In today’s cybersecurity landscape, the FBI warns of a surge in ‘Phantom Hacker’ scams targeting seniors, while vulnerabilities in TeamCity, Cloudflare, Mali GPU drivers, and an active exploited vulnerability update from CISA highlight ongoing security challenges.
Journey through the cyber realm, with incidents ranging from Motel One’s data breach and ransomware attack to a security flaw exposing India’s National Logistics Portal and AWS keys, alleged Dark Web sale of FBI’s Law Enforcement Portal credentials, deceptive Amazon gift card purchase confirmations, and the persistent ransom demands of the MEDUSA ransomware group.
Explore the cybersecurity landscape, from the decrease in exposed industrial control systems online, surging global financial crime compliance costs, and a slowdown in cybersecurity budget growth amid economic uncertainty, to Bengaluru Police’s crackdown on a cybercrime network defrauding investors, and researchers uncovering hidden sound secrets within smartphone images.
The FBI has issued a public service announcement regarding a significant increase in ‘phantom hacker’ scams specifically targeting elderly individuals across the United States. These scams are an evolved form of tech support scams, where fraudsters impersonate tech support, financial institutions, and government entities to gain victims’ trust and access to their finances. Victims have suffered substantial financial losses, and between January and June 2023, the FBI received 19,000 complaints related to tech support scams, resulting in estimated losses exceeding $542 million.
In-the-wild exploitation of a critical vulnerability in JetBrains’ TeamCity continuous integration and continuous deployment server started just days after the availability of a patch was announced. This vulnerability, tracked as CVE-2023-42793, impacts the on-premises version of TeamCity, allowing an unauthenticated attacker to achieve remote code execution and gain administrative control of the system.
Cloudflare’s firewall and distributed denial-of-service attack prevention mechanisms are vulnerable to exploitation due to gaps in cross-tenant security controls, according to a report by Certitude researcher Stefan Proksch. Attackers can leverage their own Cloudflare accounts to abuse the trust relationship between Cloudflare and customers’ websites, rendering the protection ineffective. The issues arise from shared infrastructure available to all Cloudflare tenants, enabling malicious actors to exploit the inherent trust associated with the service. Cloudflare has acknowledged the findings and added new warnings in its documentation to address the vulnerabilities.
Arm has issued a security advisory regarding actively exploited vulnerabilities in widely-used Mali GPU drivers, specifically tracked as CVE-2023-4211. These flaws were discovered by researchers from Google’s Threat Analysis Group and Project Zero. While specific details are not publicly available, the vulnerabilities involve improper access to freed memory, which could lead to the compromise or manipulation of sensitive data.
CISA has taken action by adding a recently exploited vulnerability, CVE-2023-5217 in Google Chrome libvpx, to its Known Exploited Vulnerabilities Catalog. These vulnerabilities are known to be prime targets for cyber attackers, posing significant risks to the federal enterprise. While BOD 22-01 primarily targets Federal Civilian Executive Branch (FCEB) agencies, CISA strongly encourages all organizations to prioritize timely remediation of catalog vulnerabilities to enhance their cybersecurity posture and guard against active threats.
Motel One, a prominent low-budget hotel chain with a broad international presence, has recently disclosed a data breach and ransomware attack. The incident involved the compromise of customer data, including the exposure of 150 credit card records. While Motel One asserts that their security measures limited the impact, the ransomware gang responsible, BlackCat/ALPHV, claims to have stolen a significant amount of sensitive information and threatens to leak it unless a ransom is paid.
A critical security lapse in India’s National Logistics Portal exposed sensitive data and Amazon Web Services keys, leaving the country’s seaports vulnerable to potential cyberattacks. Researchers discovered that the NLP platform inadvertently exposed credentials, secrets, and encryption keys through publicly available JS files, along with publicly accessible AWS S3 buckets containing personal data and internal documents.
A dark web user is purportedly selling account credentials from the Law Enforcement Enterprise Portal, a platform extensively utilized by the Federal Bureau of Investigation for specialized investigative tools, analytical solutions, and internal networking. The alleged sale of FBI LEEP data raises concerns about the potential misuse of critical information by cybercriminals. The services provided by LEEP play a vital role in the operations of US law enforcement agencies, intelligence groups, and criminal justice organizations. The extent of the credential leak and the authenticity of the credentials remain unclear.
Amazon Prime customers received erroneous purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift cards, causing concerns about account security. While many customers reported the unusual emails on social media and Reddit, no corresponding purchases were found in their Amazon Prime accounts. Amazon confirmed the mistake, stating it was an error in their email system, and will be contacting affected customers to apologize and rectify the issue.
The notorious MEDUSA ransomware group has once more targeted prominent companies, Karam Chand Thapar & Bros. (Coal Sales) Ltd and Windak Group, demanding substantial ransoms for data release. Both attacks were listed on the group’s dark web portal, highlighting the increasing threat posed by MEDUSA. Windak Group faces a $100,000 ransom, while Karam Chand Thapar & Bros. is demanded to pay $200,000, with specific deadlines for payment. Efforts to verify the claims are ongoing, leaving the situation uncertain.
In a recent report by cybersecurity ratings company Bitsight, it has been revealed that the number of internet-exposed industrial control systems has dropped below 100,000 as of June 2023, marking a significant decrease from the 140,000 observed in 2019. This decrease in exposed ICS systems is seen as a positive development, suggesting that organizations are taking measures to properly configure, switch to other technologies, or remove previously exposed ICS systems from the public internet.
Financial institutions worldwide are grappling with the escalating costs of financial crime compliance, with expenditures exceeding a staggering $206 billion. This amount equates to over 12% of global research and development spending and translates to approximately $3.33 per month for each working-age individual on the planet. While 71% of financial crime professionals are harnessing advanced analytics and AI to enhance their compliance procedures, challenges such as data quality, silos, legacy systems, and internal collaboration issues persist, contributing to avoidable compliance costs.
Amid economic uncertainty and rising inflation, a recent study by IANS and Artico Search reveals that cybersecurity budgets have continued to grow, albeit at a slower rate than previous years. The research shows an average increase of 6% in security budgets for 2023, marking a significant decrease from the 17% growth in the previous budget cycle. Notably, technology firms experienced the sharpest decline, dropping from a 30% increase to just 5% this year, with over 33% of organizations freezing or cutting their cybersecurity budgets.
Bengaluru police dismantled a cybercrime network that had been luring victims with promises of high investment returns via messaging apps like WhatsApp and Telegram. The police have frozen 84 accounts linked to the swindled money, recovering $1250000, although the total transactions involved amounted to a staggering $213500000. These accounts were associated with over 5,000 complaints filed with the National Cyber Crime Reporting Portal, revealing the scale of the scam.
Academic researchers have unveiled a method to extract sounds from still images captured on smartphones with rolling shutter and movable lens structures. The movement of camera hardware creates imperceptible distortions in the images that carry modulated sounds. This discovery highlights a potential security risk, as it enables acoustic eavesdropping without requiring line-of-sight or an object in the camera’s field of view.
Copyright © 2023 CyberMaterial. All Rights Reserved.