Cyber Briefing - 2023.03.17
Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
Red Hat recently released security advisories, for vulnerabilities present in the Linux kernel in multiple platforms and products such as Red Hat Enterprise Linux Server and CodeReady Linux Builder. These vulnerabilities can lead to critical security issues if not patched promptly. The Cyber Centre advises users and administrators to update their systems immediately to avoid any potential attacks.
Cloud security firm Cado Security has discovered a new strain of malware that it suspects TeamTNT, a notorious cryptojacking group, deployed to mine Monero cryptocurrency on compromised systems. The sample was discovered after Sysdig reported a sophisticated attack on containerized environments aimed at stealing proprietary data and software. While there is no concrete evidence to link the new malware to the SCARLETEEL attack, the possibility that it could be the "decoy" miner installed is high.
Winter Vivern, a pro-Russian APT group, has been targeting European government organizations and telecommunication service providers to conduct espionage, according to SentinelLabs. Despite limited resources, Winter Vivern uses creative techniques, such as impersonating antivirus scanners to download malicious payloads, to achieve its objectives. The group has recently deployed webpages mimicking those of government agencies to distribute malware, including the Aperetif malware capable of automatic file scanning and exfiltration.
Fraudsters are using Twitter's quote-tweet feature to target bank customers and lure them into calling a fake "helpline" number. The scam preys on unsuspecting users who are tweeting their banks to raise a complaint or request assistance. The simplicity and focused targeting of the scam make it convincing, and even genuine companies sometimes reply via a separate Twitter account, making it difficult for customers to distinguish between a real and fake account. Users should watch out for red flags in replies, DMs, and quote-tweets directed at them.
Finnish cybersecurity firm WithSecure has discovered a new piece of malware called SILKLOADER that is being used by Chinese and Russian cybercriminals. The malware is designed to load Cobalt Strike onto infected machines. SILKLOADER uses DLL side-loading techniques to deliver the commercial adversary simulation software. The malware was identified following an analysis of "several human-operated intrusions" targeting various entities spanning a wide range of organizations located in Brazil, France, and Taiwan in Q4 2022.
Hewlett Packard Enterprise (HPE) has released security bulletins addressing vulnerabilities in several products, including ClearPass Policy Manager and Integrated Lights-Out for Gen10 servers. HPE NonStop Platform is also vulnerable. Users and administrators are advised to apply the necessary updates to protect against potential cyber attacks.
Cybercriminals are using Adobe Acrobat Sign to send malicious emails that appear to be from the software company, but actually contain info-stealing malware. The attackers bypass security measures and trick users into thinking the emails are legitimate. Avast researchers warn that this trend of abusing legitimate services, such as PayPal and Google Docs, is becoming increasingly common in cybercrime.
Recommended by LinkedIn
Latitude Financial, a consumer finance provider, has suffered a hacking incident resulting in the theft of identification documents of 328,000 customers. The stolen data includes the driver’s license details of around 100,000 customers. Latitude provides consumer finance services to major companies like Harvey Norman, JB Hi-Fi, The Good Guys, and Apple, but it's not clear whether their customers are affected. Experts have criticised the company and called for better password and identity management practices to prevent such breaches from occurring in the future.
A threat actor on a Russian-speaking hacking forum claims to have stolen hundreds of gigabytes of data from US Marshals Service servers. The data includes law enforcement confidential information, aerial footage of military bases, details on wiretapping and surveillance of citizens, and more. This comes after the USMS confirmed a ransomware attack last month, which impacted a stand-alone system and resulted in the theft of personally identifiable information of employees.
Essendant, a wholesale distributor of office products, has been hit by a ransomware attack, which was originally reported as a “significant” and ongoing outage. The extended outage has led to customers speculating that it was a hack, and LockBit ransomware group has since claimed responsibility. Essendant’s customers have been frustrated by the lack of transparency and communication from the company regarding the outage, and it is understood that the outage began on 6th March.
A Tuscaloosa-based ambulance service, NorthStar Emergency Medical Services, has revealed a data breach that may have affected 82,450 patients. In September 2022, NorthStar officials noticed unusual activity and took steps to secure data and investigate the source of the disruption. NorthStar has reported the incident to law enforcement, but has not released information about who might be responsible for the breach.
South Korean victims of the malware risk losing their credit card details to scammers posing as bank representatives, warns a report by Check Point. FakeCalls now includes three new techniques that help it evade detection and the malware could quickly spread beyond South Korea.
Polish counter-intelligence agency arrested nine foreigners across the eastern border, charging six suspects with espionage and participation in an organized criminal group. The network also planned propaganda activity to destabilize Polish-Ukrainian relations and interfere with the delivery of military equipment and aid to Ukraine.
In a report, the tech giant revealed that 17 European nations were targeted between January and mid-February 2023, with the government sector most affected. The state-sponsored hackers have targeted 74 countries since the start of the invasion of Ukraine, with cyber espionage operations aimed at government and defense-related organizations in Central and Eastern Europe and the Americas.
Representatives from the healthcare industry urge Congress to establish a minimum threshold for security best practices to address cybersecurity gaps, particularly in small rural hospitals. According to Kate Pierce, former CIO and CISO at a 25-bed community hospital in Vermont, implementing security best practices that are only "recommendations" and contained in voluntary guidance is simply not feasible for under-resourced hospitals. Moreover, the industry needs help from the federal government to respond more effectively to the increasing frequency of attacks from nation-state actors and organized crime groups.
Subscribe and Comment.
Copyright © 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: