π What’s trending in cybersecurity today?
DPRK Hackers, macOS Malware Spread via Discord, URL Shortening Operation, NuGet Typosquatting Attack, MSBuilds, Scarred Manticore, Middle East, Arid Viper’s Android Spyware Campaign, Dating Apps, British Library Breached, WiHD Exposes User Data, SiegedSec Attacked Bezeq, Workforce Gap, Auto Blocker on Samsung, Windows 11 23H2.
π¨Β Cyber Alerts
1. Scarred Manticore’s Espionage in the Middle East
An Iranian espionage campaign conducted by Scarred Manticore, believed to be associated with the Ministry of Intelligence and Security, has been actively targeting prominent organizations in the Middle East. This ongoing campaign has a particular focus on government, military, telecommunications sectors, as well as IT service providers, financial organizations, and NGOs.
2. Massive Cybercriminal URL Service Unearthed
Security researchers at Infoblox have exposed a vast cybercrime operation orchestrated by an actor known as Prolific Puma. Prolific Puma has been providing link shortening services to cybercriminals for over four years, remaining largely undetected. This operation has registered thousands of domains, particularly using the U.S. top-level domain, to facilitate the distribution of phishing, scams, and malware.
3. Malicious NuGet Exploits VS’s MSBuild
A recent NuGet typosquatting campaign has been discovered, deploying malicious packages that utilize Visual Studio’s MSBuild integration to silently execute code and deliver malware. NuGet, a widely-used package manager, is the primary target of this attack, as it mainly caters to Windows users and is popular among developers. Unlike previous campaigns, this one conceals malicious code within the MSBuild <packageID>.targets file in the “build” directory, allowing it to execute PowerShell scripts when packages are installed.
4. Arid Viper Targeting Arabic Android Users
The threat actor known as Arid Viper, also referred to as APT-C-23, Desert Falcon, or TAG-63, is responsible for an Android spyware campaign that targets Arabic-speaking users through a fake dating app. This campaign is designed to collect sensitive information from infected devices and deploy additional malicious executables, as reported by Cisco Talos.
5. North Korean macOS Malware KANDYKORN
In a recent report, Elastic Security Labs reveals that state-sponsored threat actors from North Korea have been targeting blockchain engineers using a novel macOS malware named KANDYKORN. This activity, observed since April 2023, exhibits similarities to the infamous Lazarus Group. Threat actors lured blockchain engineers via Discord, employing social engineering to trick them into downloading and executing a ZIP archive containing malicious code, disguised as a cryptocurrency arbitrage bot. KANDYKORN is an advanced implant with various capabilities, including file enumeration, data exfiltration, and the ability to run additional malware.
6. Avast SDK Mislabels Google App on Huawei
Users of Huawei, Vivo, and Honor smartphones reported their antivirus software flagging the Google app as malware. The false positive led to warnings about sending SMS messages, installing apps, and stealing sensitive information. Avast later confirmed that its antivirus SDK was behind the issue, and the problem was resolved on October 30.
7. Russia National Payment Card System Hacked
A group of pro-Ukrainian hackers, including DumpForums and the Ukrainian Cyber Alliance, has declared that they breached Russia’s national card payment system and accessed user data. Their actions included defacing the website of Russia’s National Payment Card System and reportedly infiltrating the internal systems of Mir, a payment network operated by NSPK. While NSPK acknowledged the website breach, they denied any data leaks and asserted that their payment infrastructure remained unaffected.
8. British Library Hit by Cyberattack
The British Library, a prestigious institution, is grappling with a significant IT outage following a cyber incident that struck on a weekend, affecting its website and numerous services, including phone lines and onsite library services in London and Yorkshire. The facility’s Reading Rooms for personal study remain operational, and collection items requested before the incident are accessible onsite. Authorities are working with the National Cyber Security Centre and cybersecurity specialists to investigate the incident.
9. French Torrent Tracker Data Breach
A major security lapse by World-in-HD (WiHD) left an open Elasticsearch instance, unintentionally exposing the sensitive information of its users and administrators. The leak affected 97,327 accounts, including emails, IP addresses, usernames, and hashed passwords. This breach raises concerns about potential privacy violations and targeted cyberattacks due to the exposed data.
10. Hacker Group SiegedSec Targets Bezeq
Hacker group SiegedSec claimed responsibility for a cyberattack on Bezeq, Israel’s largest telecommunications company, in an incident they dubbed the “HALLOWEEN HACK.” The breach exposed sensitive data from nearly 50,000 Bezeq customers, including names, email addresses, and phone numbers. In an audacious move, the group also asserted that they had gained access to infrastructure devices across Israel, impacting local infrastructure and diplomatic missions’ devices in the country. While they shared an exploit link as evidence, the claims remain unverified.
11. Global Cybersecurity Workforce Challenge
The 2023 ISC2 Cybersecurity Workforce Study reveals that the global cybersecurity workforce gap has expanded to four million people, a 12.6% increase from the previous year. Despite a growth of 8.7% in the cybersecurity workforce, 92% of professionals reported skills gaps in their organizations. These challenges have been exacerbated by cyber-related cutbacks, including layoffs, budget reductions, and hiring freezes, impacting 47% of respondents and deepening the cybersecurity skills gap.
12. Microsoft’s Windows 11 23H2 Update
Microsoft has launched Windows 11, version 23H2, the latest feature update for its operating system. This update shares the same code base and servicing branch as Windows 11 22H2, ensuring a fast installation experience. Users interested in the new enhancements can opt-in by checking for updates through Windows Update, while commercial and education customers have various upgrade options.
13. Countries Unite Against Ransomware
An alliance consisting of 40 nations is set to make a pledge at the International Counter-Ransomware Initiative summit in Washington, D.C., to cease making ransom payments to cybercriminal groups. The initiative comes in response to the surge in ransomware threats worldwide, with the United States bearing the brunt of around 46% of these attacks. The summit will also revolve around discussions on strategies to disrupt the funding channels utilized by ransomware groups, reflecting the global effort to combat this cross-border issue.
14. Samsung’s Auto Blocker Enhances Security
Samsung has introduced the ‘Auto Blocker’ security feature as part of its One UI 6 update, enhancing malware protection on Galaxy devices. Auto Blocker prevents the side-loading of potentially risky apps from sources outside the Galaxy Store and Google Play, offering protection against social engineering attacks that may lead to malware or spyware infections.
15. Security Discrepancy in Executive Actions
A recent survey conducted by Ivanti has shed light on a concerning trend where nearly half of C-level executives have sought to bypass security measures within the past year, illustrating a gap between leadership’s words and actions regarding cybersecurity. While 96% of leaders claim to be moderately supportive and invested in their organization’s cybersecurity, many resort to workarounds and executive exceptions, potentially increasing cyber risks.
