In the rapidly changing world of cybersecurity, recent developments include Microsoft’s discovery of the first SQL Server-based cloud breach attempt, the GoldDigger Android Trojan targeting financial apps in APAC, Apple’s release of security patches for zero-day vulnerabilities, Chinese APT41 using surveillance malware on WeChat users, Cisco addressing an emergency responder flaw with hard-coded credentials, and Atlassian’s urgent patch to stop an exploited Confluence zero-day.
In the ever-evolving cyber landscape, events include Sony Interactive Entertainment’s significant MOVEit Transfer data breach, Russia’s inadvertent doxxing of secret bases and spies, SiegedSec’s leak of over 3,000 files from NATO, a disruptive cyberattack on Lyca Mobile Services with potential data breach, and a major phishing scheme impacting Flagler County School District.
Journey through the cybersecurity landscape with topics spanning Russian VPN access restrictions in 2024, a deep dive into Q2 2023’s ransomware threats, the erosion of global internet freedoms in the 13th annual report, and French legislation’s pursuit of digital safety enhancements and VPN restrictions.
🚨 Cyber Alerts
1. SQL Injection Attacks on Cloud Servers
Microsoft has detected a concerning trend where hackers are targeting cloud environments through vulnerable Microsoft SQL Servers susceptible to SQL injection attacks. These attacks involve exploiting an SQL injection vulnerability within an application in the target environment, granting threat actors access to Azure Virtual Machine-hosted SQL Server instances with elevated permissions. This access allows them to execute SQL commands, retrieve sensitive data, and even gain control of the host’s operating system.
2. GoldDigger Trojan Targets Finance
A recently discovered Android banking trojan, named GoldDigger, is posing a significant threat by targeting over 50 Vietnamese banking, e-wallet, and crypto wallet applications. While initially detected in August 2023, there’s evidence to suggest it has been active since June. This malicious software employs deceptive tactics, impersonating legitimate websites and abusing Android’s accessibility services to steal personal information, banking credentials, intercept SMS messages, and facilitate remote device access. GoldDigger’s advanced protection mechanism further complicates its detection and analysis, making it a formidable challenge for cybersecurity experts.
3. Apple Swiftly Addresses iOS Vulnerability
In response to an actively exploited zero-day vulnerability (CVE-2023-42824) in iOS and iPadOS, Apple has swiftly released security patches. This kernel vulnerability could potentially allow local attackers to elevate their privileges. Additionally, the update (iOS 17.0.3 and iPadOS 17.0.3) addresses another issue impacting the WebRTC component, marking Apple’s commitment to tackling security concerns, having addressed a total of 17 actively exploited zero-days this year.
4. APT41’s LightSpy Surveillance Campaign
Security researchers have linked the surveillance toolkit LightSpy to the Chinese cyberespionage group APT41, also known as Wicked Panda. APT41 used spam messages to trick users into downloading a malicious WeChat application from third-party app stores. This state-sponsored hacking group has a history of using surveillance malware compatible with iOS and Android devices, with LightSpy capable of exfiltrating sensitive data like precise location, payment information, call recordings, and chat archives.
5. Cisco Fixes Root Credentials Flaw
Cisco has addressed a security vulnerability in its Emergency Responder (CER) system, known as CVE-2023-20101, that allowed unauthenticated attackers to gain access to unpatched systems using hard-coded root credentials. The flaw could potentially enable attackers to execute arbitrary commands as the root user, posing a significant security risk. Cisco recommends promptly updating vulnerable installations as no temporary workarounds are available to mitigate this issue.
6. Urgent Atlassian Confluence Vulnerability
Atlassian, a leading business software maker, has urgently addressed a critical security flaw in its Confluence Data Center and Server products. The company confirmed that this vulnerability has already been exploited in the wild, impacting some customers. The flaw, identified as CVE-2023-22515, allows remote attackers to escalate privileges on Confluence Server and Confluence Data Center instances, particularly those accessible on the public internet.
💥 Cyber Incidents
7. Sony Interactive Hit by Massive Data Breach
Sony Interactive Entertainment (SIE), a subsidiary responsible for PlayStation consoles, has suffered a significant data breach, affecting thousands of former employees in what has become the largest breach of 2023. The breach occurred through the MOVEit Transfer platform and was orchestrated by the Cl0p ransomware gang, which exploited a zero-day vulnerability in the software. While SIE promptly remediated the issue, the breach exposed sensitive personal information, including Social Security numbers, affecting 6,791 individuals.
8. Russian Electricity Grid Security
Moscow City Hall’s website inadvertently revealed a comprehensive list of “special consumers” on Russia’s electricity grid, including military and intelligence agency facilities. These “special consumers” require uninterrupted electricity supply, even during blackouts. The leak exposed exact locations, such as a secret ammunition depot, undercover Federal Protective Service facilities, and military units in Russia’s Far East. Shockingly, it even disclosed apartment numbers used by intelligence officers in Moscow, all of which are considered state secrets.
9. NATO Faces SiegedSec Data Breach
The hacking group SiegedSec has recently made headlines by claiming to have leaked over 3,000 files from NATO. These files are reported to have originated from NATO’s “Learning Management System” and include data from portals such as the “Lessons Learned Portal” and the “Investment Division Portal.” While some of the data appears sensitive, it remains unclear if the dump contains information already publicly available. This is the second such announcement by SiegedSec in recent months regarding alleged breaches of NATO’s online infrastructure, raising concerns about the security of intergovernmental organizations and the potential impact of such data leaks.
10. Lyca Mobile Faces Major Cyberattack
Lyca Mobile, a global mobile network operator based in the UK with over 16 million customers across 60 countries, has experienced significant disruptions due to a cyberattack that began last week. The attack affected services such as top-ups and national and international calling in all markets except the US, Australia, Tunisia, and Ukraine. While the company is working to restore services, it is also investigating the possibility of a data breach.
11. Phishing Scheme Hits Flagler School District
The Flagler County school district fell victim to an apparent phishing scheme. The scheme, which involved a substantial sum of money, was discovered when the district identified “an electronic transfer of funds to a possible fraudulent vendor bank account.” The incident triggered an internal investigation, and the FBI and the Flagler County Sheriff’s Office were contacted for assistance.
📢 Cyber News
12. Russia to Ban VPN Services in 2024
Russia’s communications watchdog is gearing up to ban Virtual Private Networks (VPNs) starting from March 1st, 2024, according to Senator Artem Sheikin from the ruling United Russia party. The surge in demand for VPNs followed Russia’s restrictions on Western social media platforms after President Vladimir Putin’s Ukraine incursion in February 2022. Sheikin emphasized the importance of this move to restrict access to Meta Platforms, including Facebook, Instagram, and WhatsApp, which are considered extremist organizations by Russian authorities.
13. Q2 2023 Ransomware Threat Analysis
The DRM Report Q2 2023 delves into the evolving ransomware threat landscape during the months of May to August 2023, shedding light on the ever-growing menace in the digital realm. This comprehensive report offers an extensive analysis of global ransomware activities, with a specific focus on the unique challenges faced by Italy. With cybercriminal audacity on the rise, the report monitors 165 criminal groups and 1,736 ransomware claims worldwide.
14. Global Internet Freedom and AI Threats
Freedom House’s 13th annual Freedom on the Net report reveals a concerning decline in global internet freedoms. The report, covering June 2022 to May 2023, highlights troubling records, such as 55 countries where individuals faced legal consequences for their online speech and 41 countries limiting access to websites hosting political and social content. Notably, China remains the worst offender in internet restrictions for the ninth consecutive year, followed closely by Myanmar.
15. French Lawmakers Debate VPN Limits
French lawmakers are deliberating the SREN bill, a part of the Macron administration’s efforts to combat online crime, which includes potential restrictions on virtual private networks (VPNs). The bill aims to enhance digital safety by addressing cyber threats, harassment, internet scams, hate speech, and minors’ access to explicit content.
Copyright © 2023 CyberMaterial. All Rights Reserved.