Cybersecurity Digest #88: 23/01/2024 – 06/02/2024

Cybersecurity News

  • An Android remote access trojan known as VajraSpy has been found in 12 malicious applications. The malicious apps have been removed from Google Play but remain available on third-party app stores, disguised as messaging or news apps.
  • Google-owned Mandiant has identified new malware employed by a China-nexus espionage threat actor known as UNC5221. It allows an unauthenticated threat actor to execute arbitrary commands on the Ivanti VPN appliance with elevated privileges.
  • GitLab has released fixes to address a critical security flaw in its Community Edition and Enterprise Edition that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10.
  • A new variant of the Phobos ransomware FAUST has been discovered, one that’s a concern because it can maintain persistence in a network environment and creates multiple threads for efficient execution.
  • A recently uncovered ransomware operation named Kasseika has joined the club of threat actors that employs Bring Your Own Vulnerable Driver tactics to disable antivirus software before encrypting files.
  • Apple has fixed an actively exploited zero-day vulnerability that affects Macs, iPhones, iPads and AppleTVs. CVE-2024-23222 is a type confusion issue that affects WebKit – Apple’s browser engine used in the Safari web browser and all iOS and iPadOS web browsers.
  • Numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking.
  • Researchers has reported attempts to exploit CVE-2023-22527 flaw vulnerability that affects outdated versions of Atlassian Confluence servers. The flaw is a template injection weakness that allows unauthenticated remote attackers to execute code on vulnerable Confluence Data Center.

Cybersecurity Blog Posts

  • Mike Starr, CEO of trackd, has shared his thoughts on omission bias in vulnerability management, particularly vulnerability remediation, and how IT operators can overcome it with today’s new management platforms.
  • Laurie Mercer, Security Architect at HackerOne, has explained why cyberattacks mustn’t be kept a secret. Author believes that embracing a culture of cybersecurity transparency is good for business and for the broader security of the internet.
  • Mirko Zorz, Director of Content at Help Net Security, has shared his knowledge on how to properly integrate cybercrime intelligence into existing security infrastructures. Mirko has discussed the need to continually adapt cybersecurity strategies and has shared practical tips for enhancing threat detection and response capabilities.

Research and Analytics

  • According to Expel’s Annual Threat Report 2024, the number of incidents occurring in cloud infrastructure continues to grow. This is especially true when it comes to exposing stolen or leaked credentials, which pose the biggest and most common risk.
  • Cyberint’s Ransomware Trends Q4 2023 Report states that in 2023 the number of ransomware victims increased by 55%. Both long-established hacker groups such as LockBit3.0, ALPHV and Clop, as well as new groups including 8Base, Play, BianLian and Akira, has contributed to the increase in attacks.
  • According to Abnormal Security’s report, the number of phishing attacks in the financial sector reached 137% in 2023. The majority of incidents were carried out using social engineering methods.
  • Cyber incidents will become the top global problem in 2024 according to Allianz Risk Barometer 2024 Report. Data breach is perceived to be the most serious cyber threat. It is followed by attacks on critical infrastructure and physical assets, as well as ransomware, which is gaining momentum every year.
  • The Egress’ Email Security Risk Report 2024 has revealed that 94% of organizations fell victim to phishing attacks in 2023, up 2% from the previous year. Inbound email incidents primarily took the form of malicious URLs, attacks sent from a compromised account, and malware or ransomware attachments.
  • The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023 according to a report from Coveware.

Major Cyber Incidents

  • Scammers have stolen $25,5 million from a multi-national company using a deepfake conference call to trick an employee into transferring the funds.
  • Lurie Children’s Hospital in Chicago has been forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances.
  • Energy management and industrial automation firm Schneider Electric has suffered a data breach. The attack has been carried out by the Cactus ransomware gang, which claims to have stolen TBs of corporate data from the company.
  • The Kansas City Area Transportation Authority has fallen a victim to a ransomware attack. Medusa ransomware gang has threatened to publish all the stolen data unless the company pays a $2 million ransom.
  • Mercedes-Benz has accidentally exposed a trove of internal data after leaving a private key online that gave “unrestricted access” to the company’s source code.
  • Personal data of 15 million users of the cloud-based project manager Trello has been put up for sale on a popular hacker forum. The hack most likely did not occur directly, but the hackers managed to collect user data, removing it from the site itself.
  • UK water supplier Southern Water has suffered a data breach. The stolen information included personal documents of employees, as well as internal corporate information.
  • The LockBit ransomware gang claimed to have hacked Subway, the multinational fast-food restaurant. The group alleges to have stolen hundreds of gigabytes of sensitive data.