📊 2023 OpenText Cybersecurity Threat Report
News, Announcements, Tech Discussions
Lawsuits filed against companies that have suffered a data breach are increasingly common, with action being taken even for incidents affecting less than 1,000 people. May 1, 2023 Lawsuits filed against companies that have suffered a data breach are increasingly common, with action being taken more frequently even in cases where the number of impacted individuals is smaller, according to US law firm BakerHostetler.BakerHostetler last week published its 2023 Data Security Incident Response Report, which is based on data collected from more than 1,100 cybersecurity incidents investigated by the company in 2022. The report shows that 45% of incidents were network intrusions, followed by business email compromise (30%) and inadvertent data disclosure (12%). Following initial access, the most common actions were ransomware deployment (28%), data theft (24%), email access (21%), and malware installation (13%). Earlier this year, a blockchain data company reported seeing a significant drop in
May 1, 2023 By Lawrence Abrams LOBSHOT distributed by Google adsIn a new report by Elastic Security Labs, researchers revealed that a new remote access trojan named LOBSHOT was being distributed through Google Ads.These ads promoted the legitimate AnyDesk remote management software but led to a fake AnyDesk site at amydeecke[.]website.Fake AnyDesk ad spotted by Will DormannSource: MalwareHunterTeam & Dormann >> Full Article <<
May 1, 2023 By Pierluigi Paganini Bitmarck, one of the largest IT service providers for social insurance carriers in Germany, announced yesterday that it has suffered a cyber attack.The German IT service provider Bitmarck announced on April 30 it had taken all its systems offline due to a cyberattack. The incident impacted statutory health insurance companies that have their IT operated by BITMARCK. The company immediately reported the incident to the responsible authorities.The company did not disclose details about the attack, it launched an investigation into the incident with the help of external cybersecurity experts. >> Full Article <<
The Iranian government has been using the BouldSpy Android malware to spy on minorities and traffickers. May 1, 2023 By Ionut Arghire Mobile security firm Lookout has analyzed a piece of Android spyware used by the Iranian government to surveil minority groups in the country and monitor arms, alcohol, and drugs trafficking.Dubbed BouldSpy, the malware is likely installed by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA) using physical access to victim devices, supposedly obtained during detention.The spyware has been in use since at least 2020, with more than 300 victims identified to date, including Iranian Kurds, Azeris, Baluchis, and possibly Armenian Christian groups. Evidence also suggests potential law enforcement use of the malware to counter and monitor trafficking. >> Full Article <<
May 1, 2023 By Pierluigi Paganini T-Mobile disclosed the second data breach of 2023, threat actors had access to the personal information of hundreds of customers since February.T-Mobile suffered the second data breach of 2023, threat actors had access to the personal information of hundreds of customers starting in late February 2023.The security breach impacted a limited number of customers, only 836 individuals. The carrier states that personal financial account information and call records were not affected by the security breach. >> Full Article <<
The phishing emails were sent using names of system administrators and a letter containing instructions to protect against hackers. May 1, 2023 By Dark Reading Staff The Russia-linked APT28 hacking group targeted Ukrainian government bodies in a spear-phishing campaign that uses phony "Windows Update" guides.In April, CERT-UA observed malicious emails being sent on Microsoft Outlook from what appeared to be system administrators at government bodies — with a subject line that read "Windows Update." The emails sought to trick the recipients into "launching a command line and executing a PowerShell command." >> Full Article <<
May 1, 2023 By Pierluigi Paganini Infoblox researchers discovered a new sophisticated malware toolkit, dubbed Decoy Dog, targeting enterprise networks.While analyzing billions of DNS records, Infoblox researchers discovered a sophisticated malware toolkit, dubbed Decoy Dog, that was employed in attacks aimed at enterprise networks.Threat actors behind the malware were observed using known tricks to avoid detection such as registering a domain, but not using it for some time (domain aging technique) and DNS query dribbling.The Decoy Dog is a cohesive toolkit that implements a number of highly unusual characteristics, which make it easy to identify when examining its domains on a DNS level.Some of these characteristics are: >> Full Article <<
Law enforcement agencies around the world seized an online marketplace and arrested nearly 300 people allegedly involved in buying and selling drugs. May 2, 2023 By Associated Press Law enforcement agencies around the world seized an online marketplace and arrested nearly 300 people allegedly involved in buying and selling drugs, European Union law enforcement agency Europol said Tuesday.The worldwide operation targeting the “Monopoly Market,” coordinated by Europol, is the latest major takedown of sales platforms for drugs and other illicit goods on the so-called dark web, a part of the internet hosted within an encrypted network and accessible only through specialized anonymity-providing tools. >> Full Article <<
May 2, 2023 By Sergiu Gatlan Apple and Google have joined forces to push for adopting new industry standards designed to stop stalking via Bluetooth-enabled location-tracking devices.The new draft specification unveiled today by the two tech giants proposes that vendors making devices that could enable unwanted tracking should make it easier to alert the targeted individuals when this happens."The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across iOS and Android platforms," Apple and Google said in coordinated press releases published today. >> Full Article <<
May 2, 2023 By Pierluigi Paganini FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices.FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices.The CVE-2018-9995 flaw is due to an error when handling a maliciously crafted HTTP cookie. A remote attacker can trigger the flaw to obtain administrative privileges and eventually gain access to camera video feeds. >> Full Article <<
APT37 is among a growing list of threat actors that have switched to Windows shortcut files after Microsoft blocked macros last year. May 2, 2023 By Jai Vijayan North Korea's APT37 threat group is providing fresh evidence of how adversaries have pivoted to using LNK, or shortcut files, to distribute malicious payloads after Microsoft began blocking macros by default last year to prevent malware delivery via Office documents.Check Point Research, which has been tracking APT37 for years, this week reported seeing the threat actor using LNK files to deliver a remote access trojan (RAT) dubbed RokRAT on systems belonging to entities associated with South Korean domestic and foreign affairs. >> Full Article <<
May 2, 2023 By Graham Cluley Students and teachers at the Minneapolis Public School (MPS) District, which suffered a huge ransomware attack at the end of February, have had highly sensitive information about themselves published on the web, including allegations of abuse by teachers and psychological reports.MPS initially said that it had refused to pay a US $1 million ransom to its extortionists, and that it had successfully restored its encrypted systems via backups.However, the Medusa hacking group who attempted to blackmail MPS had not just encrypted the school district's data but had also exfiltrated their own copy of it which was ultimately published on the internet, and promoted through links on a Telegram channel. >> Full Article <<
A court rejected arguments by insurers that they shouldn’t have to cover Merck’s losses from the Russia-linked attack May 2, 2023 By Richard Vanderford Insurers for Merck & Co. must help cover losses from a $1.4 billion cyberattack that the U.S. blamed on Russia, a court said, rejecting the insurers’ argument that the attack was akin to an act of war normally excluded from coverage.The NotPetya cyberattack didn’t involve military action and can’t be excluded from coverage under a warlike-act exclusion, New Jersey appellate division judges said in a decision released Monday.“The exclusion of damages caused by hostile or warlike action by a government or sovereign power in times of war or peace requires the involvement of military action,” the judges wrote. “Coverage could only be excluded here if we stretched the meaning of ‘hostile’ to its outer limit.” >> Full Article <<
I put this in Security news because I think there’s a big issue with this. @TylerM Your Google account now supports passkeys to replace your password and 2FA.May 3, 2023, 8:16 AM EDTGoogle’s next step into a passwordless future is here with the announcement that passkeys — a new cryptographic keys solution that requires a preauthenticated device — are coming to Google accounts on all major platforms. Starting today, Google users can switch to passkeys and ditch their passwords and two-step verification codes entirely when signing in.Passkeys are a safer, more convenient alternative to passwords being pushed by Google, Apple, Microsoft, and other tech companies aligned with the FIDO Alliance. They can replace traditional passwords and other sign-in systems like 2FA or SMS verification with a local PIN or a device’s own biometric authentication — such as a fingerprint or Face ID. This biometric data isn’t shared with Google (or any other third party), and passkeys only exist on your de
May 3, 2023 By Pierluigi Paganini Threat actors are using the promise of generative AI like ChatGPT to deliver malware, Facebook parent Meta warned.Threat actors are taking advantage of the huge interest in generative AI like ChatGPT to trick victims into installing malware, Meta warns. The hackers attempt to trick victims into installing malicious apps and browser extensions on their devices.In March, security experts at Meta found multiple malware posing as ChatGPT or similar AI tools. >> Full Article <<
May 3, 2023 By Bill Toulas Facebook discovered a new information-stealing malware distributed on Meta called 'NodeStealer,' allowing threat actors to steal browser cookies to hijack accounts on the platform, as well as Gmail and Outlook accounts.Capturing cookies that contain valid user session tokens is a tactic that is growing in popularity among cybercriminals, as it allows them to hijack accounts without having to steal credentials or interact with the target while also bypassing two-factor authentication protections.As Facebook's security team explains in a new blog post, it identified NodeStealer early in its distribution campaign, only two weeks after its initial deployment. The company has since disrupted the operation and helped impacted users recover their accounts. >> Full Article <<
May 2, 2023 By Brian Krebs A sprawling online company based in Georgia that has made tens of millions of dollars purporting to sell access to jobs at the United States Postal Service (USPS) has exposed its internal IT operations and database of nearly 900,000 customers. The leaked records indicate the network’s chief technology officer in Pakistan has been hacked for the past year, and that the entire operation was created by the principals of a Tennessee-based telemarketing firm that has promoted USPS employment websites since 2016. The website FederalJobsCenter promises to get you a job at the USPS in 30 days or your money back. KrebsOnSecurity was recently contacted by a security researcher who said he found a huge tranche of full credit card records exposed online, and that at first glance the domain names involved appeared to be affiliated with the USPS. >> Full Article <<
