π What’s going on in the cyber world today? Atlassian, Confluence, Wiki-Slack, BiBi-Linux, Israel, Ransomware, NetScaler, EleKtra-Leak, Cryptojacking, AWS, GitHub, Toronto, Covid-19, India, NASCO, Healthcare, Russia, Pentagon, MOVEit, Costco, SEC, SolarWinds, Canada, WeChat, Kaspersky, iMessage, Apple, Google, Chrome, HackerOne, Bug Hunter.
π¨Β Cyber Alerts
Atlassian has issued a warning about a critical security flaw, tracked as CVE-2023-22518, in Confluence Data Center and Server, which holds the potential for “significant data loss if exploited by an unauthenticated attacker.” This vulnerability, rated 9.1 out of 10 on the CVSS scoring system, has been categorized as an “improper authorization vulnerability.” While all versions of Confluence Data Center and Server are vulnerable, specific versions have received fixes to address the issue.
Security researchers from eSentire have identified a novel threat tactic named the “Wiki-Slack attack,” which is designed to redirect business professionals to malicious websites. Attackers choose Wikipedia subjects of interest to potential victims, edit Wikipedia pages to include legitimate referenced footnotes, and then manipulate Slack’s rendering of the shared Wikipedia article to create hidden, malicious links. When business professionals copy and paste these Wikipedia articles into Slack channels, they unknowingly render these malicious links, potentially leading to browser-based malware infections.
A newly discovered malware wiper called BiBi-Linux is being used in targeted attacks against Linux systems belonging to Israeli companies, with the goal of data destruction. Security Joes’ Incident Response team uncovered this malicious payload during an investigation into a breach of an Israeli organization’s network. Unlike typical ransomware, BiBi-Linux doesn’t establish communication with Command & Control servers or leave ransom notes; instead, it corrupts files by overwriting them with useless data, effectively damaging both the data and the operating system.
Security researcher Kevin Beaumont highlighted the exploitation of recently patched vulnerabilities in NetScaler devices by ransomware-wielding attackers. Even after patching, organizations that use NetScaler devices remain vulnerable unless they also wipe device memory to prevent attackers from accessing session tokens that can bypass security measures. This situation is concerning as these devices are common in both enterprise and government networks, and mass exploitation campaigns have been detected, affecting a wide range of industries.
A new cyber campaign named EleKtra-Leak is exploiting exposed AWS IAM credentials found in public GitHub repositories to enable extensive cryptojacking activities. Palo Alto Networks Unit 42 researchers have uncovered this operation, which has been active since at least December 2020. The attackers automate their targeting of AWS IAM credentials within minutes of exposure, rapidly deploying AWS Elastic Compute instances for cryptojacking operations.
The Toronto Public Library, the largest public library system in Canada, has been plunged into chaos. The attack resulted in the takedown of the library’s website, rendered member services inaccessible, and severely limited access to its extensive digital collections. As the situation evolved, it was confirmed that the library was indeed facing a cybersecurity incident, leaving its website temporarily replaced with an explanation of the situation.
A massive data breach in India has exposed detailed information about the Covid-19 tests of 815 million citizens, raising significant concerns about data security and privacy. This breach is associated with the Indian Council of Medical Research (ICMR), and its magnitude has led to serious discussions about potential investigations by the Central Bureau of Investigation (CBI), India’s premier agency.
NASCO, a key player in healthcare technology, has suffered a major data breach affecting around 800,000 users. The breach was the result of a cyberattack targeting files stored on their MOVEit servers. This incident has exposed sensitive information, including names and Social Security numbers of NASCO’s clients, prompting the company to deactivate the affected server and offer identity monitoring services for affected individuals.
A recent report by Bloomberg unveils that Russian hackers targeted the email addresses of approximately 632,000 employees from the Department of Justice and the Pentagon in a significant MOVEit cyberattack. This breach adds to the growing list of organizations affected by a series of data breaches primarily attributed to a Russian-speaking criminal group. The Office of Personnel Management report indicates that the accessed email addresses were linked to government employee surveys administered by the agency.
Two proposed federal class action lawsuits have accused Costco of unlawfully sharing sensitive information of its online pharmacy customers with third parties, including Facebook and Google. These lawsuits, filed in Washington federal court, claim that Costco’s data collection and sharing practices violated HIPAA, the Federal Trade Act, and various federal and state wiretapping laws.
11.Fraud Claims Against SolarWinds
The Securities and Exchange Commission (SEC) has taken legal action against SolarWinds and its Chief Information Security Officer (CISO), Tim Brown, alleging fraud and internal control failures. The charges stem from the company’s purportedly misleading disclosures to investors regarding its cybersecurity practices and risks. The SEC contends that SolarWinds and Brown provided only generic and hypothetical risk information while knowing about specific issues in their cybersecurity practices
The Treasury Board of Canada announced that Canada has banned Chinese super-app WeChat and Russian antivirus software applications from Kaspersky Lab on government devices, citing concerns about cybersecurity risks and data access. The ban, effective immediately, is a precautionary measure taken by the Chief Information Officer of Canada due to the “unacceptable level of risk to privacy and security” presented by these applications on mobile devices.
Apple has introduced a new feature, iMessage contact key verification, to bolster the security of its messaging platform. iMessage already offers end-to-end encryption, ensuring private conversations, but this enhancement addresses concerns related to key directory services, which could be vulnerable to attacks. The new mechanism utilizes key transparency to provide cryptographic proofs of inclusion, allowing users to verify the consistency of their encryption keys and protecting against potential compromises of key directory and transparency services.
Google has made a significant stride in bolstering internet security by introducing the HTTPS-Upgrades feature in Chrome, which automatically upgrades insecure HTTP requests to the secure HTTPS protocol for all users. This innovative feature not only enhances security but also ensures privacy by converting old HTTP links to their encrypted counterparts.
HackerOne proudly announced a significant milestone in its journey, having awarded more than $300 million to bug hunters participating in its renowned bug bounty programs since the platform’s inception. Notably, thirty white hat hackers have individually earned over one million dollars by submitting vulnerabilities, with one hacker achieving an impressive total of more than four million dollars in earnings.
