Cybersecurity Digest #87: 09/01/2024 – 23/01/2024

Cybersecurity News

  • The US Cybersecurity and Infrastructure Security Agency has added a new vulnerability to its Known Exploited Vulnerabilities catalog. The vulnerability, tracked as CVE-2023-35082, can be exploited by unauthenticated attackers to access the API in older unsupported versions of MobileIron Core.
  • Guardio Labs researchers have discovered a RCE vulnerability in the Opera browser for Windows and macOS, which can be utilized to run any file on the operating system.
  • The Android-based PoS terminals from PAX Technology have been affected by a series of vulnerabilities that could be exploited to execute arbitrary code or commands.
  • Researchers have discovered over two dozen vulnerabilities in cordless nutrunners manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable.
  • The Finish National Cybersecurity Center has warned of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country.
  • Criminals have been exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information.
  • A critical vulnerability which could allow a remote attacker to take control of other users’ accounts has been discovered in GitLab.
  • Cisco has fixed a critical vulnerability in Cisco Unity Connection that could have allowed an unauthenticated attacker to upload arbitrary files and gain root privilege on the affected system.

Cybersecurity Blog Posts

  • Jared Atkinson, Chief Strategist at SpecterOps, explains why Red Teams and Blue Teams are failing to deliver on threat detection. In his study, Jared describes the effectiveness of implementing Purple Teams into the company’s structure and explains their impact on the improvement of vulnerabilities identification.
  • David Haber, CEO of Lakera, scrutinizes common LLM vulnerabilities such as compromised quality of models and interconnected systems, oversaturated network bandwidth, etc. Moreover, David provides options for strategies that can be applied to reduce the risks associated with the implementation of these vulnerabilities.
  • Chris Doman, CTO of Cado Security, has shared his cloud security predictions for 2024. Chris has warned small and medium-sized businesses to be wary of persistent threats on tokens, lack of cloud logging and IAM hacks.
  • Gabby Xiong, a Fortinet expert, details three new PYPl malware packages that deploy the CoinMiner executable on Linux devices. In his study, Gabby examines the main stages of the attack on Moduleseven-1.0, Driftme-1.0 and Catme-1.0, paying special attention to their similarity with the previously discovered PyPl package, called “culturestreak”.

Research and Analytics

  • AWS has published a Security Incident Response Guide which provides instructions on setting up and using security services, detailing the service’s components and functionality.
  • Cloudflare has released its 2024 API Security and Management Report. The report underscores the gap between organizations’ use of APIs and their ability to safeguard the data those APIs touch. Experts shared the most common API errors and gave recommendations for their holistic protection.
  • Cyberattacks targeting Web3 costed organizations $1.84 bn in 2023, according to Certik’s Hack3d: The Web3 Security Report 2023. This amount is the result of 751 cybersecurity incidents.
  • CyFirma has published a report on SilverRAT, a new remote access Trojan designed to bypass antiviruses and covertly launch hidden applications, browsers, keyloggers, and other malicious activities.
  • A research conducted by Palo Alto Networks identifies a family of malicious APK files that allow scammers to disguise themselves as law enforcement officers and drain the victim’s bank account of whatever funds are available.
  • New Insikt Group research discusses the frequent abuse of GitHub’s services by cybercriminals and APTs for various malicious infrastructure schemes. These include payload delivery, dead drop resolving, full command-and-control, and exfiltration. GitHub’s popularity among threat actors lies in its ability to allow them to blend in with legitimate network traffic, making detection and attribution challenging for defenders.
  • A 2023 Adversary Infrastructure Report by Recorded Future has revealed that open-source tools such as Cobalt Strike, Meterpreter, and Viper have been the most popular command-and-control frameworks with malware authors in 2023.

Major Cyber Incidents

  • Finnish enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang.
  • The global payments processing company Payoneer attributed reported hacks on customer accounts to fraudsters tricking users with phishing links. The users report that right before the attack, they received an SMS requesting approval from a password reset, which they didn’t grant.
  • Unknown hackers have stolen $7.5 mil from the US Department of Health and Human Services last year by breaching a service that the agency uses to distribute federal grants.
  • Foxsemicon Integrated Technology has fallen victim to a cyberattack, carried out by the notorious LockBit ransomware gang. The hackers have posted a threatening message on company’s website, stating that they had stolen its customers’ personal data and would publish it on their darknet website if the company refused to pay ransom.
  • Kansas State University has suffered a cybersecurity incident that has disrupted part of its network and services, including VPN, K-State Today emails, and videos on Canvas, or Mediasite.
  • Almost 71 million unique passwords have been stolen from different social networks, the gaming platform Roblox, the cryptocurrency platform Coinbase, eBay and Yahoo. The databases have been published on an infamous underground market that sells compromised credentials.
  • Ransomware gang ALPHV/BlackCat has taken responsibility for compromising British defense and security firm Ultra I&C in an attack, which was claimed to have resulted in a 30 GB data theft.
  • The US division of Xerox Business Solutions has been compromised by hackers with a limited amount of personal information possibly exposed. The company says that the attack has had no impact on its operations.