Cyber Briefing - 2023.04.05
Welcome to Cyber Briefing, a short newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory on vulnerabilities in the Nexx Smart Home Device. The advisory warns that the exploitation of these vulnerabilities could enable an attacker to access sensitive information, execute API requests or take over devices. CISA is urging users and administrators to review the advisory and take necessary actions to mitigate the risks posed by these vulnerabilities.
The Cyber Centre has issued a security advisory warning of vulnerabilities in the Trellix Agent, version 5.7.8 and prior, for both Windows and Linux systems. Users and administrators are urged to apply the necessary updates to protect against potential cyber threats.
Android has released a security bulletin aimed at addressing the vulnerabilities of its devices. The bulletin provides information and updates necessary to patch any security flaws, and it is recommended that users and administrators act quickly to implement the necessary measures to protect their devices from potential attacks.
Cybersecurity researchers have discovered a new ransomware strain named Rorschach after a U.S.-based company suffered a cyberattack. The malware has technically unique features, including the fastest encryption speed observed to date by researchers. Rorschach was deployed using the DLL side-loading technique through a signed component in Palo Alto Network's Cortex XDR, highlighting the need for threat detection and incident response tools to keep pace with evolving threats.
Mandiant reports that an ALPHV/BlackCat ransomware affiliate has been using publicly available Metasploit modules to exploit three vulnerabilities impacting the Veritas Backup product for initial access to the target network. The threat actor, tracked as 'UNC4466,' then uses various tools and techniques, including SOCKS5 tunneling, to deploy the ALPHV ransomware payload and evade detection. The report also highlights the prevalence of Internet-exposed instances of Veritas Backup that remain vulnerable due to not updating to a safe version, making them potential targets for attackers. Defenders are advised to follow Mandiant's guidance to detect and mitigate UNC4466 attacks timely.
Uber has suffered another data breach with its drivers' personal information stolen by hackers who broke into the IT systems of Genova Burns, the law firm doing legal work for Uber. The theft includes the name, Social Security number, and/or Tax Identification number of certain Uber drivers who completed trips in New Jersey. The ride-hailing giant has yet to confirm how many drivers have been impacted, but has offered complimentary credit monitoring and identity protection services. This is not the first time Uber has experienced data breaches, with cyber criminals having stolen 57 million customer and driver records in 2016, followed by another security breach in September 2022.
Check Point, one of Israel's largest cyber-security companies, was hit by a group of hackers called "Anonymous Sudan" on Tuesday. The same group also attacked the websites of multiple major Israeli universities, causing them to be down for several hours. The hacker group claimed that this attack is part of a campaign called OPIsrael, in which activists try to attack targets on the Israeli internet.
Recommended by LinkedIn
Popular tax e-file service eFile.com has been caught serving JavaScript malware to its users. The malicious code, which was present on the website for weeks, was designed to load more JavaScript from a remote server. The incident highlights the importance of website security and comes at a crucial time as US taxpayers are wrapping up their tax returns before the April 18th due date.
vpnMentor has reported a data breach at online marketplace Z2U, which allowed users to trade in-game items as well as malware, social media accounts and license keys for Windows. Security researcher Jeremiah Fowler found a non-password protected database exposing customer support attachments of 600,000 users, including images of credit cards and passports, payment transactions and order confirmations. Z2U, which is based in China and has an English-language site and a Trustpilot rating of 4.5, has been offering Netflix, Amazon Prime Video and Disney+ accounts, which Fowler said raised ethical and security concerns.
A Ukrainian utility company suffered a remote access Trojan attack for two months due to the installation of an unlicensed version of Microsoft Office downloaded from a torrent website. The pirated version contained the DarkCrystal remote access Trojan and the DWAgent remote administration tool, providing unauthorized third-party access to the company's network. The Ukrainian CERT links DarkCrystal RAT usage to the Sandworm group, a Russian unit of military intelligence hackers responsible for destructive computer attacks against Ukraine.
Microsoft has announced that Rockstar Games has addressed a known issue preventing Red Dead Redemption 2 from launching on some Windows 11 systems. The issue only affected gamers who launched RRD2 via the Rockstar Games Launcher on Windows 11 21H2 systems after installing the KB5023774 March 2023 optional preview update. Rockstar Games Launcher version 1.0.71.1428 has now been released with improvements to the stability of the launcher.
Australia has become the latest country to ban the use of TikTok among government employees over national security concerns. The ban comes after the government released a report on foreign interference through social media applications. TikTok said the ban was "driven by politics, not by fact," and its general manager in Australia claimed there was "no evidence to suggest that TikTok is in any way a security risk to Australians."
The FBI, with the help of international partners, has successfully taken down Genesis Market, a one-stop-shop for cyber criminals selling stolen credentials and tools to weaponize the data. The platform has been linked to millions of financially-motivated cyber incidents globally, including fraud and ransomware attacks. With a low barrier to access, the criminal service even provided a Wiki explaining how it worked for new users in a bid to commoditize the fraud.
Microsoft will automatically block embedded files with "dangerous extensions" in OneNote, following reports of malware being delivered via the note-taking service. Users will no longer be able to directly open such attachments, with a message appearing that states: "Your administrator has blocked your ability to open this file type in OneNote." The update will begin rolling out later this month and will only impact OneNote for Microsoft 365 on Windows devices.
The United Kingdom's data protection regulator has issued a £12.7 million ($15.8 million) fine to TikTok for breaching data protection laws by collecting personal data belonging to over a million children aged under 13 without parental consent. Despite TikTok's own rules not allowing children to create an account, up to 1.4 million children in Britain used the platform in 2020. TikTok disagreed with the ICO's decision but stated it will review the decision and consider next steps.
Subscribe and Comment.
Copyright © 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: