CyberSecurity Newsletter
November 20th 2023
In this week’s news: Barclays flags risks after ICBC hack, ALPHV files complaint with SEC after victim fails to report breach, Lockbit publishes Boeing data, FBI struggled to stop a cybercrime, Johnson Controls delay earnings report due to cyberattack, Clorox CISO resigns during a cyberattack and the story of three young hackers.
Barclays flags Treasuries central clearing cybersecurity risks after ICBC hack:
https://www.marketscreener.com/quote/stock/BARCLAYS-PLC-9583556/news/Barclays-flags-Treasuries-central-clearing-cybersecurity-risks-after-ICBC-hack-45363028/
Ransomware gang files SEC complaint over victim’s undisclosed breach:
https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/
Exploit for CrushFTP RCE chain released, patch now:
https://www.bleepingcomputer.com/news/security/exploit-for-crushftp-rce-chain-released-patch-now/
Here’s a shodan scan report for CrushFTP using the favicon hash
The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story:
https://www.wired.com/story/mirai-untold-story-three-young-hackers-web-killing-monster/
Appin was a leading Indian cyberespionage firm that few people even knew existed. A Reuters investigation found that the company grew from an educational startup to a hack-for-hire powerhouse that stole secrets from executives, politicians, military officials and wealthy elites around the globe:
https://www.reuters.com/investigates/special-report/usa-hackers-appin/
Israeli man sentenced to 80 months in prison for providing hacker-for-hire services:
https://securityaffairs.com/154378/cyber-crime/man-spear-phishing-sentenced.html
LockBit has published 43GB of data stolen from Boeing after the aerospace giant refused to give in to ransom demands following a cyber attack late last month. Most of the data listed on the hacker group’s leak site are backups for various systems:
https://www.cshub.com/attacks/news/lockbit-hackers-publish-43gb-of-stolen-boeing-data-following-cyber-attack
Hackers Are Exploiting a Flaw in Citrix Software Despite Fix:
https://www.bloomberg.com/news/articles/2023-11-19/hackers-are-exploiting-a-flaw-in-citrix-software-despite-fix
8Base ransomware operators use a new variant of the Phobos ransomware:
https://securityaffairs.com/154383/malware/8base-ransomware-phobos-ransomware.html
The U.S. Federal Bureau of Investigation has struggled to stop a hyper-aggressive cybercrime gang that’s been tormenting corporate America over the last two years:
https://cdcgaming.com/brief/fbi-struggled-to-disrupt-dangerous-casino-hacking-gang-cyber-responders-say/
Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks:
https://thehackernews.com/2023/11/russian-cyber-espionage-group-deploys.html
Bots Target Retailers for Black Friday Bargains:
https://www.f5.com/labs/articles/threat-intelligence/bots-target-retailers-for-black-friday-bargains
Cryptojacking Attack Campaign Against Apache Web Servers Using Cobalt Strike:
https://malware.news/t/cryptojacking-attack-campaign-against-apache-web-servers-using-cobalt-strike/75830
Hackers Exploiting Zimbra 0-day to Attack Government Organizations:
https://cybersecuritynews.com/zimbra-0-day-to-attack/
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine:
https://securityaffairs.com/154362/apt/gamaredon-apt-litterdrifter-usb.html
Johnson Controls Warns of Earnings Report Delay Due to Cyberattack:
https://www.usnews.com/news/technology/articles/2023-11-13/johnson-controls-warns-of-earnings-report-delay-due-to-cyberattack
Clorox's Cybersecurity Chief Departs Amidst Incident Recovery Efforts:
https://www.secureworld.io/industry-news/clorox-ciso-steps-down
Australia's second-largest telco, Optus, had no crisis plan when a network-wide outage left nearly half the country without phone or internet for 12 hours:
https://www.reuters.com/technology/australian-telco-optus-tells-lawmakers-it-had-no-plan-address-total-outage-2023-11-17/
North American Grid Regulator Tests Physical, Cyber Security Preparedness:
https://www.usnews.com/news/technology/articles/2023-11-16/north-american-grid-regulator-tests-physical-cyber-security-preparedness
FBI shares tactics of notorious Scattered Spider hacker collective:
https://www.bleepingcomputer.com/news/security/fbi-shares-tactics-of-notorious-scattered-spider-hacker-collective/
Healthcare startups scramble to assess fallout after Postmeds data breach hits millions of patients:
https://techcrunch.com/2023/11/18/postmeds-truepill-data-breach-pharmacy-millions/
Quasar RAT Delivered Through Updated SharpLoader:
https://isc.sans.edu/diary/rss/30414