π What’s going on in the cyber world today?
Rugmi Loader, Apache OfBiz Flaw, Barracuda Zero-Day, IBM Cognos Dashboards, Mallox Ransomware, Ohio Lottery, LoanCare Data Breach, CyberAv3ngers, Israel Data Sold, Trinidad and Tobago, KHO Hospitals, CMMC 2.0, Israel Cyber Threats, Google Incognito Mode, Apple Faces Political Hit, New York Times Sues OpenAI.
π¨Β Cyber Alerts
1. Rugmi Loader Spreads Malware
A surge in detections of the newly identified malware loader, Win/TrojanDownloader.Rugmi, reveals a concerning trend as threat actors use it to distribute a range of information stealers. ESET’s telemetry data shows a sharp increase in Rugmi loader detections, underlining the adaptability and widespread usage of stealer malware. The discovery aligns with the broader landscape where stealers like Lumma, Vidar, and others are offered as services, emphasizing the urgent need for enhanced cybersecurity measures against evolving threats.
2. Apache OfBiz Zero-Day Threat
A newly discovered zero-day flaw, CVE-2023-51467, poses a critical security risk within the open-source ERP system, Apache OfBiz. This vulnerability, discovered by SonicWall Capture Labs, exploits an incomplete patch intended for CVE-2023-49070, a previous remote code execution vulnerability. The incomplete fix in CVE-2023-49070 allowed for an authentication bypass in the login function, potentially granting unauthorized access to internal resources. Upgrading to version 18.12.11 or higher is crucial for users to patch this vulnerability and prevent unauthorized access.
3. Barracuda Faces ESG Vulnerabilities
Barracuda’s Email Security Gateway (ESG) faced exploitation by Chinese threat actors leveraging a zero-day vulnerability (CVE-2023-7102). The flaw allowed arbitrary code execution within the open-source library Spreadsheet::ParseExcel. Identified by Mandiant as UNC4841, these actors utilized Excel email attachments to deploy SEASPY and SALTWATER, persisting with command execution capabilities. Barracuda swiftly responded with security updates automatically applied on December 21, 2023, and subsequent patches to remediate compromised devices, highlighting the threat’s adaptability and the need for proactive cybersecurity measures.
4. IBM Fixes Critical Vulnerabilities
IBM Cognos Dashboards on Cloud Pak for Data 4.8.1 resolved vulnerabilities in GNU gcc, GNU glibc, shadow-utils, and RabbitMQ. Identified by CVE IDs like CVE-2023-4641 and CVE-2018-20796, these flaws posed risks ranging from information leaks to application crashes. Upgrading to version 4.0 is advised, while IBM urges prompt updates for security. They emphasize assessing these risks and assure ongoing vigilance for unforeseen vulnerabilities, prioritizing comprehensive user protection.
5. Mallox Evades AMSI with PowerShell Update
The Mallox ransomware group updates its PowerShell script to bypass Anti-Malware Scan Interface (AMSI) detection, aiming to evade antivirus software. By patching the Windows Defender registered dll for AMSI, the script overrides its function with shellcode, permitting execution of malicious PowerShell scripts without triggering AV alerts. Evading AV detection, the script proceeds to download a .NET downloader. Users are advised to employ robust security tools like K7 Total Security to counter evolving bypassing techniques.
6.Β Ohio Lottery Hit by Ransomware
The Ohio Lottery faced a cyber incident on December 24, 2023, disrupting access to winning numbers on their site and app. Customers were directed to retailers for number checks. Prizes up to $599 could be claimed at stores, while higher amounts required mailing or digital claim forms. A newly surfaced DragonForce ransomware gang claimed responsibility, alleging access to over 3 million entries of customer and employee data, including SSNs and DOBs, prompting ongoing investigations into their tactics and origins.
7. Data Breach Hits 1.3M Borrowers
LoanCare, a major mortgage servicing player, alerts 1.3 million borrowers about a data breach originating from its parent company, Fidelity National Financial. The unauthorized access to Fidelity’s systems compromised sensitive borrower information, urging vigilance against potential phishing and scamming attacks. In response, LoanCare offers affected individuals enrollment in a two-year identity monitoring service to mitigate further risks.
8. CyberAv3ngers Sell Israel Power Data
The hacking group known as CyberAv3ngers has announced its possession and sale of 1TB of data allegedly acquired from Israel’s electricity infrastructure. This purported breach is part of a series of cyberattacks initiated by the group over the past month. While the Israel Electric Corporation (IEC) has not officially commented on the claimed ransomware attack, CyberAv3ngers has affirmed their involvement, challenging doubters and expressing intent to reveal supporting documents. Geopolitical concerns arise from reports linking the group to the Iran Revolutionary Guard Corps (IRGC), prompting vigilance in critical infrastructure cybersecurity measures.
9. Trinidad and Tobago NIBTT Ransomware Attack
Trinidad and Tobago’s National Insurance Board faced a ransomware attack, closing operations post-Christmas. Over 630,000 individuals reliant on its social security services were affected. While the agency assessed the breach’s impact, details regarding the attacking group and any ransom demands remained undisclosed. This incident echoes previous ransomware strikes on the country’s justice system. Throughout 2023, several Caribbean nations encountered similar attacks, underscoring the vulnerabilities in government cybersecurity infrastructure.
10. KHO Hospitals Hit by Ransomware
Katholische Hospitalvereinigung Ostwestfalen (KHO) faced a Lockbit ransomware attack, disrupting operations across three German hospitals on December 24, 2023. The cyber intrusion led to data encryption within the hospitals’ IT systems, necessitating an immediate shutdown. While patient treatment continues with limited access and backup restoration, emergency services are redirected, potentially causing critical delays. Investigations are ongoing to determine the extent of data compromise, as the ransomware gang hasn’t confirmed any data theft on the dark web.
π’ Cyber News
11. Cybersecurity Certification for Contractors
The U.S. Department of Defense introduces a transformative rule for the Cybersecurity Maturity Model Certification program, outlining tiered security levels aimed at fortifying contractors’ data protection against cyber threats. These tiers, ranging from fundamental measures in Level 1 to the most advanced protocols in Level 3, mandate compliance evaluations for contractors vying for specific contract awards. With specific security requisites detailed for each tier, Level 2 and 3 contractors must adhere to rigorous measures from NIST standards, while Level 1 contractors handle federal contracting information. This initiative seeks to enhance cybersecurity across defense contractors, fostering transparency and accountability while optimizing resource allocation for security assessments.
12. Israel’s Evolving Cyber Threat Landscape
Israel’s cybersecurity landscape has undergone a significant transformation during the Gaza Strip conflict, evolving from basic online vandalism to sophisticated disruptions aimed at instilling fear. A recent report from Cyber Israel reveals the active involvement of approximately 15 hacker groups associated with Iran, Hamas, and Hezbollah in malicious activities within Israeli cyberspace. These threat actors employ diverse tactics, with a notable increase in phishing attacks, particularly after Hamas’ incursion on October 7. The report highlights specific instances, such as an Iranian phishing campaign disguising as F5, a major Israeli cybersecurity product provider, showcasing the need for heightened vigilance against multifaceted cyber threats in the region.
13. Google Settles Incognito Privacy Case
Google’s multi-year legal battle over Incognito mode’s privacy led to a preliminary settlement following mediation. Allegations claim Google misled users about privacy while browsing incognito. The settlement, awaiting final approval, arises despite Google’s prior evidence exclusion attempts. Plaintiffs argue Google secretly tracked user data despite activating private browsing. The lawsuit highlights Google’s alleged use of tools like Google Analytics, undermining Incognito mode’s confidentiality, contradicting the promised privacy assurances.
14. Apple Faces Indian Hacking Probe
Apple warned Indian journalists and politicians of potential iPhone hacking, but the Bharatiya Janata Party (BJP) questioned Apple’s internal security systems, prompting a government investigation. Modi’s administration pressured Apple for alternative explanations, surprising many. The warnings coincided with inquiries into Adani’s brother, raising suspicions. Apple’s dilemma highlighted balancing privacy and India’s market importance. Navigating political pressure, Apple aimed to uphold its values while ensuring its significant Indian sales growth.
15. NY Times Sues OpenAIOver Copyright
The New York Times has filed a lawsuit against OpenAI and Microsoft, claiming copyright infringement. The suit alleges that millions of Times articles were used to train automated chatbots, creating competition with the news outlet. The lawsuit, a significant move in the legal battle over unauthorized use of published work for AI training, seeks damages and the destruction of chatbot models using copyrighted material from The Times.
Copyright Β© 2023 CyberMaterial. All Rights Reserved.
