In today’s edition: Statc Stealer, Freeze.rs, XWorm, Remcos RAT, Dell, VMware, Iran, Germany, MoustachedBouncer, Ernst & Young, California City, Disney.
A new strain of malware called Statc Stealer has been identified, posing a significant risk to devices running Microsoft Windows. Security experts at Zscaler ThreatLabz have highlighted its ability to steal a wide range of sensitive information, including login data, cryptocurrency wallets, and messaging app data. This malware is cleverly disguised as innocuous ads and utilizes complex techniques to avoid detection, making it a potent threat to online security.
Cybercriminals are leveraging a legitimate Rust-based injector called Freeze.rs to unleash the XWorm commodity malware in targeted environments. This novel attack chain is initiated through a phishing email carrying a malicious PDF file, which eventually leads to the deployment of XWorm and Remcos RAT using a crypter called SYK Crypter. The attackers strategically employ these tools to circumvent security solutions and execute offensive actions, utilizing techniques to avoid detection and maintain persistence. This campaign underscores the rapid evolution of offensive tools employed by malicious actors to achieve their nefarious objectives.
In a recent discovery, a serious vulnerability in Dell’s Compellent Integration Tools for VMware (CITV) has been revealed, allowing attackers to decrypt stored vCenter admin credentials. The flaw stems from a static AES encryption key shared across all installs, used to encrypt vCenter credentials stored in the program’s configuration file. Security researchers have raised concerns about the potential exposure of sensitive information due to this hardcoded key, prompting Dell to pledge a fix by November 2023 after initially dismissing the report.
In a move to bolster the security of Industrial Control Systems (ICS), the Cybersecurity and Infrastructure Security Agency (CISA) has recently unveiled twelve comprehensive advisories on August 10, 2023. These advisories offer essential insights into the current landscape of security issues, vulnerabilities, and potential exploits pertaining to ICS. Covering a range of topics from software installations to address processing and encryption, CISA’s advisories are a valuable resource for users and administrators seeking to enhance the resilience of their systems. For in-depth technical information and effective mitigation strategies, it is strongly advised to delve into the released advisories.
The Germany’s domestic intelligence service, the Federal Office for the Protection of the Constitution (BfV), issued a warning about a suspected state-sponsored threat group, Charming Kitten, targeting Iranian dissident organizations and individuals residing in Germany. The agency revealed that these cyber spies were utilizing sophisticated social engineering techniques, tailored personas, and disguised credential harvesting pages to compromise their victims. Although not directly attributing the group to the Iranian regime, Charming Kitten’s activities have raised concerns and drawn comparisons to previous warnings by the UK’s National Cyber Security Centre.
The cyberespionage group ‘MoustachedBouncer’ has been found using adversary-in-the-middle (AiTM) attacks to infiltrate foreign embassies in Belarus. These attacks, observed since 2020, involve manipulating traffic at the ISP level to trick Windows 10 installations into assuming they are behind a captive portal. The hackers employ tactics like redirecting captive portal checks and deploying fake Windows Update pages to deliver malicious payloads, leading to data theft and unauthorized access.
Ernst & Young (EY) has revealed that more than 30,000 Bank of America customers were exposed through the MOVEit Transfer attacks. Cybercriminals gained access to sensitive financial data and credit card numbers, prompting EY’s US branch to contact affected individuals. While EY and Bank of America’s internal systems were unaffected, the breach highlighted vulnerabilities in the MOVEit Transfer software, exploited through a SQL injection flaw by the Cl0p ransomware gang. As over 620 organizations and millions of individuals are impacted, experts warn of the potential far-reaching consequences of this extensive data breach.
The city of El Cerrito in California is grappling with potential data theft after falling victim to the LockBit ransomware group. With over 25,000 residents, the city is now among the 15 victims added to the ransomware gang’s leak site. City officials are collaborating with cybersecurity experts and law enforcement to investigate the claims, while assuring that their systems remain operational. This incident adds to a series of ransomware attacks on various California cities this year, emphasizing the escalating cybersecurity challenges faced by local governments and organizations.
In a major cyber assault on New Haven’s public school district earlier this summer, hackers exploited vulnerabilities to siphon off more than $6 million, leaving the city reeling. The sophisticated attack, involving impersonation of high-profile city personnel and vendors via deceptive emails, was discovered when a school bus company questioned missing payments. While around half of the stolen funds have been reclaimed and additional assets frozen, the focus remains on the audacity of the attack, prompting an intensified collaboration between city officials and the FBI to track down the cyber culprits and bolster cyber defenses.
A critical vulnerability in the Libbitcoin Explorer 3.x library has exposed Bitcoin users to a devastating loss of over $900,000, leading to concerns across the cryptocurrency community. The flaw, dubbed the “Milk Sad” vulnerability, has also put Ethereum, Ripple, Dogecoin, and other coin holders at risk, affecting those who rely on Libbitcoin for generating accounts. A cybersecurity team named “Distrust” uncovered the loophole, enabling attackers to exploit the faulty key generation mechanism and make off with substantial sums, prompting urgent measures to prevent further damage.
Disney CEO Bob Iger revealed the company’s intention to tackle the issue of password sharing on its streaming platform, Disney+. Following in the footsteps of Netflix, Disney plans to update subscriber agreements and sharing policies later this year, with further measures expected in 2024 to drive monetization. This move comes as Disney has experienced a notable decline in subscriptions, particularly on its Disney+ Hotstar platform in India. The company’s effort to curb password sharing is aimed at increasing revenue and stabilizing its subscriber base.
Infostealer malware is gaining significant traction in the realm of cybercrime, particularly within the malware-as-a-service (MaaS) domain. These stealthy malware strains operate discreetly to pilfer data from users’ devices, funneling it to the attackers’ command and control servers. A comprehensive study of more than 19.6 million infostealer logs, aimed at understanding the modus operandi of this threat, reveals that cybercriminals place a premium on financial and corporate assets over conventional logs.
In a comprehensive review by the Department of Homeland Security (DHS), a series of high-profile cyberattacks orchestrated by young hackers known as Lapsus$ in 2021 and 2022 underscored vulnerabilities in the telecommunications industry and security practices of various businesses. The report issued a call to action for the Federal Communications Commission (FCC) and Federal Trade Commission (FTC) to bolster oversight and enforcement against SIM swapping, while urging a transition from SMS-based authentication to more secure passwordless solutions. Notable for their audacity and effectiveness, the Lapsus$ attacks exposed weaknesses that need urgent attention to fortify national cybersecurity.
Tel Aviv-based cloud security startup, Sweet Security, has successfully raised a $12 million seed round led by Glilot Capital Partners, accompanied by participation from CyberArk Ventures and notable angel investors. Sweet Security’s innovative cloud-native security suite is designed to swiftly detect and halt attacks on cloud workloads, filling a critical gap in the cloud security landscape. The company was founded by a team of cybersecurity experts, including Dror Kashti, former CISO of the Israel Defence Forces, and Eyal Fisher, former head of the Cyber Department at the IDF’s Unit 8200.
Symmetry Systems, a data security company, has successfully raised $17.7 million in an insider funding round, bringing its total funding to over $35 million. This investment will support the expansion of their AI-driven Data Security Posture Management (DSPM) platform, empowering organizations to monitor sensitive data, mitigate exposure risks, ensure compliance, and establish a zero-trust data security framework. Additionally, Symmetry Systems is leveraging AI to develop a user-friendly natural language interface, enabling non-technical users to grasp data-related risks and their potential resolutions. The funding round included participation from ForgePoint Capital, Prefix Capital, W11 Capital Management, and TSG, contributing to the advancement of Symmetry Systems’ innovative data security solutions.
Subscribe and Comment.
Copyright © 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: