Cyber security news June 2023

This posting is here to collect cyber security news in June 2023.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

323 Comments

  1. Tomi Engdahl says:

    Hackers Use Weaponized OpenSSH Tool to Hijack Linux Systems
    https://cybersecuritynews.com/weaponized-openssh/

    Cybersecurity researchers at Microsoft recently found an attack targeting Linux-based systems and IoT devices.

    It has been identified that the exploit employs custom and open-source tools to gain control of the impacted devices and install cryptomining malware on them by leveraging the patched OpenSSH.

    By leveraging a criminal infrastructure with a Southeast Asian financial institution’s subdomain as a C2 server, threat actors deploy a backdoor.

    To mine, it uses different tools, such as rootkits and an IRC bot, to exploit device resources.

    Reply
  2. Tomi Engdahl says:

    MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans
    https://thehackernews.com/2023/06/multistorm-campaign-targets-india-and.html

    Reply
  3. Tomi Engdahl says:

    Powerful JavaScript Dropper PindOS Distributes Bumblebee and IcedID Malware
    https://thehackernews.com/2023/06/powerful-javascript-dropper-pindos.html

    Reply
  4. Tomi Engdahl says:

    ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC
    https://thehackernews.com/2023/06/chameldoh-new-linux-backdoor-utilizing.html

    Reply
  5. Tomi Engdahl says:

    Vulnerabilities result in millions of compromised users of popular managed file transfer software
    Affected parties range from individual and corporate users to federal, state, and local government systems
    https://www.techspot.com/news/99111-vulnerabilities-result-millions-compromised-users-popular-managed-file.html

    Reply
  6. Tomi Engdahl says:

    Did You Receive a Free Smartwatch in the Mail? Don’t Turn It On!
    These unsolicited devices may be free, but they are packed full of malware.
    https://uk.pcmag.com/migrated-99802-smartwatches/147467/did-you-receive-a-free-smartwatch-in-the-mail-dont-turn-it-on

    Reply
  7. Tomi Engdahl says:

    Camaro Dragon Hackers Strike with USB-Driven Self-Propagating Malware
    https://thehackernews.com/2023/06/camaro-dragon-hackers-strike-with-usb.html

    The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives.

    “While their primary focus has traditionally been Southeast Asian countries, this latest discovery reveals their global reach and highlights the alarming role USB drives play in spreading malware,” Check Point said in new research shared with The Hacker News.

    The cybersecurity company, which found evidence of USB malware infections in Myanmar, South Korea, Great Britain, India, and Russia, said the findings are the result of a cyber incident that it investigated at an unnamed European hospital in early 2023.

    The latest infection chain comprises a Delphi launcher known as HopperTick that’s propagated via USB drives and its primary payload dubbed WispRider, which is responsible for infecting the devices when they are attached to a machine.

    “When a benign USB thumb drive is inserted into an infected computer, the malware detects a new device inserted into the PC and manipulates its files, creating several hidden folders at the root of the thumb drive,” Check Point researchers said.

    WispRider, besides infecting the current host if not already, is tasked with communicating with a remote server, compromising any newly connected USB devices, executing arbitrary commands, and performing file operations.

    Select variants of WispRider also function as a backdoor with capabilities to bypass an Indonesian antivirus solution called Smadav as well as resort to DLL side-loading by using components from security software like G-DATA Total Security.

    Reply
  8. Tomi Engdahl says:

    LockBit Developing Ransomware for Apple M1 Chips, Embedded Systems
    Under construction: The world’s leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be.
    https://www.darkreading.com/vulnerabilities-threats/lockbit-ransomware-apple-m1-chips-embedded-systems

    Reply
  9. Tomi Engdahl says:

    Phasing Out Passwords: Apple To Automatically Assign Each User a Passkey
    The change will arrive with iOS 17, iPadOS 17, and macOS Sonoma, which will automatically create a passkey and tie it to the user’s Apple ID.
    https://uk.pcmag.com/security/147422/phasing-out-passwords-apple-to-automatically-assign-each-user-a-passkey

    Reply
  10. Tomi Engdahl says:

    Security experts bypass BIOS-locked laptop using just a screwdriver
    There are some caveats, however
    https://www.techspot.com/news/99091-security-experts-bypassed-bios-locked-laptop-using-screwdriver.html

    Reply
  11. Tomi Engdahl says:

    TSMC denies LockBit hack as ransomware gang demands $70 million https://www.bleepingcomputer.com/news/security/tsmc-denies-lockbit-hack-as-ransomware-gang-demands-70-million/

    Chipmaking giant TSMC (Taiwan Semiconductor Manufacturing Company) denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data.

    TSMC is one of the world’s largest semiconductor manufacturers, with its products used in a wide variety of devices, including smartphones, high performance computing, IoT devices, automotive, and digital consumer electronics.

    Reply
  12. Tomi Engdahl says:

    Pro-Russian hackers upgrade DDoSia bot used to attack Ukraine, NATO countries https://therecord.media/ddosia-pro-russian-hackers-upgrades

    The DDoSia project by pro-Russian hackers has seen significant growth this year as attackers continue to use the technology against countries critical of Russia’s invasion of Ukraine.

    DDoSia is a distributed denial-of-service attack toolkit developed and used by the pro-Russia hacktivist group NoName057(16).

    The group and its followers are actively deploying the tool against government agencies, media, and private companies in Lithuania, Ukraine, Poland, Italy, and other European countries, according to a report released by cybersecurity company Sekoia this week.

    Reply
  13. Tomi Engdahl says:

    In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools
    https://www.securityweek.com/in-other-news-hospital-infected-via-usb-drive-eu-cybersecurity-rules-free-security-tools/

    Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of June 26, 2023.

    USB drive infects hospital’s systems

    Check Point provides an in-depth analysis of malware attributed to China-based espionage group Camaro Dragon that infected an European healthcare institution after an employee participated in a conference in Asia. The malware self-propagates through USB drives and landed on the healthcare organization’s systems after the employee’s drive was accidentally infected during the conference.

    Political agreement reached on EU cybersecurity regulation

    A political agreement has been reached between the European Parliament and the Council of the EU regarding proposed cybersecurity rules whose goal is to boost security in EU institutions, bodies, offices and agencies.

    Reply
  14. Tomi Engdahl says:

    200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin

    Attackers exploit critical vulnerability in the Ultimate Member plugin to create administrative accounts on WordPress websites.
    https://www.securityweek.com/200000-wordpress-sites-exposed-to-attacks-exploiting-flaw-in-ultimate-member-plugin/

    Reply
  15. Tomi Engdahl says:

    Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor
    https://www.securityweek.com/samsung-phone-flaws-added-to-cisa-must-patch-list-likely-exploited-by-spyware-vendor/

    CISA adds 6 Samsung mobile device flaws to its known exploited vulnerabilities catalog and they have likely been exploited by a spyware vendor.

    The US Cybersecurity and Infrastructure Security Agency (CISA) has added half a dozen flaws affecting Samsung smartphones to its Known Exploited Vulnerabilities Catalog, and they have all likely been exploited by a commercial spyware vendor.

    CISA added eight new vulnerabilities to its catalog on Thursday, including two D-Link router and access point vulnerabilities exploited by a Mirai botnet variant. The six remaining security holes impact Samsung mobile devices and they were all patched by the technology giant in 2021.

    The vulnerabilities include CVE-2021-25487, an out-of-bounds read in the modem interface driver that can lead to arbitrary code execution, fixed in October 2021. Samsung has classified the bug as ‘moderate’, but its NVD advisory says it’s ‘high severity’ based on CVSS score.

    Reply
  16. Tomi Engdahl says:

    MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses

    Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list.

    https://www.securityweek.com/mitre-updates-cwe-top-25-most-dangerous-software-weaknesses/

    Reply
  17. Andreaa23 says:

    I’ve read a few posts on your website and I think it’s very interesting and full of useful information. https://dmvpracticetest.io/

    Reply

Leave a Reply to Andreaa23 Cancel reply

Your email address will not be published. Required fields are marked *

*

*