📊 2023 OpenText Cybersecurity Threat Report
News, Announcements, Tech Discussions
September 25, 2023 By Helga Labus US educational nonprofit organization National Student Clearinghouse (NSC) has revealed that the breach of its MOVEit server ended up affecting almost 900 colleges and universities, and resulted in the theft of personal information of their students.The National Student Clearinghouse MOVEit breach noticeNSC provides educational reporting, data exchange, verification, and research services to around 3,600 North American colleges and universities and 22,000 high schools.NSC has filed a breach notification letter with the California Attorney General’s Office on behalf of the affected schools.The notification letter informed affected students – whose total number has not been disclosed – about the security breach resulting from a cyberattack that exploited a vulnerability in the MOVEit managed file transfer solution. >> Full Article <<
September 25, 2023 By Bill Toulas Security researchers discovered a new campaign that distributes a new version of the Xenomorph malware to Android users in the United States, Canada, Spain, Italy, Portugal, and Belgium.Analysts at cybersecurity company ThreatFabric have been tracking Xenomorph activity since February 2022 and note that the new campaign launched in mid-August.The latest version of Xenomorph is targeting users of cryptocurrency wallets and various U.S. financial institutions. >> Full Article <<
Early days but we will soon find out if this is genuine.Ransomed.vc claims to have access to some 6,000 files from the tech giant September 25, 2023 By Levi Winslow There’s a new gang on the dark web that claims it’s breached all of Sony’s systems in a ransomware attack.According to a September 25 article from Australian cybersecurity publication Cyber Security Connect, the PlayStation maker was cracked open by Ransomed.vc, a new outfit of hackers that’s only been operating since September—though the publication suggests the gang has connections to previous dark web forums and groups. Cyber Security Connect reports that the hack allegedly unearthed screenshots of Sony’s internal log-in page, an internal PowerPoint presentation outlining test bench details, several Java files, and a document tree of the entire leak housing 6,000 files. >> Full Article <<
September 25, 2023 By Pierluigi Paganini Experts warn of a critical vulnerability in the TeamCity CI/CD server that can be exploited to take over a vulnerable server.JetBrains TeamCity is a popular and highly extensible Continuous Integration (CI) and Continuous Delivery (CD) server developed by JetBrains, a software development company known for its developer tools. TeamCity is designed to automate various aspects of the software development process, including building, testing, and deploying applications, while providing a wide range of features and integrations to support collaborative development.Sonar’s Vulnerability Research Team discovered a critical security vulnerability, tracked as CVE-2023-42793 (CVSS score of 9.8), in TeamCity. >> Full Article <<
A stealthy APT known as Gelsemium has been observed targeting a government entity in Southeast Asia for persistence and intelligence collection. September 25, 2023 By Ionut Arghire A stealthy advanced persistent threat (APT) actor known as Gelsemium has been observed targeting a government entity in Southeast Asia to establish persistence and collect intelligence, cybersecurity firm Palo Alto Networks reveals.As part of the observed activity, spanning over a period of six months in late 2022 and into 2023, the threat actor deployed a variety of web shells to support lateral movement and malware delivery, along with backdoors, a Cobalt Strike beacon, and various other tools.Palo Alto Networks did not make any claims regarding attribution, but noted that others linked Gelsemium to China in the past. >> Full Article <<
September 25, 2023 : 09:23 AM Mixin Network, an open-source, peer-to-peer transactional network for digital assets, has announced today on Twitter that deposits and withdrawals are suspended effective immediately due to a $200 million hack the platform suffered on Saturday.The incident occurred on September 23 early in the morning, Hong Kong time, and the attack reportedly targeted the database of Mixin’s cloud service provider.Due to the substantial amount lost in the hack, the situation has seriously troubled the platform's users.Mixin has stated that they would take action to address the problems caused by the loss of assets but any solutions would be announced at a later time.Mixin’s founder, Feng Xiaodong, will give more explanations about the incident via a public address scheduled for later today.Blockchain trackers like PeckShield and Lookonchain have identified roughly $141 million of the stolen assets, analyzed as $93.5M in ETH, $23.5M in DAI (swapped from USDT), and $23.3M i
Hi FolksAfter several days of searching the internet and failing can anyone identify this tool please.The secateurs are just there for scale, and I can give no more info than what can be seen there, other than the bottom of the green part will move away from the metal spike by about 2cm, sorry.
Apple security updates and Rapid Security Responses 21st September 2023 Name and information link Available for Release date iOS 17.0.2 This update has no published CVE entries. iPhone 15 (all models) 21 Sep 2023 Safari 16.6.1 macOS Big Sur and Monterey 21 Sep 2023 iOS 17.0.1 and iPadOS 17.0.1 iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later 21 Sep 2023 iOS 16.7 and iPadOS 16.7 iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later 21 Sep 2023 watchOS 10.0.1 Apple Watch Series 4 and later 21 Sep 2023 watchOS 9.6.3 Apple Watch Series 4 and later 21 Sep 2023 macOS Ventura 13.6 macOS Ventura 21 Sep 2023 macOS Monterey 12.7 macOS Monterey 21 Sep 2023 h
These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide:CVE-2023-36805· Title: Windows MSHTML Platform Security Feature Bypass Vulnerability· Version: 2.0· Reason for revision: In the Security Updates table, added Windows Server 2008 R2 and Windows Server 2012 as these versions of Windows are affected by this vulnerability. Microsoft recommends that customers install the September 2023 updates to be fully protected from this vulnerability. Customers who install the Security Only updates for these versions of Windows Server should also install the IE Cumulative update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. Also see FAQs for information about the IE Cumulative update.· Originally released: September 12, 2023· Last updated: September 22, 2023Aggregate CVE Severity Rating: Important
ESET researchers have discovered Deadglyph, a sophisticated backdoor used by the infamous Stealth Falcon group for espionage in the Middle East September 22, 2023 By Filip Jurčacko For years, the Middle East has maintained its reputation as a fertile ground for advanced persistent threats (APTs). In the midst of routine monitoring of suspicious activities on the systems of high-profile customers, some based in this region, ESET Research stumbled upon a very sophisticated and unknown backdoor that we have named Deadglyph. We derived the name from artifacts found in the backdoor (such as 0xDEADB001, shown also in Table 1), coupled with the presence of a homoglyph attack. To the best of our knowledge, this is the first public analysis of this previously undocumented backdoor, used by a group that exhibits a notable degree of sophistication and expertise. Based on the targeting and additional evidence, we attribute Deadglyph with high confidence to the Stealth Falcon APT group. >> Fu
September 22, 2023 By Ionut Ilascu Security researchers discovered a multi-step information stealing campaign where hackers breach the systems of hotels, booking sites, and travel agencies and then use their access to go after financial data belonging to customers.By using this indirect approach and a fake Booking.com payment page, cybercriminals have found a combination that ensures a significantly better success rate at collecting credit card information. >> Full Article <<
The latest BIND security updates include patches for two high-severity DoS vulnerabilities that can be exploited remotely. September 22, 2023 By Ionut Arghire The Internet Systems Consortium (ISC) has released security updates to address two remotely exploitable denial-of-service (DoS) vulnerabilities in the DNS software suite BIND.Both bugs, ISC says, reside in named – the BIND daemon that acts both as an authoritative name server and as a recursive resolver – and may cause it to terminate unexpectedly.The first of the flaws, tracked as CVE-2023-3341 (CVSS score of 7.5), is described as a stack exhaustion issue impacting the control channel message processing. The code calls for certain functions recursively, which could lead to memory exhaustion. >> Full Article <<
The newly emerged ransomware actively targets both Windows and Linux systems with a double-extortion approach. September 22, 2023 By Nathan Eddy Arika ransomware has continued to evolve since emerging as a threat in March, expanding its reach from initially targeting Windows systems to include Linux servers and employing a growing array of tactics, techniques, and procedures (TTPs).An in-depth report on Akira from LogPoint breaks down the "highly sophisticated" ransomware, which encrypts victim files, deletes shadow copies, and demands ransom payment for data recovery. The infection chain actively targets Cisco ASA VPNs lacking multifactor authentication to exploit the CVE-2023-20269 vulnerability as an entry point. >> Full Article <<
September 22, 2023 By Pierluigi Paganini The experts warn of a surge in P2PInfect botnet activity since late August 2023, they are witnessing a 600x jump between September 12 and 19, 2023.In July 2023, Palo Alto Networks Unit 42 researchers discovered a new peer-to-peer (P2P) worm called P2PInfect that targets Redis servers running on both Linux and Windows systems. The capability to target Redis servers running on both Linux and Windows operating systems makes P2PInfect more scalable and potent than other worms. The worm is written in the Rust programming language, it targets Redis instances by exploiting the Lua sandbox escape vulnerability CVE-2022-0543 (CVSS score 10.0).Cado Security Labs researchers reported to have witnessed a 600x increase in P2Pinfect traffic since August 28th. According to the researchers, traffic experienced a 12.3% surge during the week leading up to the publication of their analysis.P2Pinfect infections have been reported in China, the United States, Germa
September 22, 2023 By Bill Toulas Ethereum blockchain analytics firm Nansen asks a subset of its users to reset passwords following a recent data breach at its authentication provider.Nansen is a popular entity in the cryptocurrency space, offering users insights into Ethereum wallet activity, helping identify emerging projects, and generally helping people make informed investment decisions.In a letter sent to impacted users, Nansen says they learned on September 20t that one of their third-party vendors suffered a data breach.The unnamed vendor was compromised by an attacker who somehow gained access to an admin panel controlling Nansen customer access on the analytics platform. >> Full Article <<
No one mentioned that libwebp, a library found in millions of apps, was a 0-day origin. DAN GOODIN - 9/21/2023 Incomplete information included in recent disclosures by Apple and Google reporting critical zero-day vulnerabilities under active exploitation in their products has created a “huge blindspot” that’s causing a large number of offerings from other developers to go unpatched, researchers said Thursday.Two weeks ago, Apple reported that threat actors were actively exploiting a critical vulnerability in iOS so they could install espionage spyware known as Pegasus. The attacks used a zero-click method, meaning they required no interaction on the part of targets. Simply receiving a call or text on an iPhone was enough to become infected by the Pegasus, which is among the world’s most advanced pieces of known malware.“Huge blindspot”Apple said the vulnerability, tracked as CVE-2023-41064, stemmed from a buffer overflow bug in ImageIO, a proprietary framework that allows applications
Chinese state-sponsored threat groups have targeted telecoms, financial and government organizations in Africa as part of soft power efforts. September 22, 2023 By Eduard Kovacs Chinese state-sponsored threat groups have targeted telecommunications, financial and government organizations in Africa in support of Beijing’s soft power agenda in the region, according to SentinelOne.Earlier this year, SentinelOne reported seeing a Chinese cyberespionage group targeting telecoms providers in the Middle East as part of an operation dubbed Tainted Love.The cybersecurity firm revealed on Thursday that the same threat actor, which could be linked to China’s APT41 group, has also been observed targeting a North African telecommunications organization as part of what appears to be an operation supporting China’s soft power efforts. >> Full Article <<