Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued two vital Industrial Control Systems (ICS) advisories on June 6, 2023, addressing significant security concerns, vulnerabilities, and exploits associated with Delta Electronics CNCSoft-B DOPSoft and Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series. These advisories provide essential information for users and administrators to assess the technical details and implement necessary mitigations to safeguard their ICS infrastructure. Prompt action is highly recommended to protect against potential threats and maintain the security of critical systems.
Today, a collaborative effort between CISA, FBI, NSA, MS-ISAC, and INCD resulted in the release of a comprehensive guide aimed at securing remote access software. The guide provides valuable insights into the legitimate uses of this software, as well as the tactics, techniques, and procedures employed by malicious actors to exploit it. It offers practical recommendations and best practices to detect and defend against potential threats, empowering organizations to enhance their cybersecurity posture.
Researchers from Uptycs have uncovered a new cyber threat, where the Cyclops group has developed a versatile ransomware capable of infecting Windows, Linux, and macOS systems. What sets this group apart is their additional offering of a separate information-stealer malware, designed to extract sensitive data from compromised systems. The info-stealer, coded in Go, targets specific files on both Windows and Linux platforms.
In a recent discovery, Adlumin has uncovered a new PowerShell malware script called ‘PowerDrop’ that specifically targets the U.S. aerospace defense industry. The malware, identified within the network of a U.S. defense contractor, utilizes PowerShell and Windows Management Instrumentation (WMI) to establish a persistent remote access trojan (RAT) on compromised networks. The attack exhibits characteristics of both off-the-shelf malware and advanced APT techniques, indicating a likely state-sponsored origin.
A sinister malware campaign has been discovered, utilizing the Satacom downloader as a conduit to deploy stealthy malware that pilfers cryptocurrency using a rogue extension for Chromium-based browsers. Kaspersky researchers Haim Zigel and Oleg Kupreev revealed that the malware’s primary objective is to steal BTC from victims’ accounts by executing web injections on targeted cryptocurrency websites. This alarming campaign specifically targets users of popular platforms like Coinbase, Bybit, KuCoin, Huobi, and Binance, primarily located in Brazil, Algeria, Turkey, Vietnam, Indonesia, India, Egypt, and Mexico.
A school in Dorchester that fell victim to a cyber attack last month remains unable to retrieve its encrypted computer systems and data. Thomas Hardye School disclosed that their screens and systems were locked, potentially resulting in a complete loss of data, including critical assignments for BTEC and A-level students. Head teacher Nick Rutherford expressed concerns of a possible data breach and emphasized the school’s refusal to comply with the ransom demand on the dark web.
NHS England has disclosed a data breach involving GP information following a cyber attack on Capita, affecting 90 organizations. Initially, Capita stated that the incident was limited to its network and that no customer data had been compromised. However, in May, the company admitted that some data had been exfiltrated, resulting in significant costs for recovery and reinforcement of cyber security measures.
Outlook.com is experiencing frequent outages, including today, as hacktivists called Anonymous Sudan claim responsibility for launching DDoS attacks on the service. The disruptions have been causing global disruptions for Outlook users, impacting email access and productivity. Microsoft acknowledges the technical issues but Anonymous Sudan taunts the company, demanding a ransom of $1 million to stop the attacks and offering to teach Microsoft’s cyber-security experts how to repel them.
The All India Institute of Medical Science (AIIMS), New Delhi successfully defended against a malware attack on its eHospital services. The institution’s website, ehospital.aiims.edu, was targeted, displaying a message indicating the presence of a virus. However, AIIMS assured the public that its systems were functioning normally and that the threat was neutralized by their cybersecurity measures.
In a troubling cybersecurity incident, hackers have claimed to successfully breach the admin credentials of i2VPN, a popular freemium VPN proxy server app available for download on Google Play and the App Store. The breach potentially exposes confidential information belonging to hundreds of thousands of users. The leaked data includes the admin’s email address, password, and screenshots of the dashboard displaying data centers and users’ subscription details, posing significant risks to user privacy and security.
Microsoft has reached a settlement with the Federal Trade Commission (FTC) over charges of violating the Children’s Online Privacy Protection Act (COPPA), agreeing to pay a $20 million fine and make changes to its data privacy procedures for children. The FTC accused Microsoft of collecting and retaining personal information of children without parental consent or notification, storing the data on its servers for several years. As part of the settlement, Microsoft will implement practices such as informing parents about separate accounts for their children, obtaining parental consent for underage accounts, and deleting unnecessary personal data. The settlement is pending approval from the Court.
Google has announced the support for passkeys, an alternative authentication method to passwords, across its Google Workspace platform. Passkeys allow users to sign in using biometric features like fingerprints and facial recognition, or with their device’s PIN or pattern, eliminating the need for traditional passwords. These passkeys, stored on the user’s device, offer instant sign-in and are considered more secure than passwords since they cannot be easily stolen. The feature is currently in open beta and will be gradually rolled out to all Google Workspace customers in the coming weeks.
The latest annual Verizon Data Breach Investigations Report reveals significant trends in cybersecurity incidents. Ransomware attacks have become a substantial portion of recorded security incidents, while the Log4j vulnerability was used in 75% of digital espionage campaigns. Surprisingly, employees pose a more practical cyber threat to organizations than state-sponsored hacking groups. The report emphasizes the increasing intensity of distributed-denial-of-service (DDoS) attacks, driven by the proliferation of internet of things (IoT) devices. It also highlights the plateauing but still prevalent presence of ransomware incidents and the impact of the Log4j vulnerability in the cybersecurity landscape.
The Federal Trade Commission (FTC) has filed an amended complaint against location data broker Kochava, seeking to sue the company for invasion of privacy. The agency promises to provide additional factual allegations against Kochava, citing materials produced by the company. The amended complaint was filed under seal to address possible objections from Kochava regarding the public disclosure of proprietary material.