Cybersecurity news
- Aruba Networks published a security advisory to inform customers about six critical-severity vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system. The flaws impact Aruba Mobility Conductor, Aruba Mobility Controllers, and Aruba-managed WLAN Gateways and SD-WAN Gateways.
- Cybersecurity researchers Bitdefender have released a new decryptor for the MortalKombat ransomware which can help save precious files, free of charge.
- A stealthy Unified Extensible Firmware Interface (UEFI) bootkit called BlackLotus has become the first publicly known malware capable of bypassing Secure Boot defenses, making it a potent threat in the cyber landscape.
- The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2022-36537 to its “Known Exploited Vulnerabilities Catalog” after threat actors began actively exploiting the remote code execution flaw in attacks.
- Hackers are actively exploiting two critical-severity vulnerabilities in the Houzez theme and plugin for WordPress, two premium add-ons used primarily in real estate websites. Houzez is a high-quality WordPress theme that is available for purchase on ThemeForest, a popular marketplace for digital products.
- In-the-wild exploitation of a Fortinet FortiNAC vulnerability tracked as CVE-2022-39952 was seen just days after a patch was announced, and on the same day a proof-of-concept (PoC) exploit was made public.
Cybersecurity Blog Posts
- Edwin David in his article told about the 5 main things that will lead an attacker to the azure cloud. First of all, this is an incorrectly configured cloud infrastructure. It is important for enterprises to have reliable security measures and access controls in the cloud to reduce risk and reduce potential damage.
- The author Marcus Hutchins shared his view on the impact of ChatGPT on cybercrime. In addition to the general statement that AI allows low-skilled hackers to develop advanced malware, the author sees the danger, among other things, in improving the AI of phishing emails and creating polymorphic malware that easily bypasses security products.
- Anton Chuvakin raised the topic of the relevance of SIEM in 2023. The author answered some popular questions about whether XDR or cloud technologies can displace SIEM, what threatens it, and what helps it develop.
- The author Zeljka Zorz commented on the matrix of DNS abuse methods published by FIRST. It describes which methods of DNS abuse are used by cybercriminals and which organizations can help incident response services and security teams detect, mitigate and prevent them.
Research and analytics
- PeckShield experts have discovered a large number of tokens allegedly associated with the chat bot ChatGPT. Experts have identified at least 3 fraudulent tokens with the ticker BingChatGPT for stealing funds. Two of them have already lost almost 100% of their value, and the third – 65%. Cybercriminals used a fraudulent Pump-and-Dump scheme.
- The new Splunk report presents research and ideas on what is needed for digital resilience, and how it benefits organizations.
- The Chrome security team has published an overview of its activities for the 4th quarter of 2022. The report presents the latest security features that have appeared or will appear in Chrome/Chromium.
- The US Federal Trade Commission says that Americans lost more than $8.8 billion due to fraud in 2022. This is more than 30% more than in the previous year. The FTC also reports that in 2022, the Consumer Sentinel network received more than 2.4 million fraud reports.
- Fairyproof specialists in their report provide a brief description of the most common phishing and social engineering tactics used to compromise blockchain and cryptocurrency users.
- Trend Micro has discovered a version of the PlugX backdoor hidden inside an open source Windows debugging tool. Plug is a remote access Trojan that was developed and originally used by Chinese cyber espionage groups.
- According to Prodaft, RIG operators make an average of 2,000 exploit attempts per day. The success rate at the end of last year reached a record level for this threat – 30%. The researchers gained access to the RIG backend web panel and found that a set of exploits is still being used to distribute infostilers, banking Trojans, malicious loaders. Of the encryption programs, Royal is present in the list of delivered malware.
Major Cyber Incidents
- American fast food chain Chick-fil-A has confirmed that over 71,000 customers’ accounts were breached in a months-long credential stuffing attack, allowing threat actors to use stored rewards balances and access personal information.
- Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company’s Fortra GoAnywhere MFT secure file-sharing platform.
- UK-based high street chain WH Smith has confirmed that it was targeted in a cyberattack resulting in the theft of employee data. Following the detection of the attack, WH Smith initiated an investigation in partnership with cybersecurity experts and implemented incident response strategies, including notifying relevant authorities.
- Stanford University, one of the top ranked Universities of the United States and world, has become a victim to a cyber attack leading to data leak or unauthorized access of sensitive information. The leaked details include first and last names of students, their DOBs, contact mail address, phone numbers, email IDs, gender, ethnicity, race, citizenship, nativity, transcripts, resume, recommendation letter and filled up admission forms on a digital note.
- The U.S. Marshals Service suffered a major security breach when hackers broke into and stole data from a computer system that included a trove of personal information about investigative targets and agency employees.
- Researchers said that hackers gained access to the login credentials for data centers in Asia used by some of the world’s biggest businesses. The data caches involve emails and passwords for customer-support websites for two of the largest data center operators, Shanghai-based GDS Holdings Ltd. and Singapore-based ST Telemedia Global Data Centres. About 2,000 customers of GDS and STT GDC were affected.