Discover key cybersecurity insights in this issue, including smartphone keystroke interception by WiKI-Eve, a multi-stage phishing attack delivering various malware, a Linux supply chain attack with Info-Stealing malware, Mozilla’s urgent patch for a critical Firefox and Thunderbird zero-day vulnerability, and Adobe’s alert regarding active exploitation of a critical PDF Reader zero-day.
Furthermore, in this newsletter, read about Anonymous Sudan launching a DDoS attack on Telegram, the BianLian ransomware targeting major nonprofit Save The Children, the Airbus cyber attack tied to a breach of a Turkish Airlines employee account, and a data breach compromising the mental health records of 1,545 patients at Bloom Health Centers.
Gain valuable insights into The White House’s examination of cybersecurity ratings for critical infrastructure, an agreement promoting data breach reporting with reduced fines, a study uncovering parental oversight in cybersecurity talks with children, the partnership between U.S. CISA and the EPA to protect water utilities from cyber threats, and Zenity’s $16.5M investment from Intel Capital for innovative low-code/no-code security solutions.
🚨 Cyber Alerts
1. GitHub Vulnerability Exposes Repositories
A recent discovery reveals a critical vulnerability in GitHub, potentially exposing over 4,000 repositories to repojacking attacks, where threat actors could take control of repositories. The flaw allowed attackers to exploit a race condition in GitHub’s repository creation and username renaming processes. By manipulating these steps, attackers could hijack repositories in popular programming languages like Go, PHP, and Swift, along with GitHub actions, posing a significant risk to the open-source community.
2. WiKI-Eve Threatens WiFi Security
A new attack called ‘WiKI-Eve’ has emerged, capable of intercepting smartphone keystrokes via WiFi routers and deducing numerical passwords with up to 90% accuracy. This attack exploits the Beamforming Feedback Information feature introduced in WiFi 5, which allows attackers to intercept cleartext transmissions without hardware hacking or encryption key cracking. Researchers from China and Singapore found that WiKI-Eve can identify numeric keystrokes with 90% accuracy, decipher 6-digit numerical passwords with 85% accuracy, and even deduce complex app passwords with around 66% accuracy.
3. Multi-Threat Phishing Operation
A highly advanced phishing campaign has been uncovered, employing a Microsoft Word document as bait to disseminate a combination of threats, including Agent Tesla, OriginBotnet, and RedLine Clipper. The attackers craftily present recipients with a deliberately blurred image and a fake reCAPTCHA, enticing them to click on it. Once activated, the loader executes a series of malicious payloads, with OriginBotnet engaging in cryptocurrency theft, RedLine Clipper tampering with clipboard data, and Agent Tesla extracting sensitive information.
4. Supply Chain Attack on Linux
An investigation by Kaspersky has unveiled a concerning supply chain attack involving the Free Download Manager, redirecting Linux users to a malicious Debian package repository. This repository secretly installs information-stealing malware on unsuspecting users’ systems. The malware establishes a reverse shell to a command-and-control server and deploys a Bash stealer, collecting sensitive user data and account credentials. Despite the campaign running for over three years, there has been no response from the software vendor, leaving the exact compromise method shrouded in uncertainty.
5. Mozilla Fixes Critical Zero-Day Vulnerability
Mozilla has released urgent security updates to address a critical zero-day vulnerability (CVE-2023-4863) in its Firefox web browser and Thunderbird email client. This vulnerability could allow remote attackers to execute arbitrary code by exploiting a heap buffer overflow flaw in the WebP image format. The issue has already been actively exploited in the wild, prompting Mozilla to take swift action to protect users. This development follows Google’s recent fix for the same vulnerability in its Chrome browser, highlighting the importance of timely updates to secure against emerging threats.
6. Adobe Warns of Zero-Day Attacks
Adobe has issued a warning about a zero-day vulnerability, CVE-2023-26369, affecting its widely used Adobe Acrobat and Reader software. This remotely exploitable flaw, described as an out-of-bounds write memory safety issue, impacts both Windows and macOS installations, with the potential for arbitrary code execution. Adobe is aware of limited in-the-wild attacks targeting these products, underlining the urgency for users to stay informed and apply necessary patches in a timely manner.
💥 Cyber Incidents
7. Anonymous Sudan’s Telegram DDoS Retaliation
Anonymous Sudan, a hacktivist group motivated by political and religious causes, launched a distributed denial-of-service attack against Telegram. This action was taken in retaliation for Telegram’s suspension of the group’s primary account. Anonymous Sudan has been active since the beginning of the year, targeting various organizations worldwide with DDoS attacks, including Microsoft and X. However, the motivation behind the attack on Telegram remains unclear.
8. BianLian Strikes Save the Children
The BianLian ransomware group claims to have breached the IT systems of a major nonprofit, which appears to be Save The Children International. This renowned organization, with a presence in 116 countries and $2.8 billion in revenues, reportedly had 6.8TB of data stolen, including financial records, international HR files, personal data, and medical records. BianLian, known for targeting healthcare and critical infrastructure sectors, may resort to data leakage or sale unless a ransom demand is met, posing a grave threat to the NGO and those it serves.
9. Cybersecurity Breach at Airbus
A hacker identifying as USDoD claimed responsibility, revealing that they gained access through a Turkish Airlines employee’s account. The compromised data includes details from Airbus vendors such as names, addresses, phone numbers, and more. This breach highlights the importance of continuous monitoring for info-stealer infections to prevent data breaches, as companies like Airbus become attractive targets for malicious actors.
10. Patient Data Breach at Bloom Health
Mental health service provider Bloom Health Centers, also known as Psych Associates of Maryland, revealed a data security incident affecting both clinicians and patients. The breach, discovered on July 5, 2023, involved unauthorized access to a clinician’s mailbox and associated OneDrive, potentially exposing personal and protected health information. While there is no evidence of misuse so far, the compromised data may include names, addresses, medical details, insurance information, and in some cases, Social Security numbers for a limited group of individuals.
📢 Cyber News
11. White House Cybersecurity Plan
The White House is actively exploring the implementation of a letter-grade rating system to enhance cybersecurity for critical infrastructure. Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, discussed this during the Billington Cybersecurity Summit. The proposed rating system, ranging from A to D, aims to hold infrastructure providers accountable for maintaining robust cyber resilience, ensuring minimal disruptions to vital services like power and water supplies.
12. Reduced Fines for UK Data Breaches
British businesses facing data breaches may see reduced fines if they actively report and cooperate with the National Cyber Security Centre, according to a memorandum of understanding signed by the NCSC and the Information Commissioner’s Office. The agreement outlines a commitment by the ICO to explore ways to transparently demonstrate that engaging with the NCSC can lead to lower regulatory penalties. It emphasizes the importance of sharing information without disclosing sensitive details, aiming to prevent data breaches while maintaining confidentiality.
13. Parental Cybersecurity Awareness Gap
In a concerning revelation, a report titled the Keeper Security Parental Practices Report has exposed that almost one in three parents have never discussed cybersecurity with their children, uncovering a significant knowledge gap that needs immediate attention. Additionally, the report highlights that 41% of parents who don’t know how to create strong passwords still grant their children access to their mobile phones, while 32% allow access to their computers. The study emphasizes the need for increased parental awareness and digital safety education, suggesting that schools should also play a crucial role in addressing this gap.
14. Enhancing Water Utility Cybersecurity
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has introduced a program offering free security scans for critical infrastructure facilities like water utilities to defend them against potential cyberattacks. Developed in collaboration with the Environmental Protection Agency (EPA), Water Sector Coordinating Council (WSCC), and the Association of State Drinking Water Administrators (ASDWA), the initiative encourages operators of drinking water and wastewater systems to participate.
15. Zenity Raises $16.5M to Enhance App Security
Israeli cybersecurity startup Zenity has secured $16.5 million in venture capital funding, with Intel Capital leading the Series A financing round. This investment will enable Zenity, based in Tel Aviv, to further develop its technology for securing the low-code/no-code development ecosystem. Zenity’s innovative product offers continuous visibility, risk assessment, and automated security measures for applications and workflows created across various low-code/no-code platforms.
Copyright © 2023 CyberMaterial. All Rights Reserved.
