Cybersecurity news
- Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites. Elementor Pro is a WordPress page builder plugin allowing users to easily build professional-looking sites without knowing how to code, featuring drag and drop, theme building, a template collection, custom widget support, and a WooCommerce builder for online shops.
- A new modular toolkit called ‘AlienFox’ allows threat actors to scan for misconfigured servers to steal authentication secrets and credentials for cloud-based email services. The toolkit is sold to cybercriminals via a private Telegram channel, which has become a typical funnel for transactions among malware authors and hackers.
- Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA’s KEV catalog. The examined vulnerabilities are known and highlighted in CISA’s KEV catalog as actively exploited by hackers, so any delays in their patching maintain a large attack surface, giving threat actors numerous potential targets.
- A misconfigured Microsoft application allowed anyone to log in and modify Bing.com search results in real-time, as well as inject XSS attacks to potentially breach the accounts of Office 365 users.
- A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company’s customers in an ongoing supply chain attack.
- US President Joe Biden signed a ban on government use of commercial spyware technology. As it turned out commercial spyware poses a distinct intelligence threat to the United States and has been found on the phones of 50 US officials overseas.
- American researchers have developed a “sound Trojan” aimed at voice assistants. Silent attacks can be effectively used in the smart home ecosystem.
Cybersecurity Blog Posts
- Rafeeq Rahman shared a new CISO MindMap 2023, formed taking into account such recent changes in the digital environment as the development of ChatGPT, the increase in the use of cloud technologies and others.
- Ashley Leonard in the HelpNetSecurity blog described 3 main methods of attacks on end hosts: phishing/targeted phishing, exploiting vulnerabilities of operating systems and software products.
- John E. Dunn spoke about how the development of ChatGPT will affect the success of phishing attacks in his article. In his opinion, artificial intelligence will be able to create many unique phishing emails with competent speech, stylized in the manner of a particular person, for example, the CEO of the attacked company, etc.
Research and analytics
- Microsoft has highlighted a rise in DDoS attacks on healthcare organizations, mapping a three-fold increase in attacks over three months. It said it tracked 10 to 20 attacks per day on healthcare organizations on Azure in November but was seeing 40 to 60 per day in February. The attack mix changed over this time, it added, with over half of attacks now being UDP floods, with 44% being TCP-based.
- Half of U.S. businesses say that security is the most influential factor when buying software, according to Capterra’s Security Features Survey. In fact, 45% have stopped using a specific type of software due to security concerns. Businesses are willing to pay a premium for intuitive and well-designed secure software.
- HP Inc. issued its latest quarterly HP Wolf Security Threat Insights Report, showing hackers are diversifying attack methods, including a surge in QR code phishing campaigns. Scams trick users into scanning QR codes from their PCs using their mobile devices – potentially to take advantage of weaker phishing protection and detection on such devices. QR codes direct users to malicious websites asking for credit and debit card details.
- Huntress has released a report detailing the state of cybersecurity in mid-sized businesses across the US and Canada. Here are some findings summarized: 61% of mid-sized businesses don’t have a security team, 47% don’t have an incident response plan, 27% have no cyber insurance coverage.
- Mandiant published a detailed report titled Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace. In 2022, Mandiant tracked 55 zero-day vulnerabilities that were judged as being exploited. The report further noted that Chinese state-sponsored cyber espionage groups exploited more zero-days than other cyber espionage actors in 2022.
- ZenGo security researchers have found a new technique named the Red Pill attack that allows malicious smart contracts to detect when blockchain security solutions run “simulated transactions” and hide their malicious behavior.
- Worldwide spending on security solutions and services is forecast to be $219 billion in 2023, an increase of 12.1% compared to 2022, according to a prognosis from the International Data Corporation (IDC). Banking, Discrete Manufacturing, Professional Services, and the Federal/Central Government verticals are expected to account for more than a third of all security spending in 2023.
- CISA and FBI Release Advisory on LockBit Ransomware. The cybergroup’s prolific attack spree has been responsible for 52% of all ransomware attacks worldwide and struck major organizations, like Royal Mail, Accenture and Ion Trading. The advisory shares indicators of compromise and ways to mitigate attacks.
- While ransomware incidents declined globally in 2022, attacks increased by 17% in the U.K., according to a new report by cybersecurity company Jumpsec. The notorious ransomware gang LockBit has been responsible for over 30% of the attacks, with Karakurt and Vice Society committing their share of incidents as well.
- Malicious threat actors have actively exploited 55 zero-days in 2022 – down from 81 in 2021 – with Microsoft, Google, and Apple products being most targeted. 53 out of 55 allowed attackers to achieve elevated privileges or execute remote code on vulnerable devices, a new Mandiant report has revealed.
- Searchlight Cyber released its report Proactive Defense: How Enterprises Are Using Dark Web Intelligence. 93% of CISOs are concerned about dark web threats, and almost 72% of CISOs believe that intelligence on cybercriminals is “critical” to defend their organization and increase cybersecurity, according to report.
- Europe’s transport sector saw a doubling in ransomware attacks in 2022, making it the dominant cyberthreat facing the sector, according to ENISA. Between January 2021 and October 2022 ransomware was involved in 38% of attacks, the report said, while data-related techniques were used in 30%. DDoS attacks were 16% of the total, while phishing and supply-chain attacks were each involved in 10% of attacks.
- Security firm ThreatMon has published an analysis of 20 lesser-known leaks that have been reported on social media and dark web forums throughout the past year.
- Red Canary has published its yearly report that compiles data from nearly 40,000 threat detections across the company’s network of 800+ customers. The report covers multiple cybercrime trends, from ransomware to stealers and from Iaps to email threats.
- This Federal News Network report looks at CASS, China’s new security platform that’s currently planned to replace its EINSTEIN system.
- CISA and the NSA have published a best practices guide for securing Identity and Access Management (IAM) systems.
Major Cyber Incidents
- Western Digital announced that its network has been breached and an unauthorized party gained access to multiple company systems.
- TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan have collectively disclosed a data breach that exposed the personal data of 4,822,580 customers.
- GitHub has taken down a repository by a user named “FreeSpeechEnthusiast” that contained Twitter’s proprietary source code after the social network filed a DCMA takedown request.
- Latitude Financial has revealed that 14m customer records – including driver’s licence numbers, passport numbers and financial statements – were stolen from its system in a cyber-attack that was far worse than the company initially reported.
- OpenAI says a Redis client open-source library bug was behind ChatGPT outage and data leak, where users saw other users’ personal information and chat queries.
- One of the world’s biggest growers and distributors of fresh food, Dole Food Company, has disclosed that a ransomware attack has affected its business.
- Automaker Ferrari announced that the company suffered a data breach involving personal information of its clients, without any impact on its operations. Hackers were recently able to gain access to the Maranello based company’s IT systems, demanding a ransom for the client info.