Cyber security news June 2023

This posting is here to collect cyber security news in June 2023.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

323 Comments

  1. Tomi Engdahl says:

    WhatsApp saa uuden ominaisuuden – sen yhteydessä annetaan huolestuttava varoitus, joka jää helposti huomaamatta https://www.is.fi/digitoday/mobiili/art-2000009623179.html

    WhatsApp aikoo tarjota käyttäjilleen mahdollisuuden jakaa ruudun näkymän toisen käyttäjän kanssa. WABetaInfon kuvakaappauksessa piilee kuitenkin huolestuttava yksityiskohta.

    WHATSAPP on tuomassa mahdollisuuden jakaa ruutu videopuhelun aikana. Todisteen löysi WABetaInfo, joka tutki WhatsAppin kokeellista versiota Androidissa. Nappi näkyi sovelluksen alareunassa ja muistuttaa puhelinta, josta lähtee nuoli oikealle.

    Reply
  2. Tomi Engdahl says:

    Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
    https://www.securityweek.com/millions-of-wordpress-sites-patched-against-critical-jetpack-vulnerability/

    A decade-old critical vulnerability in Jetpack was force-patched on five million WordPress sites over the past few days.

    Reply
  3. Tomi Engdahl says:

    Spyware Found in Google Play Apps With Over 420 Million Downloads
    https://www.securityweek.com/spyware-found-in-google-play-apps-with-over-420-million-downloads/

    Security researchers have discovered spyware code in 101 Android applications that had over 421 million downloads in Google Play.

    Reply
  4. Tomi Engdahl says:

    Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
    https://www.securityweek.com/organizations-warned-of-backdoor-feature-in-hundreds-of-gigabyte-motherboards/

    A backdoor feature found in hundreds of Gigabyte motherboard models can pose a significant supply chain risk to organizations.

    Researchers at firmware and hardware security company Eclypsium discovered that hundreds of motherboard models made by Taiwanese computer components giant Gigabyte include backdoor functionality that could pose a significant risk to organizations.

    The backdoor was discovered by Eclypsium based on behavior associated with the functionality, which triggered an alert in the company’s platform.

    Specifically, the researchers determined that the firmware on many Gigabyte systems drops a Windows binary that is executed when the operating system boots up. The dropped file then downloads and runs another payload fetched from Gigabyte servers.

    The payload is downloaded over an insecure connection – HTTP or improperly configured HTTPS — and the file’s legitimacy is not verified.

    Reply
  5. Tomi Engdahl says:

    Chrome 114 Released With 18 Security Fixes
    https://www.securityweek.com/chrome-114-released-with-18-security-fixes/

    Chrome 114 stable brings 18 security fixes, including 13 for vulnerabilities reported by external researchers.

    Google this week announced the release of Chrome 114 to the stable channel with a total of 18 security fixes inside, including 13 that resolve vulnerabilities reported by external researchers.

    Of the externally reported flaws, eight have a severity rating of ‘high’, with six of them being memory safety bugs.

    Based on the awarded bug bounty, the most important of these is CVE-2023-2929, an out-of-bounds write issue in Swiftshader. Security researcher Jaehun Jeong received a $15,000 reward for reporting the flaw, Google notes in an advisory.

    Next in line is CVE-2023-2930, a use-after-free bug in Extensions, for which Google handed out a $10,000 bug bounty.

    Reply
  6. Tomi Engdahl says:

    Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
    https://www.securityweek.com/barracuda-zero-day-exploited-to-deliver-malware-for-months-before-discovery/

    The recently discovered Barracuda zero-day vulnerability CVE-2023-2868 has been exploited to deliver malware and steal data since at least October 2022.

    Reply
  7. Tomi Engdahl says:

    Critical vulnerability in Gigabyte Motherboards discovered
    https://www.ghacks.net/2023/06/01/critical-vulnerability-in-gigabyte-motherboards-discovered-mitigation-available/

    Millions of PC devices with Gigabyte motherboards are in danger. Researchers at Eclypsium have discovered backdoor-like tools in hundreds of Gigabyte motherboard models. The legitimate tools are used by Gigabyte for updating purposes, but they may be abused by threat-actors to attack systems and install persistent malware.

    Reply
  8. Tomi Engdahl says:

    Venäjällä syytetään Suomea kyber­hyökkäyksestä https://www.is.fi/digitoday/art-2000009626224.html

    VENÄJÄLLÄ Yhtenäinen Venäjä -puolueen ennakko­äänestys­järjestelmä on joutunut kyberhyökkäyksen kohteeksi, kertoo Venäjän valtiollinen uutistoimisto Tass.

    Suomi nostettiin esiin yhtenä keskeisenä maana, josta hyökkäys tuli. Asiasta kertoi Tassin mukaan Yhtenäisen Venäjän puoluesihteeri Andrei Turtshak.

    – Pääasiassa hyökkäykset tulivat Yhdysvalloista, Saksasta ja Suomesta.
    Hyökkäysten havaittiin tulevan yli 31 000 ip-osoitteesta, mutta ne eivät saaneet järjestelmää kaatumaan, Turtshak sanoi Tassin mukaan.

    Käytännössä hyökkäävät koneet ovat tässäkin tapauksessa todennäköisesti olleet ympäri maailmaa – myös Suomessa – ja varsinainen hyökkääjä voi olla missä tahansa. Vaikka palvelunestohyökkäykset olisikin jäljitetty tiettyihin maihin, se ei välttämättä tarkoita, että hyökkäykset olisi alun perin näistä maista laukaistu.

    Reply
  9. Tomi Engdahl says:

    Uusi kyberhyökkäys uhkaa Mac-käyttäjiä – ”vain muutamat tietoturvapalvelut voivat havaita”
    https://www.tivi.fi/uutiset/tv/ed73d4f1-d8a9-4dbb-beda-5de36d5db7a9

    RustBucket-nimisen haittaohjelman takana epäillään olevan Pohjois-Korean tukema BlueNoroff-ryhmä. BlueNoroffin puolestaan uskotaan olevan alaryhmä tunnetulle Lazarus-ryhmälle, joka on jo pitkään kohdistanut hyökkäyksiä juuri Apple-laitteisiin.

    Aluksi käyttäjää houkutellaan lataamaan pdf-lukusovellus. Kun sillä avataan tietty pdf-tiedosto, ohjelmisto ottaa yhteyttä hyökkääjään ja käynnistää yhteyden sen ja haitallisen ohjelmiston välillä.

    Kun pdf-lukuohjelma on asennettu, RustBucketilla on kyky ladata lisää haitallisia komponentteja, minkä ansiosta hyökkääjä voi saada hallinnan tartunnan saaneesta järjestelmästä.

    RustBucketin leviämistapa ei ole vielä täysin selvä. On kuitenkin todennäköistä, että haittaohjelmaa levitetään kalasteluviesteillä, joissa käyttäjää huijataan uskomaan, että pdf-sovelluksen voi turvallisesti ladata ja käynnistää.

    Reply
  10. Tomi Engdahl says:

    New Horabot campaign targets the Americas https://blog.talosintelligence.com/new-horabot-targets-americas/

    Cisco Talos has observed a threat actor deploying a previously unidentified botnet program Talos is calling “Horabot,” which delivers a known banking trojan and spam tool onto victim machines in a campaign that has been ongoing since at least November 2020.

    The threat actor appears to be targeting Spanish-speaking users in the Americas and, based on our analysis, may be located in Brazil.

    Horabot enables the threat actor to control the victim’s Outlook mailbox, exfiltrate contacts’ email addresses, and send phishing emails with malicious HTML attachments to all addresses in the victim’s mailbox.

    The banking trojan can collect the victim’s login credentials for various online accounts, operating system information and keystrokes. It also steals one-time security codes or soft tokens from the victim’s online banking applications.

    The spam tool compromises Yahoo, Gmail and Outlook webmail accounts, enabling the threat actor to take control of those mailboxes, exfiltrate their contacts’ email addresses, and send spam emails.

    Reply
  11. Tomi Engdahl says:

    Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks https://thehackernews.com/2023/06/evasive-qbot-malware-leverages-short.html

    An analysis of the “evasive and tenacious” malware known as QBot has revealed that 25% of its command-and-control (C2) servers are merely active for a single day.

    What’s more, 50% of the servers don’t remain active for more than a week, indicating the use of an adaptable and dynamic C2 infrastructure, Lumen Black Lotus Labs said in a report shared with The Hacker News.

    “This botnet has adapted techniques to conceal its infrastructure in residential IP space and infected web servers, as opposed to hiding in a network of hosted virtual private servers (VPSs),” security researchers Chris Formosa and Steve Rudd said.

    Reply
  12. Tomi Engdahl says:

    Malicious PyPI Packages Using Compiled Python Code to Bypass Detection https://thehackernews.com/2023/06/malicious-pypi-packages-using-compiled.html

    Researchers have discovered a novel attack on the Python Package Index (PyPI) repository that employs compiled Python code to sidestep detection by application security tools.

    “It may be the first supply chain attack to take advantage of the fact that Python bytecode (PYC) files can be directly executed,” ReversingLabs analyst Karlo Zanki said in a report shared with The Hacker News.

    The package in question is fshec2, which was removed from the package registry on April 17, 2023, following responsible disclosure on the same day.

    Reply
  13. Tomi Engdahl says:

    Miljoonissa pc-koneiden emolevyissä piilotettu takaovi kuin odottamassa verkkorikollisia hiipimään sisään
    https://www.tivi.fi/uutiset/tv/8ab71d54-6a24-4e9b-842b-e98c70c4faf7

    Kun kyseisellä mekanismilla varustettu emolevy käynnistyy, laiteohjelmisto tarkastaa mahdollisen ohjelmistopäivityksen saatavuuden ja asentaa päivityksen, jos sellainen on tarjolla. Mekanismi itsessään on viaton ja tarkoitettu pitämään laiteohjelmisto ajan tasalla. Ongelmana on, että Gigabyten toteutus vaikuttaa turvattomalta.

    Reply
  14. Tomi Engdahl says:

    Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
    https://www.securityweek.com/organizations-warned-of-backdoor-feature-in-hundreds-of-gigabyte-motherboards/

    A backdoor feature found in hundreds of Gigabyte motherboard models can pose a significant supply chain risk to organizations.

    Reply
  15. Tomi Engdahl says:

    Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
    https://www.securityweek.com/google-temporarily-offering-180000-for-full-chain-chrome-exploit/

    Google is offering a bug bounty reward of up to $180,000 for a full chain exploit leading to a sandbox escape in the Chrome browser.

    Reply
  16. Tomi Engdahl says:

    Toyota Discloses New Data Breach Involving Vehicle, Customer Information
    https://www.securityweek.com/toyota-discloses-new-data-breach-involving-vehicle-customer-information/

    Toyota says improper cloud configurations exposed vehicle and customer information in Japan and overseas for years.

    Reply
  17. Tomi Engdahl says:

    Cisco Acquiring Armorblox for Predictive and Generative AI Technology
    https://www.securityweek.com/cisco-acquiring-armorblox-for-predictive-and-generative-ai-technology/

    Cisco is in the process of acquiring email security firm Armorblox for its predictive and generative artificial intelligence (AI) technology.

    Reply
  18. Tomi Engdahl says:

    Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
    https://www.securityweek.com/moxa-patches-mxsecurity-vulnerabilities-that-could-be-exploited-in-ot-attacks/

    Critical authentication bypass and high-severity command injection vulnerabilities have been patched in Moxa’s MXsecurity product.

    Organizations using Moxa’s MXsecurity product have been informed about two potentially serious vulnerabilities that could be exploited by malicious hackers targeting operational technology (OT) networks.

    MXsecurity is an industrial network security management software designed for OT environments.

    Security researcher Simon Janz discovered recently that the product is impacted by a critical vulnerability that can be exploited remotely to bypass authentication (CVE-2023-33235) and a high-severity flaw in the SSH command-line interface that can lead to remote command execution (CVE-2023-33236).

    Moxa patched the security holes with the release of version 1.0.1. The industrial networking, computing and automation solutions provider has published an advisory describing the vulnerabilities.

    Reply
  19. Tomi Engdahl says:

    Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
    https://www.securityweek.com/organizations-warned-of-salesforce-ghost-sites-exposing-sensitive-information/

    Salesforce ghost sites — domains that are no longer maintained but still accessible — can expose personal information and business data.

    Some organizations can expose sensitive personal and corporate information by failing to properly deactivate Salesforce Community websites that are no longer used, according to data security and analytics company Varonis.

    Varonis reported identifying many such improperly deactivated websites, which the company has dubbed ‘Salesforce ghost sites’. These sites have been found to expose personally identifiable information and business data that should not be accessible.

    “The exposed data is not restricted to only old data from when the site was in use; it also includes new records that were shared with the guest user due to the sharing configuration in their Salesforce environment,” Varonis warned.

    Ghost sites are Salesforce Communities that have been abandoned — they are still accessible, but no longer monitored or protected.

    Reply
  20. Tomi Engdahl says:

    New GobRAT Remote Access Trojan Targeting Linux Routers in Japan
    https://thehackernews.com/2023/05/new-gobrat-remote-access-trojan.html

    Reply
  21. Tomi Engdahl says:

    Venäläishakkerien karmea tietomurto: 9 miljoonan potilaan tiedot paljastuivat, uhrien joukossa myös lapsia
    Antti Kailio1.6.202308:16|päivitetty1.6.202308:16KIRISTYSHAITTAOHJELMATTIETOTURVAHAMMASLÄÄKETIEDE
    Venäläinen hakkerijengi LockBit on ilmoittautunut terveysvakuutusyhtiöön tehdyn kyberiskun tekijäksi.
    https://www.tivi.fi/uutiset/venalaishakkerien-karmea-tietomurto-9-miljoonan-potilaan-tiedot-paljastuivat-uhrien-joukossa-myos-lapsia/214f14d5-ee4f-4624-9d16-85826e652047

    Reply
  22. Tomi Engdahl says:

    Millions of Gigabyte PC motherboards backdoored? What’s the actual score?
    It’s the 2020s and we’re still running code automatically fetched over HTTP

    https://www.theregister.com/2023/06/02/gigabyte_uefi_backdoor/

    Reply
  23. Tomi Engdahl says:

    MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited https://thehackernews.com/2023/06/moveit-transfer-under-attack-zero-day.html

    A critical flaw in Progress Software’s in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems.

    The shortcoming, which is yet to be assigned a CVE identifier, relates to a severe SQL injection vulnerability that could lead to escalated privileges and potential unauthorized access to the environment.

    “An SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database,” the company said.

    Patches for the bug have been made available by the Massachusetts-based company, which also owns Telerik, in the following versions: 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and
    2023.0.1 (15.0.1).

    Reply
  24. Tomi Engdahl says:

    Amazon’s Ring cameras were used to spy on customers https://www.malwarebytes.com/blog/news/2023/06/amazons-ring-camera-used-to-spy-on-customers

    Every single Amazon Ring employee was able to access every single customer video, even when it wasn’t necessary for their jobs.

    Not only that, but the employees—along with workers from a third-party contractor in Ukraine—could also download any of those videos and then save and share them as they liked, before July 2017.

    That’s what the FTC has alleged in a recent complaint, for which Amazon is facing a settlement of $5.8 million.

    And, unsurprisingly, some employees abused that access right.

    Reply
  25. Tomi Engdahl says:

    New Horabot campaign takes over victim’s Gmail, Outlook accounts https://www.bleepingcomputer.com/news/security/new-horabot-campaign-takes-over-victims-gmail-outlook-accounts/

    A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool.

    The malware enables the operators to take control of the victim’s Gmail, Outlook, Hotmail, or Yahoo email accounts, steal email data and 2FA codes arriving in the inbox, and send phishing emails from the compromised accounts.

    The new Horabot operation was discovered by analysts at Cisco Talos, who report that the threat actor behind it is likely based in Brazil.

    Reply
  26. Tomi Engdahl says:

    Zyxel shares tips on protecting firewalls from ongoing attacks https://www.bleepingcomputer.com/news/security/zyxel-shares-tips-on-protecting-firewalls-from-ongoing-attacks/

    Zyxel has published a security advisory containing guidance on protecting firewall and VPN devices from ongoing attacks and detecting signs of exploitation.

    This warning comes in response to multiple reports of widespread exploitation of the CVE-2023-28771 and the exploitability and severity of CVE-2023-33009 and CVE-2023-33010, all impacting Zyxel VPN and firewall devices.

    “Zyxel has been urging users to install the patches through multiple channels, including issuing several security advisory newsletters to registered users and advisory subscribers; notifying users to upgrade via the Web GUI’s push notification for on-premises devices; and enforcing scheduled firmware upgrades for cloud-based devices that haven’t yet done so,” warns Zyxel’s security advisory.

    Reply
  27. Tomi Engdahl says:

    Online sellers targeted by new information-stealing malware campaign https://www.bleepingcomputer.com/news/security/online-sellers-targeted-by-new-information-stealing-malware-campaign/

    Online sellers are targeted in a new campaign to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks.

    The new campaign launched this week, with threat actors sending complaints to online store admins through email and website contact forms.

    These emails pretend to be from a customer of an online store who had $550 deducted from their bank account after an alleged order did not properly go through.

    BleepingComputer received one of these emails this week and, after researching the attack, has found it widespread with many submissions to VirusTotal over the past week.

    Reply
  28. Tomi Engdahl says:

    In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
    https://www.securityweek.com/in-other-news-government-use-of-spyware-new-industrial-security-tools-japan-router-hack/

    Cybersecurity news that you may have missed this week: the spyware used by various governments, new vulnerabilities, industrial security products, and Linux router attacks.

    Spyware used in Israel, the Middle East and the US

    Separate reports published this week detail the spyware used by Israeli Police (Echo tool offered by Israeli firm Rayzone), Arab intelligence services (spying tools offered by Swiss company In The Cyber), and the US Drug Enforcement Agency (spyware called Paragon Graphite).

    Google shuts down YouTube channels used for influence operations

    Google in April shut down many YouTube channels that were part of coordinated influence operations linked to Russia, Turkey, Iran, China, Azerbaijan, and Uzbekistan. The Chinese operation was powered by roughly 3,500 channels.

    Iranian government websites and networks targeted by local hacktivists

    90 organizations notify UK ICO of data breaches related to Capita hack

    The BBC reported that 90 organizations in the UK have informed the country’s privacy and data watchdog about being hit by the recent data breach at British business process outsourcing firm Capita. The impacted organizations handle the data of millions of people. Capita said recently it expects the ransomware attack to cost it up to $25 million.

    Linux routers in Japan targeted with GobRAT malware

    Japan’s JPCERT/CC issued a warning about Linux routers in the country being targeted with the GobRAT malware since February. The attackers are using a loader to disable the device’s firewall function, download GobRAT, and ensure persistence on a device. Compromised routers can be abused for various types of malicious purposes.

    ‘Migraine’ macOS vulnerability discovered by Microsoft

    Microsoft has disclosed the details of CVE-2023-32369, a recently patched macOS vulnerability that could allow an attacker with root access to automatically bypass System Integrity Protection (SIP) and perform arbitrary operations on the targeted computer. Microsoft has dubbed the flaw ‘Migraine’.

    Vulnerabilities patched in OpenSSL and VMware

    The latest OpenSSL updates patch CVE-2023-2650, a medium-severity vulnerability that can be exploited to cause a DoS condition.

    In addition, VMware announced that it has fixed a medium-severity information disclosure vulnerability in Workspace One Access and Identity Manager. The issue is tracked as CVE-2023-20884.

    Reply
  29. Tomi Engdahl says:

    Vulnerabilities patched in OpenSSL and VMware
    https://www.securityweek.com/in-other-news-government-use-of-spyware-new-industrial-security-tools-japan-router-hack/
    The latest OpenSSL updates patch CVE-2023-2650, a medium-severity vulnerability that can be exploited to cause a DoS condition.
    Possible DoS translating ASN.1 object identifiers (CVE-2023-2650)
    https://www.openssl.org/news/secadv/20230530.txt
    Severity: Moderate
    Issue summary: Processing some specially crafted ASN.1 object identifiers or
    data containing them may be very slow.
    Impact summary: Applications that use OBJ_obj2txt() directly, or use any of
    the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message
    size limit may experience notable to very long delays when processing those
    messages, which may lead to a Denial of Service.
    In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,
    CMS, CMP/CRMF or TS. It also impacts anything that processes X.509
    certificates, including simple things like verifying its signature.
    The impact on TLS is relatively low, because all versions of OpenSSL have a
    100KiB limit on the peer’s certificate chain. Additionally, this only
    impacts clients, or servers that have explicitly enabled client
    authentication.
    In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,
    such as X.509 certificates. This is assumed to not happen in such a way
    that it would cause a Denial of Service, so these versions are considered
    not affected by this issue in such a way that it would be cause for concern,
    and the severity is therefore considered low.

    Reply
  30. Tomi Engdahl says:

    Hackers hijack legitimate sites to host credit card stealer scripts https://www.bleepingcomputer.com/news/security/hackers-hijack-legitimate-sites-to-host-credit-card-stealer-scripts/

    A new Magecart credit card stealing campaign hijacks legitimate sites to act as “makeshift” command and control (C2) servers to inject and hide the skimmers on targeted eCommerce sites.

    A Magecart attack is when hackers breach online stores to inject malicious scripts that steal customers’ credit cards and personal information during checkout.

    According to Akamai’s researchers monitoring this campaign, it has compromised organizations in the United States, the United Kingdom, Australia, Brazil, Peru, and Estonia.

    The cybersecurity firm also points out that many of the victims have not realized they were breached for over a month, which is a testament to the stealthiness of these attacks.

    Reply
  31. Tomi Engdahl says:

    CISA orders govt agencies to patch MOVEit bug used for data theft https://www.bleepingcomputer.com/news/security/cisa-orders-govt-agencies-to-patch-moveit-bug-used-for-data-theft/

    CISA has added an actively exploited security bug in the Progress MOVEit Transfer managed file transfer (MFT) solution to its list of known exploited vulnerabilities, ordering U.S. federal agencies to patch their systems by June 23.

    The critical flaw (tracked as CVE-2023-34362) is an SQL injection vulnerability that enables unauthenticated, remote attackers to gain access to MOVEit Transfer’s database and execute arbitrary code.

    According to the November 2022 binding operational directive (BOD 22-01), Federal Civilian Executive Branch Agencies (FCEB) must patch this security vulnerability once added to CISA’s Known Exploited Vulnerabilities catalog.

    Reply
  32. Tomi Engdahl says:

    Large Spanish bank confirms ransomware attack https://therecord.media/spain-globalcaja-bank-confirms-ransomware-attack

    A major lender in Spain said it is dealing with a ransomware attack affecting several offices.

    Globalcaja – based in the Spanish city of Albacete – has more than 300 offices across Spain and serves nearly half a million people with a variety of banking services. It manages more than $4.6 billion in consumer loans and has 1,000 employees.

    The Play ransomware group claimed this week that it attacked the bank and stole an undisclosed amount of private and personal confidential data, client and employee documents, passports, contracts and more.

    The bank published a statement on Friday confirming that computers at several local offices were dealing with ransomware.

    Reply
  33. Tomi Engdahl says:

    Artificial Intelligence
    OpenAI Unveils Million-Dollar Cybersecurity Grant Program
    https://www.securityweek.com/openai-unveils-million-dollar-cybersecurity-grant-program/

    OpenAI plans to shell out $1 million in grants for projects that empower defensive use-cases for generative AI technology.

    Reply
  34. Tomi Engdahl says:

    Russia Blames US Intelligence for iOS Zero-Click Attacks
    https://www.securityweek.com/russia-blames-us-intelligence-for-ios-zero-click-attacks/

    Kaspersky said its corporate network has been targeted with a zero-click iOS exploit, just as Russia’s FSB said iPhones have been targeted by US intelligence.

    Reply
  35. Tomi Engdahl says:

    Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations
    https://www.securityweek.com/zero-day-in-moveit-file-transfer-software-exploited-to-steal-data-from-organizations/

    A zero-day vulnerability in Progress Software’s MOVEit Transfer product has been exploited to hack organizations and steal their data.

    Reply
  36. Tomi Engdahl says:

    Google has removed many but not all of the malicious entries, but only after they were reported, and by then, they were on millions of devices—and possibly hundreds of millions. Understandably, some security-minded folks aren’t pleased.

    Google’s Android and Chrome extensions are a very sad place. Here’s why
    It was a bad week for millions of people who rely on Google for apps and Chrome extensions.
    https://arstechnica.com/information-technology/2023/06/injecting-strange-code-into-websites-file-snooping-google-marketplaces-are-a-mess/?utm_brand=ars&utm_medium=social&utm_social-type=owned&utm_source=facebook

    Reply
  37. Tomi Engdahl says:

    Pankkihuijauksella 421 uhria – epäilty on 20-vuotias mies https://www.is.fi/digitoday/tietoturva/art-2000009634221.html

    KESKUSRIKOSPOLIISI ja Lounais-Suomen poliisilaitos kertovat saaneensa loppuun esitutkinnan, jossa 20-vuotiasta miestä epäillään 421 törkeästä maksuvälinepetoksesta. Tapaus siirtyy syyteharkintaan.

    Kyseessä olivat verkkopankkihuijaukset, joissa uhrit ohjattiin pankkitunnuksia kalasteleville verkkosivuille tekstiviesteillä. IS on kirjoittanut vastaavista tapauksista useaan otteeseen.

    Reply
  38. Tomi Engdahl says:

    Microsoft links Clop ransomware gang to MOVEit data-theft attacks https://www.bleepingcomputer.com/news/security/microsoft-links-clop-ransomware-gang-to-moveit-data-theft-attacks/

    Microsoft has linked the Clop ransomware gang to recent attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations.

    “Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion site,” the Microsoft Threat Intelligence team tweeted Sunday night.

    Reply
  39. Tomi Engdahl says:

    Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack https://thehackernews.com/2023/06/magento-woocommerce-wordpress-and.html

    Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign that’s designed to steal personally identifiable information
    (PII) and credit card data from e-commerce websites.

    A noteworthy aspect that sets it apart from other Magecart campaigns is that the hijacked sites further serve as “makeshift” command-and-control (C2) servers, using the cover to facilitate the distribution of malicious code without the knowledge of the victim sites.

    Web security company Akamai said it identified victims of varying sizes in North America, Latin America, and Europe, potentially putting the personal data of thousands of site visitors at risk of being harvested and sold for illicit profits.

    Reply
  40. Tomi Engdahl says:

    Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft

    Mandiant has observed wide exploitation of a zero-day vulnerability in the MOVEit Transfer secure managed file transfer software for subsequent data theft.

    Based on initial analysis from Mandiant incident response engagements, the earliest evidence of exploitation occurred on May 27, 2023 resulting in deployment of web shells and data theft. In some instances, data theft has occurred within minutes of the deployment of web shells. Mandiant currently attributes this activity to UNC4857, a newly created threat cluster with unknown motivations

    Reply
  41. Tomi Engdahl says:

    Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
    https://www.securityweek.com/ransomware-group-used-moveit-exploit-to-steal-data-from-dozens-of-organizations/

    The recent MOVEit zero-day attack has been linked to a known ransomware group, which reportedly stole data from dozens of organizations.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*