Cybersecurity Digest #85: 28/11/2023 – 12/12/2023

Cybersecurity news

  • WordPress has released version 6.4.2 that addresses a remote code execution vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
  • A critical security vulnerability has been discovered in the system component to the Android OS that could lead to remote code execution. The issue has been assigned CVE-2023-40088.
  • Two vulnerabilities have been discovered in Bluetooth wireless communications technology. These vulnerabilities allow attackers to eavesdrop on and decrypt Bluetooth traffic, as well as inject fake messages into Bluetooth communications.
  • The popular AI chatbot OpenAI has been divulging sensitive information such as people’s names, email addresses and phone numbers from its training data, according to a team of researchers at Google.
  • Zyxel has released patches to address 15 security issues impacting network-attached storage, firewall, and access point devices, including three critical flaws that could lead to authentication bypass and command injection.
  • Researchers at AppOms have discovered a vulnerability in Zoom Room, which allowed threat actors to take over meetings and steal sensitive data.
  • Apple has released emergency security updates to address two zero-day vulnerabilities impacting iPhone, iPad, and Mac devices. The flaws are actively exploited in attacks in the wild, both issues reside in the WebKit browser engine.
  • Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released to counter ongoing exploitation in attacks.

Cybersecurity Blog Posts

  • Nicole Bucala, Comcast Technology Solutions expert, has presented three security data predictions for 2024. She foresees the popularization of big data analytics, the proliferation of data lakes for security, and the widespread adoption of continuous monitoring technologies.
  • Regulators will have the major impact on cybersecurity development in 2024. The US Securities and Exchange Commission (SEC) has issued a set of rules containing requirements for risk management, strategy, governance and incident disclosure. Howard Taylor, CISO at Radware, discusses how to prepare for the upcoming changes.
  • The OffSec company has released a detailed guide designed to provide the cybersecurity community with valuable information about APTs and how to combat them. It aims to provide the cybersecurity community with valuable insights into APTs. It delves into their definition, origin, impact on cybersecurity, reasons why enterprises should be vigilant, and discusses some of the most notable APTs known today.
  • Eddie Zhang, principal consultant for Project Black, explores the complex and often controversial world of vulnerability disclosure in cybersecurity. In his article, he discusses the ethical, legal, and practical implications of different disclosure strategies, ranging from full public disclosure to more discreet, coordinated approaches.

Research and Analytics

  • SafeBreach Labs Researchers have developed a brand new set of highly flexible process injection techniques that are able to completely bypass leading endpoint detection and response solutions.
  • SIERRA:21 – Living on the Edge report presents research on Sierra Wireless AirLink cellular routers and some of their open-source components, such as TinyXML and OpenNDS. Forescout Vedere Labs has discovered 21 new vulnerabilities within OT/IoT routers and open-source software components, highlighting new risk in the critical infrastructure.
  • Metomic has announced the results of the 2023 Google Scanner report, which reveals the amount of sensitive data that is often stored in Google Drives without any protective measures.  After scanning approximately 6.5 million Google Drive files, Metomic found 40.2% contained sensitive data that could put an organization at risk of a data breach or cybersecurity attack.
  • The Cybersecurity and Infrastructure Security Agency (CISA) has released a Cybersecurity Advisory in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency.
  • The state of authentication security 2023 survey is set out to explore challenges, to identify common practices, and to provide insight into how organizations can bolster their defenses. Key findings address current authentication methods, authentication-related cyberattacks, password management, and security awareness.
  • Sumsub has announced a tenfold increase in fraud cases using fake digital identification data. The company noted that methods based on artificial intelligence were among the top five most effective tools for fraudsters on the Internet in 2023.
  • BlackBerry has published its Global Threat Intelligence Report for Q3 2023, noting a 70% increase in unique malware samples compared to the previous quarter. The financial services industry remained the most targeted sector. In multiple cases, researchers have seen tooling overlap in attacks against the public and financial sectors. That may also indicate that the same cyber-criminal groups are targeting different institutions and organizations operating in different economic sectors. The healthcare industry also saw a 181% increase in unique malware attacks.
  • The CyberArk blog makes cybersecurity predictions for 2024 and the following years. Experts expect session hijacking will take on an increasingly prominent attack role, 30% of organizations will pay for lax password protections, and 55% of enterprises will expedite tech consolidation to simplify security.
  • According to OpenText Cybersecurity, 46% of small businesses and enterprises have experienced a ransomware attack. Also, 54% of mid-market executives have mentioned they feel more at risk of attacks from hackers using ransomware in the next two years, especially due to the growing use of AI by threat actors.
  • Analysis of further activity in the RustBucket and KandyKorn campaigns suggests that DPRK threat actors are now ‘mixing and matching’ components from these operations, with SwiftLoader droppers being used to deliver KandyKorn payloads. This post provides an extensive review of this activity as well as further indicators to help security teams defend their organizations.
  • In its report, Snyk looks at security issues introduced by AI-generated code, finding that 92% of developers said that AI coding tools occasionally generate insecure code suggestions. Respondents are also not taking proper measures to ensure that their open-source libraries are secure, with only 25% using an automated scanning tool to check the security of open-source components included in AI coding suggestions.
  • 90% of the world’s largest energy companies experienced a third-party breach in the past 12 months, according to SecurityScorecard. 92% of the energy companies evaluated have been exposed to a fourth-party breach. 33% of energy companies had a C Security Rating or below, indicating higher likelihood of breach.
  • Cycode has released a report on application security posture management (ASPM), finding that 95% of AppSec teams have more than 20 security tools, and 70% have more than 40 security tools: “Our data shows that, rather than improving matters, the proliferation of AppSec tools currently in use across organizations is only contributing to the feeling of being overwhelmed. Almost 4 in 5 (78%) security professionals surveyed say they find managing multiple different security tools challenging.”

Major Cyber Incidents

  • Japanese carmaker Nissan announced it has suffered a cyberattack impacting its internal systems at Nissan Oceania.
  • South Korean police are investigating whether a North Korean hacker group, accused of stealing data from 14 entities, obtained information on defense technology including an anti-aircraft laser.
  • Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense and the Department of Homeland Security confirmed that it suffered a cyberattack and is currently investigating the impact of the incident.
  • 9 million 23andMe customers had their data compromised after an anonymous hacker accessed user profilesand posted them for sale on the Internet.
  • The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London and added it to the list of victims on its Tor leak site.
  • Japan’s Space Agency (JAXA) has suffered a cyber-attack that left critical space technology and data at risk.
  • LY Corporation, the parent company of Line Messenger, has reported unauthorized access to its systems, leading to the leakage of hundreds of thousands of records pertaining to users, partners, and employees.
  • Slovenian largest power company Holding Slovenske Elektrarne has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production.