π What’s the latest in the cyber world today?
Opera Browser, MyFlaw, Cisco Routers, Cyber Espionage, SonicWall Firewall, Ivanti, Zero-Days, VPN and NAC Vulnerabilities, Microsoft, Installation Errors, Security Update, Anonymous Sudan, London Internet Exchange, Carnegie Mellon University, Israeli Ports, Alkem Laboratories, LockBit Ransomware, Maisons de lβAvenir, Shinwa Co, OpenAI, Election Disinformation, Pentagon, U.S. National Cyber Director, Botnet, Supercomputing Excess Heat.
π¨Β Cyber Alerts
Security researchers reveal a now-patched vulnerability in the Opera web browser, named MyFlaw, allowing the execution of any file on Windows and macOS. Exploiting the flaw through the My Flow feature, the flaw bypasses the browser’s sandbox and entire process, impacting both Opera and Opera GX. Despite swift action from Opera to fix the security hole and prevent future issues, the incident underscores the growing complexity of browser-based attacks and the need for internal design changes in browser infrastructure.
Chinese state-sponsored hacking group Volt Typhoon has shifted its focus to exploit end-of-life Cisco routers, impacting the U.S., U.K., and Australia, according to SecurityScorecard’s STRIKE Team. The attackers, taking advantage of vulnerabilities in discontinued Cisco RV320/325 devices, highlight the cybersecurity risks associated with neglected legacy hardware, emphasizing the need for enhanced defenses. Experts warn that such targeted campaigns underscore the evolving capabilities of Chinese state-sponsored cyber groups, with a strategic emphasis on exploiting outdated systems for potential cyber espionage and disruption.
Security researchers have uncovered a critical flaw in over 178,000 SonicWall next-generation firewalls, leaving them vulnerable to denial-of-service and potential remote code execution attacks. The exposed appliances are affected by two security flaws, with 76% of them susceptible to either one or both issues. Although the vendor claims no exploitation in the wild, the massive attack surface poses a significant risk, urging administrators to secure SonicWall NGFW appliances and apply the latest firmware updates promptly.
Security researchers have uncovered two zero-day vulnerabilities in Ivanti’s Connect Secure VPN and Policy Secure NAC appliances, which are now being widely exploited. Threat groups are chaining CVE-2023-46805 and CVE-2024-21887 to launch attacks since January 11, compromising organizations globally, including Fortune 500 companies and government departments. While patches are pending, admins are advised to apply mitigation measures, run integrity checks, and consider compromised data on affected appliances until patches are available.
Microsoft is addressing installation errors (0x80070643) associated with the KB5034441 security update, which resolves the CVE-2024-20666 BitLocker vulnerability. The issue arises when deploying the update on systems with a Windows Recovery Environment (WinRE) partition that is too small, resulting in generic error messages. While a fix is in progress, Microsoft offers detailed instructions, including a PowerShell script, for users to resize their WinRE partitions, ensuring successful installation and addressing the BitLocker flaw that could expose encrypted data to potential threats.
π₯ Cyber Incidents
Anonymous Sudan, a Russia-affiliated hacktivist group, asserts responsibility for a cyberattack on the London Internet Exchange (LINX). LINX is a major global exchange point based in London, providing peering services to network operators worldwide. The group cites the cyber assault as a reaction to Britain’s support for Israel and air attacks on Yemen, threatening a significant cyberattack on the UK in the near future. The authenticity of the claim remains unconfirmed, as LINX’s website reportedly remained online amid the group’s announcement.
Carnegie Mellon University, renowned for computer science, faced a cyberattack where personal data of over 7300 individuals was at risk. The breach was detected in August 2023, prompting an extensive investigation and recovery operation. While the university found that sensitive files were accessed, there’s no evidence of misuse as of now, emphasizing the ongoing challenges in safeguarding valuable personal information.
The Anonymous Sudan hacker group claimed responsibility for targeting Israeli ports, including the Israel Ports Development & Assets Company and Haifa Port Company. The threat actor aimed at crucial elements of the ports’ digital infrastructure, causing reported damage to the overall digital health of the companies. This incident follows a previous attack in November 2023, with the group showing affiliations with Russian interests and expressing solidarity with Hamas amid the Israel-Palestine conflict.
Pharmaceutical giant Alkem Laboratories confirmed a cybersecurity incident resulting in a fraudulent transfer of $6.2M from a subsidiary, raising concerns about cyber vulnerabilities in India’s pharmaceutical sector. The company disclosed that compromised business email IDs of some employees led to the incident, emphasizing minimal impact confined to a specific event. Alkem appointed an independent agency to investigate, reassuring stakeholders that the fraud was unrelated to internal misconduct and highlighting recent cybersecurity partnerships to enhance defenses.
The LockBit ransomware group has recently expanded its dark web portfolio, adding two new victims, Maisons de lβAvenir in France and Shinwa Co in Japan, with a looming deadline for their ransom demands set for February 4, 2024. The motive and scope of the cyberattacks remain undisclosed, raising concerns due to the diverse geographical locations of the targeted companies. Despite the group’s bold claims, both Maisons de lβAvenir and Shinwa Co’s websites were found to be fully operational, adding an air of urgency to the situation as the deadline approaches. LockBit’s consistent use of double extortion tactics continues to be a worrying trend for cybersecurity experts globally.
π’ Cyber News
OpenAI, the creator of ChatGPT, is set to launch tools combating disinformation in preparation for this year’s crucial elections, including those in the U.S., the U.K., the European Union, and India. Focused on protecting election integrity, OpenAI also prohibits the use of its technology, such as ChatGPT and DALL-E 3, for political campaigns. The initiative involves collaboration across safety systems, threat intelligence, legal, engineering, and policy teams to address challenges like deepfakes, chatbot impersonation, and influence operations.
The Pentagon has released its inaugural National Defense Industrial Strategy, emphasizing the need for modernization to enhance the defense industrial base’s resilience and mitigate technological risks. The strategy outlines priorities like resilient supply chains, workforce readiness, flexible acquisitions, and economic deterrence to counter cyber threats. It stresses collaboration with other federal departments and addresses challenges identified in recent reports, aiming to secure the defense ecosystem against cyberattacks and eliminate dependencies on technology from potentially adversarial countries.
In his first public remarks, National Cyber Director Harry Coker outlined the White House’s commitment to breaking down barriers hindering federal contractors from filling cybersecurity roles, emphasizing the need to make these jobs more accessible. Coker highlighted the importance of recruiting individuals traditionally underrepresented in cybersecurity and addressing issues such as educational requirements and years of experience that limit talent acquisition. The federal government plans to conduct hiring sprints for cybersecurity professionals across agencies, with a focus on diversity, skills-based hiring, and eliminating unnecessary obstacles in federal contracts.
Security researchers have identified a significant surge in global botnet activity from December 2023 to early January 2024, with spikes surpassing one million devices. The escalation, marked by notable departures from typical patterns, revealed an increased use of cheap or free cloud and hosting servers by attackers to establish botnet launch pads. The heightened scanning of global internet ports, particularly ports 80, 443, 3389, 5060, 6881, 8000, 8080, 8081, 808, and 8888, underscores a new level of cloud-based threats to the global internet, emphasizing the necessity for robust DDoS protection against these emerging botnet risks.
In a pioneering initiative in Scotland, a unique heating system trial in Edinburgh aims to utilize waste heat from the University of Edinburghβs Advanced Computing Facility to warm Scottish homes. Housing the UK’s national supercomputer, the facility produces 70 GWh of excess heat annually, projected to reach 272 GWh with the upcoming Exascale supercomputer. A Β£2.6 million feasibility study will explore the potential of disused mines near the facility to store and distribute this heat using heat pump technology, potentially offering a global model for converting abandoned mines into underground heat storage systems, meeting heating needs for millions of households.
