👉 What are the latest cybersecurity alerts, incidents, and news?
Malicious npm Packages Found, Risks in Windows Drivers, SketchUp, WhatsApp Users Under Spyware Attack, Six New Critical ICS Advisories, Okta Employee Data Exposed, Singapore’s Hospitals Hit, Cyberattack on Mr. Cooper, Privacy Violation at The Alfred, Louisiana Town Sensitive Data Leaked, Scientist Claims to Crack RSA-2048 Encryption, U.S. Republican Senator Blocks Cyber Leaders Picks, Robotaxi Rules, Microsoft Presents ‘Secure Future’.
🚨 Cyber Alerts
1. 48 Malicious npm Packages Uncovered
A set of 48 malicious npm packages have been unearthed in the npm repository, posing a serious threat by deploying a reverse shell on compromised systems. These packages, published under deceptive names to appear legitimate, contained obfuscated JavaScript code designed to initiate a reverse shell on package installation. The findings underscore the growing interest of threat actors in open-source environments and highlight the importance of dependency trust in securing open-source ecosystems.
2. 34 Windows Drivers Vulnerable to Attacks
Researchers have identified 34 unique Windows Driver Model and Windows Driver Frameworks drivers that could potentially be exploited by non-privileged threat actors to achieve full control of devices and execute arbitrary code on the underlying systems. Takahiro Haruyama, a senior threat researcher at VMware Carbon Black, highlighted that these vulnerabilities could allow attackers to erase or alter firmware and elevate operating system privileges.
3. Vulnerabilities Expose SketchUp Support
Zscaler’s ThreatLabz research team has revealed 117 unique vulnerabilities in Microsoft 365 applications related to SketchUp file support. These vulnerabilities were discovered in the context of Microsoft’s addition of SketchUp (SKP) file format support, aimed at enhancing 3D capabilities within the Office suite. While Microsoft released patches for the identified issues, Zscaler managed to bypass them, leading to Microsoft temporarily disabling support for the SketchUp file format.
4. WhatsApp Mods Spying on Arabic Users
Hackers have initiated a spyware campaign targeting Arabic-speaking WhatsApp users, with a focus on Saudi Arabia, Yemen, and Azerbaijan. Malicious code has been injected into seemingly harmless WhatsApp mods that are widely used to customize the service. Cybersecurity firm Kaspersky detected these tainted mods, which have been active since mid-August 2023 and were primarily distributed through Telegram channels.
5. CISA’s ICS Security Alerts
The Cybersecurity and Infrastructure Security Agency (CISA) has taken action by releasing six vital advisories on November 2, 2023, regarding Industrial Control Systems (ICS). These advisories aim to inform users and administrators about current security threats, vulnerabilities, and potential exploits related to ICS.
6. Third-Party Vendor Hack Impacts Okta
A data breach at third-party vendor Rightway Healthcare has prompted cloud identity and access management provider Okta to notify almost 5,000 employees that their personal information was compromised. The breach involved unauthorized access to an eligibility census file managed by Rightway Healthcare during its service provision to Okta.
7. Singapore Hospitals Face Major Website Outage
Following a seven-hour disruption, the websites of major public hospitals, polyclinics, and healthcare clusters in Singapore were successfully restored after they crashed around 9:20 AM on Wednesday, November 1. While access was temporarily unavailable, it was assured that patient records remained accessible, and clinical services were unaffected. The outage did not impact patient care, and investigations into the cause of the disruption are ongoing.
8. Security Breach at Mr. Cooper
The major U.S. mortgage lending company, Mr. Cooper, experienced a breach that led to the shutdown of its IT systems, including its online payment portal. Mr. Cooper, headquartered in Dallas, Texas, with over 4.1 million customers, detected unauthorized access to its technology systems, prompting the implementation of response protocols and the shutdown of certain systems.
9. Pharmacist Privacy Breach at Alfred Health
An inquisitive pharmacist accessed the medical records of approximately 7,000 Alfred Health patients without proper authorization, resulting in a significant privacy breach. Alfred Health promptly responded to this breach by conducting an investigation, leading to the pharmacist’s dismissal after it was discovered that they had inappropriately accessed records on the hospital’s electronic database over a span of four years, without any legitimate clinical reason for doing so.
10. Louisiana’s Iowa Town Data Breach
Ransomware group ALPHV, also known as BlackCat, has made public a portion of exfiltrated documents from the Town of Iowa in Louisiana, revealing about 250 PDF-format documents containing sensitive personal information, including Social Security numbers, employee data, and financial records. The released documents cover records from the years 2019 and 2020 and originate from various departments within the town, including the Police Department and Fire Department, raising concerns about potential identity theft and fraud.
11. Skepticism Surrounds Quantum RSA-2048 Claim
A scientist claims to have developed an inexpensive system for using quantum computing to crack RSA, which is the world’s most commonly used public key algorithm. However, the claim is met with skepticism by security experts. The researcher states that their quantum computing system was run using off-the-shelf hardware, but some experts are seeking concrete proof of their findings before accepting the claim, highlighting the potential threat to encryption technology.
12. Political Standoff Over Military Promotions
Republican Senator Tommy Tuberville continues to block the confirmation of nearly 400 senior military promotions, including key cybersecurity posts. Tuberville’s months-long hold on these nominations, which began in February, has caused significant delays in filling crucial roles in the military and cybersecurity leadership.
13. LA Mayor Seeks Control Over Robotaxis
Los Angeles Mayor Karen Bass is advocating for the city to have regulatory authority over commercial autonomous vehicle (AV) operations, as Waymo expands its robotaxi operations in the city. In an open letter to the Public Utilities Commission, which regulates robotaxi operations in California, Bass argued that Los Angeles should determine the requirements for future deployment of AV services.
14. Russian Cyber Attack Suspects Arrested
Russia’s security service, the FSB, has detained two individuals suspected of launching cyber-attacks in support of Ukraine against Russian IT assets. One of the detainees is a student at Tomsk State University of Control Systems and Radioelectronics and is believed to have participated in cyber-attacks on Russian information infrastructure.
15. Microsoft’s Secure Future Initiative
Microsoft has unveiled the ‘Secure Future Initiative,’ a comprehensive effort to enhance the built-in security of its products and platforms. The initiative aims to provide stronger protection for customers against the growing threats posed by increasingly sophisticated cyberattacks. With a focus on AI-based cyber defenses, fundamental software engineering advancements, and the application of international norms for civilian cyber threat protection, Microsoft is taking steps to address the evolving threat landscape.
