Cyber Briefing - 2023.09.08
👉 What are the latest cybersecurity alerts, incidents, and news?
Apple , NSO Group, Spyware, APT, Zoho , Fortinet , North Korea, Crypto Heists Windows, Malvertising Campaign, macOS, Atomic Stealer Malware, Latvia, Russia, The Janssen Pharmaceutical Companies of Johnson & Johnson , Seville Council, LockBit, Just Kids Dental, See Tickets, API Security, Google , Phishing, Trickbot Group.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
🚨 Cyber Alerts
Apple has released critical software updates to address two zero-day vulnerabilities that were exploited by the NSO Group's Pegasus spyware. Researchers at Citizen Lab at The University of Toronto discovered these vulnerabilities, which allowed attackers to compromise Apple devices, including iPhones and iPads, without any user interaction. Users of Apple devices are strongly advised to update their operating systems immediately to protect themselves from these security flaws, as the vulnerabilities were actively exploited in the wild to deliver the spyware.
Multiple nation-state hacking groups have been exploiting known flaws in Zoho ManageEngine software and Fortinet firewalls for which patches are available, cybersecurity officials warn. In a new alert, the U.S. Cybersecurity and Infrastructure Security Agency includes details of how both vulnerabilities are being exploited, revealing that attackers have gained unauthorized access and exfiltrated data from targeted organizations. These ongoing exploits highlight the critical importance of timely patching and cybersecurity vigilance in the face of persistent threats from nation-state actors.
North Korean threat actors have been actively targeting the cybersecurity community, employing a zero-day vulnerability in undisclosed software to infiltrate systems. Google's Threat Analysis Group (TAG) uncovered this campaign, revealing that the attackers establish fake social media accounts to build trust and collaboration with potential targets, eventually leading to the delivery of a malicious file. This file contains at least one zero-day vulnerability in widely-used software, and once executed, it performs anti-virtual machine checks and sends collected information back to the attacker's server.
Attackers are conducting a cryptocurrency-mining campaign that specifically targets 3D modelers and graphic designers. They utilize modified versions of legitimate Windows installer tools, including those for popular software like Adobe Illustrator and Autodesk 3ds Max, to hide malware. This campaign, ongoing since November 2021, deploys various payloads, such as backdoors and cryptominers, including M3_Mini_Rat, PhoenixMiner, and lolMiner.
A new malvertising campaign is distributing an updated version of macOS stealer malware, Atomic Stealer (AMOS), indicating active maintenance by its author. This Golang-based malware, initially discovered in April 2023, has seen new variants with expanded information-gathering capabilities, primarily targeting gamers and cryptocurrency users. The campaign leverages fraudulent TradingView software downloads, and the macOS payload is an updated Atomic Stealer version that prompts users for passwords, harvesting files and data stored in iCloud Keychain and web browsers.
The Cybersecurity and Infrastructure Security Agency (CISA) has recently released four significant Industrial Control Systems (ICS) advisories on September 7, 2023. These advisories are essential resources, offering up-to-date information regarding security concerns, vulnerabilities, and potential exploits within the realm of ICS. Users and administrators are strongly encouraged to thoroughly review these advisories to gain insights into technical details and recommended mitigation strategies. Keeping ICS systems secure is paramount, and CISA's advisories play a crucial role in achieving this goal.
💥 Cyber Incidents
Pro-Russian hackers have successfully breached the Latvian Ministry of Interior, compromising three email accounts, according to reports from the Delfi website. This breach has resulted in the exposure of internal documents and email correspondence on various social media platforms. Latvian authorities are now working to bolster security measures and investigate the incident, highlighting the ongoing challenges posed by cyber threats with geopolitical implications.
Sensitive patient data may be at risk following a breach of the Janssen CarePath platform, a subsidiary of pharmaceutical giant Johnson & Johnson, according to a statement by tech firm IBM. The breach involved unauthorized access to a third-party database supporting Janssen, potentially exposing patient names, contact details, dates of birth, and sensitive medical information, including health insurance and medication data. While social security numbers and financial account information were not compromised, the breach could impact over a million individuals.
Recommended by LinkedIn
The city council of Seville, Spain, has fallen victim to a cyberattack attributed to the LockBit cybercrime gang. The attack, which began on Monday, has disrupted various city services, including those provided by the police, firefighters, and tax collection departments. City officials have declared that they will not pay the $1.5 million ransom demanded by the hackers. Although the incident was initially thought to be an internal system failure, further investigation revealed it to be a cyberattack by LockBit, a group known for encrypting networks and threatening to release stolen data.
Alabama-based Acadia Health LLC, doing business as Just Kids Dental, fell victim to a cyberattack that potentially compromised the sensitive information of around 130,000 individuals. The breach, which occurred on August 2 and was discovered on August 8, involved the encryption of the dental practice's computer networks and data. The compromised information includes patient and employee details such as names, addresses, Social Security numbers, and health insurance data, among other things.
Ticketing giant See Tickets has revealed a second data breach in the past year, compromising customer credit card information. The breach, discovered in May, revealed that hackers had injected malicious code into the company's e-commerce checkout pages, potentially stealing payment card details from February 28 to July 2. Over 323,000 customers were affected, and while See Tickets completed its investigation by July 21, it took more than six weeks to notify impacted individuals.
📢 Cyber News
Traceable, in collaboration with the Ponemon Institute, has unveiled concerning insights into the state of API security in 2023. The study, based on input from 1629 cybersecurity experts across the US, UK, and the EU, reveals a significant increase in API-related data breaches, with a staggering 74% of organizations reporting three or more incidents within the past two years. These breaches, primarily driven by DDoS attacks, are expanding organizations' potential attack surfaces, as indicated by 58% of respondents.
Google is deprecating the standard Safe Browsing feature in Google Chrome and replacing it with Enhanced Safe Browsing. This move will provide real-time protection against phishing attacks by checking websites against Google's cloud database in real-time. Although this offers improved security, it comes at the cost of user privacy, as Chrome will send URLs to Google's servers for analysis. While this change aims to protect users from evolving threats, it also raises concerns about potential data usage for purposes beyond security.
In a joint effort, the United States and the United Kingdom have imposed sanctions on eleven Russian individuals allegedly connected to the Trickbot malware and Conti ransomware schemes. These sanctions target key figures involved in managing and procuring for the Trickbot group, which is known to have ties to Russian intelligence services and is responsible for stealing over $180 million globally. Alongside the sanctions, the U.S. Department of Justice has unsealed indictments against seven of the individuals.
A Russian businessman with connections to the Kremlin, Vladislav Klyushin, has been sentenced to nine years in prison for his involvement in a nearly $100 million stock market cheating scheme that relied on hacked insider information. Klyushin, who ran a Moscow-based IT company, was convicted of wire fraud and securities fraud charges after a trial in Boston. He personally gained over $33 million from the scheme, which involved hacking into U.S. computer networks to steal earnings-related filings for companies like Microsoft and Tesla.
Subscribe and Comment.
Copyright © 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: