π What’s trending in cybersecurity today?
Oracle, Qubitstrike, Citrix NetScaler, TetrisPhantom, EU Elections, Trigona Ransomware, Fantom Foundation, 23andMe, Super SA, Phishing, Microsoft, Spam Rule, Android, Nuclear Cybersecurity, Montana, AI Regulation
π¨Β Cyber Alerts
Oracle has unveiled a substantial number of security patches, totaling 387, as part of its October 2023 CPU, aimed at rectifying vulnerabilities impacting both its proprietary code and third-party components. These patches collectively address a staggering 185 unique CVEs, with over 40 designated as critical-severity flaws, and more than 200 focusing on bugs susceptible to remote exploitation without requiring authentication.Β
In a recent cyber campaign dubbed ‘Qubitstrike,’ attackers are targeting internet-exposed Jupyter Notebooks, deploying a mix of malware including a Linux rootkit, crypto miners, and password-stealing scripts. These attackers aim to hijack Linux servers for cryptomining and to pilfer credentials for cloud services like AWS and Google Cloud. This campaign, notable for hosting malicious payloads on codeberg.org, illustrates an evolving threat landscape, with attackers using Jupyter Notebooks as an entry point, demonstrating the importance of robust cybersecurity measures.
Security experts have revealed that threat actors have been actively exploiting the CVE-2023-4966 vulnerability in Citrix NetScaler ADC/Gateway devices since late August. Citrix issued a critical security bulletin on October 10 regarding this vulnerability, urging users to update to patched versions immediately. The flaw allowed attackers to hijack authenticated sessions, bypass multifactor authentication, and potentially gain access to sensitive resources within affected organizations.Β
Government entities in the Asia-Pacific (APAC) region have become the targets of a prolonged and sophisticated cyber espionage campaign known as TetrisPhantom. Kaspersky, a Russian cybersecurity firm, discovered the ongoing activities early in 2023 and identified the attackers’ covert spying and data harvesting efforts. These espionage operations have been highly targeted and focused on sensitive APAC government networks, utilizing secure USB drives with hardware encryption to infiltrate air-gapped networks and execute various malicious modules.
The 2023 Threat Landscape report by the European Union Agency for Cybersecurity (ENISA) underscores the urgent need for vigilance ahead of the 2024 European elections. Highlighting 2580 incidents from July 2022 to June 2023, the report reveals sectors like public administration and health under threat, with a cascading effect on multiple sectors. Notably, state-nexus actors are increasingly employing traditional and innovative techniques, emphasizing the critical importance of cybersecure infrastructures and safeguarding election processes against information manipulation and disruptive attacks.
π₯ Cyber Incidents
The Ukrainian Cyber Alliance, a group of pro-Ukraine hacktivists, has claimed responsibility for dismantling the Trigona ransomware group’s leak site. According to their spokesperson, known as “herm1t,” they not only shut down the Trigona gang’s servers but also defaced their website and exfiltrated data related to their cybercrime activities. Trigona, a dark web “name-and-shame” extortion blog, had targeted victims in the U.S. and Europe, and the alliance’s actions have disrupted the ransomware group’s entire infrastructure.
The Fantom Foundation, a supporter of the Fantom blockchain network, is grappling with a data breach after hackers exploited a zero-day vulnerability in Google Chrome. The attackers targeted an employee’s personal wallets, leading to the theft of over $550,000 in cryptocurrency. While only a small number of wallets were compromised, the incident underscores the importance of strong cybersecurity practices and the risks associated with cryptocurrency use.Β
A hacker known as Golem has released a new batch of 23andMe user data, compromising records of four million users on the cybercrime forum BreachForums. The leaked data, which includes information on users from Great Britain and wealthy individuals in the US and Western Europe, raises concerns about the extent of the breach. 23andMe, which had previously announced a data breach on October 6, is investigating the authenticity of this latest leak, with unanswered questions about the techniques used, the amount of data stolen, and the hackers’ intentions.
Super SA, the South Australian government-owned superannuation provider, has reported a data breach originating from a “former external service provider,” which has affected a specific group of members. While there is no indication of suspicious activities on member accounts, Super SA has implemented heightened security measures and identity theft monitoring as a precautionary measure.Β Β
π’ Cyber News
A House panel emphasized the need for national privacy laws as a foundation for regulating artificial intelligence (AI) in the US. Members warned against letting China set global data use standards, highlighting concerns over privacy, data misuse, and discrimination. The House Energy and Commerce Committee’s bipartisan proposal, the American Data Privacy and Protection Act, faced criticism and lacked momentum. Renewed urgency arose after tech giants embraced generative AI. Witnesses stressed the importance of America leading AI innovation with privacy, competition, and data minimization. Experts highlighted the failure of current consent paradigms, emphasizing the necessity for transparent data usage explanations.
A joint initiative by CISA, NSA, FBI, and MS-ISAC has resulted in the release of comprehensive guidance titled “Phishing Guidance: Stopping the Attack Cycle at Phase One.” This guide serves as a vital resource for network defenders and software manufacturers, offering insights into common phishing techniques used by malicious actors and strategies to mitigate the impact of phishing incidents, especially concerning credential theft and malware deployment.Β
Microsoft has taken action to address a problematic anti-spam rule that resulted in Microsoft 365 admins’ inboxes being flooded with blind carbon copies (BCC) of outbound emails mistakenly flagged as spam. This false positive issue impacted Exchange Online users globally, tagging all emails sent to external addresses as spam. While Microsoft worked to resolve the issue within approximately 14 hours, affected administrators can take steps to prevent future BCC spam by adjusting the default outbound spam policy settings in Microsoft 365.
Google has introduced new real-time scanning features to its Play Protect system, enhancing the defense against Android malware, especially those using polymorphism to evade detection. This move aims to improve security for all Android users and reduce malware infections. Play Protect now performs real-time scans at the code level, extracting signals for an in-depth analysis to determine an app’s safety, making it more challenging for malicious apps to evade detection.Β
EDF, the operator of several nuclear power plants in the UK, is facing heightened regulatory attention regarding its cybersecurity practices following an inspection. The UK’s chief nuclear inspector’s annual report revealed that EDF failed to deliver a comprehensive cybersecurity improvement plan. While there is no evidence of successful cyberattacks on British nuclear power plants, concerns arise amid growing cyber threats, including ransomware, which the National Cyber Security Centre identifies as a significant disruptive threat, highlighting the need for robust cybersecurity in critical infrastructure.
Sukhdev Vaid, a 24-year-old from India, pleaded guilty to wire fraud charges after stealing $150,000 from a 73-year-old Montana woman. The victim was tricked by a pop-up claiming her computer was hacked, leading her to withdraw the money and hand it over to the fraudsters. A federal operation in March led to the arrest of Vaid and a co-defendant when they attempted to steal the remaining cash.Β Β
Copyright Β© 2023 CyberMaterial. All Rights Reserved.