to generate them. Cryptography specialist Filippo Valsorda, along with prominent figures in cryptography and cybersecurity, initiated this challenge to shed light on the origin of these crucial cryptographic components.
13. Hackers Target US High-Profiles
Amnesty International’s recent report sheds light on audacious attempts by hackers with ties to Vietnam to compromise the security of several high-profile targets in the United States. The hackers employed social media platforms X and Facebook to disseminate spyware-laced links aimed at installing spyware on the phones of notable figures, including US lawmakers, United Nations officials, and CNN journalists.
14. Google Defaulting to Passkeys for Security
Google has announced a significant security upgrade by making passkeys the default sign-in option for all personal Google Accounts across its services and platforms. After setting up a passkey linked to their device, users can access their Google accounts without the need for traditional passwords or 2-Step Verification. This move aims to simplify sign-ins while enhancing security by offering a more convenient and robust alternative to passwords.
15. Evolving North Korean Hackers
North Korean state-sponsored hackers are continuously enhancing their cyberattack techniques, focusing on espionage and financial crimes, according to Google’s Mandiant threat intelligence group. The group’s report highlights how North Korea utilizes cyber intrusions for both gathering intelligence and financing its cyber and kinetic capabilities. The country, with a population of just 25 million, has stolen over $3 billion in the past five years, with the funds used to support missile and nuclear programs.
Copyright Β© 2023 CyberMaterial. All Rights Reserved.
