Cyber Briefing: 2023.08.10
👉 What’s going on in the cyber world today? EvilProxy, Kubernetes, Cryptocurrencies, Mining, China, Sogou, CISA KEV Catalog, Adobe, Northern Ireland Police, LockBit Ransomware, Varian Medical Systems, France, The Netherlands, MOVEit, Missouri, Medicaid, Prospect Medical Holdings, The White House, AI Cyber Challenge, India, Maya OS, China, Espionage, Google, Android 14, Finland, Norway, Yango, Russia.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
🚨 Cyber Alerts
1. EvilProxy Exploits MFA Vulnerabilities
The tool EvilProxy has been leveraged to infiltrate the cloud accounts of more than 100 high-ranking executives in global organizations. This sophisticated scheme involves EvilProxy sending over 120,000 phishing emails to targeted organizations, successfully bypassing multifactor authentication (MFA) mechanisms. The attack demonstrates that even advanced security measures like MFA are not invulnerable to evolving threat tactics, underscoring the growing threat posed by reverse proxy-based attacks like EvilProxy.
2. Malicious Exploitation of Kubernetes Clusters
Cloud security firm Aqua has revealed that malicious actors are taking advantage of exposed Kubernetes clusters to deploy cryptocurrency miners and backdoors. These attacks primarily target small to medium-sized organizations, with a notable presence in larger sectors like finance, aerospace, and automotive industries. The compromised Kubernetes clusters, totaling over 350 from various entities, have fallen victim to active crypto-mining campaigns, indicating a worrying trend of misconfigurations that allow unauthorized access. Security experts have uncovered ongoing campaigns exploiting these weaknesses for cryptocurrency mining, underlining the critical need for robust Kubernetes security measures.
3. Chinese Sogou App Vulnerabilities Exposed
Citizen Lab, popular Chinese-language service Sogou’s software, used by over 455 million people monthly, was found to have significant vulnerabilities in its encryption system. The vulnerabilities exposed Sogou Input Method’s network transmissions to a “network eavesdropper,” allowing real-time capture of keystrokes. These findings raise concerns about the Chinese government’s potential access to user communications, urging caution when sharing sensitive data through Sogou services, even for users outside China. Although Sogou developers have fixed the vulnerabilities, users are advised to remain cautious about their data’s security and privacy when using the app.
4. CISA Adds Exploited Vulnerability to Catalog
CISA has included a newly discovered exploited vulnerability in its Known Exploited Vulnerabilities Catalog. Identified as CVE-2023–38180, affecting Microsoft .NET Core and Visual Studio, underscores the potential risks posed by such vulnerabilities to federal entities. While Binding Operational Directive (BOD) 22–01 mandates Federal Civilian Executive Branch (FCEB) agencies to address them promptly, CISA strongly advises all organizations to prioritize timely remediation as part of their cybersecurity strategy. The ongoing commitment to expanding the catalog with pertinent vulnerabilities reflects CISA’s dedication to proactive cybersecurity measures.
5. Adobe’s Critical Patches Strengthen Software
Tech giant Adobe has taken proactive measures by releasing more than 30 patches to rectify vulnerabilities affecting its suite of programs, including Acrobat, Reader, and other popular software. These patches come as a response to critical security issues, with sixteen of the vulnerabilities classified as critical. If exploited, these vulnerabilities could grant attackers administrative privileges, potentially leading to unauthorized data access, program installations, and account creation. While there is currently no evidence of exploitation, Adobe has taken a preemptive stance to ensure the security and integrity of its software suite.
đź’Ą Cyber Incidents
6. Data Breach Endangers Ireland Police
A major data breach has put Northern Ireland police officers at risk as their personal details were inadvertently exposed on the Police Service of Northern Ireland website. The breach involved a spreadsheet containing the initials, surnames, roles, and locations of all officers and staff, although home addresses were not included. This incident has raised concerns about the potential threat to officers’ safety, especially in a region marked by historical sectarian tensions. The PSNI is urgently addressing the breach’s security implications and has notified the Information Commissioner’s Office, emphasizing the importance of deleting any accessed data promptly.
7. LockBit Threat: Cancer Patient Data at Risk
LockBit ransomware group has issued a grave warning, asserting its possession of medical data belonging to cancer patients taken from Varian Medical Systems. The healthcare company, renowned for its cancer treatment devices and software, is under threat of data leak as the cybercriminal group holds sensitive patient information hostage. LockBit’s ultimatum, with a ransom payment deadline set for August 17, 2023, poses an alarming potential breach of privacy for these patients. Varian Medical Systems, currently owned by Siemens Healthineers, is confronted with a critical challenge in safeguarding patients’ personal information amidst this escalating cyber threat.
8. Attackers Target French and Dutch Websites
A pro-Russian hacking group known as NoName057(16) has asserted its involvement in targeting government and public services websites in France and the Netherlands. The attacks follow a previous wave where the same group engaged in distributed denial-of-service (DDoS) attacks against Spanish and Italian entities. NoName057(16) listed Dutch public transport, local bank SNS, the Groningen seaport, and the municipality of Vlardingen among its targets. Such attacks flood websites with junk traffic, rendering them inaccessible. Additionally, French and Dutch financial and regulatory institutions have also fallen victim to cyberattacks by the group, further underscoring the need for enhanced cybersecurity measures in the face of these persistent threats.
9. Missouri Medicaid Data Compromised
Missouri’s Department of Social Services (DSS) revealed that a cyberattack exploiting the MOVEit file transfer tool led to the theft of Medicaid participants’ protected health information, including names, birth dates, coverage status, and medical claims. The breach affected an unspecified number of individuals enrolled in May 2023. Although the DSS is working to assess the extent of the breach, it has initiated contact with potentially impacted individuals and advised them to take precautionary measures, including freezing their credit.
10. Healthcare System Battles Ransomware Impact
In a recent cyberattack, 16 hospitals operated by Prospect Medical Holdings are still recovering from severe outages caused by a ransomware attack, leading to ambulance diversions, appointment cancellations, and the use of paper records. The attack, attributed to the Rhysida ransomware group, affected healthcare facilities across multiple states, including Connecticut, California, Rhode Island, and Pennsylvania. The widespread impact has prompted calls for enhanced cybersecurity measures and a comprehensive response from federal agencies and healthcare organizations alike.
📢 Cyber News
11. White House Launches AI Cyber Challenge
In a bid to enhance cybersecurity measures, the White House has introduced the AI Cyber Challenge, an ambitious initiative aiming to utilize artificial intelligence for detecting and addressing vulnerabilities in crucial software code. Announced at the Black Hat cybersecurity conference, the challenge boasts a substantial $20 million prize pool and aims to foster collaboration between AI and security experts to develop advanced software tools capable of swiftly identifying and rectifying vulnerabilities across various sectors. Backed by leading tech giants including Anthropic, Google, Microsoft, and OpenAI, this competition represents a critical step towards harnessing AI’s potential to fortify cybersecurity defenses and safeguard essential infrastructure.
12. India’s Cybersecurity Boost with Maya OS
In a move to bolster its cybersecurity, India’s Ministry of Defence has opted for a homegrown solution, the Maya operating system, to safeguard its computer systems against potential hackers. The new operating system, developed by a government agency within six months, is built on an open-source platform and is equipped with advanced security features for endpoint detection and protection. As part of a trial initiative, the Maya OS will be installed on select ministry computers by August 15, with plans to extend its use across all connected systems. The adoption of Maya OS comes amidst growing concerns about cyber warfare and the rising number of hacker attacks, motivating India to fortify its cyberinfrastructure and national security measures.
13. Cyber Espionage by China’s RedHotel Hackers
Chinese state-sponsored hackers, known as RedHotel, have been implicated in a far-reaching cyber espionage campaign spanning 17 countries across Asia, Europe, and North America from 2021 to 2023. Recorded Future, a cybersecurity firm, revealed that RedHotel, also associated with various other codenames like Aquatic Panda and Bronze University, has targeted sectors such as academia, aerospace, government, and media, with a particular focus on COVID-19 research and technology R&D. Utilizing a multi-tiered infrastructure and sophisticated offensive tools like Cobalt Strike and Brute Ratel C4, RedHotel’s activities showcase the persistent and pervasive nature of China’s state-sponsored cyber-espionage efforts.
14. Enhanced 2G Security in Google’s Android 14
In a bid to bolster mobile security, Google has unveiled a significant enhancement in Android 14, allowing IT administrators to deactivate support for vulnerable 2G cellular networks in managed devices. This innovative security feature aims to counter the risks associated with weak encryption and potential interception of communication traffic in 2G networks. By disabling support for null-ciphered cellular connections, Google reinforces its commitment to end-to-end encryption, offering improved defense against network-based threats. Additionally, the Android 14 update addresses concerns regarding null ciphers and elevates user protection by enabling end-to-end encryption for RCS conversations, underscoring Google’s continuous efforts to enhance the security landscape of its mobile operating system.
15. Nordic Authorities Ban Yango Data Sharing
In response to mounting privacy concerns, Finnish and Norwegian data protection agencies have jointly implemented a temporary ban on the transfer of user data from the Russian ride-hailing app Yango. This decision comes ahead of a controversial Russian law that grants the FSB, the country’s domestic intelligence agency, access to taxi user data, sparking worries of potential surveillance. The ban will extend until at least November 30, aiming to safeguard European users from possible misuse of their sensitive information and to prevent any violation of the European General Data Protection Regulation.
Subscribe and Comment.
Copyright © 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.
