In today’s alerts, pro-Russian hackers exploit WinRAR flaw, Cisco warns of actively exploited iOS XE zero-day, and critical CISA-FBI alert for Atlassian Confluence patch, alongside active exploitation of industrial cellular routers vulnerability while Microsoft fixes Windows 10 security update issue.
Recent events: 1 million healthcare records exposed, Kansas courts offline due to security incident, cyberattack on Philippines’ House of Representatives website, Henry Schein’s response to cybersecurity incident, and the Colonial Pipeline ransomware incident.
Recent news: Biden retracts water system cybersecurity, US-UAE strengthen ties, UK National Cyber Force welcomes new commander, Steam enhances security with SMS verification, and Signal disproves zero-day vulnerability claims.
π¨Β Cyber Alerts
1. Pro-Russian Hackers Exploit WinRAR Flaw
Cluster25 revealed that pro-Russian hacking groups have been exploiting a recently disclosed security vulnerability in the WinRAR archiving utility to launch a phishing campaign aimed at harvesting credentials from compromised systems. The attack revolves around the use of malicious archive files that exploit the vulnerability known as CVE-2023-38831, affecting WinRAR versions prior to 6.23. These malicious archives contain booby-trapped PDF files that, when opened, execute a Windows Batch script, which in turn launches PowerShell commands to open a reverse shell, providing remote access to the attacker.
2. Cisco Warns of Actively Exploited Zero-Day
Cisco has issued a warning about a new, high-severity zero-day vulnerability in its IOS XE Software, actively exploited by attackers, which could allow them to gain full administrator privileges on affected routers. This critical flaw (CVE-2023-20198) impacts devices with the Web User Interface feature enabled and the HTTP or HTTPS Server feature toggled on. Attackers can create privileged accounts, taking full control of compromised devices.
3. Critical Atlassian Confluence Patch Alert
In a joint advisory, CISA, FBI, and MS-ISAC have issued an urgent warning to network administrators, urging them to swiftly apply security updates to their Atlassian Confluence servers. The vulnerability in question, tracked as CVE-2023-22515, allows for critical privilege escalation and is actively exploited by threat actors. With potential for widespread exploitation, it’s crucial to take immediate action to prevent security breaches and safeguard networks against this risk, especially in government and private sectors where Confluence instances are prevalent.
4. Industrial Router Vulnerability Exploited
A critical flaw in Milesight industrial cellular routers, identified as CVE-2023-43261, with a severity score of 7.5, has been discovered by VulnCheck. The vulnerability, which allows attackers to access sensitive credentials and logs, impacts various router models before version 35.3.0.7, potentially granting remote and unauthenticated attackers unauthorized access to the web interface. Evidence suggests that this vulnerability has been actively exploited on a small scale in the wild, raising concerns about potential unauthorized access to these systems.
5. Microsoft Resolves Windows 10 Update Issue
Microsoft has successfully resolved an issue that affected the installation of Windows 10 security updates released during this month’s Patch Tuesday. The problem impacted systems running Windows 10 21H2 and Windows 10 22H2, causing the KB5031356 security update to fail despite showing initial progress. Microsoft utilized Known Issue Rollback to fix the problem, and while the automatic rollout may take up to 24 hours, users can expedite the process by restarting their Windows devices.
π₯ Cyber Incidents
Β 6. Palestine Healthcare System Hit by Breach
A massive healthcare database connected to Palestine has suffered a data breach, resulting in the exposure of more than 1.3 million records. These records contain sensitive healthcare data, including nursing records, mental health screenings, and emergency nursing records. It’s important to highlight that this data exposure, occurring amid the ongoing Hamas-Israel conflict, leaves millions of people vulnerable, with potential risks like identity theft, fraud, and illegal data sales on the dark web.
7. Kansas Courts’ Cybersecurity Disruption
Kansas state courts face an ongoing security incident, leaving vital court systems offline, impacting eFiling, payments, and case management systems. In response, the Supreme Court extends filing deadlines and shifts to paper-based operations, with an investigation underway to identify the breach’s nature and extent. The disruption comes in the wake of cybersecurity challenges faced by other state courts, raising concerns about the security of legal systems.
8. House of Representatives Website Hacked
Hackers defaced the website of the Philippine House of Representatives, leaving a troll face meme with messages that read “you’ve been hacked” and “have a nice day.” The group responsible for the attack identifies itself as “3MUSKETEERZ.” Following the breach, the House of Representatives assured the public that it took immediate steps to address the issue and is cooperating with relevant government agencies for an investigation.
9. Henry Schein Addresses Cyber Incident
Henry Schein, Inc. responded to a cybersecurity incident that impacted a portion of its manufacturing and distribution businesses on October 14, 2023. In an effort to contain the situation, the company temporarily took some systems offline, causing disruptions to its business operations. While working to resolve the issue, Henry Schein has ensured that the practice management software used by its clients remains unaffected.
10. Colonial Pipeline Ransomware Incident
Colonial Pipeline has refuted ransomware claims by theΒ Ransomed.vcΒ gang, stating that their system remains secure with no operational disruption. The company clarified that files posted online are part of a third-party data breach unrelated to Colonial Pipeline. While the gang boasted about extorting Colonial Pipeline and shared stolen documents, including references to a 2021 ransomware attack, the company maintained the claims were fictitious.
π’ Cyber News
11. Biden withdraws water system cybersecurity
The Biden administration is retracting efforts to incorporate cybersecurity into federally mandated water system safety assessments, following opposition and litigation from multiple states and industry lobbying groups. The Environmental Protection Agency initially sought to include security assessments for operational technology in periodic safety evaluations. However, the EPA has decided to remove this cybersecurity component from water system safety assessments, citing ongoing litigation as the reason.
12. US-UAE Cybersecurity Cooperation Pact
The United States and the United Arab Emirates have cemented an agreement to outline their collaboration on cybersecurity and digital resilience. The memorandum of understanding, signed by the Treasury Department and the UAE’s Cyber Security Council, focuses on sharing information about digital threats to the financial sector, enhancing training and staff visits, and conducting joint online exercises. This collaboration aims to address the increasing complexity of cyber and ransomware attacks to safeguard the international financial system.
13. UK’s National Cyber Force Gets New Leader
Tim Neal-Hopes, an Air Vice-Marshal in the Royal Air Force, has been named as the new commander of the United Kingdom’s National Cyber Force. He brings extensive cyber and intelligence experience, holding a master’s degree in computer and network security, among other qualifications. Neal-Hopes will play a crucial role in overseeing the NCF’s growth and the opening of its new headquarters, while emphasizing the responsible projection of cyber power to protect national security.
14. Steam Implements SMS Verification
Valve is taking action to address a recent surge in malicious updates on Steam. The company will require developers to undergo SMS-based security verification before pushing updates to the default release branch, starting on October 24, 2023. This move aims to counter the compromise of Steamworks accounts and the subsequent distribution of malware-laden builds to players. Although SMS verification is a step toward improving supply chain security, it may not provide a foolproof solution, as some developers have pointed out the limitations and potential risks associated with it.
15. Zero-Day Vulnerability in Signal Debunked
Signal, the encrypted messaging app, has responded to viral reports of a supposed zero-day vulnerability in its software, debunking the claims. The company conducted a responsible investigation and found no evidence to support the alleged vulnerability. Signal also reached out to the U.S. government, which couldn’t verify the claim, and encouraged individuals with legitimate information to report toΒ security@signal.org.
Copyright Β© 2023 CyberMaterial. All Rights Reserved.
