CyberSecurity Newsletter 8th April 2024
CyberSecurity Newsletter 8th April 2024
In this week’s news: EPA suffers a major breach, IntelBroker releases National Security documents stolen from US Contractor, US Dept of Health warns of social engineering attacks, new malware called Latrodectus uses sandbox techniques for social engineering, Cancer treatment centre notifies 800k people of databreach, and Home Depo suffers another breach.
The U.S. Environmental Protection Agency (EPA) is suffering a major data breach allegedly by a hacker known as USDoD. The breach, affecting over 8.5 million users, raises concerns about identity theft, cyber espionage, and the chilling effect on environmental reporting:
https://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/
Notorious threat actor IntelBroker, has released National Security Documents and data. Data relating to the US government has been stolen from a contractor and leaked online, prompting the State Department to launch an investigation:
Investigation launched after theft of government data — leak hits US State Department | TechRadar
US State Department investigating another data leak
⚠️#BREAKING⚠️Allegedly, notorious threat actor IntelBroker, has released National Security Documents and data. Per IntelBroker below.. #Clearnet #DarkWebInformer #Cyberattack #Cybercrime #Infosec #CTI #NSA
— Dark Web Informer (@DarkWebInformer) April 2, 2024
Documents belonging to the Five Eyes Intelligence..
Compromised Data:… pic.twitter.com/I5n41utQN9
The U.S. Department of Health and Human Services (HHS) warns that hackers are now using social engineering tactics to target IT help desks across the Healthcare and Public Health (HPH) sector. The sector alert issued by the Health Sector Cybersecurity Coordination Center (HC3) this week says these tactics have allowed attackers to gain access to targeted organisations' systems by enrolling their multi-factor authentication (MFA) devices:
https://www.bleepingcomputer.com/news/security/us-health-dept-warns-hospitals-of-hackers-targeting-it-help-desks/
A new form of malware called "Latrodectus" was likely developed by the makers of banking trojan IcedID and was observed incorporating sandbox evasion techniques to launch impersonation campaigns that lead to victims downloading malicious payloads:
https://www.scmagazine.com/news/latrodectus-uses-sandbox-evasion-techniques-to-launch-malicious-payloads
Cancer treatment and research centre City of Hope this week started notifying over 800,000 individuals that their personal and health information was compromised in a data breach:
https://www.securityweek.com/us-cancer-center-data-breach-impacting-800000/
Solar Spider Spins Up New Malware to Entrap Saudi Arabian Financial Firms. An ongoing cyberattack campaign with apparent ties to China uses a new version of sophisticated JavaScript remote access Trojan JSOutProx and is now targeting banks in the Middle East:
https://www.darkreading.com/threat-intelligence/solar-spider-spins-up-new-malware-to-entrap-saudi-arabian-banks
The price of zero-day exploits rises as companies harden products against hackers. A startup is now offering millions of dollars for tools to hack iPhones, Android devices, WhatsApp, and iMessage:
https://techcrunch.com/2024/04/06/price-of-zero-day-exploits-rises-as-companies-harden-products-against-hackers/
Google is working on a new security feature for Chrome called Device Bound Session Credentials (DBSC), meant to prevent attackers from using stolen session cookies to gain access to user accounts:
https://www.helpnetsecurity.com/2024/04/03/using-stolen-session-cookies/
The AhnLab Security Intelligence Center (ASEC) has detected a sophisticated cyberattack targeting users of the popular text and code editor Notepad++:
https://gbhackers.com/hackers-hijacked-notepad-plugin-to-execute-malicious-code/
The House is set to consider a bill next week that would reauthorise a surveillance program that U.S. officials consider vital to national security but that critics say raises privacy concerns:
https://www.securityweek.com/house-to-take-up-bill-to-reauthorize-crucial-us-spy-program-as-expiration-date-looms/
Home Depot has confirmed that it suffered a data breach after one of its SaaS vendors mistakenly exposed a small sample of limited employee data, which could potentially be used in targeted phishing attacks:
https://www.bleepingcomputer.com/news/security/home-depot-confirms-third-party-data-breach-exposed-employee-info/
Microsoft is now using a Windows driver to prevent users from changing the configured Windows 10 and Windows 11 default browser through software or by manually modifying the Registry. Windows users can still change their default browser through the Windows settings. However, those who utilised software to make the changes are now blocked by a driver quietly introduced to users worldwide as part of the February updates for Windows 10 (KB5034763) and Windows 11 (KB5034765):
https://www.bleepingcomputer.com/news/microsoft/new-windows-driver-blocks-software-from-changing-default-web-browser/
Azure DevOps Services Attack Toolkit - ADOKit is a toolkit that can be used to attack Azure DevOps Services by taking advantage of the available REST API. The tool allows the user to specify an attack module, along with specifying valid credentials (API key or stolen authentication cookie) for the respective Azure DevOps Services instance:
https://www.kitploit.com/2024/04/adokit-azure-devops-services-attack.html
France Travail, the governmental agency responsible for registering unemployed individuals, faces a data breach affecting 43 million people. France Travail is also responsible for providing financial aid and assisting people in finding jobs:
https://www.digitaljournal.com/tech-science/french-government-is-the-victim-of-a-major-data-breach/article
A new ransomware variant is targeting VMware ESXi servers, a popular virtualization platform used by hosting providers worldwide. Dubbed “SEXi” by its creators, this ransomware has already made significant waves, with Powerhost’s CEO revealing a staggering ransom demand of approximately 140 million dollars:
https://gbhackers.com/hosting-providers-vmware-esxi/
A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models:
https://securityaffairs.com/161549/hacking/d-link-nas-flaw.html
https://github.com/netsecfish/dlink
IBM’s terminal emulator for Windows machines, Personal Communications (PCOM), must be patched against a critical vulnerability:
https://www.itnews.com.au/news/ibm-terminal-emulator-has-rce-bug-606787
AhnLab SEcurity intelligence Center (ASEC) recently found that there are a growing number of cases where threat actors use YouTube to distribute malware. The attackers do not simply create YouTube channels and distribute malware—they are stealing well-known channels that already exist to achieve their goal:
https://malware.news/t/threat-actors-hack-youtube-channels-to-distribute-infostealers-vidar-and-lummac2/80552
A new LinkedIn threat combines breached users’ accounts and an evasive 2-step phishing attack.By tricking users into downloading malware, Snake steals sensitive browsing data to hijack accounts.
It highlights how social media is a potential attack vector for stealing credentials and compromising corporate systems:
https://gbhackers.com/microsoft-two-step-phishing-campaign/
top Israeli spy who managed to stay incognito for 20 years has found himself exposed after one basic error. The spy is named Yossi Sariel allegedly heads Israel's Unit 8200 made a crucial mistake after an investigation by The Guardian which found an electronic copy of Sariel's book available on Amazon "included an anonymous email that can easily be traced to Sariel's name and Google account.”:
https://www.theregister.com/2024/04/08/infosec_news_roundup/
How I hacked Biometric machine just by using a calculator:
https://infosecwriteups.com/how-i-hacked-biometric-machine-just-by-using-a-calculator-794e4254cedb