This posting is here to collect cyber security news in June 2023.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in June 2023.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
323 Comments
Tomi Engdahl says:
Hackers Use Weaponized OpenSSH Tool to Hijack Linux Systems
https://cybersecuritynews.com/weaponized-openssh/
Cybersecurity researchers at Microsoft recently found an attack targeting Linux-based systems and IoT devices.
It has been identified that the exploit employs custom and open-source tools to gain control of the impacted devices and install cryptomining malware on them by leveraging the patched OpenSSH.
By leveraging a criminal infrastructure with a Southeast Asian financial institution’s subdomain as a C2 server, threat actors deploy a backdoor.
To mine, it uses different tools, such as rootkits and an IRC bot, to exploit device resources.
Tomi Engdahl says:
MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans
https://thehackernews.com/2023/06/multistorm-campaign-targets-india-and.html
Tomi Engdahl says:
Firmware Backdoor Discovered in Gigabyte Motherboards, Hundreds of Models Affected
https://www.cpomagazine.com/cyber-security/firmware-backdoor-discovered-in-gigabyte-motherboards-hundreds-of-models-affected/
Tomi Engdahl says:
Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware
https://thehackernews.com/2023/06/powerful-javascript-dropper-pindos.html
Tomi Engdahl says:
ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC
https://thehackernews.com/2023/06/chameldoh-new-linux-backdoor-utilizing.html
Tomi Engdahl says:
https://www.neowin.net/news/microsoft-cautions-that-patch-tuesday-windows-kernel-bugfix-could-break-something/
Tomi Engdahl says:
Vulnerabilities result in millions of compromised users of popular managed file transfer software
Affected parties range from individual and corporate users to federal, state, and local government systems
https://www.techspot.com/news/99111-vulnerabilities-result-millions-compromised-users-popular-managed-file.html
Tomi Engdahl says:
Did You Receive a Free Smartwatch in the Mail? Don’t Turn It On!
These unsolicited devices may be free, but they are packed full of malware.
https://uk.pcmag.com/migrated-99802-smartwatches/147467/did-you-receive-a-free-smartwatch-in-the-mail-dont-turn-it-on
Tomi Engdahl says:
Camaro Dragon Hackers Strike with USB-Driven Self-Propagating Malware
https://thehackernews.com/2023/06/camaro-dragon-hackers-strike-with-usb.html
The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives.
“While their primary focus has traditionally been Southeast Asian countries, this latest discovery reveals their global reach and highlights the alarming role USB drives play in spreading malware,” Check Point said in new research shared with The Hacker News.
The cybersecurity company, which found evidence of USB malware infections in Myanmar, South Korea, Great Britain, India, and Russia, said the findings are the result of a cyber incident that it investigated at an unnamed European hospital in early 2023.
The latest infection chain comprises a Delphi launcher known as HopperTick that’s propagated via USB drives and its primary payload dubbed WispRider, which is responsible for infecting the devices when they are attached to a machine.
“When a benign USB thumb drive is inserted into an infected computer, the malware detects a new device inserted into the PC and manipulates its files, creating several hidden folders at the root of the thumb drive,” Check Point researchers said.
WispRider, besides infecting the current host if not already, is tasked with communicating with a remote server, compromising any newly connected USB devices, executing arbitrary commands, and performing file operations.
Select variants of WispRider also function as a backdoor with capabilities to bypass an Indonesian antivirus solution called Smadav as well as resort to DLL side-loading by using components from security software like G-DATA Total Security.
Tomi Engdahl says:
https://littletechbree.com/how-to-get-rid-of-a-worm-trojan-virus-or-other-type-of-malware/
Tomi Engdahl says:
LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems
Under construction: The world’s leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be.
https://www.darkreading.com/vulnerabilities-threats/lockbit-ransomware-apple-m1-chips-embedded-systems
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/microsoft-teams-bug-allows-malware-delivery-from-external-accounts/?fbclid=IwAR2KL-n_z70yQVjAumoRSSFTTNW0wR1jMyfkROvC3v83gJKkGpMQVMLEP1o
Tomi Engdahl says:
Phasing Out Passwords: Apple To Automatically Assign Each User a Passkey
The change will arrive with iOS 17, iPadOS 17, and macOS Sonoma, which will automatically create a passkey and tie it to the user’s Apple ID.
https://uk.pcmag.com/security/147422/phasing-out-passwords-apple-to-automatically-assign-each-user-a-passkey
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/vmware-fixes-vcenter-server-bugs-allowing-code-execution-auth-bypass/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-bounty-for-info-on-clop-ransomware/
Tomi Engdahl says:
Security experts bypass BIOS-locked laptop using just a screwdriver
There are some caveats, however
https://www.techspot.com/news/99091-security-experts-bypassed-bios-locked-laptop-using-screwdriver.html
Tomi Engdahl says:
TSMC denies LockBit hack as ransomware gang demands $70 million https://www.bleepingcomputer.com/news/security/tsmc-denies-lockbit-hack-as-ransomware-gang-demands-70-million/
Chipmaking giant TSMC (Taiwan Semiconductor Manufacturing Company) denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data.
TSMC is one of the world’s largest semiconductor manufacturers, with its products used in a wide variety of devices, including smartphones, high performance computing, IoT devices, automotive, and digital consumer electronics.
Tomi Engdahl says:
Pro-Russian hackers upgrade DDoSia bot used to attack Ukraine, NATO countries https://therecord.media/ddosia-pro-russian-hackers-upgrades
The DDoSia project by pro-Russian hackers has seen significant growth this year as attackers continue to use the technology against countries critical of Russia’s invasion of Ukraine.
DDoSia is a distributed denial-of-service attack toolkit developed and used by the pro-Russia hacktivist group NoName057(16).
The group and its followers are actively deploying the tool against government agencies, media, and private companies in Lithuania, Ukraine, Poland, Italy, and other European countries, according to a report released by cybersecurity company Sekoia this week.
Tomi Engdahl says:
In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools
https://www.securityweek.com/in-other-news-hospital-infected-via-usb-drive-eu-cybersecurity-rules-free-security-tools/
Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of June 26, 2023.
USB drive infects hospital’s systems
Check Point provides an in-depth analysis of malware attributed to China-based espionage group Camaro Dragon that infected an European healthcare institution after an employee participated in a conference in Asia. The malware self-propagates through USB drives and landed on the healthcare organization’s systems after the employee’s drive was accidentally infected during the conference.
Political agreement reached on EU cybersecurity regulation
A political agreement has been reached between the European Parliament and the Council of the EU regarding proposed cybersecurity rules whose goal is to boost security in EU institutions, bodies, offices and agencies.
Tomi Engdahl says:
200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin
Attackers exploit critical vulnerability in the Ultimate Member plugin to create administrative accounts on WordPress websites.
https://www.securityweek.com/200000-wordpress-sites-exposed-to-attacks-exploiting-flaw-in-ultimate-member-plugin/
Tomi Engdahl says:
Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor
https://www.securityweek.com/samsung-phone-flaws-added-to-cisa-must-patch-list-likely-exploited-by-spyware-vendor/
CISA adds 6 Samsung mobile device flaws to its known exploited vulnerabilities catalog and they have likely been exploited by a spyware vendor.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen flaws affecting Samsung smartphones to its Known Exploited Vulnerabilities Catalog, and they have all likely been exploited by a commercial spyware vendor.
CISA added eight new vulnerabilities to its catalog on Thursday, including two D-Link router and access point vulnerabilities exploited by a Mirai botnet variant. The six remaining security holes impact Samsung mobile devices and they were all patched by the technology giant in 2021.
The vulnerabilities include CVE-2021-25487, an out-of-bounds read in the modem interface driver that can lead to arbitrary code execution, fixed in October 2021. Samsung has classified the bug as ‘moderate’, but its NVD advisory says it’s ‘high severity’ based on CVSS score.
Tomi Engdahl says:
MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses
Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list.
https://www.securityweek.com/mitre-updates-cwe-top-25-most-dangerous-software-weaknesses/
Andreaa23 says:
I’ve read a few posts on your website and I think it’s very interesting and full of useful information. https://dmvpracticetest.io/