Cyber Briefing: 2023.11.29

👉 What’s trending in cybersecurity today?

BLUFFs bluetooth, XARO Ransomware, Google Workspace, Android Trojan, Chrome Zero Day, LY Corp hack, JAXA Cyber Attack, Texas Water District, Tesla Cyber Attack, AWS, Okta, UK, USA, LockBit.

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

🚨 Cyber Alerts

1. BLUFFS Attack Hijacks Bluetooth

Eurecom researchers unveiled the ‘BLUFFS’ attacks, exploiting two new Bluetooth flaws within Bluetooth Core Specification 4.2 through 5.4. These architectural flaws compromise session key derivation, enabling attackers to break the confidentiality of past and future Bluetooth communications, affecting billions of devices globally.

2. Xaro Ransomware Targets Software Users

A new variant of the DJVU ransomware, known as Xaro, has emerged, spreading through cracked software downloads and masquerading as freeware installers. This strain utilizes a multi-stage attack chain, deploying additional malware such as information stealers like RedLine Stealer and Vidar, along with ransomware encryption, aiming for double extortion by exfiltrating sensitive data and demanding a ransom. The method highlights the risks inherent in downloading software from untrusted sources and emphasizes the need for vigilant cybersecurity measures to defend against such widespread and damaging attacks.

3. Google’s Risk Domain Delegation Flaw

Team Axon from Hunters discovered a critical design flaw, DeleFriend, within Google Workspace’s Domain-Wide delegation feature. This flaw allows potential misuse of existing delegations, raising concerns about unauthorized access and privilege escalation without requiring Super Admin privileges, despite being responsibly disclosed to Google, the flaw persists, prompting the creation of a detection tool and detailed research paper for organizations to mitigate exploitation risks.

4. Android Trojan Hits Iranian Banks

A new report by Zimperium highlights the expansion of an Android banking Trojan campaign targeting Iranian banks, revealing 245 new app variants, some undetected by standard tools. The malware’s evolution includes advanced capabilities, targeting cryptocurrencies, exploiting device vulnerabilities, and emphasizes the need for enhanced runtime protection in mobile applications.

5. Chrome Fixed 6th 2023 Zero-Day

Google has swiftly addressed the sixth zero-day vulnerability in Chrome this year, issuing an emergency security update to counter ongoing exploitation in attacks. This high-severity flaw, rooted in an integer overflow within the Skia graphics library, poses risks from crashes to potential execution of arbitrary code, prompting immediate action to patch the vulnerability across Windows, Mac, and Linux systems.

💥 Cyber Incidents

6. LY Corp. Reveals Line Messenger Data Breach

In a recent cybersecurity incident, LY Corp. revealed a Line Messenger data breach exposing 440,000 personal records, with 300,000 linked to the messaging app. The breach, stemming from unauthorized access to an affiliate’s system, didn’t compromise sensitive Line app information but included business associates’ and employees’ data.

7. JAXA Faces Cyberattack

Japan’s space agency, JAXA, experienced a cyberattack, although the accessed information didn’t compromise vital data for rocket or satellite operations,” revealed a spokesperson. The breach, identified through an external tip and subsequent internal investigation, prompted an ongoing inquiry without specifying the attack’s timeline or the notifying organization.

8. Daixin Team Targets Texas Water District

In a major cybersecurity incident, the Daixin Team claims to have successfully hacked the North Texas Municipal Water District (NTMWD) and is now threatening to expose a trove of sensitive data. The regional water district, responsible for supplying water, wastewater treatment, and solid waste services, faces potential risks as the ransomware gang boasts about stealing board meeting minutes, internal project documentation, personnel details, and audit reports. The situation underscores the escalating threats faced by critical infrastructure entities and the urgent need for robust cybersecurity measures to protect against data breaches and extortion attempts.

9. LockBit Hits India’s Aerospace Lab

LockBit, a notorious ransomware gang, has claimed responsibility for a cyberattack targeting India’s National Aerospace Laboratories (NAL). The group, known for extorting victims for ransom payments, threatened to publish stolen data from NAL if an unspecified ransom is not paid. NAL’s website was down globally at the time of publication, raising concerns about the potential impact of the claimed ransomware attack on the state-owned aerospace research lab.

10. Tesla Cyber Hit Amid Musk’s Israel Visit

Amidst controversy surrounding Elon Musk’s recent trip to Israel, the Garnesia Team, a hacker group, has purportedly targeted Tesla’s official website in a DDoS attack. Despite the claims, an investigation by The Cyber Express revealed that the website remained fully accessible and operational. The cyber assault follows Musk’s meeting with Prime Minister Benjamin Netanyahu and comes in the aftermath of a contentious tweet, prompting speculation about potential connections between the reported attack and the fallout from Musk’s social media controversy.

📢 Cyber News

11. re Invent 2023 Showcases AWS AI Breakthroughs

At AWS re:Invent 2023, CEO Adam Selipsky showcased groundbreaking AI partnerships with NVIDIA and Anthropic, unveiling plans to integrate generative AI across AWS solutions. Selipsky emphasized AWS’s commitment to responsible AI, announcing guardrails for data security and privacy, and highlighted key ventures, including a partnership with Salesforce to integrate AI platforms. The event aimed to elevate AWS’s AI prowess, introducing initiatives to train millions in AI skills and previewing Amazon Q, an Anthropic-powered AI assistant, signaling a strategic move to challenge perceptions of AWS lagging behind competitors in AI innovation.

12. Americans Plagued by Spam Calls

Truecaller’s latest report unveils a staggering estimate of two billion spam and scam calls inundating US consumers monthly. Despite a slight decrease from the peak in November 2022, these calls persist, amounting to nearly six unwanted calls per person per month and causing an estimated 195 million wasted hours in 2023 alone.

13. Okta Expands Breach Impact

Okta revealed an expanded impact of the October 2023 breach, acknowledging additional threat actor activity that involved downloading names and email addresses of all Okta customer support system users. While the breach affects most Okta Workforce Identity Cloud and Customer Identity Solution customers, the company is actively notifying individuals and customers about potential phishing risks and has fortified its security features as a precaution against targeted attacks.

14. Gloucester Council’s £1.1M Ransomware Fallout

Gloucester City Council in the West Midlands, England, spent over £1.1 million to recover from a ransomware attack in December 2021. The attack led to a formal reprimand by the Information Commissioner’s Office (ICO) due to cybersecurity lapses, including the absence of adequate security systems and failure to prevent the tampering of logs by the ransomware attackers.

15. Eighteen Nations Agree on AI Security Guidelines

Eighteen countries, including the U.S. and U.K., have signed an agreement on AI safety, emphasizing the importance of being secure by design. Led by the U.K.’s National Cyber Security Centre and developed with the U.S.’ Cybersecurity and Infrastructure Security Agency, the guidelines aim to ensure cybersecurity is integrated throughout the AI development process, covering design, development, deployment, operation, and maintenance.

Subscribe and Comment.

Copyright © 2023 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.