Cyber Briefing: 2023.07.21
👉 What are the latest cybersecurity alerts, incidents, and news? Citrix Vulnerability, DDoS Attack, Zyxel Flaw, Hospitals Data Privacy, MegaRAC Vulnerability, Mallox Ransomware, Apache OpenMeetings, Tampa General Hospital, GitHub, 1st Source Bank, George County, Presidential Election, FedNow, Apple, Kevin Mitnick.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
🚨 Cyber Alerts
1. CISA Warns Citrix Flaw Exploited
The Cybersecurity and Infrastructure Security Agency of active exploitation of a critical security flaw in Citrix NetScaler ADC and Gateway devices, leading to web shells being deployed on vulnerable systems. Threat actors utilized a zero-day vulnerability in June 2023 to drop a web shell on a critical infrastructure organization’s NetScaler ADC appliance, allowing them to perform discovery on the victim’s active directory and exfiltrate data. While Citrix has released patches for the issue, users are urged to apply updates promptly to secure against potential threats.
2. DDoS Botnets Target Zyxel Devices
Distributed denial-of-service (DDoS) botnets are exploiting a critical vulnerability in Zyxel devices to gain remote control of vulnerable systems in multiple regions. The flaw, CVE-2023–28771, allows unauthorized actors to execute arbitrary code by sending a crafted packet to the targeted appliance. Researchers have identified several botnets, including Mirai variants, leveraging the flaw to orchestrate DDoS attacks against various targets, underscoring the escalating sophistication of DDoS attacks worldwide. Additionally, pro-Russian hacktivist groups, such as KillNet and REvil, are increasingly focusing on targets in the U.S. and Europe, further complicating the cyber threat landscape.
3. FTC and HHS Caution Hospitals on Data Risks
The Federal Trade Commission (FTC) and the Department of Health and Human Services (HHS) have sent a joint letter to around 130 hospital systems and telehealth providers, raising concerns about security risks associated with tracking technologies like Meta/Facebook Pixel and Google Analytics embedded in websites and mobile apps. These technologies collect users’ identifiable information in ways that consumers find hard to avoid, and the agencies highlight that users are often unaware of the disclosure of their health data to third parties through tracking.
4. AMI MegaRAC BMC: Critical Vulnerabilities
Researchers at Eclypsium have discovered two new critical severity vulnerabilities in the MegaRAC Baseboard Management Controller (BMC) software used by numerous server manufacturers, including Dell EMC, Lenovo, Huawei, and more. The flaws, tracked as CVE-2023–34329 and CVE-2023–34330, allow attackers to bypass authentication and inject malicious code via Redfish remote management interfaces. These vulnerabilities could lead to remote code execution on vulnerable firmware, with potential impacts ranging from remote control of compromised servers to firmware bricking and indefinite reboot loops, posing significant risks to cloud service and data center providers.
5. Mallox Ransomware Surge: 174% Increase
According to Palo Alto Networks Unit 42’s recent findings, Mallox ransomware activities in 2023 have experienced a staggering 174% surge compared to the previous year. The ransomware group follows the disturbing trend of double extortion, stealing sensitive data before encrypting an organization’s files and threatening to expose the stolen data on a leak site to coerce victims into paying the ransom. Mallox has been linked to other ransomware strains, including TargetCompany, Tohnichi, Fargo, and the most recent Xollam, making it a significant threat in the cyber landscape since its emergence in June 2021.
6. OpenMeetings Security Vulnerabilities
Multiple vulnerabilities in Apache OpenMeetings, a web conferencing solution, have been revealed, enabling potential attackers to gain control over admin accounts and execute malicious code on vulnerable servers. The flaws, addressed in version 7.1.0 released on May 9, 2023, include an authentication bypass that grants unrestricted access via invitation hash (CVE-2023–29032) and a NULL byte injection allowing admin privilege attackers to execute code (CVE-2023–29246). By exploiting these weaknesses, threat actors could create zombie rooms, gain admin privileges, and manipulate the OpenMeetings instance, posing a significant security risk to users.
💥 Cyber Incidents
7. Tampa Hospital: 1.2M-Patient Data Breach
Tampa General Hospital recently confirmed a significant security breach where hackers gained access to its network and exfiltrated sensitive health information from up to 1.2 million patients. The breach, detected on May 31, 2023, led to the unauthorized individuals having network access for three weeks, during which they stole files containing patient details. While data theft occurred, the hospital’s security systems managed to prevent the files from being encrypted in what appears to have been an attempted ransomware attack. Additional security measures have been implemented to strengthen the hospital’s systems and detect future breaches rapidly, and affected individuals will be offered complimentary credit monitoring and identity theft protection services.
8. North Korean Hackers Target GitHub
Microsoft has attributed a cyberattack on GitHub customers to a previously unknown hacking group based in North Korea. The group, known as “Jade Sleet” or “TraderTraitor,” targeted the personal accounts of technology firm employees, particularly those associated with cryptocurrency, blockchain, online gambling, and cybersecurity sectors. The attackers impersonated developers or recruiters on social media platforms like GitHub, LinkedIn, Slack, and Telegram, using repository invitations and malicious npm package dependencies to execute their attacks. GitHub suspended the associated accounts, published attack indicators, and filed abuse reports to counter the threat.
9. Cl0p Ransomware Hits 1st Source Bank
The fallout from the Cl0p ransomware syndicate’s attack on 1st Source Bank is escalating, with the bank revealing that 450,000 individuals’ data may have been accessed by attackers through the MOVEit Transfer servers. The breach potentially exposed sensitive information, including Social Security numbers, government-issued IDs, names, dates of birth, and more. Cybersecurity firm Emisoft estimates that the number of individuals impacted by the MOVEit transfer attacks reaches 20 million, with nearly 400 companies affected, marking an alarming and unrelenting cyber threat.
10. Russian Lab Ransomware Attack
Russian medical laboratory Helix faced a significant cyberattack that disrupted its systems, causing delays in delivering test results to customers. The attack involved ransomware attempts, prompting the lab’s tech team to partially restore website functionality and e-health services without paying the ransom. Although no customer personal data was compromised, many clients expressed frustration over delayed results, leading to the company resetting all customer passwords and enhancing security protocols to prevent future cyber threats. The perpetrators behind the attack and their motivations remain unknown, raising concerns about potential financial or political motivations.
11. George County’s Ransomware Recovery
George County, a coastal Mississippi county with over 25,000 residents, is grappling with the aftermath of a devastating ransomware attack that affected almost all government computers. The hackers gained access through a phishing email and launched a coordinated attack, encrypting data and demanding a ransom in Bitcoin. County officials decided not to pay the ransom, and now, IT workers are working tirelessly to restore servers and systems, relying on disconnected laptops to continue essential operations. The attack on George County reflects a wider trend of increasing ransomware incidents targeting municipalities across the United States, highlighting the urgent need for stronger cybersecurity measures and vigilance in combating cyber threats.
📢 Cyber News
12. AI Threat to Elections: NSA Nominee’s Warning
Air Force Lt. Gen. Timothy Haugh, nominee for U.S. Cyber Command and NSA leadership, issued a warning about the potential use of generative artificial intelligence by foreign adversaries to interfere in the upcoming presidential election. Generative AI, such as ChatGPT, can create authentic-looking content from text prompts, raising concerns about its exploitation in the electoral process. Haugh’s testimony echoes the worries of other senior national security officials, highlighting the urgent need to address the risks posed by this technology in safeguarding democratic processes.
13. Federal Reserve Launches FedNow Service
The Federal Reserve’s new instant payment service, FedNow, has officially launched with 35 banks and credit unions, including major players like JPMorgan Chase and Bank of New York Mellon, certified to use the service. FedNow aims to make everyday payments faster and more convenient, allowing individuals to receive paychecks instantly and businesses to access funds immediately when invoices are paid. The new payment rail will overhaul the U.S. payment system and is expected to generate competition, enabling banks to build their own versions of peer-to-peer payment apps like Zelle within their banking apps.
14. Hacker Kevin Mitnick Passes Away at 59
Kevin Mitnick, a well-known hacker who faced legal consequences for computer and communications-related crimes, has passed away at the age of 59 following a battle with pancreatic cancer. In recent years, Mitnick worked as a security evangelist and ‘Chief Hacking Officer’ at KnowBe4, a security awareness training company based in Florida.
15. Apple vs. UK Encryption Laws
Apple accuses the British government of trying to become the “global arbiter” of encryption levels in response to proposed legal changes. The iPhone maker warns that such measures could lead to the withdrawal of security features from the UK and even the shutdown of services like FaceTime and iMessage within the country. The proposed amendments to the Investigatory Powers Act seek to give the government more power to force technology companies to modify their services for accessing communications data, sparking concerns over user privacy and data security.
Subscribe and Comment.
Copyright © 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.
