π What are the latest cybersecurity alerts, incidents, and news?
FalseFont Malware, LONEPAGE Malware, Credit Card Skimming, WordPress, WooCommerce, Data Leak in ChatGPT, OpenAI, ESET Patch, Russian Water Utility Attacked, First American Financial Cyber Attack, St Vincentβs Health, BidenCash, Stolen Credit Cards, Liberty Hospital, Children’s Online Privacy, Genomic Data, Cisco Acquisition Plan, Isovalent, Microsoft Defender, Predator Spyware.
π¨Β Cyber Alerts
1. Hackers Target Defense Firms with FalseFont
Microsoft reports that the Iranian APT33 cyber-espionage group, also known as Peach Sandstorm, HOLMIUM, or Refined Kitten, is using the newly discovered FalseFont backdoor malware to target individuals in the Defense Industrial Base (DIB) sector worldwide. The DIB sector includes over 100,000 defense companies involved in researching and developing military weapons systems. FalseFont provides remote access to compromised systems, file execution, and file transfer to command-and-control servers, and the development aligns with APT33’s ongoing efforts to improve their tradecraft, with network defenders advised to reset credentials and enhance security measures.
2. Ukrainian Firms Targeted by WinRAR Exploit
UAC-0099, a threat actor linked to attacks against Ukraine, exploits a WinRAR flaw to deliver the LONEPAGE malware. The attacks involve phishing emails with HTA attachments, self-extracting archives, and ZIP files exploiting CVE-2023-38831. LONEPAGE, a Visual Basic Script malware, is capable of contacting a command-and-control server, leading to unauthorized remote access to Ukrainian computers. Deep Instinct highlights the group’s simple yet effective tactics, relying on PowerShell and scheduled tasks. CERT-UA warns of a related campaign using phishing messages, attributing it to UAC-0050. The attacks indicate ongoing cyber threats targeting Ukrainian entities.
3. WordPress Card Skimming Threat
A malicious plugin injected into a WordPress/WooCommerce website creates a fake administrator user and injects a sophisticated credit card skimming JavaScript into the website’s checkout page. The malware conceals itself from website owners, and the credit card skimmer has features to seamlessly integrate into the infected checkout page.
4. ChatGPT Data Leak and Partial Fix
OpenAI has deployed a partial fix for a data leak flaw in ChatGPT discovered by researcher Johann Rehberger. While the mitigation addresses the issue to some extent, the researcher notes that attackers can still exploit it under certain conditions. Notably, safety checks are yet to be implemented in the iOS mobile app for ChatGPT, leaving the risk unaddressed on that platform. The flaw, initially reported to OpenAI in April 2023, involves a technique to exfiltrate data from ChatGPT, potentially leaking conversation details to an external URL. The incomplete fix introduces client-side checks but doesn’t eliminate the risk entirely.
5. ESET Fixes High Severity Bug in Scanning
ESET has fixed a high-severity vulnerability (CVE-2023-5594, CVSS score 7.5) in its Secure Traffic Scanning Feature that could have allowed attackers to make web browsers trust sites using certificates signed with outdated and insecure algorithms. The flaw, which impacted various ESET products, involved improper validation of the server’s certificate chain, potentially causing browsers to trust sites secured with certificates signed using obsolete algorithms.
6. Russian Water Utility Hit by Cyber Attack
Ukrainian hacker group Blackjack allegedly targeted Russian water utility Rosvodokanal in a cyber attack, erasing over 50 terabytes of data. The incident is viewed as potential retaliation for a prior cyberattack on Ukraine’s Kyivstar, with speculation that the Security Service of Ukraine (SBU) may have played a role in the Rosvodokanal attack, highlighting the escalating cyber conflict between the two nations.
7. First American Financial Faces Cyber Attack
First American Financial Corporation, the second-largest title insurance company in the United States, has fallen victim to a cyberattack, prompting the temporary shutdown of certain systems to contain the impact. This incident follows a recent trend in the title insurance sector, with Fidelity National Financial disclosing a cybersecurity incident attributed to the ALPHV/BlackCat ransomware gang.
8. St Vincent’s Cybersecurity Breach
Australiaβs largest not-for-profit health and aged care provider, St Vincentβs, has confirmed a cyber attack that resulted in the theft of some data. The health provider is actively investigating the incident, engaging external security experts, and collaborating with government agencies to respond to and mitigate the impact of the breach.
9. BidenCash Lures Cybercrime with 1.9M Cards
The darkweb marketplace, BidenCash, known for trading stolen credit cards, has unleashed 1.9 million credit cards for free as a promotional strategy to lure cybercriminals. Operating on both the dark web and clearnet, BidenCash gained infamy for selling stolen credit and debit cards obtained through phishing or e-commerce skimming. This move, marking its fourth release since October 2022, raises concerns about potential risks for cardholders, exposing them to unauthorized online purchases and money-mule networks, emphasizing the importance of robust cybersecurity measures for users.
10. Kansas City Hospital Hit by Cyber Attack
A hospital near Kansas City, Missouri, faced significant disruptions after a cyber attack limited its computer systems. Liberty Hospital initially transferred some patients to other hospitals, but officials later stated that the situation had stabilized. The hospital urged those in need of medical care to go to other facilities and reported ongoing efforts to investigate the source of the disruption while prioritizing patient safety and care. The incident underscores the ongoing threat of ransomware attacks on healthcare facilities, posing risks to patient care and data security.
11. FTC Proposes Stricter Child Privacy Rules
The Federal Trade Commission (FTC) has unveiled proposed changes to the Childrenβs Online Privacy Protection Rule (COPPA Rule), introducing new measures to safeguard children’s personal information and limit companies’ ability to monetize such data. The proposal shifts the responsibility from parents to service providers, aiming to ensure the safety and security of digital services for children. The FTC’s suggested modifications include separate opt-ins for targeted advertising, prohibitions on conditioning a child’s participation on excessive data collection, and strengthened data security requirements, reflecting the evolving landscape of online data usage.
12. Genomic Data’s Cybersecurity Risks
The National Institute for Standards and Technology (NIST) has highlighted the escalating privacy and security risks associated with the widespread use of genomic data in various applications, including drug development, consumer ancestry testing, and law enforcement activities. The report underscores the unique cybersecurity challenges posed by genomic data and emphasizes the need for improved policies, guidance, and technical controls to address the risks throughout the data life cycle.
13. Cisco’s Intent to Acquire Isovalent
Cisco plans to acquire Isovalent, an open-source cloud-native networking and security company, to enhance its secure networking capabilities and services. The acquisition aims to enable Cisco to build new multi-cloud security and networking capabilities, leveraging Isovalent’s expertise in open-source technology and initiatives like eBPF and Cilium.
14. Microsoft Ends Defender App Guard in Edge
Microsoft has announced the deprecation of Defender Application Guard (MDAG) for Edge for Business users, signaling a shift in its security strategy. MDAG, which utilizes hardware-based virtualization to secure against potential threats, will no longer receive updates for Edge for Business. Users are encouraged to explore alternative security measures within Edge for Business and transition to Microsoft’s recommended security solutions, aligning with the company’s ongoing efforts to streamline and enhance its security protocols.
15. Predator’s Advanced Cyber Espionage
Predator Spyware’s analysis reveals a reboot-persistent feature offered based on licensing options, allowing it to survive on infected Android systems. Developed by Intellexa Alliance, it targets Android and iOS, utilizing a multimillion-dollar licensing model for its remote mobile extraction capabilities, showcasing a complex structure that leverages symbiotic relationships with components like Alien.
