π What are the latest cybersecurity alerts, incidents, and news?
Bot Hacking Tool, Atomic Stealer, Advanced Mac Threat Encryption, Apache Hadoop, Flink, Cryptominers, WordPress Plugin, CISA,Advisories, Industrial Control Systems, Water For People, Medusa Ransomware, Framework Computer, Data Breach, Phishing Attack, Lulzsec, Yemen Airstrikes, Banking Logins, IRIMEE, Data Leak, RansomHouse, Snatch, Banco Promerica, Microsoft, EU, Data Control, eBay, Cyberstalking, Bitwarden, Secure Passkeys, Web Vault Access, HelloFresh, Spamming, Apple.
π¨Β Cyber Alerts
-
A newly discovered Python-based hacking tool, FBot, has surfaced with a focus on infiltrating web servers, cloud services, CMS, and prominent SaaS platforms, including AWS, Microsoft 365, PayPal, Sendgrid, and Twilio. According to SentinelOne security researcher Alex Delamotte, FBot’s key features encompass credential harvesting for spamming attacks, AWS account hijacking tools, and functionalities enabling assaults against PayPal and various SaaS accounts. This sophisticated tool, identified as distinct from similar families like AlienFox and Legion, aims to hijack cloud and SaaS services, monetizing access by selling it to other threat actors.
Researchers have uncovered an enhanced version of the macOS information stealer, Atomic (or AMOS), signaling active efforts by threat actors to boost its capabilities. According to Malwarebytes’ JΓ©rΓ΄me Segura, the update in mid to late December 2023 introduced payload encryption, aiming to elude detection measures. Initially surfacing in April 2023 with a $1,000 monthly subscription, Atomic Stealer excels in harvesting sensitive data like Keychain passwords, session cookies, files, crypto wallets, system metadata, and even machine passwords through deceptive prompts. This sophisticated malware has been spreading through malvertising and compromised sites, masquerading as legitimate software and browser updates, over the past several months.
Researchers have uncovered a novel attack exploiting misconfigurations in Apache Hadoop and Flink, deploying cryptocurrency miners stealthily within targeted environments. Aqua security researchers Nitzan Yaakov and Assaf Morag highlight the attacker’s use of packers and rootkits to cloak the malware, deleting directory contents and modifying system configurations for evasion. The attacks leverage misconfigurations in YARN’s ResourceManager for Hadoop and Apache Flink, allowing unauthenticated remote threat actors to execute arbitrary code, with the notable twist of employing rootkits to hide crypto mining processes, adding a layer of sophistication to the intrusion.
Two critical vulnerabilities in the POST SMTP Mailer WordPress plugin, used by 300,000 websites, pose a significant threat by allowing attackers to gain complete control over site authentication. Discovered by Wordfence security researchers Ulysses Saicha and Sean Murphy, the first flaw (CVE-2023-6875) enables an unauthenticated attacker to reset the API key and access sensitive log information, including password reset emails. The second vulnerability (CVE-2023-7027) is a cross-site scripting issue that could let attackers inject arbitrary scripts into affected site pages, emphasizing the urgency for users to update to version 2.8.8, released on January 1, 2024, to patch these security risks.
CISA has issued nine advisories on January 11, 2024, addressing security issues and vulnerabilities in various Industrial Control Systems (ICS). Β These advisories cover systems from Rapid Software LLC, Horner Automation, Schneider Electric, and Siemens, urging users and administrators to promptly review them for technical details and recommended mitigations. The timely release aims to enhance awareness and cybersecurity measures surrounding critical ICS infrastructure.
π₯ Cyber Incidents
Water For People, a leading nonprofit dedicated to water and sanitation development, has fallen victim to the notorious Medusa ransomware group. The cybercriminals have issued demands, including a $10,000 ransom within a day and additional amounts for data deletion and download. While the official website remains functional, the organization is pressed with a tight deadline of 9 days, 21 hours, 02 minutes, and 36 seconds to meet the hackers’ demands, raising concerns about the security of sensitive information related to their mission across nine countries.
Framework Computer has revealed a data breach exposing the personal information of undisclosed customers due to a phishing attack on its accounting service provider, Keating Consulting Group. The California-based laptop manufacturer disclosed that a threat actor, posing as Framework’s CEO, tricked a Keating Consulting accountant into sharing a spreadsheet containing customers’ personally identifiable information (PII) related to outstanding balances. The breached data, including customer names, email addresses, and balances owed, raises concerns about potential phishing risks for affected customers, prompting Framework to advise vigilance and report any suspicious emails to their support team.
Amidst the recent airstrikes in Yemen, hacktivist group Lulzsec has released alleged logins for American banks, raising concerns about their origin possibly tied to previous data breaches. The declaration by Lulzsec, the first to express opposition, hints at potential cyber reprisals following physical responses to the airstrikes by US, UK, and allied forces. As the situation in Yemen intensifies, with explosions rocking cities in response to the airstrikes against Houthi targets, the cybersecurity aspect becomes increasingly complex, involving potential engagement from advanced actors like Iran-linked groups Cyberavengers and Cyber Toufan.
Reports suggest a potential data breach at the Indian Railways Institute of Mechanical & Electrical Engineering (IRIMEE), where a threat actor claims to have leaked 908,626 records for the year 2023. The alleged leak includes sensitive information such as names, email addresses, passwords, and dates of birth. Situated in Jamalpur, IRIMEE serves as the central training hub for Indian Railways, emphasizing the significance of safeguarding the personal data of officers and supervisors in the Mechanical Engineering Department.
Banco Promerica is grappling with a potential cybersecurity crisis as details of a data breach and cyberattack have emerged, initially reported by RansomHouse in December and reiterated by the Snatch ransomware group on January 11th. The Snatch ransomware platform posted messages, inviting insurance companies to take notice and suggesting a lapse in the IT department’s judgment as a potential contributor to the security breach. Concerns escalated when reports of disruptions in digital services since December 10th, 2023, surfaced, prompting social media alerts and questions about the safety of customer data.
π’ Cyber News
Microsoft announced a phased roll-out plan, enabling its European Union cloud customers to process and store all personal data within the region. This move aligns with the growing trend among technology companies to enhance data storage and processing capabilities in compliance with EU privacy and security legislation. In addition to allowing processing of certain data in the EU, Microsoft’s expansion now includes system-generated logs, addressing the challenge for large companies with widely distributed data to ensure compliance with privacy rules.
eBay has agreed to a $3 million settlement in connection with a 2019 cyberstalking campaign targeting a Massachusetts couple critical of the platform. The US Department of Justice announced the maximum criminal penalty, charging eBay with six felony offenses related to stalking, witness tampering, and obstruction of justice. The charges stemmed from a disturbing harassment effort orchestrated by seven eBay employees, including executives, who went as far as conducting surveillance on the couple’s home and sending threatening items. In response, eBay expressed remorse, acknowledged its former employees’ misconduct, and committed to extensive compliance program enhancements under a deferred prosecution agreement.
Bitwarden, the open-source password manager, has rolled out passkeys for users to log into their web vaults, enhancing security and phishing resistance. The passkey feature, currently in beta, relies on the PRF WebAuthn extension for authentication and encryption key generation, allowing users to decrypt their vaults without a master password or email verification. This innovation aims to provide a secure and convenient method for accessing vaults, combining passkey security with Bitwarden’s end-to-end encryption protection.
Food delivery company HelloFresh has been fined $178,000 for sending millions of spam emails and texts to customers. The UK Information Commissioner’s Office (ICO) conducted a 2022 investigation, revealing that HelloFresh sent 79 million emails and one million texts during a seven-month spamming campaign. The ICO found that HelloFresh continued contacting individuals even after requests to stop, and customers were not adequately informed about the use of their data for marketing post-subscription cancellation. The fine reflects a “clear breach of trust,” according to the ICO, emphasizing the consequences for failing to follow data protection laws.
Microsoft momentarily surpassed Apple in market valuation, reaching $2.903 trillion compared to Apple’s $2.886 trillion. The shift is attributed to Microsoft’s growth, particularly in generative artificial intelligence with its investment in OpenAI, maker of ChatGPT. Analysts highlight Microsoft’s faster growth and the benefits from the AI revolution, while Apple faces challenges with weakening demand, especially for the iPhone, and concerns about performance in China.Β
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
