π What’s trending in cybersecurity today?
SpyNote, Android, Malware, Italy, CasaOS, ClearFake, Weintek, Synology, Ampersand, Ransomware, Guatemala, HongKong, BMW, Brazil, DLink, Navy, Prision, Prove Identity, Israel, Hamas, OpenSSF, NSA, Elitewolf.
π¨Β Cyber Alerts
1. SpyNote Android Malware Targets Italy
The Android malware known as ‘SpyNote’ has been discovered spreading through a fake ‘IT-alert’ public alert service, mainly targeting Italy. This fake service imitates the legitimate IT-alert public service operated by the Italian government, designed to provide essential emergency information. It warns users of an imminent volcano eruption and urges them to install the app for updates. However, Android users who download the app are unwittingly installing the SpyNote malware, granting it access to sensitive information and enabling malicious activities such as overlay attacks to steal user credentials from banking and social media apps.Β
2. Critical Flaws in Open Source CasaOS
Two critical security flaws in the open-source CasaOS personal cloud software have been discovered, enabling attackers to execute arbitrary code and gain control over vulnerable systems. These vulnerabilities, identified as CVE-2023-37265 and CVE-2023-37266, hold a high CVSS score of 9.8 out of 10. Researchers found that these flaws allow attackers to bypass authentication requirements, granting them full access to the CasaOS dashboard.
3. ClearFake Exploits Fake Browser Updates
A recently discovered threat known as ClearFake is using compromised WordPress sites to distribute malicious fake browser updates. Researchers at Sekoia suspect that the group behind ClearFake is the same one responsible for SocGholish’s “malware delivery via fake browser updates” campaigns. This threat targets users by serving fake update pages for Chrome, Edge, and Firefox in different languages, tricking them into downloading malware disguised as legitimate browser installers, such as HijackLoader or IDAT loader.Β
4. Weintek Addresses HMI Vulnerabilities
Weintek has successfully addressed critical vulnerabilities in its cMT series HMIs, following a warning from the US cybersecurity agency CISA about these flaws. The Weintek cMT HMI is widely used in critical manufacturing organizations globally, making the vulnerabilities a significant concern for critical infrastructure. Researchers from TXOne Networks discovered these vulnerabilities, which could potentially allow attackers to bypass authentication processes and execute arbitrary commands, posing serious security risks to industrial systems.
5. Synology Vulnerability Exposes Password
A critical vulnerability has been discovered in Synology DiskStation Manager (DSM) by Claroty’s Team82, tracked as CVE-2023-2729 with a CVSS score of 5.9. The flaw stems from the use of a weak random number generator in DSM’s Linux-based operating system for NAS products, specifically the insecure JavaScript Math.random() function. Attackers could exploit this vulnerability to decipher an administrator’s password and potentially take control of the admin account, prompting Synology to release updates addressing the issue in June 2023.
π₯ Cyber Incidents
6. Ampersand Ransomware Attack Impact
Ampersand, a television advertising sales and technology company jointly owned by Comcast Corporation, Charter Communications, and Cox Communications, fell victim to a ransomware attack. The attack disrupted the operations of a company that provides viewership data to advertisers, covering approximately 85 million households. While Ampersand has restored most of its regular operations, it has not disclosed whether a ransom will be paid, emphasizing its commitment to a thorough analysis of the incident.Β
7. Guatemalan Government Websites Hacked
Pro-democracy hackers associated with the activist group Anonymous orchestrated a significant cyberattack on various Guatemalan government websites in a move to support ongoing Indigenous-led demonstrations in the country. These protests have called for the resignation of Attorney General Consuelo Porras, accusing her of undermining the democratic election of President-elect Bernardo ArΓ©valo. The hackers, using the Twitter alternative X, announced their operation to disrupt the Guatemalan government, targeting websites with distributed denial-of-service attacks, a method that floods sites with automated traffic to crash them.Β
8. Hong Kong Ballet Reports Ransomware Attack
The Hong Kong Ballet revealed a recent data breach resulting from a ransomware attack on their computer systems, marking the third such incident to hit well-established organizations in the city within two months. Intruders gained access to personal user details and internal information, with the full extent of the attack still being determined. The institution has initiated an internal investigation, hired external cybersecurity experts, and notified authorities to address the issue promptly, while urging partners and users to exercise caution and follow security measures.
9. BMW Munique Motors Hit by Ransomware
The Knight ransomware group has taken responsibility for a cyberattack on BMW Munique Motors, the authorized BMW dealership for the State of RondΓ΄nia, Brazil. The group left a message on the dark web with a countdown, suggesting the release of download links for stolen files. Notably, the cyberattack was on the BMW dealership and not the parent company itself. Despite the severity of the claims, the BMW Munique Motors website remains operational, indicating a sophisticated cyberattack, possibly targeting the organization’s backend database.
10. D-Link Confirms Data Breach, Downplays Impact
D-Link, a global networking technology company, confirmed a data breach after a threat actor attempted to sell stolen data on BreachForums. The breach, discovered in October 2023, exposed 700 outdated and fragmented records from an obsolete product registration system, impacting names, emails, addresses, and phone numbers. The breach resulted from a phishing attack targeting an employee, prompting D-Link to swiftly shut down affected servers and reassure customers that the majority of the compromised data was low-sensitivity and unlikely to affect most users.
π’ Cyber News
11. Former Navy IT Manager Sentenced to Prison
Former Navy IT Manager Marquis Hooper, 32, of Selma, California, has been sentenced to five years and five months in prison for hacking a database containing personally identifiable information (PII) and selling it for $160,000 in Bitcoin. Hooper, in collaboration with his wife, Natasha Chalk, gained access to a restricted database by falsely claiming to perform background checks on behalf of the Navy. Over 9,000 people’s PII was stolen and sold on the dark web, leading to further criminal activities by those who purchased the information.Β
12. Prove Identity Raises $40M
Prove Identity, a New York-based startup, formerly known as Payfone, recently concluded a $40 million funding round led by MassMutual Ventures and Capital One Ventures. With over $215 million raised to date, the company rebranded itself to focus on digital identity verification and authentication for banks, retailers, and healthcare institutions. Prove Identity’s technology, which leverages mobile phones for identity verification, facilitates faster onboarding, reduces abandonment rates by 35%, and mitigates fraud by 75%, making it a crucial player in the market serving top American banks, cryptocurrency exchanges, and U.S. retailers.
13. Israeli Experts Unite to Find Missing Citizens
Hundreds of Israeli high-tech experts have rallied to form a “war room” aimed at locating more than 1,000 Israelis who went missing following the recent attack by Hamas. These volunteers, based in Tel Aviv, the hub of Israel’s high-tech and cyber security sector, are leveraging artificial intelligence, facial recognition, and voice analysis to identify and locate the missing individuals. The government relies on the information gathered by these experts as Israel strives to respond to the attack, while Hamas attempts to remove online footage of their actions to evade analysis.
14. Malicious Packages Database by OpenSSF
The OpenSSF Package Analysis team has introduced a significant development, the Malicious Packages repository, a pioneering open source system designed for collecting and sharing cross-ecosystem reports concerning malicious packages. This initiative was spurred by the growing prevalence of attacks involving malicious open source packages, exemplified by the Lazarus Group’s efforts earlier this year. This centralized repository serves as a crucial resource to alert the community about such attacks and facilitate a comprehensive understanding of the threats.
15. NSA Releases Elitewolf for OT environments
The NSA has released Elitewolf, a repository of specialized tools designed to detect malicious activities in Industrial Control Systems and Operational Technology environments. These intrusion detection signatures and analytics are tailored for ICS /SCADA / OT systems, enabling critical infrastructure entities to establish continuous system monitoring capabilities. The release addresses rising cyber threats to critical infrastructure, providing organizations with essential tools to enhance their cybersecurity measures and detect potential malicious activities effectively.
Copyright Β© 2023 CyberMaterial. All Rights Reserved.
