Cybersecurity Digest #76: 30/05/2023 – 13/06/2023

Cybersecurity news

• Google has confirmed that a zero-day security vulnerability in Chrome web browser is being actively exploited and has issued an emergency security update in response. CVE-2023-3079 is a type confusion vulnerability in the V8 JavaScript engine.
• GitHub has added support for the Swift programming language to the platform’s security features. A GitHub user can warn project owners about vulnerabilities in the dependencies of their Swift project.
• CISA, FBI and NSA have released another Joint Security Guide, which is the result of a collaborative effort to provide an overview of legitimate uses of remote access software, as well as common exploitations and associated tactics, techniques, and procedures.
• A new anti-cybercrime campaign, Operation CMDStealer, has been revealed, aimed at gaining access to online business accounts of users in Mexico, Peru and Portugal. Hackers used LOLBaS attacks and command line scripts.
• Experts warn Google users that hackers are abusing Gmail’s blue checkmarks to steal money and passwords. The attackers began to verify accounts imitating well-known brands by creating fake emails.
• Microsoft has shared details of a now-patched flaw in Apple macOS that could be abused by threat actors with root access to bypass security enforcements and perform arbitrary actions on affected devices.

Cybersecurity Blog Posts

• Helga Labus in her article recommends 9 free cybersecurity whitepapers that need to be read by security specialists. These recommendations explore the possible risks associated with generative AI and large language models.
• Experts from Bad Option.eu while experimenting with new domains .zip detected incorrect behavior of Windows Explorer, which can cause RCE if the Java runtime environment is installed. This behavior was called Zip Jar.
• Trend Micro researchers, Guy Lederfein and Lucas Miller, described in a blog how the vulnerability CVE-2023-24941 in Microsoft Network File System (NFS) v4.1 leads to remote code execution.

Research and analytics

• CISOs and ITDMs continue to be most occupied with business, IT and security program strategy, but they are spending less time on threat research, awareness and hunting compared to 2022, according to Nuspire Second Annual CISO Research Report on Challenges and Buying Trends: A Focus on Optimization. 58% percent of CISOs and ITDMs said their budgets had increased, and of those, 42% said they have plans to increase their budgets even more.
• Jumio 2023 Online Identity Study reveals an understanding among consumers around how generative AI and deepfake technologies could accelerate identity fraud, and the subsequent need for digital identities for online verification and authentication.  67% of consumers are aware of generative AI technologies but they overestimate the ability to detect a deep face video.
• A US GAO report found that the DHS is still using legacy gear to run some of its critical systems, exposing itself to hacks and other security risks.
• Palo Alto Networks’ Unit 42 has published its yearly report on network threats report, and the company says that last year, attacks exploiting vulnerabilities increased by 55% compared to 2021. In addition, the company also noted a 27.5% rise in malware explicitly targeting the operational technology industry.
• The 2023 edition of the Verizon Data Breach Investigations Report examined 16,312 incidents, of which 5,199 were confirmed data breaches. Here are some of the main conclusions: DDoS remained the top cybersecurity incident last year; 83% of breaches involved the actions of an external actor; stolen creds, phishing, and vulnerability exploitation were the top 3 breach sources last year; 24% of breaches last year originated from a ransomware attack.
• Malware researcher Igal Litzky has published a series of articles consisting of two parts (Part1, Part2), which are devoted to the analysis of Kraken infostealer.
• The OALABS article discusses the AsyncRAT sample, its analysis and the AMSI (Anti-Malware Scan Interface – Windows protection Technology) bypass method.

Major Cyber Incidents

• The University of Manchester warns staff and students that they suffered a cyberattack where threat actors likely stole data from the University’s network.
• A hospital in Idaho has been diverting ambulances to other hospitals for more than 24 hours because of a cyberattack. It has forced nurses and doctors at Idaho Falls Community Hospital, an 88-bed hospital in the east of the state, to use pen and paper rather than computers for patient charts.
• The Clop ransomware gang has told they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach servers belonging to “hundreds of companies” and steal data.
• End-of-year high school exams in Greece were disrupted by “one of the most extensive cyberattacks in the country’s history”. The distributed denial-of-service attack targeted Greece’s online examination platform, which is designed to set a uniform exam standard nationwide.
• Nearly half a million members of a notorious cybercrime forum have had their details publicly exposed after a key database was published on another hacking site. Cybersecurity researchers confirmed the news that over 478,000 users of RaidForums had their data leaked on up-and-coming forum Exposed.
• Managed Care of North America (MCNA) Dental has published a data breach notification on its website, informing almost 9 million patients that their personal data were compromised.