Cyber Briefing: 2023.09.11
👉 What’s happening in cybersecurity today? Phishing, Google Looker Studio, Spyware, Telegram, Android, HijackLoader Malware, BlueShell, Emsisoft Update, Aerospace, Dymocks, Vitalik Buterin, Ethereum, Linktera, Kent Secondary School, Hinds County, Google’s Sandbox, China’s AI, Misinformation, Fertility Apps, 1Health.io.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
🚨 Cyber Alerts
1. Phishing via Google Looker Studio
Cybersecurity firm CheckPoint has uncovered a wave of phishing attacks utilizing Google Looker Studio to steal sensitive information and funds. This new breed of phishing attacks is adept at bypassing conventional security measures. Perpetrators create deceptive crypto-related pages using Google Looker Studio and send them to unsuspecting victims, appearing as legitimate messages from the tool itself. The victims are enticed to click on a link that redirects them to a Google Looker page, where they are coaxed into entering login credentials, leading to potential data theft. These attacks have been ongoing for several weeks, and while email authentication checks may be circumvented, recipient vigilance remains a critical defense.
2. Malicious Telegram Clones Stealing Data
Several malicious Telegram clones for Android on Google Play were installed over 60,000 times, infecting people with spyware that steals user messages, contacts lists, and other data. These apps appear tailored for Chinese-speaking users and the Uighur ethnic minority, raising concerns of potential ties to state monitoring and repression mechanisms. While Kaspersky discovered and reported these malicious apps to Google, some were still available for download on Google Play at the time of the report. Google has since removed them and banned the developers, emphasizing its commitment to app security and user protection.
3. HijackLoader Malware on the Rise
Zscaler ThreatLabz has uncovered the emergence of a malware loader called HijackLoader, which, despite its lack of sophistication, is gaining popularity in the cybercriminal community. This loader stands out due to its modular structure, allowing for flexible code injection and execution. It has been observed delivering various malware families, including Danabot, SystemBC, and RedLine Stealer, using evasion techniques such as syscalls and delay tactics. While its code quality may be poor, the growing popularity of HijackLoader suggests potential future enhancements and broader adoption among threat actors.
4. Surge in BlueShell Malware Attacks
Researchers at ASEC have issued a report spotlighting the growing prevalence of the BlueShell malware, which has been employed by various threat actors to infiltrate Windows, Mac, and Linux operating systems in South Korea and Thailand. BlueShell, in operation since 2020, uses TLS encryption to elude network detection and hinges on configuration parameters such as the C2 server’s IP address and port number. Recent findings indicate that the Dalbit Group, a Chinese threat actor, has used BlueShell in attacks on Windows systems, focusing on vulnerable servers to pilfer essential data for ransom demands.
5. Emsisoft’s Security Update Advisory
Emsisoft, an endpoint security firm, has issued an urgent advisory to its users, recommending updates and system reboots following a certificate mishap. The company’s Extended Validation code signing certificate, which was renewed on August 23, was improperly issued by GlobalSign, the certificate authority. This affected all program files compiled after the renewal date, including the latest software version released on September 4. To resolve this issue, Emsisoft has re-signed all files with the correct certificate and is encouraging users to reboot their systems after updating their security products to ensure continued protection.
6. CISA Warns of Aerospace Cyberattack
Multiple nation-state hackers exploited two vulnerabilities to target an undisclosed aerospace company, according to an advisory by the Cybersecurity and Infrastructure Security Agency (CISA). The security breach, detected as early as January, involved CVE-2022–47966, allowing hackers to access the company’s web server hosting the Zoho ManageEngine ServiceDesk Plus application. This enabled the intruders to gain control, create administrative privileges, download malware, collect user data, and move through the network.
đź’Ą Cyber Incidents
7. Dymocks Notifies Potential Data Breach
Bookstore chain Dymocks has issued a warning to its customers regarding a potential data breach that could result in the exposure of their personal information on the dark web. Managing director Mark Newman informed customers via email that they detected signs of an unauthorized party possibly gaining access to customer records. While the investigation is ongoing, cybersecurity experts have already found discussions related to customer records on the dark web. Although the extent of the breach is uncertain, Dymocks assured customers that passwords and financial data appear to be secure, and they plan to report the incident to the Office of the Australian Information Commissioner upon completing their investigation.
8. Ethereum Co-Founder’s Twitter Hack
Ethereum co-founder Vitalik Buterin fell victim to a Twitter hack that resulted in the theft of $691,000 from unsuspecting users who followed a malicious link on his feed. The hacker used Buterin’s account to announce the release of commemorative non-fungible tokens from Consensys, enticing users to connect their wallets to mint the tokens. Instead, the hacker exploited the connection to steal funds, with some victims reportedly losing access to their wallets. Despite efforts by vigilant users on Crypto Twitter to identify the fake link, the exact number of users affected remains unknown as Buterin has not yet commented on the incident.
9. Ransomed VC Claims Linktera Breach
A hacker group known as Ransomed VC has asserted responsibility for the Linktera data breach, gaining unauthorized access to the company’s database and deleting backups. The threat actors have demanded a $23,000 ransom, and a conspicuous “Pay” button redirects users to a dedicated page for payment. The Ransomed VC group remains largely enigmatic, employing an unconventional tactic involving European GDPR laws, raising concerns within the cybersecurity community about this new form of cyber threat.
10. Kent School Faces Cyber Threat
A secondary school in Maidstone, Kent, known as St Augustine Academy, is grappling with the aftermath of a significant criminal cyber attack. Principal Jason Feldwick confirmed the breach, stating that an external criminal organization had encrypted school systems and data. While it remains unclear if a ransom demand was involved, the school is taking immediate steps to inform authorities and establish a backup solution. This incident serves as a stark reminder of the pervasive threat of cyberattacks, prompting calls for heightened vigilance against such threats from officials like Councillor Chris Passmore.
11. Hinds County Cyberattack Disruptions
Hinds County, Mississippi, faces ongoing computer problems resulting from a cyberattack, causing the tax collector’s office to remain closed, along with jury duty cancellations at the Circuit Clerk Office. Hinds County Administrator, Kenny Wayne Jones, stated that their systems are under assessment, but the recovery process is complex and time-consuming. Residents affected by the closure express concerns about late fees and refunds for services disrupted by the attack.
📢 Cyber News
12. Google Launches Privacy Sandbox for Chrome
Google has officially started implementing its Privacy Sandbox in the Chrome web browser for most users, with nearly three percent left unaffected initially for testing. Privacy Sandbox aims to replace third-party tracking cookies with privacy-preserving alternatives while still serving personalized content and ads. While Google touts this as an improvement in user privacy, it has faced criticism for collecting extensive user data through an opt-in process.
13. Microsoft Warns of China’s AI Influence
Microsoft has revealed that China is employing AI-generated images to influence American voters, particularly on divisive political topics like gun violence and political figures. These state-affiliated hacking groups aim to mimic voters from diverse backgrounds, inciting controversy along racial, economic, and ideological lines using diffusion-powered image generators. Clint Watts, the general manager of Microsoft’s Threat Analysis Center, emphasizes that this AI technology produces more engaging content than previous campaigns, making it effective despite image quality issues.
14. Data Privacy Probe for Fertility Apps in the UK
The UK’s Information Commissioner’s Office is launching an investigation into period and fertility tracking apps to address growing concerns among women. The ICO aims to scrutinize how these apps handle user data and is encouraging users to share their experiences. Many women prioritize data transparency and security over cost and ease of use, with some reporting distressing fertility-related ads after signing up for these applications. ICO’s review will focus on improving user privacy and understanding the apps’ benefits and drawbacks, with potential regulatory actions if necessary.
15. 1Health.io Fined for Data Mishandling
The Federal Trade Commission (FTC) has reached a settlement with genetic testing firm 1Health.io, which will pay a $75,000 fine to address allegations of failing to safeguard sensitive genetic and health data, making retroactive changes to its privacy policy without customer consent, and misleading customers about data deletion options. This fine will be allocated toward customer refunds. Additionally, 1Health.io, formerly known as Vitagene, is required to instruct third-party contract laboratories to destroy stored consumer DNA samples older than 180 days and obtain explicit consent before sharing health data.
Subscribe and Comment.
Copyright © 2023 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.
