Cybersecurity Digest #86: 12/12/2023 – 26/12/2023

Cybersecurity News

  • Four vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, with one of the vulnerabilities allowing the intruders to remotely execute commands from the LocalSystem account.
  • VoIP communications company 3CX has warned its customers to disable SQL database integrations due to possible risks associated with what it describes as a potential vulnerability.
  • Akamai has warned of a new Mirai-based DDoS botnet, named InfectedSlurs, actively exploiting two zero-day vulnerabilities to infect routers and video recording devices.
  • A four-tier classification has been proposed in China to help with the response to data security incidents, highlighting Beijing’s concern with large-scale data leaks and hacking within its borders.
  • 2023 has seen the emergence of ten new Android banking malware families, which collectively target 985 banking and trading apps from financial institutes across 61 countries.
  • As a part of Patch Tuesday, Microsoft has fixed 34 vulnerabilities including one zero-day vulnerability affecting specific AMD processors.
  • A critical vulnerability which can let attackers gain remote code execution to fully compromise vulnerable websites has been discovered in a WordPress plugin.
  • 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance.

Cybersecurity Blog Posts

  • Nicola Newitt, InfoSum’s Director of Legal, explains why data protection is going to be one of the biggest challenges for organizations in 2024.
  • Dylan Ayrey, CEO of Truffle Security, has disclosed details of a Google Oauth vulnerability that allows employees to maintain access to services after they have offboarded. The error primarily affects organizations that use Google Workspace infrastructure for collaborative work. In his article, Dylan describes a theoretical situation in which an employee creates a “phantom” Google account, which he then uses to access other internal services via OAuth.
  • Joshua Goldfarb, solutions architect at F5, argues that APIs allow companies to be more competitive and accelerate the pace of product development and deployment. In his study, Joshua describes 10 factors that must be considered when evaluating an API security proposal.

Research and Analytics

  • According to Veracode, a number of companies around the world still have not fixed a critical vulnerability in Log4j. This issue remains relevant and causes concern among cybersecurity specialists.
  • SafeBreach experts have developed a method for injecting code into process memory, using Windows thread pools to hide its execution. Testing has shown that even the EDR solutions market leaders are unable to detect a Pool Party attack.
  • In Q3 Surfshark found that 76% fewer accounts were leaked compared to Q2. The total for Q3 was 13m, compared to 133m in Q2. According to Surfshark statistics, the US, Russia and France have seen a noticeable decrease in the number of hacks.
  • As part of the Cybersecurity Control Insights: An Analysis of Organizational Performance study, Bitsight and Google have developed a methodology for measuring cybersecurity performance using MVSP controls.
  • Zscaler has released its annual 2023 State of Encrypted Attacks Report. The company highlights sophisticated nature of cybercriminals’ tactics targeting encrypted channels and focuses on the increase in threats via HTTPS, which grew by 24% compared to 2022.
  • A report by the British Parliament’s Joint Committee on National Security Strategy has revealed that the United Kingdom remains one of the most vulnerable countries to ransomware due to its regulatory framework, as well as outdated IT systems in the field of critical infrastructure.

Major Cyber Incidents

  • The LockBit ransomware claims to have hacked accountancy firm Xeinadin threatens to leak the alleged stolen data.
  • Fred Hutchinson Cancer Center has confirmed being impacted by a cyberattack after the Hunters International ransomware operation claimed to have exfiltrated 533 GB of data from the cancer center’s systems.
  • Mortgage lender Mr Cooper has now admitted almost 14.7 m. people’s private information, including addresses and bank account numbers, were stolen in a security breach, which is expected to cost the business at least $25 m. to clean up.
  • Toyota Financial Services Europe & Africa has confirmed being targeted in a cyberattack, which appears to have been conducted by a known ransomware group.
  • Nearly 70% of Iran’s gas stations went out of service following possible sabotage — a reference to cyberattacks.
  • Struggling apparel and footwear maker VF Corp. said it’s working to restore its ability to fulfill orders following a cyberattack, though the company hasn’t yet determined the full scope of the incident.
  • Comcast, the largest cable operator in the U.S., has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 m. Xfinity customers.
  • The Idaho National Laboratory has confirmed that attackers stole the personal information of more than 45,000 individuals after breaching its cloud-based Oracle HCM HR management platform.