👉 What’s happening in cybersecurity today?
Israeli Education and Tech Sectors Targeted, AsyncRAT’s Infection Chain, Kinsing Actors Exploit Linux Flaw, Microsoft Exchange Vulnerabilities, Cisco Vulnerabilities, Socks5Systemz Infects 10,000 Systems, Infosys McCamish Systems, LEGO Marketplace BrickLink Potentially Hit, 1.2 Million Patient Records Exposed, Ransomware Strikes Pilot Union, Mississippi’s Hinds County Faces Cyber Disruption, Security Badges to VPN Apps, Dutch Cybersecurity Pro Convicted, Corrupt Police Analyst Jailed, Russian Woman Sanctioned for Avoiding Cyber Crime Sanctions.
A series of destructive cyber attacks targeting Israeli higher education and tech sectors have been ongoing since January 2023, with an Iranian nation-state hacking group known as Agonizing Serpens attributed as the threat actors. These intrusions aim to deploy previously undocumented wiper malware to steal sensitive data, including personally identifiable information and intellectual property. The attackers then use various wipers to cover their tracks and render infected endpoints unusable. The group has been upgrading its capabilities and actively evading security measures by using various tools, making it a significant threat to the targeted sectors.
McAfee Labs has unveiled the intricate infection chain of AsyncRAT, an Asynchronous Remote Access Trojan designed to compromise computer systems and pilfer sensitive data. The campaign deploys a variety of file types, including PowerShell, Windows Script Files, VBScript, and more to bypass antivirus detection. It all begins with a malicious URL in a spam email, leading to the download of an HTML file containing an ISO.
Kinsing threat actors are actively exploiting the recently revealed Linux privilege escalation vulnerability known as Looney Tunables to infiltrate cloud environments. This marks the first documented instance of Looney Tunables being exploited, allowing the attackers to gain root privileges. Kinsing has shown a pattern of swiftly adapting to newly disclosed vulnerabilities for their attacks, including utilizing a bug in Openfire for remote code execution.
Microsoft Exchange faces a critical security situation with the disclosure of four zero-day vulnerabilities, as reported by Trend Micro’s Zero Day Initiative. These vulnerabilities, which allow remote attackers to execute arbitrary code or access sensitive data, were initially reported to Microsoft but weren’t deemed severe enough for immediate action. However, ZDI’s decision to release the flaws independently underscores their significance, particularly the remote code executionvulnerability that could lead to system compromise.
Cisco has released a series of security advisories addressing vulnerabilities in various Cisco products. These vulnerabilities have the potential to be exploited by cyber threat actors to gain control of affected systems. CISA strongly recommends that users and administrators review the provided advisories and promptly apply any necessary updates to ensure the security and integrity of their systems.
The Socks5Systemz proxy botnet has managed to infect a staggering 10,000 systems worldwide. This botnet is delivered through malware loaders like ‘PrivateLoader’ and ‘Amadey’ and operates by converting compromised computers into traffic-forwarding proxies for various nefarious purposes. The proxy service is offered to subscribers who pay between $1 and $140 in cryptocurrency for daily access, and it’s detailed in a report by BitSight, shedding light on its operation that has largely gone under the radar since at least 2016.
Infosys, the Indian IT service provider, revealed that its U.S. unit, Infosys McCamish Systems, experienced a cybersecurity event leading to disruptions in specific applications and systems. The company is actively collaborating with a cybersecurity firm to address the issue and has initiated an investigation to evaluate the potential impact on its systems and data.
In a recent data breach, the Cook County Health and Hospital System revealed that personal information of 1.2 million patients was exposed earlier this year. The breach occurred through a third-party provider of medical transcription services, Perry Johnson and Associates Inc., which discovered the data security incident in July. Patient data, including birth dates, addresses, medical records, and more, was accessed by an unauthorized individual in April 2023. Impacted patients will receive notifications and guidance on protecting their data and monitoring their credit reports.
The Allied Pilots Association, representing 15,000 American Airlines pilots, reported a ransomware attack on their systems. In response, they’ve taken immediate steps to secure their network, collaborating with external experts to restore their systems. An investigation is ongoing to assess the full extent of the breach and determine if pilots’ personal information has been compromised, but no further details have been provided at this time.
BrickLink, the primary LEGO marketplace and fan community, appears to have been affected by a hacking incident. While investigating the issue, the company has taken the website offline as a precautionary measure. Users received messages concerning unusual activity, and there are reports of ransom demands from the alleged hackers. BrickLink is currently looking into the situation, but there is no official statement or confirmation of the extent of the breach yet.
Hinds County, Mississippi election officials faced challenges in completing essential poll worker training due to a cybersecurity breach that disrupted county computers in early September. Typically, this training is completed by early October ahead of the November general election, but due to computer system unavailability, staff members worked up to the last minute to finish the training.
Google Play, Android’s official app store, has introduced an ‘independent security reviews’ badge for VPN apps that have undergone a Mobile App Security Assessment. This standard, established by the App Defense Alliance, encompasses various security requirements related to data storage, privacy practices, cryptography, authentication, and more.
A 21-year-old Dutch cybersecurity professional, Pepijn Van der Stap, has been sentenced to four years in prison for hacking and blackmailing numerous companies globally. He faced multiple charges, including hacking into victims’ computers, extortion, and money laundering involving 2.5 million euros in cryptocurrency. Van der Stap, along with associates, was involved in cybercrimes targeting both domestic and international entities, utilizing extortion tactics to demand ransom and selling stolen data on hacking forums.
A corrupt police intelligence analyst, Natalie Mottram, was sentenced to three years and nine months in prison for tipping off a criminal friend about law enforcement’s access to the encrypted communications platform EncroChat. Mottram, who was working for a regional organized crime unit, revealed sensitive information about the covert operation to the criminal. The operation against EncroChat helped law enforcement arrest thousands of suspects across Europe, and Mottram’s actions compromised this work, leading to her arrest and conviction.
The US Treasury Department has imposed sanctions on Ekaterina Zhdanova, a Russian woman accused of laundering virtual currency on behalf of Russian elites and cybercriminals, including a Ryuk ransomware affiliate. Zhdanova’s activities were allegedly aimed at helping Russians evade sanctions imposed on the country’s financial system after the invasion of Ukraine. Notably, she was implicated in laundering over $2.3 million of “suspected victim payments” for a Ryuk ransomware affiliate in 2021.
Copyright © 2023 CyberMaterial. All Rights Reserved.