π What’s going on in the cyber world today?
Turla Enhances Kazuar Backdoor, Russiaβs Espionage, Spear-Phishing Targets Israel, RAT Attacks Increase, Meal Kits, Citrix Bleed Vulnerability, Google Releases Chrome 119, Western Germany Government Attacked, QuerΓ©taro Airport Hit, Deer Oaks Mental Health Data Breach, FIRST Launches CVSS v4.0, U.S. Launches AI Safety Institute, Splunk Second Round of Layoffs.
π¨Β Cyber Alerts
1.Β MuddyWater Spear-Phishing Targets Israel
In a recent cyber campaign, the Iranian nation-state actor MuddyWater has been tied to spear-phishing attacks targeting Israeli entities, using a legitimate remote administration tool called Advanced Monitoring Agent from N-able. Cybersecurity firm Deep Instinct revealed the attack, noting it demonstrates updated tactics, techniques, and procedures compared to past MuddyWater activity. Although the group has traditionally deployed different remote access tools, the campaign’s effectiveness continues, with a new twist involving Storyblok for initiating multi-stage infections.
2.Β Cyberattack Kits Boost RAT Surge
A surge in Remote Access Trojan attacks is being driven by the increased availability of affordable cyberattack kits, according to HP Wolf Security’s “Q3 2023 Threat Insights Report.” These malware “meal kits,” priced under $100, are often hidden within seemingly legitimate Excel and PowerPoint files delivered via email, with Parallax RAT being particularly prominent. The report reveals a shift in tactics as cybercriminals target inexperienced individuals, raising concerns about the expanding threat landscape and the need for enhanced cybersecurity measures.
3.Β Turla Updates Kazuar BackdoorΒ
Russian-linked hacking group Turla has unveiled an upgraded version of the Kazuar backdoor, aiming to bolster its ability to operate stealthily, evade detection, and foil analysis. Researchers at Palo Alto Networks Unit 42, tracking Turla as Pensive Ursa, discovered the enhancements, showcasing the group’s commitment to advanced anti-analysis techniques and robust code encryption.
4.Β Citrix Bleed Threat Escalation
Cyber threat actors have exploited the recently disclosed “Citrix Bleed” vulnerability to target government, technical, and legal organizations across the Americas, Europe, Africa, and the Asia-Pacific region, according to research by c. This ongoing campaign, which has been active since late August 2023, primarily targets vulnerable Citrix NetScaler ADC and Gateway appliances. The attackers are utilizing the flaw to gain unauthorized access, compromise authenticated sessions, and bypass multi-factor authentication, making these attacks stealthy and challenging to detect.
5.Β Cybercriminals Target Facebook Users
A malvertising campaign is using Facebook ads to distribute malware, targeting users with suggestive images. Cybercriminals are exploiting legitimate ad distribution tools to insert infected links into ads, using provocative images as bait. This campaign aims to deliver a new version of the NodeStealer info-stealer malware, allowing hackers to steal browser cookies and hijack Facebook accounts.
6.Β Chrome 119 Addresses 15 Vulnerabilities
Google has launched Chrome 119, providing essential patches for 15 vulnerabilities. Of these, 13 were reported by external researchers, with three rated as high severity. The high-severity vulnerabilities include issues related to Payments, USB data validation, and integer overflow in USB. Google has rewarded the researchers with over $40,000 in bug bounty rewards, with additional amounts yet to be determined, emphasizing the importance of keeping Chrome up to date for security.
7.Β Cyberattack Disrupts Western Germany
A ransomware attack has disrupted local government services in multiple cities and districts across western Germany. The attacker targeted the municipal service provider SΓΌdwestfalen IT, affecting over 70 municipalities, primarily in North Rhine-Westphalia. The attack has left local government services severely limited, with concerns about financial transactions and ongoing investigations to determine the extent of the damage and those responsible for the attack.
8.Β Major Mexican Airport Cyberattack Response
The QuerΓ©taro Intercontinental Airport in Mexico, one of the country’s busiest airports, has called in experts to address the situation. The attack, attributed to an employee downloading a malware-containing file, did not compromise the airport’s operational security, and the response team has isolated and contained the breach. While the data accessed was claimed to be in the public domain, the LockBit ransomware gang has taken credit for the attack and threatened to release the data later this month.
9.Β Deer Oaks Data Breach Affects 171,000
Deer Oaks Behavioral Health in San Antonio, Texas, revealed a cybersecurity incident that may have compromised the personal information of over 171,000 individuals. This breach, discovered on September 1, 2023, led to unauthorized access to patients’ data, including names, addresses, Social Security numbers, and medical information. The affected individuals have been informed about the breach and offered credit monitoring and identity theft restoration services.
10.Β Dakota Eye Institute Reports Data Breach
Dakota Eye Institute in North Dakota has reported a data breach impacting up to 107,143 patients. While the nature and duration of the breach remain undisclosed, DEI is taking steps to address the incident and enhance its data security protocols to prevent future occurrences. Affected individuals are receiving notifications and offered complimentary credit monitoring services.
11.Β CVSS v4.0 Advances Vulnerability Scoring
The Forum of Incident Response and Security Teams has unveiled CVSS v4.0, the latest iteration of the Common Vulnerability Scoring System, which has not seen a major update since CVSS v3.0 eight years ago. The updated standard offers finer granularity in base metrics, simplifies threat metrics, and provides additional supplemental metrics for vulnerability assessment. It also introduces nomenclature for different severity ratings, making it more adaptable for operational technology, industrial control systems, and Internet of Things security assessment. The release of CVSS v4.0 is seen as a significant development in cybersecurity risk assessment.
12.Β US AI Safety Institute Announced
The U.S. government is taking a significant step in AI safety by establishing a dedicated institute to collaborate with the public and private sectors in developing secure AI systems. The AI Safety Institute, to be located within the Department of Commerce, will work on setting standards, conducting testing, and evaluating both known and emerging risks associated with AI.
13.Β Splunk Announces 7% Workforce Cut
Splunk is cutting 7% of its workforce as it prepares for Cisco’s $28 billion acquisition. This reduction amounts to approximately 560 positions, primarily in the United States. While the company’s CEO, Gary Steele, emphasizes the need to adapt to an unpredictable market, these layoffs are part of a broader organizational restructuring, separate from the Cisco deal.
14.Β Ransomware Encryption in Healthcare
Ransomware attackers in the healthcare sector have shown a growing addiction to maliciously encrypting data, with 75% of attacks successfully encrypting data, according to a report by security firm Sophos. The study, based on a survey of 3,000 IT and cybersecurity organizations across 233 healthcare entities, highlights the evolving tactics of adversaries.
15.Β Password Health Trends Revealed
A new report from Dashlane reveals a global improvement in password health and hygiene over the past year, offering increased security for consumers and businesses. While the analysis indicates a reduction in weak, reused, and compromised passwords, the prevalence of password reuse remains high, exposing user accounts to risks like password-spraying attacks, emphasizing the importance of strong multi-factor authentication.