π What are the latest cybersecurity alerts, incidents, and news?
Zimbra Flaw, AI Infrastructure Security, Gaza Charity Scam, Google Workspace, Ddostf Malware, MySQL Servers, Scattered Spider, Long Beach, Toyota Hit, MeridianLink Cyberattack, MESVision Hacked, Bank Fraud Operation, Copilot AI, Crypto Mining Rigs, Biden Campaign, Fantasy Betting Theft.
π¨Β Cyber Alerts
1. Zimbra Email Vulnerability Exploited
A critical zero-day flaw in Zimbra Collaboration email software, tracked as CVE-2023-37580, has become a focal point for exploitation by four distinct hacker groups, as revealed in a report by Google Threat Analysis Group . The vulnerability, a reflected cross-site scripting flaw impacting versions before 8.8.15 Patch 41, allows malicious script execution by enticing users to click on specially crafted URLs.
2. AI Infrastructure Vulnerabilities Revealed
A report by Protect AI has unveiled nearly a dozen critical vulnerabilities in the infrastructure supporting AI models, risking unauthorized access, information theft, and model poisoning. The affected platforms, including Ray, MLflow, ModelDB, and H20, are vital for hosting and deploying large language models. As AI adoption increases, these vulnerabilities pose serious risks, and Protect AI has disclosed the findings as part of its AI-specific bug-bounty program, giving vendors 45 days to address the issues.
3. Exploitative Charity Scam in Gaza Crisis
Cybersecurity researchers have uncovered a malicious charity attack capitalizing on the ongoing Gaza-Israel conflict. Cyber-criminals, masquerading as a group from “help-palestine[.]com,” targeted 212 individuals across 88 organizations, exploiting sympathy for children in Palestine to solicit fraudulent cryptocurrency donations.
4. Google Workspace Vulnerabilities Exposed
A recent report highlights new attack methods that expose vulnerabilities in Google Workspace and the Google Cloud Platform, providing threat actors with opportunities for ransomware attacks, data exfiltration, and password recovery exploits. Martin Zugec, the technical solutions director at Bitdefender, warns that starting from a single compromised machine, attackers can progress to other cloned machines with Google Credential Provider for Windows installed.
5. Ddostf Targets MySQL for DDoS-as-a-Service
In a concerning discovery, the ‘Ddostf’ malware botnet is targeting MySQL servers, transforming them into a DDoS-as-a-Service platform available for rent by cybercriminals. AhnLab Security Emergency Response Center researchers found that Ddostf exploits vulnerabilities or weak credentials in MySQL servers, leveraging user-defined functions to execute commands and facilitate the primary payloadβDdostf DDoS bot. Originating from China, Ddostf exhibits resilience against takedowns by connecting to new command and control addresses, emphasizing the importance of MySQL admins applying updates and implementing strong passwords to thwart attacks.
6. Scattered Spider Cyber Threat Advisory
U.S. cybersecurity and intelligence agencies issued a joint advisory on the cybercriminal group Scattered Spider, known for employing advanced phishing tactics. The group, also called Muddled Libra and Octo Tempest, has recently incorporated BlackCat /ALPHV ransomware into its tactics, targeting victims for data theft and extortion. Identified as one of the most dangerous financial criminal groups by Microsoft, Scattered Spider utilizes social engineering techniques, including phishing, prompt bombing, and SIM swapping, to gain access, bypass multi-factor authentication, and deploy ransomware, often joining incident response calls to adapt to security measures.
7. Long Beach Hit by Cyber Threat
The City of Long Beach, home to approximately 460,000 residents, has declared a cyberattack that forced the shutdown of parts of its IT network to contain the threat. Authorities engaged a cybersecurity firm to investigate the incident and notified the FBI, with systems expected to be offline for several days as a precaution. While the nature of the attack remains unclear, the city’s response, including taking systems offline immediately and the absence of ransomware claims, underscores the ongoing challenges municipalities face in securing their digital infrastructure.
8. Medusa Ransomware Hits Toyota Financial
Toyota Financial Services has confirmed unauthorized access on some of its systems in Europe and Africa following a ransomware attack by the Medusa gang. The global subsidiary of Toyota Motor Corporation, operating in 90% of markets where Toyota sells cars, detected the intrusion after Medusa listed TFS on its dark web data leak site, demanding an $8 million ransom for allegedly stolen data. Medusa threatens a data leak if the ransom isn’t paid within 10 days, providing evidence of the breach by publishing sample data, including financial documents, passwords, passport scans, and internal organization charts.
9. MeridianLink Confirms Cyberattack
Financial software company MeridianLink has confirmed a cyberattack after being targeted by the AlphV/Black Cat ransomware gang, known for previous high-profile attacks, including MGM Resorts. The ransomware gang added MeridianLink to its leak site, claiming to have reported the company to the Securities and Exchange Commission for not disclosing the incident. While MeridianLink asserts minimal business interruption and no evidence of unauthorized access to production platforms, the incident highlights the growing trend of ransomware gangs resorting to public pressure tactics, such as threatening regulatory reports, to extract ransoms from their victims.
10. Healthcare Provider MESVision Hit by Hack
California-based vision care provider MESVision has become a victim of the MOVEit Transfer hack, orchestrated by the Cl0p ransomware cartel. The breach, affecting hundreds of thousands, was discovered in late August, revealing a zero-day vulnerability exploited by attackers to access and download customer data, including Social Security numbers. MESVision is notifying affected individuals and offering complimentary identity monitoring for 18 months, emphasizing the importance of vigilance against potential identity theft or fraud stemming from the exposed personal details.
11. Czech-Ukraine Alliance Busts $9M Bank Fraud
Ukrainian and Czech law enforcement have successfully dismantled a criminal gang responsible for a $9 million bank fraud operation, employing deceptive phone calls primarily targeting victims in Czechia. Operating from call centers in Ukraine, the scammers utilized “vishing” techniques, posing as bank security officers to coerce victims into divulging sensitive information.
12. Copilot AI Rollout on Windows 10 Revealed
Microsoft has officially confirmed the extension of its Copilot AI-powered assistant to Windows 10 systems enrolled in the Insider Program. Scheduled to roll out gradually over the coming months, Copilot was initially introduced with Windows 11 22H2 and will now be automatically enabled on Windows 11 23H2 devices.
13. Cryptomining Rigs Found in Polish Court
Officials at Polandβs Supreme Administrative Court in Warsaw uncovered clandestine high-powered cryptocurrency mining rigs hidden throughout the building, including in ventilation ducts and beneath raised floors. The rigs were surreptitiously powered by electricity from the courtβs mains supply, with their own modems for internet connectivity, avoiding connection to the court’s network.
14. Biden Campaign Seeks Cybersecurity Leader
The Biden for President campaign is actively pursuing a Chief Information Security Officer to take charge of its IT and security operations. The chosen candidate will be tasked with establishing the campaign’s risk strategy, steering cybersecurity initiatives, and overseeing the secure architecture of various IT systems.
15. Teen Admits Guilt in DraftKings Cyber Theft
A 19-year-old Wisconsin teenager, Joseph Garrison, has pleaded guilty in a New York federal court for his role in a hacking scheme targeting DraftKings, a fantasy sports betting website, resulting in the theft of approximately $600,000 from customers. Garrison, who once boasted “fraud is fun,” initiated a “credential stuffing attack” in November last year, compromising around 60,000 accounts.
