Cyber Briefing: 2023.07.20
đ Whatâs going on in the cyber world today? Adobe ClodFusion, Russiaâs Turla Hackers, Spyware, P2PInfect Worm, Cloudflare, DDoS Attacks, Jira Exploits, Job Scams, Roblox, Estee Lauder, Reddit Ban, Microsoft Cloud Logging, Charter Oak Federal Credit Union, Henry Ford Health, Data Security, Privacy Bill, Cytrox, Intellexa, 5G Network.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
đ¨ Cyber Alerts
1. Adobe ColdFusion: Critical Flaw Patched
Adobe takes action against a recently disclosed critical flaw in ColdFusion that has been actively exploited in the wild. The vulnerability, CVE-2023â38205, could lead to improper access control and security bypass. The update also addresses two other critical flaws, including a deserialization bug and another access control issue, urging users to update their installations promptly to safeguard against potential threats.
2. Turla Hackers Target Ukraineâs Defense
Russian hacking group Turla, closely linked to the FSB Russian intelligence agency, is reportedly targeting Ukrainian defense forces using sophisticated spyware known as Capibar and Kazuar, as revealed by Ukraineâs computer emergency response team (CERT-UA). Capibar can compromise Microsoft Exchange servers, while Kazuar is a highly advanced backdoor capable of extracting sensitive information from various services. The threat actor sends emails with malicious attachments, enabling the injection of malware upon opening, with a specific focus on exfiltrating files from the Signal desktop messaging app. CERT-UA has been tracking Turla since 2022, and last year, it was discovered that the group took over a cybercriminal botnet to infiltrate victim systems, indicating their relentless pursuit of espionage and cyberattacks.
3. P2PInfect: New Cloud Worm Threat
Researchers have uncovered a new and highly scalable cloud-targeting worm called P2PInfect, which exploits vulnerable Redis servers running on Linux and Windows OS. The worm, written in Rust, leverages a critical Lua sandbox escape vulnerability (CVE-2022â0543) to gain initial access, then establishes peer-to-peer communication to infect more Redis and SSH hosts. Despite the presence of the word âminerâ in its source code, the campaignâs end goal remains uncertain, and the activity has not been linked to known threat actor groups.
4. Cloudflare: DDoS Attacks Surge
Cloudflare, a content delivery network provider, revealed a significant increase in well-planned distributed denial-of-service (DDoS) attacks during the second quarter of the year, with 5.4 trillion DDoS requests recorded, a 15% rise from the previous quarter. While attacks were up compared to the beginning of 2023, they decreased compared to the same period in 2022. The industries most affected were cryptocurrency, gaming, and gambling, with cryptocurrency companies witnessing a staggering 600% surge in DDoS attacks. Cloudflare attributed the rise in attacks to pro-Russia hacktivists targeting Western nations during the Ukraine conflict, the growth of virtual machine botnets, and the exploitation of a zero-day vulnerability in the Mitel business phone system, making the attacks more powerful.
5. Jira Plugin Vulnerabilities and Exploits
The SANS Internet Storm Center warns that attackers are attempting to exploit two path traversal vulnerabilities in the âStagil navigation for Jira â Menus & Themesâ plugin, which allows users to customize their Jira instance. The high-severity flaws, tracked as CVE-2023â26255 and CVE-2023â26256, were disclosed in February 2023 and fixed with the release of version 2.0.52 of the plugin. Attackers can manipulate the fileName parameter of specific endpoints to read files on the server, potentially accessing sensitive data such as credentials and application information. Jira customers using the affected plugin are urged to update to the patched version immediately to avoid potential security breaches.
6. Warning: College Kids Targeted in Job Scam
Cybercriminals have been preying on college students by sending fraudulent job offers in the bioscience and health industries, with the intent of extracting fees from unsuspecting victims, according to a warning from cybersecurity experts at Proofpoint. The campaign, observed during the graduation season in May and June, targeted North American university students with job-themed scam emails, often appearing to be from legitimate organizations in the bioscience, healthcare, and biotechnology sectors. These advance fee fraud scams leverage social engineering tactics to take advantage of individuals seeking employment, leading them to pay for fake job requirements upfront or even falling victim to fake checks.
đĽ Cyber Incidents
7. Major Roblox Data Leak Exposed
In a shocking revelation, Roblox, the popular online gaming platform, has fallen victim to a major data breach, exposing highly sensitive data from attendees of the Roblox Developers Conferences held between 2017 and 2020. The leaked information, including 4,000 unique email addresses along with personal details such as names, dates of birth, phone numbers, addresses, and even T-shirt sizes, has sparked widespread concern about the platformâs data security measures. With users and developers questioning the aftermath of this alarming incident, Roblox faces significant challenges in rebuilding trust and ensuring the protection of user data.
8. Estee Lauder Cyber Incident
Cosmetics maker Estee Lauder disclosed a cyber incident in which a hacker gained access to some of its data, causing disruptions to parts of the companyâs operations. The owner of MAC Cosmetics, Bobbi Brown, and Tom Ford Beauty, among others, assured customers that they are working to restore affected systems and have taken measures to secure their operations. As the company faces the aftermath of the breach, it comes at a crucial time, with Estee Lauder previously forecasting weaker sales and profit due to slow recovery in duty-free and travel destinations, especially in Asia.
9. Henry Ford Health Data Breach
Henry Ford Health is taking immediate action to address a data breach that has affected approximately 168,000 patients across its hospitals and facilities in Michigan. The breach involved unauthorized access to three business email accounts, prompting the health system to swiftly secure the accounts and initiate a thorough investigation. While the specific personal information breached has not been specified, the health system has already notified potentially impacted patients and is bolstering its security measures while providing additional training to its staff.
10. Cyberattack: Charter Oak Federal Credit Union
Charter Oak Federal Credit Unionâs website is now back online after being down for several days due to a cyber attack. The bankâs president and CEO, Brian Orenstein, addressed the issue in a Q&A session, stating that the outage was caused by ânefarious actors.â The credit union has assured customers that their accounts and information are safe and will refund any fees incurred during the downtime.
đ˘ Cyber News
11. Microsoft and CISA Expand Cloud Logging
Microsoft is taking steps to enhance cybersecurity incident investigation by offering free access to cloud logging capabilities to all government and commercial customers. The move comes after facing criticism following a breach linked to Chinese hackers, where several organizations were unable to detect the hacking campaign targeting cloud-based email accounts. With expanded access to detailed logs of email access and other critical log data, organizations can now better identify and respond to cyber threats, leading to improved security practices and enhanced protection against potential cyber-attacks.
12. Reddit Faces Russian Fine for Content
Reddit, a popular social media network, is the latest company to be fined in Russia for failing to delete content that the government considers to discredit the Russian army and spread false information about the Soviet Unionâs actions during World War Two. The potential fine for Reddit amounts to 4 million roubles ($43,895) for hosting âknowingly false informationâ and other âextremist content.â This move is part of Russiaâs tightening grip on political narratives within the country and their efforts to reduce the influence of foreign tech giants by adding Western-based social media apps to their infamous Register of Prohibited Sites.
13. Cytrox and Intellexa Trade Restrictions
The US Commerce Departmentâs Bureau of Industry and Security (BIS) has placed spyware vendors Cytrox and Intellexa on the trade restrictions list, limiting their access to American technology. The move aims to prevent the development of surveillance tools that could lead to human rights abuses. Four entities linked to Cytrox and Intellexa, based in Greece, Hungary, Ireland, and North Macedonia, have been added to BISâs Entity List, subjecting them to export and licensing restrictions, effectively banning significant trade with the US.
14. Privacy Bill Advances in House
The Judiciary Committee of the House of Representatives has unanimously approved the Fourth Amendment is Not for Sale Act, a bipartisan legislation aimed at preventing law enforcement agencies from purchasing sensitive data without a warrant. The bill prohibits the FBI and other government agencies from buying individualsâ private data, including location information, from data brokers unless they have a court order, subpoena, or warrant. The lawmakers argue that such data sales violate citizensâ Fourth Amendment rights, protecting them from âunreasonable searches and seizures,â and they seek to address concerns raised by Avril Haines, the countryâs top intelligence official, regarding the routine purchase of sensitive information by the intelligence community.
15. Enhancing 5G Network Slicing Security
U.S. cybersecurity and intelligence agencies have issued recommendations to enhance the security of 5G standalone network slicing and defend against potential threats. As the threat landscape in 5G evolves, advanced monitoring and auditing capabilities are essential to meet service level requirements over time, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA). The advisory highlights the importance of a zero trust architecture (ZTA) and authentication, authorization, and audit (AAA) techniques to safeguard against denial-of-service, misconfiguration, and adversary-in-the-middle attacks on 5G network slicing.
Subscribe and Comment.
Copyright Š 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.
