π What’s going on in the cyber world today?
Arcserve Vulnerabilities, CACTUS Ransomware, CISA Design Alerts, Red Hat, Israel Intelligence, Dollar Tree, Capital Health Network, Rhysida Ransomware, King Edward VII’s Hospital, Berglund Management Group, Queensland, US Treasury, Sinbad Crypto Mixer, Black Basta, AI, US Data Marketplace.
π¨Β Cyber Alerts
1.Β Arcserve Addresses UDP Vulnerabilities
Β Critical vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) discovered in Arcserve UDP, a widely used enterprise data protection solution, allow remote attackers to execute arbitrary code, access authentication details, and perform path traversal attacks. Tenable researchers revealed these flaws, prompting Arcserve to release patches up to version 9.2, urging immediate upgrades or manual application of fixes for older versions to mitigate these security risks.
2.Β CACTUS Ransomware Targets Qlik Sense
CACTUS ransomware is leveraging vulnerabilities in Qlik Sense to infiltrate networks, exploiting flaws like CVE-2023-41265 and CVE-2023-48365. Arctic Wolf observed the attacks, revealing a chain that includes abusing Qlik Sense Scheduler and deploying various tools before deploying CACTUS ransomware and exfiltrating data using rclone. This incident emerges amid the evolving ransomware landscape, showcasing sophisticated tactics as ransomware groups like Black Basta continue to profit, with ties revealed to Conti and QakBot in recent research.
3.Β CISA Unveils Secure Design Alerts
The Cybersecurity and Infrastructure Security Agency (CISA) takes a proactive stance in the fight against cyber threats with the launch of Secure by Design Alerts. Going beyond traditional warnings, these alerts target the root causes of vulnerabilities in software development practices, urging manufacturers to align with secure design principles. The inaugural release highlights the need for manufacturers to take ownership of customer security outcomes, emphasizing the real-world impact of insecure technology on critical infrastructure, small businesses, communities, and American families.
4.Β CISA Urges Action for Water Cybersecurity
Β Amidst active exploitation targeting Unitronics programmable logic controllers (PLCs) in the Water and Wastewater Systems Sector, CISA issues a crucial alert. Cyber threat actors, exploiting vulnerabilities like poor password security, pose a risk to water facilities’ integrity, prompting an immediate offline response by a U.S. water facility. The urgent call to action includes measures such as changing default passwords, implementing multifactor authentication, disconnecting PLCs from the internet, and updating to the latest Unitronics versions, emphasizing the critical need to fortify water systems against potential cyber threats and ensure the safety of communities’ water supply.
5.Β Red Hat Strengthens Linux Security
In a strategic response to emerging vulnerabilities, Red Hat released crucial security advisories on November 28 and 29, 2023. These advisories aimed to address vulnerabilities across various products, with a primary focus on fortifying the Linux kernel. The updates cover a spectrum of Red Hat offerings, including the versatile Red Hat Enterprise Linux in multiple versions and platforms, as well as the specialized Red Hat Enterprise Linux Builder and Red Hat Enterprise Linux Server.
6.Β Israel Intelligence Site Breached
The Shoval association, linked to Shin Bet veterans, faced a breach where details of former intelligence employees were potentially compromised, as reported by Intelligence Online. This incident is part of a series of cyber attacks targeting Israeli government and intelligence agency websites, marking a surge in cyber threats in the region, with hacker groups like Al-Aqsa Flood claiming breaches of sensitive data, including that of the Israeli Defence Ministry.
7.Β Dollar Tree Hit by 3rd Party Data Breach
Dollar Tree faced a significant data breach affecting nearly 2 million people due to a hack at their service provider, Zeroed-In Technologies. The breach, occurring in August 2023, exposed personal data, including names, birth dates, and Social Security numbers of Dollar Tree and Family Dollar employees, leading to investigations and potential legal actions against Zeroed-In.
8.Β Cyber Attack Hits Capital
The Capital Health network, overseeing medical facilities in Trenton, Hopewell, and Hamilton, is grappling with a cyber attack causing network outages and service disruptions. Officials suspect similarities to attacks on other healthcare providers, with the impact expected to persist for several days. While emergency services and critical care remain operational, elective surgeries and certain outpatient services, including radiology, face rescheduling, emphasizing the broader implications of cyber threats on healthcare delivery.
9.Β Rhysida Ransomware Hits Royal Hospital
Β The prestigious King Edward VII’s Hospital in London falls victim to the Rhysida ransomware group, claiming to have hacked the institution and exposing sensitive medical data, including that of the Royal Family. The cybercriminals flaunt their attack on a Tor leak site, showcasing stolen documents such as medical reports, x-rays, and prescriptions. The group asserts possession of a significant amount of patient and employee data, offering it for auction at the price of 10 BTC and threatening public release if not sold within seven days, underlining the escalating impact of ransomware attacks on renowned institutions.
10.Β Berglund’s Data Breach Hits 50K Individuals
Β Berglund Management Group, based in Virginia, reveals a data breach potentially impacting more than 50,000 individuals in the US. The disclosure, made in compliance with Maine’s strict reporting regulations, indicates compromised data includes names and Social Security numbers. Despite Berglund’s assurance of no misuse, the breach prompted enhanced security measures, and affected parties are offered free credit monitoring services, emphasizing the commitment to mitigating potential risks stemming from the incident.
11.Β Queensland Enacts Data Breach Law
Queensland has enacted mandatory data breach notification laws for public sector entities, becoming the second Australian state after New South Wales to do so. The legislation mandates state and local government bodies to report eligible data breaches likely to result in serious harm to affected individuals and the state’s privacy watchdog, aligning state privacy laws more closely with national standards while aiming to enhance public confidence in data protection measures.
12.Β US Sanctions Sinbad Crypto Mixer
Β The U.S. Treasury Department imposed sanctions onΒ Sinbad.io, a cryptocurrency mixer utilized by North Korean hackers to launder millions stolen in cyberattacks. Linked to the Lazarus Group,Β Sinbad.ioΒ facilitated funds laundering from high-profile incidents, leading to serious consequences for those aiding in criminal activities, stated Deputy Secretary of the Treasury Wally Adeyemo.
13.Β Black Basta Rakes in $100M+
Β Researchers from Elliptic and Corvus Insurance revealed that the cyber extortion gang “Black Basta,” likely linked to the Russian Conti hackers, amassed over $107 million in bitcoin from ransom payments. Laundered funds from these payments flowed through the sanctioned Russian cryptocurrency exchange Garantex. Black Basta’s lucrative operation marks it as one of the most profitable ransomware strains, with findings also linking the group to the defunct but notorious Conti ransomware gang.
14.Β AI Caution in Cybercrime
Underground forums witness the sale and discussions about AI language models (LLMs) like WormGPT, triggering concerns over their potential in mutating malware. However, the hesitancy among cybercriminals to embrace AI for attacks contrasts with the widespread focus on cryptocurrencies in these spaces. While some exploit forums show interest in AI’s future applications, others emphasize hands-on experimentation with lower-end forums delving into practical usage despite limitations.
15.Β Ukrainian Sentenced for Data Marketplace
Β Ukrainian national Vitalii Chychasov received an eight-year prison sentence in the U.S. for managing SSNDOB, a data marketplace that illegally sold sensitive information of approximately 24 million Americans, earning $19 million in sales. Operating on dark web forums, Chychasov and his associates facilitated the sale of Social Security numbers, birth dates, email addresses, and credit card data, impacting users across the nation and enabling various fraudulent activities, including tax and credit card fraud, especially escalating during the COVID-19 pandemic’s initial stages.
