Cyber Briefing: 2023.07.24
👉 What’s happening in cybersecurity today? BundleBot Malware, Supply Chain Attacks, OpenSSH RCE, Atlassian Vulnerabilities, Clop Ransomware, DHL MOVEit Breach, Alphapo Crypto Payment, Rite Aid Data Breach, Suzuki, MSX International, Alexa Privacy Violations, DOJ’s National Cryptocurrency Enforcement Team, Global AI Security Pledge, Google’s AI Red Team.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
🚨 Cyber Alerts
1. Stealthy BundleBot: Data Theft Malware
A new malware strain called BundleBot has been quietly operating undetected, exploiting .NET single-file deployment techniques to gather sensitive information from compromised systems. Disguised as regular program utilities, AI tools, and games, it is commonly distributed through Facebook Ads and compromised accounts. The malware uses custom obfuscation and junk code to evade analysis and is capable of stealing data from web browsers, capturing screenshots, and harvesting account details from Discord, Telegram, and Facebook.
2. Banking Sector Under Cyber Siege
Cybersecurity researchers have uncovered a series of open-source software supply chain attacks with a laser focus on the banking sector. Employing advanced techniques, the attackers targeted specific components within web assets, attaching malicious functionalities to infiltrate victim banks. These assailants utilized deceptive tactics, including creating fake LinkedIn profiles and customizing command-and-control centers for each target, exploiting legitimate services for illicit activities. The attacks, which employed a subdomain on Azure to deliver second-stage payloads, demonstrate the pressing need for fortified supply chain security to safeguard against instantaneous breaches that render subsequent countermeasures ineffective.
3. OpenSSH Vulnerability: Remote Code Risk
A newly-patched vulnerability in OpenSSH has raised concerns as it could potentially allow remote attackers to execute arbitrary commands on compromised hosts under specific circumstances. The flaw, tracked as CVE-2023–38408, impacts all OpenSSH versions before 9.3p2. Exploiting the vulnerability requires certain libraries to be present on the victim’s system and that the SSH authentication agent is forwarded to an attacker-controlled system, enabling unauthorized access and potential cyber threats. It is crucial for OpenSSH users to update to the latest version promptly to protect against potential remote command execution risks.
4. Atlassian Patches Critical RCE Flaws
Atlassian has taken swift action to release patches for two remote code execution (RCE) vulnerabilities in Confluence Data Center and Server, and another in Bamboo Data Center. The most severe of these issues (CVE-2023–22508) impacts Confluence version 7.4.0, while the second bug (CVE-2023–22505) affects Confluence version 8.0.0. Exploiting these vulnerabilities could allow attackers to execute arbitrary code with potentially devastating effects on confidentiality, integrity, and availability, requiring no user interaction but authenticated access as a valid user. Atlassian has expanded its vulnerability disclosure policies to increase transparency and prompt vulnerability patches, urging users to apply the updates promptly to prevent system takeover and other security risks highlighted by the US Cybersecurity and Infrastructure Security Agency (CISA).
5. Clop Ransomware’s New Tactic
The Clop ransomware gang has adopted a new extortion tactic by creating clearweb websites dedicated to specific victims, allowing easier access to leaked data and increasing the pressure on victims to pay the ransom. In contrast to the traditional method of using Tor for data leak sites, this new approach enables search engines to index the leaked information, reaching a wider audience. However, these clearweb sites are also more vulnerable to takedowns, and it remains uncertain if this method will prove effective for the ransomware gang in the long run.
đź’Ą Cyber Incidents
6. DHL’s MOVEit Breach: 20M Victims
DHL, the UK arm of the shipping giant, is currently investigating a data breach linked to its use of MOVEit software, which has been exploited by a Russian ransomware group for nearly two months. Progress Software has patched the software, but the cybercriminals have still found unpatched targets, affecting at least 383 organizations and leaking the information of over 20 million individuals. High-profile organizations such as PokerStars, Franklin Mint Federal Credit Union, and 1st Source Bank have confirmed breaches, with exposed sensitive data ranging from Social Security numbers to personal information leaked due to the MOVEit vulnerability.
7. Crypto Payment Processor Hacked: $23M Loss
Alphapo, a popular crypto payment processor, has fallen victim to a significant hack, resulting in a loss of over $23 million across Ethereum, Bitcoin, and Tron wallets. The exact amount of stolen BTC remains uncertain, but the hacker reportedly converted the stolen funds into ETH and then bridged it to Bitcoin and Avalanche. Following the breach, HypeDrop, a customer of Alphapo, disabled withdrawals temporarily due to issues related to BTC, ETH, and TRX transactions. The hack has raised concerns about the potential leakage of private keys, with DeFi security platform DeDotFi suggesting it may have been the cause. This incident marks another notable hacking event in the crypto space, following a recent $3.2 million hack on Conic Finance.
8. Rite Aid Data Breach: Customer Info Compromised
Rite Aid, a Philadelphia-based drugstore chain, has suffered a significant data breach that compromised customer information, including names, birth dates, addresses, and prescription details. While social security numbers and credit card information remained safe, insurance data, such as plan names and cardholder IDs, were accessed by an unknown third party. The breach, which occurred on May 27 and was reported to law enforcement and regulators on May 31, has prompted Rite Aid to take action to protect its customers’ sensitive data.
9. Suzuki Dealers’ Data Breach
Cybernews research team discovered that two Suzuki-authorized dealer websites were leaking customers’ sensitive information, raising concerns about the cybersecurity practices of regional car dealerships. The exposed data included passwords, secret tokens, SMTP credentials, and various secret keys, which could have been used for phishing attacks and compromising the website’s security measures. With cars being one of the most significant purchases for consumers, the value of customer information to cybercriminals is high, making it essential for dealerships to implement stringent cybersecurity measures to protect their customers.
10. MSX International Data Breach
On July 20, 2023, MSX International Inc. filed a notice of data breach after discovering that an unauthorized party gained access to consumers’ sensitive information, including names and Social Security numbers, stored on the company’s computer network. The breach occurred between February 2, 2023, and February 6, 2023, but was only detected in early May, prompting immediate action and investigation. MSX International has since sent out data breach notification letters to all affected individuals, and concerned consumers are advised to take precautions and seek legal assistance to protect themselves from potential identity theft and fraud risks.
📢 Cyber News
11. DOJ Strengthens Cryptocurrency Crime Team
The Department of Justice (DOJ) is expanding its National Cryptocurrency Enforcement Team (NCET) to more than double the number of prosecutors dedicated to investigating cryptocurrency-related crimes. Senior DOJ official Nicole Argentieri announced that the NCET will become a permanent part of the department’s criminal division, with a new leader, Claudia Quiroz, taking charge. The move comes in response to the increasing concerns over criminal activities involving cryptocurrencies and the growing role of digital assets in the criminal underworld, prompting the DOJ to bolster its efforts to tackle these challenges.
12. Global AI Security Pledge & Regulation
Governments worldwide are taking measures to ensure responsible AI development without stifling innovation. Seven companies have committed to conducting rigorous internal and external testing of their AI systems to address cybersecurity risks before release, investing in cybersecurity safeguards to protect proprietary and unreleased model weights. Furthermore, the agreement mandates engaging third parties for vulnerability discovery and reporting in AI systems to swiftly find and fix potential issues. The Biden-Harris Administration’s efforts to secure these voluntary commitments involve numerous countries, highlighting the growing regulatory focus on AI oversight and safety in the technology industry.
13. Amazon Fined $25M for Alexa Privacy Breach
The U.S. Justice Department and the Federal Trade Commission (FTC) have reached an agreement with Amazon, in which the tech giant will pay a $25 million fine to settle alleged children’s privacy laws violations related to its Alexa voice assistant service. The charges were filed after Amazon failed to comply with parents’ requests to delete their children’s voice recordings and geolocation information, violating the Children’s Online Privacy Protection Act (COPPA) and the COPPA Rule. Additionally, Amazon’s Ring subsidiary is facing a separate $5 million fine for privacy violations associated with its video doorbell service, involving unlawful surveillance of customers and inadequate protection against hackers.
14. Google’s AI Red Team: Attack Strategies & Lessons
Google has unveiled its AI Red Team, which focuses on simulating attacks on artificial intelligence (AI) systems, aiming to improve the security of AI technologies. The report highlights various attack methods, including prompt engineering, data abuse in training, and locking down access to AI models. Google emphasizes the need for traditional red teams to collaborate with AI experts to create realistic adversarial simulations and stresses the importance of implementing robust security controls to protect against AI-related risks.
15. Russian Cyber Entrepreneur Faces Treason
A Russian prosecutor has requested an 18-year prison sentence for Ilya Sachkov, the co-founder of Group-IB, one of the country’s leading cybersecurity firms, on charges of treason. The firm, known for its work in detecting and preventing cyberattacks, collaborates with global institutions like Interpol. Sachkov’s arrest in 2021 followed concerns raised by US President Joe Biden to Russian President Vladimir Putin about Russia enabling cybercrime targeting Western countries. The verdict is expected to be announced on July 26, and Group-IB has expressed confidence in their manager’s innocence and reputation.
Subscribe and Comment.
Copyright © 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.