Cyber Briefing - 2023.03.29

Cyber Briefing - 2023.03.29

Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.



No alt text provided for this image

🚨 Cyber Alerts


1. Apple releases security updates for vulnerabilities

Apple has released security updates for multiple products to address vulnerabilities that could allow attackers to take control of an affected device. The updates include macOS Ventura 13.3, Safari 16.4, and iOS 15.7.4 and iPadOS 15.7.4, among others. The Cybersecurity and Infrastructure Security Agency (CISA) is urging users and administrators to apply the necessary updates to protect their devices from potential attacks.


2. Dell addresses product vulnerabilities

Dell has published Security Advisories to address vulnerabilities in its PowerProtect DD DDOS, DDMC, and SmartScale products. The updates are aimed at versions prior to 6.2.1.90 and version 7.0 to 7.10. Users and administrators are advised to apply the necessary updates by reviewing the provided web links.


3. ABB Security Advisory: RCCMD Vulnerability

ABB has published a Security Advisory to address a vulnerability in their RCCMD product, which could allow for arbitrary code execution. It is recommended that users and administrators review the provided links and update their software to versions 4.40 230207 or later to mitigate this vulnerability.


4. Europol warns about AI abuse

Europol has issued an alert on the potential exploitation of artificial intelligence (AI) systems like ChatGPT by cybercriminal groups. ChatGPT's ability to produce realistic text makes it a useful tool for phishing, propaganda, and generating malicious code, the report states. The report warns that advancements in AI systems such as the latest GPT-4 can further refine or automate sophisticated cybercriminal operations and highlights the need to prepare law enforcement communities for both positive and negative AI-based applications.


5. Flaw in WiFi protocol allows plaintext leak

Researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard that can allow attackers to intercept WiFi frames in plaintext. The flaw can affect various devices and operating systems and can be used to hijack TCP connections or intercept client and web traffic. Cisco has acknowledged the impact of the flaw and recommends applying mitigation measures like implementing transport layer security to encrypt data in transit.


6. Trojanized TOR installers target crypto users

Cybercriminals have been using Trojanized installers for the TOR anonymity browser to distribute clipper malware since September 2022, which is designed to steal cryptocurrencies from unsuspecting users. The malware replaces the recipient's wallet address with the attacker's, thereby redirecting any payments made. It has already netted almost $400,000 in illicit profits from Bitcoin, Litecoin, Ether, and Dogecoin thefts. The malware can remain dormant for years, making it hard to detect, and users are advised to only download software from trusted sources to safeguard against such threats.


No alt text provided for this image

💥 Cyber Incidents


1. Crown Resorts Allegedly Breached

Crown Resorts, Australia's largest gambling and entertainment company, has fallen victim to a data breach orchestrated by the Clop ransomware gang. The breach occurred after the company's GoAnywhere secure file-sharing server was infiltrated through a zero-day vulnerability. Although Crown Resorts has confirmed that there is no evidence of the breach impacting customers, the company is being extorted by Clop, which has threatened to release the stolen data. The incident adds Crown Resorts to a long list of victims impacted by the GoAnywhere breaches, with the software vendor, Fortra, already facing a class action lawsuit for failing to implement adequate cybersecurity measures to protect private data stored in its network.


2. North Korean hackers stealing cryptocurrency

APT43, a cyber espionage operation linked to North Korea, is using stolen digital assets to pay for rented cryptocurrency mining services, according to Mandiant. The group, which has moderate technical capabilities, deploys spear-phishing campaigns, using spoofed domains and email addresses to target government agencies and think tanks with a focus on Korean Peninsula geopolitical issues. Mandiant believes that APT43's cryptocurrency hacking operation is an apparent mandate from Pyongyang to be self-sufficient and pay for infrastructure, such as server rentals, through hacking.


3. SideCopy APT Group Targets DRDO

SideCopy, a Pakistani origin APT group known for targeting India and Afghanistan, has launched a new phishing campaign aimed at India's Ministry of Defence. The campaign uses a decoy presentation about the K-4 ballistic missile developed by the Defence Research and Development Organization (DRDO) to deliver Action RAT backdoor and a new information-stealing malware called AuTo Stealer. According to Cyble, the APT group continuously evolves its techniques while incorporating new tools into its arsenal, making it a persistent threat to the targeted countries.


4. Snatch claims Modesto ransomware attack

The Snatch ransomware group has claimed responsibility for the attack on the California city of Modesto, over a month after the incident occurred. Andrew Gonzales, legislative affairs manager for Modesto, said the government had reduced the impact of the attack but did not comment on whether a ransom would be paid or how much was demanded. Snatch, which does not use a ransomware-as-a-service model, has been implicated in several high-profile attacks, including those on the Metropolitan Opera, a school district in Wisconsin, and Swedish automaker Volvo.


5. English high school hit by ransomware attack

Tanbridge House School in West Sussex, England is the latest educational establishment to be targeted by ransomware group, Ransom House. The attackers have demanded an undisclosed sum, threatening to publish stolen data if not paid. This is just one of many recent ransomware attacks in the UK that have prompted a joint inquiry by lawmakers to assess the effectiveness of the national security strategy in dealing with these threats.


6. Toyota Italy Suffers Data Leak

Toyota Italy accidentally leaked sensitive data, including access to Salesforce Marketing Cloud and Mapbox APIs, which exposed its customers' email addresses and phone numbers, making them vulnerable to phishing attacks. The leak was discovered by the Cybernews research team, who notified Toyota Italy, and the dataset has since been secured. Toyota stated that it has taken measures to strengthen its cybersecurity systems and protocols and is cooperating with the ongoing investigation by relevant Italian authorities.


No alt text provided for this image

📢 Cyber News


1. Microsoft launches AI-based Security Copilot

Microsoft has launched Security Copilot in preview, a security analysis tool that uses OpenAI's GPT-4 generative AI and Microsoft's own security-specific model. It can collate insights and data from various Microsoft products to assess risk exposure, quickly respond to threats, process signals and provide remediation instructions. Security Copilot is privacy-compliant and customer data "is not used to train the foundation AI models," according to Vasu Jakkal, Microsoft's corporate vice president of Security, Compliance, Identity, and Management.


2. Nigerian man sentenced for BEC fraud

Solomon Ekunke Okpe, 31, participated in multiple fraud schemes, including business email compromise, credit card, work-from-home, check-cashing, and romance scams targeting businesses, individuals, and banks in the US and abroad. The US Department of Justice claims that the scams were "intended to cause more than a million dollars in losses to US victims." Okpe and his co-conspirators stole credentials and other sensitive information through phishing emails and hacked into online accounts, among other methods.


3. Microsoft releases Windows 11 update preview

Microsoft has released the March 2023 non-security preview update for Windows 11, which includes a new feature that some have dubbed "notifications for Microsoft accounts" or start menu promotional messages. While the update also features bug fixes and improvements, the new notifications have garnered negative reactions on social media. This isn't the first time Microsoft has displayed ads for its products in Windows apps, as it previously promoted Microsoft 365 Family subscriptions to Office 2021 customers and some Microsoft products in the File Explorer app.


No alt text provided for this image

Subscribe and Comment.

Copyright © 2023 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedInTwitterRedditInstagramFacebookYoutube, and Medium.


To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics