Cyber Briefing 2023.07.10

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.

The latest in cybersecurity: Iran, Malware, BlackByte, MOVEit, Mastodon, Barracuda, Phishing, Bangladesh, Revolut, Razer, Germany, France’s Surveillance, Ronaldo.

🚨 Cyber Alerts

1. TA453: Dual-Platform Malware Attacks

The notorious Iranian nation-state actor known as TA453 has unleashed a new wave of spear-phishing attacks, infecting both Windows and macOS operating systems with sophisticated malware. According to a report by Proofpoint, TA453 utilized various cloud hosting providers to deliver a unique infection chain, deploying the newly discovered PowerShell backdoor called GorjolEcho. In their relentless pursuit of espionage, TA453 even employed multi-persona impersonation and adapted their tactics to launch an Apple-focused infection chain called NokNok, while continuously evolving their malware arsenal to complicate detection efforts.

2. BlackByte 2.0: Ransomware’s Alarming Speed

The BlackByte 2.0 ransomware attacks, investigated by Microsoft’s Incident Response team, have unveiled a terrifying reality—hackers can execute their entire attack process, from initial access to causing extensive damage, within a mere five days. With no time to spare, these cybercriminals swiftly infiltrate systems, encrypt vital data, and demand ransoms for its release. This compressed timeline presents a significant challenge for organizations striving to defend against these destructive operations, highlighting the urgent need for robust cybersecurity measures.

3. Critical Vulnerabilities in MOVEit Transfer

Progress has released security patches to address a critical SQL injection vulnerability, CVE-2023-36934, in its MOVEit Transfer software. This comes after MOVEit Transfer software was targeted by the widespread Clop ransomware campaign, exploiting a vulnerability in the product. The SQL injection flaw could allow unauthorized access to the MOVEit Transfer database, with an attacker able to modify and disclose its content. Organizations are urged to apply the provided patches and update to the latest versions to mitigate these vulnerabilities.

4. Mastodon’s Critical Vulnerabilities Patched

Mastodon, the decentralized social networking platform with millions of users, has patched four vulnerabilities, including a critical one named TootRoot. The flaw allows attackers to create arbitrary files on the server using specially crafted media files, providing an easy way to compromise target servers and potentially gain unlimited control over sensitive data. Independent auditors at Cure53 discovered the vulnerabilities, prompting Mastodon to release security updates in versions 3.5.9, 4.0.5, and 4.1.3. Administrators are urged to apply the patches promptly to safeguard their communities from potential exploits.

5. Barracuda Addresses Login Issues

Barracuda, the email and network security firm, is actively working to resolve an ongoing problem that is causing invalid login errors and preventing users of Email Gateway Defense from accessing their accounts. The company has identified the root cause of the sign-in issues and has projected a fix to be released on or before July 14th, according to their current timeline. Barracuda expresses their appreciation for understanding and support while apologizing for any inconvenience caused by this known issue.

6. Emerging Letscall: Advanced Voice Phishing

Researchers issue a warning about a sophisticated form of voice phishing (vishing) known as “Letscall,” which is specifically targeting individuals in South Korea. This advanced attack technique involves a multi-step process that tricks victims into downloading malicious apps from a counterfeit Google Play Store website. Once installed, the malicious software reroutes incoming calls to a call center operated by criminals who pose as bank employees to extract sensitive information. Letscall utilizes cutting-edge technologies such as voice over IP (VOIP) and WebRTC, along with advanced evasion techniques like obfuscation and directory structuring, making it a formidable and evolving threat.

💥 Cyber Incidents

7. Bangladesh Govt. Site Leaks Citizens’ Data

A shocking discovery by researcher Viktor Markopoulos has unveiled a grave security breach on a Bangladeshi government website, resulting in the leakage of sensitive personal data belonging to millions of citizens. TechCrunch, the first to report the incident, confirmed that the leaked information encompassed full names, national ID numbers, phone numbers, and email addresses. With the compromised data exposing affected individuals to identity theft and potential scams, urgent action is required to address this alarming situation, as the government website continues to put citizens’ privacy at risk.

8. Translation Service Data Breach Exposes Documents

Security researcher Jeremiah Fowler found a non-password-protected database containing over 25,000 publicly exposed records, including highly sensitive documents. The compromised database belonged to Kings of Translation, a New York-based translation service provider, and included passports, driver licenses, business documents, denied visa petitions, and even US federal and state tax filings. The leaked data poses significant security risks, potentially exposing individuals to identity theft, tax fraud, and other cybercrimes. Fowler immediately alerted the company, and while access to the database was restricted, the duration of its public exposure remains unknown, with no response yet from Kings of Translation.

9. Revolut’s $20M Breach: Payment System

Revolut, a prominent fintech firm, fell victim to a sophisticated attack in early 2022, leading to the theft of over $20 million. The breach, which remained undisclosed to the public, involved malicious actors exploiting an unknown vulnerability in Revolut’s payment systems. The flaw allowed organized criminal groups to manipulate declined transactions, triggering erroneous refunds that were then fraudulently withdrawn from ATMs, resulting in a net loss of around $20 million for the neobank.

10. Razer Investigates Potential Data Breach

Gaming hardware company Razer is reportedly investigating a potential data breach after a seller on a hackers’ forum offered stolen data, including source code and back-end access logins, for sale. The data allegedly includes folders related to Razer’s digital wallet, zVault, encryption keys, and files associated with its reward system. The seller claimed to have 404,000 accounts and offered to sell the data for $100,000 in Monero cryptocurrency.

📢 Cyber News

11. Germany’s New Cybersecurity Chief

Claudia Plattner, the newly appointed president of Germany’s Federal Office for Information Security (BSI) and former director general for information systems at the European Central Bank (ECB), stressed the urgent need for Germany to defend itself against a surge in cyberattacks targeting hospitals, local government authorities, and businesses. In a formal presentation in Berlin, Plattner highlighted the escalating attacks on the country’s critical infrastructure and emphasized the growing threats from Russia, China, and Iran. As the BSI seeks additional powers, including enhanced authority in the event of an attack, Plattner aims to bolster Germany’s cybersecurity defenses to safeguard its national security interests.

12. Former Employee Sabotages Water Facility

Rambler Gallo, a 53-year-old man from Tracy, California, is facing charges for unauthorized access to a water treatment facility’s systems with the intention of deleting critical software. Gallo, who had previously worked for a company contracted by the town of Discovery Bay, allegedly installed software during his employment that allowed him to remotely access the facility’s systems from his personal computer. After resigning, he reportedly used this remote access to uninstall crucial software, jeopardizing the water treatment system’s operations and safety. While incidents targeting water facilities are not uncommon, this case highlights the importance of robust security measures to safeguard critical infrastructure.

13. Twenty Manx Authorities Penalized

The information commissioner’s office has reprimanded twenty Manx public bodies for data breaches related to unauthorized access of personal data within their system for recording and managing freedom of information requests. With a clear public interest in disclosing the reprimand, the affected bodies have until July 28 to address the breach issues. The extent of unauthorized access, the wide range of public authorities impacted, and the purpose of processing personal data were key factors in making the reprimand public, according to Deputy Commissioner Nicola Whiting.

14. France Expands Surveillance Powers Amid Controversy

French legislators are set to pass a justice reform bill that grants law enforcement increased surveillance powers, allowing them to spy on suspects through their smartphones and other electronic devices. The legislation permits the use of spyware to remotely monitor suspects using device microphones, cameras, and GPS location tracking. The measure has faced criticism from both the left and rights defenders, who argue that it infringes on civil liberties and resembles an authoritarian surveillance charter.

15. Hacker Charged with 377 Offences in Football Leaks

Portuguese hacker Rui Pinto, known for his involvement in the Football Leaks scandal, has been charged with 377 offences, including unauthorized access and violation of correspondence. Among his targets was Cristiano Ronaldo’s lawyer, from whom he obtained information about rape allegations against the footballer, which he then shared with German magazine Der Spiegel.