π What’s trending in cybersecurity today?
Rockwell, OAuth, VMware, Cisco, GoPIX Malware, China, Disinformation, Canada, Ontario Hospitals, Orange County District Attorney, Norway, University of Tokyo, Healthcare Ransomware, Former NSA Employee, AI-Enhanced Phishing, TSA, Federal Security.
π¨Β Cyber Alerts
1. Rockwell Automation Security Alert
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a significant advisory on Industrial Control Systems (ICS) concerning Rockwell Automation Stratix 5800 and Stratix 5200. This advisory, released on October 24, 2023, offers crucial information about current security threats, vulnerabilities, and potential exploits within the realm of ICS. CISA strongly recommends that users and administrators thoroughly review the advisory for technical insights and guidance to mitigate these risks.
2. OAuth Misconfigurations Endanger Users
Critical misconfigurations in the implementation of the OAuth standard across popular online services, including Grammarly, Vidio, and Bukalapak, have exposed hundreds of millions of users to credential theft, financial fraud, and other cybercriminal activity. Researchers from Salt Labs discovered these API misconfigurations, which put user accounts at risk by allowing attackers to take over multiple sites through OAuth. The issue was found to be a “Pass-The-Token” flaw, enabling attackers to use a token from one site to gain access to another.
3. Unauthenticated Attackers Target VMware
VMware has cautioned administrators about the availability of proof-of-concept (PoC) exploit code for a severe authentication bypass vulnerability in vRealize Log Insight (now known as VMware Aria Operations for Logs). Identified as CVE-2023-34051, this flaw could allow unauthenticated attackers to remotely execute code with root permissions under specific conditions. The security researchers who discovered the bug provided a technical analysis of the vulnerability, along with a PoC exploit and indicators of compromise (IOCs) to aid network defenders in detecting exploitation attempts.
4. Cisco Backdoor Modified to Avoid Detection
Threat actors have modified the backdoor implant that was placed on Cisco devices through the exploitation of zero-day flaws in the IOS XE software. The threat actor has updated the implant to conduct an extra header check, making it only respond when the correct Authorization HTTP header is set, rendering it harder to detect. These attacks exploit CVE-2023-20198 and CVE-2023-20273, granting threat actors access to devices, the creation of privileged accounts, and the deployment of Lua-based implants.
5. Brazil’s PIX System Targeted by GoPIX
A sophisticated malvertising campaign has set its sights on Brazil’s PIX instant payment system, utilizing the newly discovered GoPIX malware. Cybersecurity firm Kaspersky has been monitoring this campaign since December 2022, revealing that it relies on malicious ads appearing when users search for “WhatsApp web” on search engines. These fake ads direct users to a malware landing page, employing various tactics, including cloaking services, to evade detection by sandboxes and bots.
6. China’s Disinformation Targeted Canada
Canada has accused China-linked threat actors of conducting a “spamouflage” campaign, which involved spreading disinformation and propaganda about Canadian politicians, including Prime Minister Justin Trudeau, on social media. This operation utilized thousands of fake accounts on platforms like Facebook and X (formerly Twitter) to tarnish the reputation of politicians by making false claims of corruption, racism, and dishonesty.
π₯ Cyber Incidents
Five hospitals in southwestern Ontario have been impacted by a cyberattack, leading to the disruption of online services, including patient records and email access. The hospitals’ IT provider, TransForm, is currently investigating the extent and cause of the incident, with concerns about potential compromise of patient information. As a result of the attack, patient appointments in the coming days will be rescheduled or alternative arrangements will be made, emphasizing the importance of cybersecurity measures to protect healthcare services and sensitive data.
The Orange County District Attorney’s Office was hit by a devastating cyberattack that came to light on Monday. The breach, described as a “portion” of the Information Technology system, prompted the immediate shutdown of the affected network upon detection to prevent further intrusion. This incident follows previous concerns raised by internal county auditors regarding critical and significant cybersecurity weaknesses, including the risks of unauthorized access and malicious malware.
Norway’s National Security Authority (NSM) has issued a warning after “important businesses” in the country fell victim to cyberattacks exploiting two recently disclosed Cisco vulnerabilities. NSM chief Sofie NystrΓΈm described the situation as “very serious” and warned that these attacks were more potent than previous incidents. Cisco had revealed the exploitation of vulnerabilities with a 10/10 severity score, and while they provided a patch, attackers had already compromised numerous systems, emphasizing the critical need for businesses using Cisco IOS XE to update their systems immediately.
The University of Tokyo disclosed that one of its computers, located at the Graduate School of Arts and Sciences, was infected with malware in July 2022. This breach potentially exposed sensitive data, including addresses and grades of students spanning nearly two decades, from 2003 to 2022. While specialists investigating the incident discovered signs of information theft, the university has not yet confirmed any instances of misuse.
π’ Cyber News
In an analysis conducted by Comparitech, it was revealed that ransomware breaches in the healthcare sector have inflicted a staggering economic cost of $78 billion on the United States. This financial burden is a result of the 539 reported ransomware attacks on healthcare organizations between 2016 and mid-October 2023, affecting nearly 9780 hospitals, clinics, and other medical facilities, with over 52 million patient records compromised. Not only have these attacks resulted in massive data breaches, but they have also caused significant downtime, with an average of 14 days per organization.
Jareh Sebastian Dalke, a former employee of the U.S. National Security Agency (NSA), has pleaded guilty to charges related to his attempt to transmit classified defense information to Russia. Dalke, who held Top Secret clearance during his brief tenure at the NSA in 2022, acknowledged using an encrypted email account between August and September 2022 to send excerpts of three classified documents to an individual he believed to be a Russian agent.
A recent investigation by IBM’s X-Force Red has shed light on the evolving landscape of phishing attacks, where AI-generated phishing emails are demonstrating both speed and efficiency, albeit trailing behind their human counterparts in terms of effectiveness. The study compared AI-generated and human-crafted phishing emails, distributing them to 1600 employees in a healthcare firm
The Transportation Security Administration (TSA) has taken proactive steps to ensure the cybersecurity of passenger and freight railroad carriers by renewing vital directives that were due to expire. The directives consist of three distinct rules, focusing on annual cybersecurity testing, updated assessment plans, network segmentation, access controls, threat detection policies, and timely patching processes.
A comprehensive six-month study of federal government cybersecurity has suggested a more centralized defensive strategy, with the Department of Homeland Security, particularly the Cybersecurity and Infrastructure Security Agency (CISA), playing a more prominent role in securing civilian networks. The report emphasizes the need for CISA to clearly articulate its current and future role, focusing on its mission for federal civilian executive branch agencies.Β
Copyright Β© 2023 CyberMaterial. All Rights Reserved.
