CyberSecurity Newsletter April 15th 2024
CyberSecurity Newsletter April 15th 2024
In this week’s news: Hackers clone voice of CEO is attempted phonecall phish, Microsoft was breached by the OAuth abuse and this allowed Russian speies to steal US government emails, Fortinet and Palo have critical vulns, Health Sectors warns of advanced phishing attacked, two arrested in Firebird RAT investigations and Apache Kafka flaw allows access to information.
Hackers Voice Cloned the CEO of LastPass for Attack
They weren't successful this time, at least.
Hackers Voice Cloned the CEO of LastPass for Attack
A resourceful hacker cloned the voice of LastPass' CEO to try to dupe one of its employees — but they were not successful.
Microsoft breach allowed Russian spies to steal emails from US government:
https://www.theregister.com/2024/04/12/microsoft_cisa_order/
Microsoft disclosed it was also victimized by cyberespionage criminals who abused OAuth applications to access protected corporate accounts. The tech giant had previously warned of ongoing attacks by advanced persistent threat group with ties to Russia:
https://www.scmagazine.com/news/microsoft-fell-victim-to-oauth-attack-it-issued-warning-about
Fortinet Vulnerability Exploited To Deploy RMM tools And PowerShell Backdoors:
https://cybersecuritynews.com/fortinet-vulnerability-rmm-powershell/
Palo Alto Networks firewalls under attack, hotfixes incoming:
https://www.helpnetsecurity.com/2024/04/12/cve-2024-3400/
https://unit42.paloaltonetworks.com/cve-2024-3400/
The Health Sector Cybersecurity Coordination Center (HC3) recently issued an Alert warning that “threat actors employing advanced social engineering tactics to target IT help desks in the health sector and gain initial access to target organisations” has been on the rise:
%20(1).webp)
New Cyber Attack Targeting Hospital IT Helpdesks with Voice Calls
Hospitals across the nation are on high alert as sophisticated cybercriminals target IT help desks with advanced social engineering tactics.
A joint investigation conducted by U.S. and Australian authorities led to the arrest of two key figures behind the Firebird RAT operation:
https://securityaffairs.com/161822/cyber-crime/firebird-rat-men-arrested.html
Microsoft publishes new Registry security mitigation for Intel processors (Spectre):
https://www.ghacks.net/2024/04/15/microsoft-publishes-new-registry-mitigation-for-intel-processors-spectre/
Apache Kafka Flaw Let Attackers Gain Access To Sensitive Data:
https://cybersecuritynews.com/apache-kafka-security-flaw/
In the wake of a cyberattack on Tarrant County Appraisal District in March, the Medusa ransomware gang has claimed responsibility for the hack and has threatened the public with the threat of leaking 218 GB of the stolen data unless the ransom of $100,000 is paid within six days:
https://www.cysecurity.news/2024/04/300-strikes-fort-worths-battle-against.html
AI tapped by Chinese state-backed hackers for foreign election interference:
https://www.scmagazine.com/brief/ai-tapped-by-chinese-state-backed-hackers-for-foreign-election-interference
Hacker Leaks 8.5M U.S. Environmental Protection Agency (EPA) Contact Data:
https://www.hackread.com/us-environmental-protection-agency-hacked-data-leaked/
Home Depot confirms third-party data breach exposed employee info:
https://www.bleepingcomputer.com/news/security/home-depot-confirms-third-party-data-breach-exposed-employee-info/
Mintlify says customer GitHub tokens exposed in data breach:
https://techcrunch.com/2024/03/18/mintlify-customer-github-tokens-data-breach/
Crooks manipulate GitHub’s search results to distribute malware:
https://securityaffairs.com/161792/cyber-crime/githubs-search-results-distribute-malware.html
A New Windows driver blocks software from changing the default web browser:
https://www.bleepingcomputer.com/news/microsoft/new-windows-driver-blocks-software-from-changing-default-web-browser/
Unauthorized Admin Account Access via Google Authentication
Sahil Mehra:
https://nullr3x.medium.com/unauthorized-admin-account-access-via-google-authentication-a38d42577ac9
Canadian retail chain Giant Tiger data breach may have impacted millions of customers:
https://securityaffairs.com/161811/cyber-crime/giant-tiger-data-breach.html
Medium bans AI-generated content from its paid Partner Program:
https://www.bleepingcomputer.com/news/technology/medium-bans-ai-generated-content-from-its-paid-partner-program/
OpenTable won't add first-name photos to old reviews after backlash:
https://www.bleepingcomputer.com/news/security/opentable-wont-add-first-names-photos-to-old-reviews-after-backlash/
OWASP discloses data breach caused by misconfiguration:
https://www.digitaljournal.com/tech-science/owasp-discloses-data-breach-caused-by-misconfiguration/article
The hacker group "Handala Hack" has announced a breach of the Israeli company "99 Digital," known for offering digital customer service solutions to businesses, as part of the OPIsrael campaign. The group claimed to have infiltrated the company's admin panel and sent direct messages to its clients:
https://www.govinfosecurity.com/iran-launches-wave-retaliatory-strikes-at-israel-a-24854
A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralised cryptocurrency exchanges in July 2022 and stealing over $12.3 million:
https://thehackernews.com/2024/04/ex-security-engineer-jailed-3-years-for.html
The BatBadBut is a vulnerability that allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied:
https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
Apple Alerts iPhone Users of 'Mercenary Attack' Threat:
https://support.apple.com/en-us/102174
Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign:
https://thehackernews.com/2024/04/iranian-muddywater-hackers-adopt-new-c2.html
Hunters International has breached Toyota Brazil.:
https://www.privacyaffairs.com/hunters-international-announces-6-high-profile-victims/
NIST has released three self-guided online introductory courses on the NIST Special Publication (SP) 800-53 security and privacy control catalogue, the SP 800-53A control assessment procedures, and SP 800-53B control baselines:
https://csrc.nist.gov/News/2024/online-intro-courses-for-nist-sp-800-53
China Releases New Regulation on Cross-Border Data Transfers:
https://www.jdsupra.com/legalnews/china-releases-new-regulation-on-cross-3927197/