Cybersecurity Digest #79: 11/07/2023 – 25/07/2023

Cybersecurity news

• Thousands of Citrix Netscaler ADC and Gateway servers exposed online are vulnerable to attacks exploiting a critical remote code execution (RCE) bug that was previously abused in the wild as a zero-day.
• GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware.
• Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller (BMC) software made by hardware and software company American Megatrends International.
• Google is running a pilot program to limit employees’ access to the internet in an effort to reduce the risk of cyberattacks. The program allows access to internal pages and some Google domains, such as Gmail and Google Drive.
• A hacker has created his own version of ChatGPT, but with a malicious bent. The developer of WormGPT is selling access to the chatbot, which can help hackers create malware and phishing attacks.
• Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw that it said has been actively exploited in the wild.

Cybersecurity Blog Posts

• Check Point experts in their article told why it is necessary to compare distributed data, as well as what problems can be encountered along the way and how they can be overcome.
• Red Siege has developed and provided many open source tools that will help in the work of penetration testing. Mirko Zorz in his article gave a list of 12 such tools available for free on GitHub, which are useful to know about.
• The prevalence of malicious mobile applications puts organizations at risk of operational integrity and customer trust. Organizations should prioritize mobile app testing to protect operations and businesses from cyber attacks. In his article, Shikha Dhingra emphasizes the importance of testing mobile applications for the security of the organization.
• Machine identification is growing rapidly as businesses move to the cloud, implement containerization, and use more mobile devices. Since improperly managed certificates cause failures, this problem becomes critical for many organizations and managers. Key factor experts gave 4 tips for solving problems with certificates without creating new ones.

Research and analytics

• An independent review of the IPA cited a theoretical example where metadata could be used to search for “devices simultaneously connecting to legitimate banking applications and to malicious control points”. This would indicate potential fraud taking place, and tipping off law enforcement or the bank could potentially disrupt crime in progress.
• Group-IB has  published Digital Risk Trends 2023, a comprehensive analysis of the world’s two most common cyber threats: scams and phishing. According to research, the average number of scam resources created per brand across all regions and industries more than doubled year-on-year in 2022, up 162%. Additionally, the total number of scam pages detected by Group-IB in 2022 was more than three times higher than in 2021.
• The SpyCloud report revealed security leaders are concerned about attacks that leverage malware-exfiltrated authentication data, with more than half (53%) expressing extreme concern and less than 1% admitting they weren’t concerned at all. However, many still lack the necessary tools to investigate the security and organizational impact of these infections and effectively mitigate follow-on attacks – with 98% indicating better visibility into at-risk applications would significantly improve their security posture.
• Thales  released Thales Cloud Security Study, which found that more than a third (39%) of businesses have experienced a data breach in their cloud environment last year, an increase on the 35% reported in 2022. In addition, human error was reported as the leading cause of cloud data breaches by over half (55%) of those surveyed. Three quarters (75%) of businesses said that more than 40% of data stored in the cloud is classified as sensitive, compared to 49% of businesses this time last year.
• The Identity Theft Resource Center released its U.S. data breach findings for the first half (H1) of 2023. According to the H1 2023 Data Breach Report, there were 951 publicly-reported data compromises in the quarter, a 114 percent increase compared to the previous quarter (445 compromises). It is the most breaches the ITRC has tracked in a single quarter.

Major Cyber Incidents

• Researchers discovered that two Suzuki-authorized dealer websites were leaking customers’ sensitive information. Files that should be secure and kept private were left publicly accessible.
• VirusTotal apologized for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file containing their info to the platform last month. The data leak impacted only Premium account customers, with the uploaded file containing their names and corporate email addresses.
• Le Mans Endurance Management, operating the FIA World Endurance Championship’s website, exposed the data of hundreds of drivers by leaking their IDs and drivers’ licenses. Researchers discovered two publicly exposed storage buckets containing 1.1 million files. Namely, the leaked data included: drivers’ licenses, passports, government-issued IDs.
• Shutterfly, an online retail and photography manufacturing platform, is among the latest victims hit by Clop ransomware. Over the last few months, Clop ransomware gang has been exploiting a vulnerability in the MOVEit File Transfer utility to breach hundreds of companies to steal their data and attempt extortion against them.
• A member of a hacker forum claims that they have stolen Razer’s “keys to the kingdom” in the form of source code, encryption keys and employee credentials. The data breach potentially impacts the Razer Gold system, a form of indirect e-currency that allows for digital purchases within certain games and on platforms such as the Nintendo eShop.
• U.S. healthcare giant HCA Healthcare says about 11 million patients’ data may have had their data stolen after a posting on a known cybercrime forum claimed it was selling the data. The data includes information used for email messages, such as reminders that patients may wish to schedule an appointment and education on healthcare programs and services.