π What’s trending in cybersecurity today?
OAuth Misuse, BEC Campaign, Cryptomining Attack, Russian Cyber Espionage, Microsoft Update, Sophos Firewalls, Avira Freeze on Boot, Kyivstar Cyber Attack, Russian Tax Service, OKX DEX Hit, Rumble Attacked, StarsX Team, India, US Cyber Director, UK Ministry of Defence Fined, BlackBerry,Β Kelvin Security, CISAβs Cloud Security.
π¨Β Cyber Alerts
1. Microsoft Warns of OAuth Misuse in Attacks
Microsoft warns of financially-motivated threat actors exploiting OAuth apps for BEC and cryptomining. Recent incidents revealed attackers targeting accounts lacking robust authentication, creating OAuth apps for various illicit activities, from cryptomining to BEC attacks and spam campaigns.
2. APT28 Targets 13 Nations in Cyber Espionage
APT28, also known as ITG05, BlueDelta, Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, Sofacy, and TA422, is a Russian nation-state threat actor engaged in ongoing cyber espionage campaigns. They have recently utilized lures related to the Israel-Hamas conflict to deliver a custom backdoor called HeadLace. The campaign targets entities in at least 13 nations, including Hungary, TΓΌrkiye, Australia, Poland, Belgium, Ukraine, Germany, Azerbaijan, Saudi Arabia, Kazakhstan, Italy, Latvia, and Romania. The attacks involve decoys focused on European entities with influence over humanitarian aid allocation, using documents from organizations like the United Nations, the Bank of Israel, the U.S. Congressional Research Service, and the European Parliament. The group has shown an increased emphasis on a specific target audience involved in emerging policy creation, particularly in the realm of global foreign policy centers.
3. Microsoft Fixes 4 Critical Vulnerabilities
Microsoft’s final Patch Tuesday of 2023 addressed 33 flaws, with four deemed critical and 29 important. Notable vulnerabilities include those affecting Windows MSHTML Platform, Internet Connection Sharing, and Microsoft Outlook, highlighting the need for users to apply the patches promptly to mitigate potential risks.
4. Sophos Fixes RCE in Old Firewalls
Sophos addresses a remote code execution (RCE) vulnerability, CVE-2022-3236, in its Firewall that was actively exploited in attacks. The company backported the fix for end-of-life (EOL) firewall firmware versions after discovering continued exploitation, urging organizations to upgrade their EOL devices and firmware to the latest versions to mitigate risks.
5. Avira Update Causes Windows Freezes
Avira antivirus update causes Windows freeze; users report system unresponsiveness, linked to Avira’s internal Firewall. Avira acknowledges the issue, attributes it to a rare condition, and deploys an automatic fix, suggesting users contact support if needed.
6. Kyivstar Faces Cyber Attack
Kyivstar, the leading Ukrainian mobile operator, faced a cyberattack that disrupted internet access and mobile communications amid Ukrainian President Zelenskyy’s visit to Washington. While personal data of subscribers seems unaffected, the outage impacted air raid sirens, retail payments, and ATM access, raising concerns about potential connections to Russian state hackers amid ongoing tensions.
7. Ukraine Alleges Cyber Attack on Russian Tax
Ukraine’s intelligence (GUR) claims responsibility for infecting and damaging thousands of servers in Russia’s state tax service, causing a “complete destruction” of its infrastructure. The attack, which Ukraine says paralyzed the tax service’s internet connection and will likely take at least a month to recover from, follows GUR’s previous acknowledgment of a successful cyber operation against Russia’s civil aviation agency in November.
8. OKX DEX Faces $2.7M Breach
OKX decentralized exchange (DEX) faced a significant security breach, resulting in a $2.7 million loss, triggered by the reported leakage of the proxy admin owner’s private key. The incident unfolded on December 13, with the attacker exploiting tokens after an upgrade to the DEX proxy contract. Blockchain security firms SlowMist Zone and PeckShield highlighted the breach, emphasizing the importance for users to revoke allowances and stay vigilant in the aftermath of the attack.
9. Rumble Faces Cyber Attack
Rumble, a widely-used video hosting platform, experienced a significant cyber Attack disrupting its services, confirmed by CEO Chris Pavlovski. The CEO hinted at potential political motives, suspecting the attack is linked to activists or organizations aiming to censor creators, particularly in relation to J6 videos on Rumble. While services are gradually recovering, Rumble sees the incident as a learning experience and expresses gratitude for user and creator patience during the cyberattack.
10. StarsX Team’s Allegedly Hit Indian Gov
In a bold move, the StarsX Team hacker group asserts responsibility for an apparent cyberattack on Indian government websites, flaunting their declaration on a dark web forum. Despite providing links with alleged evidence, a deeper investigation reveals that the targeted government sites, including the Department of Justice and High Court of Punjab and Haryana, show no signs of the claimed Distributed Denial of Service (DDoS) attack. Notably affiliated with Indonesia, the group’s history reflects a broader geopolitical agenda, with previous intentions declared in defense of Palestine’s independence, condemning Israel, India, France, and America as their primary adversaries.
11. Coker Confirmed as US Cyber Director
Harry Coker was confirmed as the new National Cyber Director in the White House, succeeding Chris Inglis. Coker, a former NSA executive, pledges to continue the ONCD’s efforts in cybersecurity policy and strategy.
12. UK Ministry Fined for Afghan Data Breach
The United Kingdomβs Ministry of Defence faces a hefty fine of $440,000 for a significant data breach during the Afghan evacuation, where personal information of Afghans seeking relocation after the Taliban’s takeover was exposed. The Information Commissionerβs Office (ICO) issued the fine, emphasizing the breach’s potential threat to life. The breach occurred when an email with personal details of 245 individuals was mistakenly sent to a list of Afghan nationals eligible for evacuation, raising concerns about the safety of those affected.
13. BlackBerry Splits Cybersecurity and IoT Units
BlackBerry has scrapped plans for an equity carve-out of its IoT business, opting instead to operate its cybersecurity and IoT units independently. John Giamatteo, previously head of the cybersecurity segment, takes over as CEO. The move follows a strategic review, and while specific plans aren’t outlined, the separation of business units aims to operate independently and profitably, unlocking shareholder value.
14. Spain Arrests Kelvin Security Operative
Spanish national police have apprehended a key money laundering figure linked to the Kelvin Security hacking operation, who reportedly entered the country as a tourist. The arrest follows an investigation into the hacking group, initiated after they targeted systems belonging to major Spanish cities and regional governments. The detained individual, identified as the head of Kelvin Security’s money laundering operation, is shown in a video released by the Ministry of the Interior, highlighting law enforcement’s efforts to combat cybercrime with a focus on cryptocurrency operations.
15. CISA Invites Collaboration for Cloud Security
The Cybersecurity and Infrastructure Security Agency (CISA) has released Secure Configuration Baselines for Google Workspace (GWS) and a corresponding assessment tool, ScubaGoggles, designed to enhance cybersecurity in federal agencies and improve overall cyber posture. This initiative aligns with CISA’s mission to secure federal IT enterprises, emphasizing the importance of cloud security practices, encryption, multifactor authentication, and operational visibility in response to evolving cyber threats.