The latest in cybersecurity: ICS Advisories, Big Head Ransomware, Patch Tuesday, MOVEit, City of Hayward, Spanish Police, Lithuania, Microsoft Entra ID, Johns Hopkins University Lawsuits
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
Resecurity has identified the emergence of Android-based tools known as “mobile anti-detects,” such as Enclave and McFly, which are being utilized by criminals involved in online banking theft. These tools enable fraudsters to impersonate compromised account holders, bypass anti-fraud controls, and manipulate mobile device fingerprints.
Cisco Talos researchers have discovered that Chinese threat actors are exploiting a loophole in Windows policies to sign and load malicious kernel mode drivers on compromised systems, allowing them stealthy access and control.
CISA released four Industrial Control Systems (ICS) advisories on July 11, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
A new ransomware called Big Head is making waves through a malvertising campaign, disguising itself as bogus Microsoft Windows updates and Word installers. Fortinet FortiGuard Labs discovered multiple variants of this ransomware designed to encrypt files in exchange for a cryptocurrency payment.
Microsoft’s July 2023 Patch Tuesday addressed 132 flaws, including six actively exploited vulnerabilities and 37 remote code execution vulnerabilities. Among the actively exploited flaws, one remains unpatched and is being used in attacks.
Arcadia Finance, a decentralized finance (DeFi) protocol, suffered a devastating cyberattack that exploited a reentrancy vulnerability, resulting in the theft of $455,000. The attacker utilized a “reentrancy exploit,” a bug that allows interrupting or reentering a contract during a multi-step process, preventing proper completion.
Deutsche Bank has confirmed that a data breach on one of its service providers has exposed customer data in a likely MOVEit Transfer data-theft attack. The breach affected customers in Germany who used the bank’s account switching service in multiple years. While Deutsche Bank’s own systems were not impacted, more than 100 companies in over 40 countries are potentially affected by this incident, with the breach possibly linked to the Clop ransomware wave of MOVEit attacks.
The popular fanfiction website Archive of Our Own (AO3) has been taken down by the pro-Russian hacktivist group Anonymous Sudan, who are demanding a $30,000 ransom to end the distributed denial-of-service (DDoS) attack. The attack has left over 11 million works inaccessible to thousands of fans.
The city of Hayward has experienced a ransomware attack, leading to the shutdown of its website as IT teams assess the situation. The incident, described as a “cyber-security incident and intrusion,” prompted the city to turn off its public website and online portals while emergency dispatching systems and 911 services remain operational. While there is currently no evidence of personal information breaches, the city is prioritizing the protection of private and confidential data.
Lithuania’s government has reported a series of cyberattacks targeting the country just before the NATO summit in Vilnius. Distributed denial-of-service (DDoS) attacks have been launched, aiming to disrupt the functioning of essential services such as the municipality’s websites and public transport app. The National Cyber Security Centre has responded by increasing its staff and collaborating with intelligence agencies, police, and foreign partners to counter the cyber threats. Lithuania is preparing to host the NATO summit, heightening concerns about cybersecurity and ensuring a secure environment for the high-level gathering.
Spanish law enforcement authorities have successfully dismantled a highly professional cybercriminal ring that employed a range of hacking techniques to target banking customers. The group, posing as employees of legitimate Spanish banks, extorted 100,000 euros and provided crime-as-a-service offerings to other criminals, according to authorities. The cybercriminals used fraudulent calls and SMS messages to deceive unsuspecting victims into divulging their banking credentials, which were then exploited to carry out illegitimate financial transactions.
The US Department of Justice has announced the arrest of Shakeeb Ahmed, a 34-year-old resident of New York, on charges of wire fraud and money laundering related to a scheme that defrauded a decentralized cryptocurrency exchange of approximately $9 million in 2022. Ahmed, a former senior security engineer specializing in smart contracts and blockchain audits, exploited a smart contract vulnerability and returned most of the stolen funds after contacting the exchange, retaining $1.5 million as a bounty. While the exchange remains unnamed in the indictment, it aligns with the incident reported by Crema Finance, involving the theft of $8.8 million worth of assets.
Microsoft has announced that it will rename its Azure Active Directory (Azure AD) enterprise identity service to Microsoft Entra ID by the end of the year. Azure AD provides essential security features such as single sign-on, multifactor authentication, and conditional access to help protect against cybersecurity attacks. The rebranding will not impact the service’s functionality or existing deployments, and all licenses, configurations, and integrations will continue to work seamlessly.
Johns Hopkins University and its affiliated health system are facing federal class action lawsuits following a cybersecurity breach involving the MOVEit file transfer software. The lawsuits allege negligence on the part of the university and healthcare system for failing to protect sensitive information from cybercriminals. The breach, attributed to the Clop ransomware group, impacted numerous organizations worldwide and compromised the personal data of over 16 million individuals.
Israeli startup Savvy has raised $30 million in funding as it emerges from stealth mode to tackle security incidents related to software-as-a-service (SaaS) applications. Savvy’s Workforce Security Automation platform offers real-time alerts and guidance to prevent human error, providing visibility and control over user SaaS touchpoints. The platform aims to address challenges arising from the increased adoption of SaaS applications by embedding security guardrails in the user workspace.
Subscribe and Comment.
Copyright © 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: