📊 2023 OpenText Cybersecurity Threat Report
News, Announcements, Tech Discussions
August 29, 2023 By Bill Toulas A novel Android banking malware named MMRat utilizes a rarely used communication method, protobuf data serialization, to more efficiently steal data from compromised devices.MMRat was spotted for the first time by Trend Micro in late June 2023, primarily targeting users in Southeast Asia and remaining undetected on antivirus scanning services like VirusTotal.While the researchers do not know how the malware is initially promoted to victims, they found that MMRat is distributed via websites disguised as official app stores.The victims download and install the malicious apps that carry MMRat, usually mimicking an official government or a dating app, and grant risky permissions like access to Android's Accessibility service during installation. >> Full Article <<
US and its allies struggle to copy Kyiv’s collaborative efforts.MEHUL SRIVATSAVA, FINANCIAL TIMES - 8/29/2023 Viktor Zhora, the public face of Ukraine’s success against Russian cyberattacks, received a hero’s welcome earlier this month on stage at Black Hat, the world’s biggest cybersecurity gathering, in Las Vegas.“The adversary has trained us a lot since 2014,” the year that Russia annexed Crimea, said the deputy chair at Ukraine’s special communication and information protection service. “We evolved by the time of the full-scale invasion [in February last year] when cyber became a major component of hybrid warfare.”At an event where IT professionals asked for selfies and one man cried on his shoulder, Zhora also shared a fist-bump with Jen Easterly, the director of the US Cybersecurity and Infrastructure Agency. “We take a huge page out of Ukraine’s playbook,” she said. “We’ve probably learned as much from you as you are learning from us.”But away from the spotlight, the event’s del
QakBot, SocGholish, and Raspberry Robin are the three most popular malware loaders, accounting for 80% of the observed incidents. August 28, 2023 By Ionut Arghire QakBot, SocGholish, and Raspberry Robin are the three most popular malware loaders among cybercriminals, accounting for 80% of the observed attacks, cybersecurity firm ReliaQuest reports.From January 1 to July 31, 2023, QakBot was responsible for 30% of the observed incidents, SocGholish for 27% of them, and Raspberry Robin for 23%.According to the company, not all observed incidents resulted in network compromise, as the loader was detected and stopped before it could cause problems. >> Full Article << NOTE: As for Qakbot see here for an update Qakbot botnet dismantled after infecting over 700,000 computers
August 29, 2023 By Sergiu Gatlan Qakbot, one of the largest and longest-running botnets to date, was taken down following a multinational law enforcement operation spearheaded by the FBI and known as Operation 'Duck Hunt.'The botnet (also known as Qbot and Pinkslipbot) was linked by law enforcement to at least 40 ransomware attacks against companies, healthcare providers, and government agencies worldwide, causing hundreds of millions of dollars in damage, according to conservative estimates. Over the past 18 months alone, losses have surpassed 58 million dollars.Throughout the years, Qakbot has consistently served as an initial infection vector for various ransomware gangs and their affiliates or operators, including Conti, ProLock, Egregor, REvil, RansomExx, MegaCortex, and, most recently, Black Basta. >> Full Article <<
August 29, 2023 The University of Michigan has taken all of its systems and services offline to deal with a cybersecurity incident, causing a widespread impact on online services the night before classes started.University of Michigan (U-M) is one of the oldest and largest educational institutes in the United States, employing over 30,000 academic and administrative staff and having roughly 51,000 students.In a series of announcements published on the University's website, starting on Sunday, a cybersecurity incident caused IT outages and disrupted access to vital online services, including Google, Canvas, Wolverine Access, and email.Although U-M engaged its IT team to restore the impacted systems, the administration felt it was safest to disconnect the U-M network from the internet due to the severity of the incident."Sunday afternoon, after careful evaluation of a significant security concern, we made the intentional decision to sever our ties to the internet," reads the status updat
August 29, 2023 Hackers are using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface.Successful exploitation enables unauthenticated attackers to remotely execute code on unpatched devices."With a specific request that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities," Juniper says.One week after Juniper disclosed and released security updates to patch the four flaws that can be chained to achieve remote code execution, watchTowr Labs security researchers released a proof-of-concept (PoC) exploit targeting the SRX firewall bugs (tracked as CVE-2023-36846 and CVE-2023-36845).While Juniper said there was no evidence of active exploitation, watchTowr Labs said they believe attackers would soon start targeting unpatched Juniper devices in widescale attacks
August 28, 2023 By Bill Toulas PurFoods, which conducts business in the U.S. as 'Mom's Meals,' is warning of a data breach after the personal information of 1.2 million customers and employees was stolen in a ransomware attack.Mom's Meals is a medical meal delivery service for self-paying customers or people eligible for government assistance through the Medicaid and Older Americans Act programs.The firm warns that it identified suspicious activity on its networks on February 22nd, 2023, when files on its systems had been encrypted by ransomware."Upon identifying suspicious account behavior on February 22, 2023, we launched an investigation with the help of third-party specialists," reads the notice. >> Full Article <<
August 28, 2023 By Pierluigi Paganini The recent wave of MOVEit attacks conducted by the Cl0p ransomware gang impacted 1,000 organizations, experts say.Cybersecurity firm Emsisoft shared disconcerting details about the recent, massive hacking campaign conducted by the Cl0p ransomware group that targeted the MOVEit Transfer file transfer platform designed by Progress Software Corporation.According to the experts, the attacks impacted approximately 1,000 Organizations and 60,144,069 individuals. The Cl0p ransomware gang exploited the zero-day vulnerability CVE-2023-34362 to hack the platforms used by organizations worldwide and steal their data. The researchers reported that the attacks impacted tens of millions of individuals. Below is the list of organizations with the highest number of impacted individuals:Organization Individuals Maximus 11 million Pôle emploi 10 million Louisiana Office of Motor Vehicles 6 million Colorado Department of Health Care Policy and Financing
The Crates.io Rust package registry was targeted in preparation of a malware attack aimed at developers, according to Phylum. August 28, 2023 By Eduard Kovacs The Crates.io Rust package registry was targeted recently in what appeared to be the initial phase of a malware attack aimed at developers, according to software supply chain security firm Phylum.It’s not uncommon for threat actors to rely on typosquatting and software development package registries to deliver malware to Node.js and Python developers.In these types of attacks, hackers typically create packages with names that are misspelled — or typosquatted — variants of popular packages. >> Full Article <<
Hackers hit a third-party contractor's IT systems, but they didn't steal any addresses or financial details, officials say. August 28, 2023 By Dark Reading Staff Greater London's Metropolitan Police have been warned that their information — names, ranks, ID numbers, vetting levels, and photos — was stolen by hackers in a breach that affects 47,000 officers and staff. The hackers broke into the IT systems of a contractor tasked with printing warrant cards and staff passes. And because senior officials and officers operating in top secrecy were affected, the National Crime Agency (NCA) has been brought into assess and investigate the situation.The breach also exposed officers and counterterrorism police assigned to the royal family; undercover officers have also been pulled from the field. >> Full Article <<
August 28, 2023 By Pierluigi Paganini Researchers spotted an updated version of the KmsdBot botnet that is now targeting Internet of Things (IoT) devices.The Akamai Security Intelligence Response Team (SIRT) discovered a new version of the KmsdBot botnet that employed an updated Kmsdx binary targeting Internet of Things (IoT) devices.KmsdBot is an evasive Golang-based malware that was first detected by Akamai in November 2022, it infects systems via an SSH connection that uses weak login credentials.The malware was employed in cryptocurrency mining campaigns and to launch denial-of-service (DDoS) attacks. KmsdBot supports multiple architectures, including as Winx86, Arm64, and mips64, x86_64, and does not stay persistent to avoid detection. >> Full Article <<
Cybersecurity vendors SentinelOne and BlackBerry have been separately named in public acquisition chatter with a surprise suitor emerging. August 28, 2023 By Ryan Naraine Prominent anti-malware vendors SentinelOne and BlackBerry have been separately named in public acquisition chatter, underscoring a clear signal of impending consolidation in cybersecurity.According to published reports, private equity firm Veritas Capital is in early talks to acquire BlackBerry, the venerable tech firm that acquired Cylance and reinvented itself as a cybersecurity vendor.Neither Veritas or BlackBerry has commented on the reports, which say Veritas is interested in acquiring all of the Canadian company, while other suitors are also interested in the whole or parts of BlackBerry. >> Full Article <<
August 28, 2023 By Bill Toulas The National Police of Spain is warning of an ongoing 'LockBit Locker' ransomware campaign targeting architecture companies in the country through phishing emails."A wave of sending emails to architecture companies has been detected, although it is not ruled out that they extend their action to other sectors," reads the machine-translated police announcement."The detected campaign has a very high level of sophistication since the victims do not suspect anything until they suffer the encryption of the terminals."Spain's cyber police have detected that many emails are sent from the non-existent domain "fotoprix.eu" and impersonate a photographic firm. >> Full Article <<
August 28, 2023 By Sofia Elizabella Wyciślik-Wilson Following on from the Meltdown flaw and other related vulnerabilities, a more recent security issue was discovered in the form of Downfall. Tracked as CVE-2022-40982, exploitation of the flaw is known as a transient execution attack and it affects Intel CPUs.Microsoft has not only acknowledged that the problem exists, but has now provided details of mitigation techniques that can be used. In security advisory KB5029778, the company gives instructions for users of Windows 10, Windows 11 and Windows Server. >> Full Article <<
Get ready, because this year we're making System Administrator Appreciation Day even more special! To show our appreciate for the SysAdmin and their relentless dedication and thankless jobs, we're giving YOU the opportunity to win Amazon Gift Cards!🎁💳 25USD or 20 GBPOh yeah, we also have some cool 64 oz Growlers for those that are beer aficionados 🍺 (We have Webroot or Carbonite versions)A growler is a 32- or 64-ounce airtight beer vessel made of glass that functions like a small keg, with the smaller version sometimes called a howler. You can typically purchase them and have them filled at breweries. They help preserve the beer's flavor and ensure that you have a tap-worthy beer upon opening.Starting today and over the next week, we have THREE different posts with prompts for you to compete! Each post will be a new opportunity for you to show off your sysadmin knowledge, meme prowess, share your experiences, and engage with our community. 📝💡 Here are the 3 posts - So put your mem
August 25, 2023 By Pieter Arntz Google has published details about the first weekly update for the Chrome browser. Recently Google announced that it would start shipping weekly security updates for the Stable channel (the version most of us use). Regular Chrome releases will still come every four weeks, but to get security fixes out faster, updates to address security and other high impact bugs will be scheduled weekly.This should also help in the reduction of a patch gap in the Chome release cycle. When a Chrome security bug is fixed, the fix is added to the public Chromium source code repository. The fix is then tested and evaluated before it goes to the Stable Channel. The gap is the time between the patch appearing in the Chromium repository and it being shipped in a Stable channel update.The latest update has fixes for five vulnerabilities. Four of these vulnerabilities have been classified with a High importance and one as Medium. All these vulnerabilities have been reported by
August 25, 2023 By Sergiu Gatlan Leaseweb, one of the world's largest cloud and hosting providers, notified people that it's working on restoring "critical" systems disabled following a recent security breach.In emails sent to customers on Thursday, the Dutch cloud provider says it discovered signs of "unusual" activity in some parts of its infrastructure on Tuesday night while investigating Customer Portal downtime issues.Leaseweb took down some of the impacted systems to mitigate security risks and says that its teams are now working to restore critical systems affected in this incident."On the night of August 22, our monitoring systems detected unusual activity within certain areas of our cloud environments. The issue had an impact on a specific portion of our cloud-based infrastructure leading to downtime for a small number of cloud customers," the company said. >> Full Article <<
