👉 What’s trending in cybersecurity today?
New macOS Malware, New GootBot Malware Variant, Ransomware-as-a-Service Programs mastermind Exposed, Cyber Guide for Emergency Managers Released, NFL Star Identity Theft Scandal, Cyber Attack on Hawaii’s Assistance Programs, Japan Aviation Electronics Hit by Ransomware, China-Based E-commerce Store Database Exposed, Cyber Attack on Vegas Plastic Surgeon’s Office, OpenAI Introduces GPTs Custom AI, U.S. Bill Proposes Surveillance Reforms, New ICS Tool, Critical Cybersecurity Laws Postponed in UK, Microsoft’s Authenticator App New Feature, Global Roaming Fraud Surge.
North Korea’s BlueNoroff, a nation-state group linked to Lazarus, is accused of using a previously undocumented macOS malware called ObjCShellz. This malware is associated with the RustBucket campaign and is suspected to be part of a multi-stage malware delivery process. BlueNoroff, known for its financial cybercrime activities, uses such malware to target banks and the crypto sector, evading sanctions and generating illicit profits for the regime.
A new iteration of GootLoader malware, known as GootBot, has emerged, enabling lateral movement within compromised systems while remaining undetected. Researchers from IBM X-Force have unveiled this advanced variant, pointing out that GootBot aims to avoid detection by introducing a custom bot into its late-stage attack chain. This lightweight yet highly effective malware empowers attackers to swiftly propagate throughout networks and deploy additional payloads, making it a concerning threat in the realm of cybersecurity.
Farnetwork, a threat actor linked to five distinct ransomware-as-a-service programs, has been exposed by cybersecurity researchers. Group-IB, headquartered in Singapore, engaged in a “job interview” with this cybercriminal, shedding light on their extensive involvement in various RaaS programs. Farnetwork, renowned for developing ransomware strains like Nokoyawa and managing RaaS programs, is one of the most active and skilled players in the RaaS market, raising concerns about potential resurgences under different aliases and RaaS programs in the future.
The Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency have joined forces to unveil the guide “Planning Considerations for Cyber Incidents: Guidance for Emergency Managers.” This collaborative effort aims to equip state, local, tribal, and territorial emergency managers with essential knowledge about cyber incidents, empowering them to bolster cyber preparedness efforts in their respective jurisdictions. This guide serves as a valuable resource, offering recommendations to help emergency managers understand and plan for the potential impacts of cyber incidents on their communities and emergency operations. FEMA and CISA strongly encourage emergency managers to explore this guide, which provides crucial insights for effectively responding to cyber incidents.
Former NFL star Earl Thomas becomes the alleged victim of a $1.9 million identity theft scheme orchestrated by his ex-wife’s boyfriend. Kevin J. Thompson, the boyfriend, is accused of cashing NFL checks, siphoning funds from Thomas’s bank account, and transferring ownership of multiple vehicles. Charges against Thompson include identity theft, forgery, money laundering, credit card fraud, computer fraud, and bank fraud.
In a distressing turn of events, cybercriminals have launched an attack on Hawaii’s food stamp and financial assistance programs, affecting hundreds of vulnerable residents. Many have reported their accounts being emptied or charged for fraudulent purchases, causing significant distress. Authorities are investigating the matter as they try to address the consequences faced by the affected families and individuals in need.
Japan Aviation Electronics Industry recently confirmed that it was hit by the ALPHV ransomware group, also known as the BlackCat hackers, on November 2, 2023. While an immediate investigation is underway to assess the damage and restore operations, some systems have been temporarily suspended, leading to email delays. Fortunately, no information leakage has been confirmed, and the company has assured stakeholders that any developments in the investigation will be promptly communicated.
A security researcher, Viktor Markopoulos, uncovered a massive data breach where millions of Chinese citizen identity numbers were exposed online due to the negligence of a China-based e-commerce store, Zhefengle. The unprotected database contained over 3.3 million orders spanning from 2015 to 2020, including sensitive customer information such as shipping addresses, phone numbers, and government-issued resident identity card numbers.
Federal investigators are now examining the cyberattack on a Las Vegas plastic surgeon’s office, which occurred in late February. The breach exposed sensitive patient data, including nude “before and after” photos, social security numbers, and medical records. Hackers have demanded a ransom for the removal of these private photos and information, leading to lawsuits filed by affected patients against the plastic surgery practice.
Open AI’s inaugural developer conference unveiled GPTs, custom versions of ChatGPT, tailored to individual users for various purposes, from education to creative design. What makes GPTs remarkable is their user-friendliness, allowing users and organizations to shape their AI models without coding expertise. OpenAI is considering transitioning plugins into GPT actions, ensuring seamless integration and adaptability while leaving the future of ChatGPT plugins in question.
A bipartisan group of lawmakers has introduced a significant piece of legislation this year. The bill aims to extend expiring U.S. government surveillance authorities while incorporating crucial curbs on these powers. Named the Government Surveillance Reform Act of 2023, the legislation would require the FBI to obtain a warrant before accessing the NSA’s data trove for information related to Americans.
A new tool, OpalOPC, offers valuable assistance to industrial organizations in identifying misconfigurations and vulnerabilities in OPC UA, a crucial machine-to-machine communication protocol used in industrial control systems. Developed by cybersecurity firm Molemmat Oy in Finland, OpalOPC serves as a vulnerability scanner tailored for OPC UA applications, targeting developers, auditors, security testers, engineers, and system integrators.
The British government has missed an opportunity to update cybersecurity laws, despite previously announcing the intention to “better protect” essential services, such as water, energy, and transport sectors. These laws, known as NIS Regulations, were originally based on a European Union directive in 2018 and aimed to enhance security standards for critical infrastructure and mandatory reporting after disruptive cyberattacks.
Microsoft has upgraded its Authenticator app with a new security feature designed to block potentially suspicious multi-factor authentication alerts by default. Hackers often exploit push notifications in MFA by bombarding users with login attempts at inconvenient times, hoping to catch them off guard and gain unauthorized access to their accounts.
Juniper Research forecasts a remarkable 700% increase in global roaming fraud traffic over the next five years, driven by scammers targeting the expanding market. The report, titled “Roaming Fraud Market 2023-2028,” assesses the size of the global roaming market, covering data, IoT, SMS, and voice, while also estimating operator losses due to fraud. This growth in fraudulent data roaming traffic, predicted to reach 218 PB by 2028, is attributed to scams like SIM box fraud, which intercepts international calls and reroutes them through local devices.
Copyright © 2023 CyberMaterial. All Rights Reserved.