Cyber Briefing: 2023.09.04

7 min readSep 4, 2023

👉 What’s happening in cybersecurity today? VMware Update, FreeWorld Ransomware, MS SQL Servers, Infamous Chisel Malware, Ukraine, Russia, Adobe, Okta, Social Engineering, Facebook Ads, Vietnam, Callaway, University of Sydney, Sourcegraph, Debenham High School, IBM, MOVEit, UK, AI Governance, Child Online Safety Laws, BYOD.

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

‎Cyber Briefing: Cyber Briefing - 2023.09.04 on Apple Podcasts

👉 What's happening in cybersecurity today? 🚨 #CyberAlerts Urgent Security Patch Released by VMware to Safeguard…

podcasts.apple.com

🚨 Cyber Alerts

1. MS SQL Servers Targeted for Ransomware

Threat actors are capitalizing on vulnerable Microsoft SQL (MS SQL) servers to distribute Cobalt Strike and a new ransomware variant called FreeWorld. Dubbed the DB#JAMMER campaign by cybersecurity firm Securonix, this attack is notable for its comprehensive toolset, including enumeration software, RAT payloads, exploitation tools, credential stealers, and the FreeWorld ransomware. These actors gain initial access through brute-force attacks on MS SQL servers, highlighting the importance of robust password security. They then proceed to compromise systems, ultimately deploying FreeWorld ransomware via lateral movement and distribution of malicious tools.

2. FortiGuard Labs Warns of ColdFusion Risks

Despite the release of security updates by Adobe in July to address critical vulnerabilities in its ColdFusion platform, Fortinet has detected an ongoing wave of threat exploitation. Specifically, attackers are targeting the deserialization of untrusted data within ColdFusion, a vulnerability that poses a severe risk of arbitrary code execution. These attacks encompass probing activities and attempts to establish reverse shells, emphasizing the importance of prompt system upgrades and FortiGuard protection to mitigate this persistent threat.

3. Russian Malware Targets Ukrainian Military

A mobile malware strain known as “Infamous Chisel,” attributed to a Russian state-sponsored actor called Sandworm, has been discovered targeting Android devices used by the Ukrainian military. This malware enables unauthorized access, file scanning, traffic monitoring, and sensitive information theft on compromised devices. Sandworm, also known as Frozenbarents and other aliases, is associated with the Russian Main Intelligence Directorate (G R U) and has been active since at least 2014, known for its disruptive and destructive cyber campaigns.

4. Vietnamese Cyber Ads Spreading Malware

In a growing trend, cybercriminals linked to the Vietnamese hacking ecosystem are using advertising on social media platforms, including Facebook, owned by Meta, as a method to distribute malware. These malicious actors have found a new lucrative avenue by targeting business accounts on these platforms, resulting in a surge in cyberattacks against Meta Business and Facebook accounts over the past year. Victims are approached through various means, including social engineering and fake job postings, ultimately leading to the deployment of malware like Ducktail, which has evolved to steal personal information and compromise accounts.

5. VMware Addresses Critical Security Issue

VMware has launched a crucial security update aimed at rectifying a vulnerability found in VMware Tools. This vulnerability has the potential to be exploited by malicious cyber threat actors, allowing them to access sensitive and confidential information. To mitigate this risk, CISA strongly advises all users and administrators to thoroughly examine VMware Security Advisory VMSA-2023–0019 and promptly apply the necessary security update. Your use of this product is contingent upon adhering to this notification and the accompanying Privacy & Use policy.

6. Okta Warns of Admin Attacks

Identity services provider Okta has issued a warning about a series of social engineering attacks orchestrated by threat actors to gain elevated administrator permissions. According to Okta, these attacks have recently targeted IT service desk personnel at multiple U.S.-based Okta customers. The attackers’ strategy is to convince service desk personnel to reset all multi-factor authentication (MFA) factors associated with highly privileged users, allowing them to abuse Okta Super Administrator accounts and impersonate users within compromised organizations.

💥 Cyber Incidents

7. Suffolk School Hit by Cyber Threat

Debenham High School in Suffolk has fallen victim to a cyber attack, resulting in the shutdown of all its computer facilities. While no data compromise has been identified, the incident has been reported to the police. The school is diligently working to restore its IT systems before the upcoming school term, with assurances that the process will be expedited due to security measures in place.

8. Security Incident at Sourcegraph

Code search and navigation platform Sourcegraph recently disclosed a data breach stemming from an accidental leak of an admin access token by one of its engineers. This breach was identified on August 30 after a surge in API usage triggered an investigation. Although the admin access token was leaked in a July 14 commit, the company stressed that no customer private data or code was viewed or modified during the incident. Sourcegraph took immediate actions to mitigate the breach, including revoking the malicious user’s access and rotating potentially viewed customer license keys.

9. Callaway’s Data Breach Impact

A recent data breach at golf equipment giant Callaway has compromised the personal and account details of over 1.1 million customers, affecting the company and its sub-brands. The breach, which occurred due to an IT system incident in early August, exposed information such as full names, addresses, email addresses, phone numbers, and order histories. While sensitive data like payment card information and Social Security Numbers remained secure, Callaway has enforced a mandatory password reset for all affected accounts, advising users to use strong, unique passwords to enhance security and protect against potential credential-stuffing attacks.

10. Sydney University Data Breach

The University of Sydney (USYD) has revealed a data breach involving a third-party service provider, which exposed personal information of recently applied and enrolled international applicants. Despite being one of Australia’s most prominent educational institutions, the university assured that the breach had a limited impact and that there is no evidence of local students, staff, or alumni being affected. While the details of the breach, including the exact timing and the compromised third-party service, remain undisclosed, USYD is actively contacting impacted individuals and providing support to mitigate potential risks.

📢 Cyber News

11. Ukraine Cyber Police Take Down Scammers

Ukraine’s Cyber Police have successfully dismantled an extensive digital fraud operation involving approximately 800 individuals. This operation was suspected of both data theft and deceptive practices, coaxing victims into phony cryptocurrency investment schemes. Operating under the guise of bank and mobile operator security personnel, fraudsters illicitly acquired card details and SMS codes to misappropriate funds. Law enforcement efforts resulted in the shutdown of fraudulent call centers across multiple cities, the confiscation of roughly 900 pieces of digital equipment, and the initiation of four criminal cases with ongoing investigations to identify additional masterminds involved in the scheme.

12. UK Urged to Accelerate AI Policy

Members of the Science, Innovation, and Technology Committee of the UK Parliament are emphasizing the need for the government to accelerate the formulation of a comprehensive artificial intelligence policy. They argue that the rapid growth of AI surpasses the government’s current commitment to ensure that the public interest guides its development. While the government’s existing strategy focuses on principles such as safety, transparency, fairness, accountability, and competition, the parliamentary committee believes that new legislation is necessary to keep pace with international standards, particularly those set by the European Union and the United States.

13. Lawsuit Targets IBM for Data Breach

IBM is facing a class-action lawsuit following a significant data breach linked to the controversial MOVEit application. The plaintiff, Jennifer Wedeking, alleges that IBM’s negligence and its use of MOVEit were the key factors behind the data breach. She claims that IBM knowingly used MOVEit despite its security vulnerabilities, leading to the exposure of sensitive data like Social Security numbers and Medicare ID numbers. This breach affected not only Wedeking but also a nationwide class of individuals.

14. BYOD Policy Gaps in European Enterprises

A recent survey by Jamf, a provider of enterprise-level management and security solutions for Apple ecosystems, exposes a significant security gap in European enterprises. The study finds that 49% of these organizations lack a formal Bring-Your-Own-Device (BYOD) policy, leaving them vulnerable to cybersecurity threats. As employees increasingly use personal devices to connect remotely, the absence of structured BYOD policies raises concerns about data leaks, outdated software, shadow IT, and more. The survey highlights the need for organizations to establish clear BYOD policies and engage employees in promoting essential security practices to manage these risks effectively.

15. Online Safety Laws Temporarily Blocked

Subscribe and Comment.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.