Welcome to the Cyber Security News Recap, a weekly publication by Cyber Writes. Our aim is to bring you up-to-date information on the latest developments in the field of cybersecurity.
Each week, we delve into the most recent and relevant news to provide you with comprehensive insights. Get ready to explore the cutting-edge advancements and best practices in cybersecurity as we keep you informed on the latest trends and emerging threats.
We have described the latest ways that bad people try to harm your devices, as well as some big problems we found. To make sure your devices are safe, we also have some new software for you to install.
With our coverage of the most recent cybersecurity issues, you can apply the appropriate fix or mitigation to eliminate the potential hazards. Keep updated with our all-inclusive coverage.
FBI IPStorm Infrastructure
The FBI has achieved a remarkable feat in the fight against cybercrime, dismantling the infamous IPStorm botnet network that infected tens of thousands of devices across various platforms worldwide.
The brains behind this criminal operation, Sergei Makinin, a dual citizen of Russia and Moldova, has confessed to three counts of violating cybersecurity laws.
Authorities Took BulletProftLink
A notorious phishing service that supplied cybercriminals with phishing kits, scam pages, and stolen credentials has been disrupted by a joint operation involving Malaysian, Australian, and U.S. authorities.
BulletProftLink, also known as a phishing-as-a-service (PhaaS) platform, had been operating for several years and had a large customer base that engaged in various forms of online fraud, posing a serious threat to both individuals and businesses.
Malware in Kids’ Tablet
In the ever-expanding market of Android devices, the allure of budget-friendly options can sometimes conceal unforeseen risks.
Purchasing Android devices from online platforms like Amazon offers varying price points but also exposes consumers to potential security hazards.
For her birthday, Alexis Hancock’s daughter received a tablet designed specifically for children. Given her profession as a security researcher, Hancock’s initial reaction was one of concern over the potential security risks associated with the device.
FBI Reveals Scattered Spider Hacker Group Tactics
In recent months, the Scattered Spider hacking group (aka Starfraud, UNC3944, Scatter Swine, and Muddled Libra) has made news for allegedly attacking the following casino giants:-
- MGM Resorts
- Caesars Entertainment
The FBI and CISA recently issued a joint Cybersecurity Advisory (CSA) on Scattered Spider threat actors targeting commercial facilities.
LogShield APT Detection Framework
There have been several cases of GPT model-based detection for various attacks from system logs.
However, there has been no dedicated framework for detecting APTs as they use a low and slow approach to compromise the systems.
Security researchers have recently unveiled a cutting-edge framework known as LogShield. This innovative tool leverages the self-attention capabilities of transformers to identify attack patterns associated with Advanced Persistent Threats (APTs).
SystemBC (aka Coroxy or DroxiDat) is a multifunctional malware known as Proxy, Bot, Backdoor, and RAT, adapting to attackers’ needs.
Since 2018, this multifunctional malware has been active, and it remains popular in underground markets, with consistent annual incidents.
Cybersecurity researcher REXor (aka Aaron) recently discovered that several ransomware groups are employing SystemBC, a Swiss Knife proxy malware, for their illicit purposes.
BiBi Wiper Malware Attacking Windows
The ongoing conflict between Israel and Hamas has taken a new turn as cyberattacks have become a prominent weapon for both sides.
A new wiper malware, dubbed the BiBi-Linux Wiper, has been discovered by an Israeli security firm, targeting Linux systems and causing irreversible data loss.
The malware is believed to be deployed by pro-Hamas hackers, who have also developed a Windows variant of the same malware.
Malware that secretly gathers private information from a victim’s computer is called an information stealer.
They employ several techniques like Encryption, Polymorphic code, and Evasive behaviors to keep their stealth active.
Cybersecurity researcher Aziz Farghly recently discovered an infostealer, “Stealc.” Plymouth has promoted Stealc, a new non-resident stealer, on Russian forums since January 9, 2023, offering it as Malware-as-a-Service. Stealc, with adjustable data settings, evolves alongside other top stealers.
ChatGPT for Malware Analysis
GPT excels in verbal thinking, skillfully choosing precise words for optimal responses. Understanding this key property is crucial, as much of its subsequent behavior stems from this ability.
This AI model taps into an extensive cheat sheet; any historical answer in its training data can be reproduced with strange accuracy.
Cybersecurity researchers at CheckPoint recently affirmed that security analysts could use ChatGPT for malware analysis by enhancing the GPT’s ability.
Google Forms Abused To Evade Spam Filters
Cybersecurity researchers at Talos have discovered that spammers are taking advantage of Google Forms quizzes to disseminate various types of online scams to unsuspecting victims.
Since Google’s servers are where the emails are coming from, it could be simpler for them to get past anti-spam filters and reach the recipient’s mailbox.
Ransomware Gang Files An SEC Complaint
Alphv Ransomware gang filed an SEC complaint against MeridianLink for not disclosing a data breach.
BlackCat, also known as ALPHV, BlackCat operates on the ransomware as a service (RaaS) model, with developers offering the malware for use by affiliates and taking a percentage of ransom payments.
The ransomware relies essentially on stolen credentials obtained through initial access brokers for initial access. The group operates a public data leak site to pressure victims to pay ransom demands.
Dark Web Forum Operator Jailed
In a momentous development in cybersecurity, Thomas Kennedy McCormick, alias “fubar,” a resident of Cambridge, Massachusetts, has been sentenced to 18 months imprisonment for masterminding a racketeering conspiracy within the infamous Darkode hacking forum.
The intricate web of cybercrime unraveled in the courtroom, revealing McCormick’s pivotal role in the development and dissemination of malicious software, resulting in substantial financial losses.
6Lakh WordPress Sites Open to Attacks
In a recent development, the WPScan team has unearthed a significant security flaw within the widely-used WP Fastest Cache plugin.
This vulnerability, categorized as an unauthenticated SQL injection, could potentially grant unauthorized access to sensitive data in the WordPress database.
The vulnerability, identified as CVE-2023-6063, affects versions of WP Fastest Cache lower than 1.2.2.
Zero-day Vulnerabilities Patched
Microsoft has released their security patches as part of their Patch Tuesday for November 2023. Microsoft has patched nearly 58 flaws, including 5 zero-day vulnerabilities.
The vulnerabilities were associated with Privilege Escalation (16), Remote code execution (15), Spoofing (11), Security Feature Bypass (6), Information Disclosure (6), and Denial of Service (5).
Microsoft also republished 15 non-Microsoft CVEs, which existent on Microsoft Bluetooth Driver and Microsoft Edge (Chromium-based) as mentioned in their release notes of November 2023.
CacheWarp is a new software-based fault attack that allows attackers to gain access to encrypted virtual machines (VMs) and escalate privileges on AMD’s Secure Encrypted Virtualization-Encrypted State (SEV-ES) and Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) technologies.
The underlying vulnerability tracked as CVE-2023-20592 with Medium severity was uncovered by researchers from the CISPA Helmholtz Center for Information Security in Germany, the Graz University of Technology in Austria, and independent researcher Youheng Lu discovered CacheWarp.
FortiSIEM Injection Flaw
OS command injection is a security vulnerability where an attacker exploits improper user input validation to inject malicious commands into an operating system. This can lead to:-
- Unauthorized access
- Data breaches
- System compromise
FortiSIEM is a security information and event management (SIEM) solution developed by Fortinet. It provides real-time analysis of security alerts generated by network hardware and applications, helping organizations detect and respond to security threats efficiently.
Intel Sued Over The ‘Downfall’ CPU Vulnerability
A class-action lawsuit had been filed against Intel due to a critical “Downfall” vulnerability in Intel CPUs, a defect that Intel was aware of since 2018 but neglected to report.
According to Intel, the only way to “fix” it is to apply a patch that reduces CPU performance by up to 50% when performing some common computing tasks, such as encryption, gaming, and photo and video editing.
The plaintiffs are purchasers of Intel Central Processing Units (or “CPUs”). As a result, they are left with defective CPUs that are either extremely exposed to attacks or require drastic slowdowns.
Exploits For Critical Flaws Sold on Dark Web
Dark forums and Telegram channels have become great places for threat actors to sell critical vulnerabilities and exploits.
These vulnerabilities and exploits were associated with the Elevation of Privilege, Authentication Bypass, SQL Injection, and Remote Code Execution in products like Windows, JetBrains software, Microsoft Streaming Service Proxy, and Ubuntu kernels.
Recent discoveries state that these vulnerabilities were sold in underground forums even before the Vendor officially assigned them.
A critical CPU vulnerability can pose a significant threat by allowing:-
- Unauthorized access to sensitive data
- Enabling malicious code execution
- Compromise the overall security of a system.
- System manipulation
The escalating trend of vulnerabilities poses a threat to billions of personal and cloud computers. Google’s InfoSec team reported the flaw to Intel, who swiftly disclosed and mitigated the flaw with industry collaboration.
ManageEngine Information Disclosure Flaw
ManageEngine, one of the most widely used IT infrastructure management platforms that offers more than 60 Enterprise IT management tools, has been discovered with an Information Disclosure vulnerability, which is tracked as CVE-2023-6105.
This vulnerability affects multiple ManageEngine products, including ADManager, ADSelfService, M365 Manager, Endpoint Central, Service Desk, Access Manager, and many others. The severity of this vulnerability has been given as 5.5 (Medium).
Multiple Flaw with Zoom Clients
The popular video messaging platform Zoom has discovered multiple vulnerabilities affecting Zoom Clients. These vulnerabilities might allow an unauthorized user to carry out denial-of-service, privilege escalation, and information disclosure attacks.
To receive the most recent security updates and bug fixes, Zoom advises users to update to the most recent version of the Zoom software.
DP World Cyber Attack
DP World Australia, a leading provider of landside freight operations, issued an update on Friday, November 10, regarding its efforts to address a cybersecurity incident that affected its systems.
The company has collaborated with cybersecurity experts to restore its terminal operations securely and safely.
McLaren Health Care Hacked
In August of this year, McLaren Health Care suffered a cyber attack that resulted in the compromise of 2.2 million individual data records.
The attackers claimed to have accessed approximately 6 terabytes of sensitive patient information, which is a significant breach of privacy and a serious concern for all those affected.
Samsung Electronics (U.K.) Limited has announced a cybersecurity incident, corroborating the exposure of customer data that originated in July 2019.
The disclosure comes as the tech behemoth contends with the repercussions of illicit access to personal information.
Massive Cyber Attack On Critical Infrastructure
In an alarming development, Denmark faced its most extensive cyber attack in May 2023, targeting crucial components of its energy infrastructure.
A total of 22 companies fell victim to a meticulously coordinated attack, breaching their industrial control systems and prompting some to activate island mode operation.
This cyber onslaught marks an unprecedented scale of attack on Danish critical infrastructure, signaling a new level of threat.
New Metasploit Exploit Modules Released
Metasploit is an open-source penetration testing framework created by Rapid7 that enables security professionals to simulate attacks against computer systems, networks, and applications.
It includes several tools and modules that can be used to test the target system’s security, detect vulnerabilities, and use them to gain access to the system.
Two recent noteworthy vulnerabilities that have gained a lot of attention are CVE-2023-20198, which affects the Cisco IOS XE OS, and CVE-2023-46604, which affects Apache MQ and can lead to the deployment of ransomware.
Weaponized LNK Files
LNK files are shortcut files in Windows that link to a program or file. Hackers may exploit LNK files to deliver malicious payloads by disguising them as legitimate shortcuts, taking advantage of users who unknowingly click on them, and allowing for the execution of malicious code.
Over the years, malware distribution methods have evolved and become more sophisticated in the realm of cyber threats. Recent data analysis reveals that cybercriminals no longer rely solely on Microsoft Office document files to distribute malware.
Wireshark is a popular open-source network protocol analyzer that is primarily used by security experts and network administrators for several purposes:-
Recently, Wireshark Foundation launched version 4.2.0, introducing new updates and features.
Google Chrome Use-After-Free Vulnerability
Google Chrome Stable Channel Update for Desktop version 22.214.171.124.159 for Mac and Linux and 119.0.6045.159/.160 for Windows has been released, which will be rolling out to all users soon. There were two vulnerabilities fixed, which were CVE-2023-5997 and CVE-2023-6112.
Both of these vulnerabilities were associated with Use-after-free conditions in Garbage Collection and the Navigation of Google Chrome. The National Vulnerability Database (NVD) has yet to confirm the severity of these vulnerabilities.