Cyber4Dev weekly update

/

02.12.2022

NEWS:

The 5 Cornerstones for an Effective Cyber Security Awareness Training

It’s not news that phishing attacks are getting more complex and happening more often. This year alone, APWG reported a record-breaking total of 1,097,811 phishing attacks. These attacks continue to target organizations and individuals to gain their sensitive information. The hard news: they’re often successful, have a long-lasting negative impact on your organization and employees, including: Loss of Money, Reputation damage, Loss of Intellectual property, Disruptions to operational activities and Negative effect on company culture.

https://thehackernews.com/2022/11/the-5-cornerstones-for-effective-cyber.html

33% of attacks in the cloud leverage credential access

33% of attacks in the cloud leverage credential access, indicating that users often overestimate the security of their cloud environments and consequently fail to configure and protect them adequately. While commercial adversary simulation software such as CobaltStrike is helpful to many teams’ defense of their environments, it is also being used as a malicious tool for mass-malware implants. Elastic Security Labs found that CobaltStrike was the most widespread malicious binary or payload for Windows endpoints accounting for nearly 35% of all detections, followed by AgentTesla at 25% and RedLineStealer at 10%.

Microsoft Defender boosts default protection for all enterprise users

Microsoft announced that built-in protection is generally available for all devices onboarded to Defender for Endpoint, the company’s endpoint security platform. Once applied, this default set of settings provides better protection for enterprise endpoints against advanced and emerging threats, including ransomware attacks. “Initially, built-in protection will include turning tamper protection on for your tenant, with other default settings coming soon,” Microsoft explains.

https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-boosts-default-protection-for-all-enterprise-users/

The Best Strategies To Keep Your Business Safe Online

Usually, any profit-making business is constantly exposed to several risks that can cause massive losses or total collapse of the organization. To protect themselves, it is paramount that businesses can identify the risk that can wipe out the organization’s income. Some of the risks that pose a serious threat to the continuity of a business are a risk to the business premises caused by fires, technological risks, strategic risks, and prohibited substance use. There is a wide selection of prospective risks that may hinder business operations.

Cyberattacks are targeting smaller healthcare companies and specialty clinics. But why?

The healthcare industry has been a favored target for cybercriminals for many years. In the first half of 2022 alone, 324 attacks against healthcare organizations have been reported. Attackers have primarily focused on large hospitals in years past, but there has been a sudden switch to smaller healthcare companies and specialty clinics. There seems to be a clear trend in attacks against the healthcare industry, and that trend includes targeting smaller healthcare companies and clinics.

https://www.tripwire.com/state-of-security/cyberattacks-are-targeting-smaller-healthcare-companies-and-specialty-clinics-why

INCIDENTS:

Hackers Dump Australian Health Data Online, Declare ‘Case Closed’

The hackers leaking stolen Australian health records to the dark web on Thursday appeared to end their extortion attempt by dumping a final batch of data online and declaring:”Case closed.” In November the hackers demanded health insurer Medibank pay US$9.7 million to keep the records off the internet — or one dollar for each of the company’s impacted customers, which included Prime Minister Anthony Albanese. Medibank refused to pay at the urging of the federal government, which at the height of the crisis considered making it illegal for hacked companies to hand over ransoms.

https://www.securityweek.com/hackers-dump-australian-health-data-online-declare-case-closed

https://thehackernews.com/2022/12/hackers-leak-another-set-of-medibank.html

Lastpass discloses the second security breach this year

LastPass disclosed a new security breach, threat actors had access to its cloud storage using information stolen in the August 2022 breach. Password management solution LastPass disclosed a new security breach, the attackers had access to a third-party cloud storage service using information stolen in the August 2022 breach. The impacted cloud storage service is GoTo, it is currently shared by both LastPass and its affiliate.

Hacker attempts to sell data of 500 million WhatsApp users on dark web

A hacker has allegedly posted a dataset to the dark web containing the personal information of almost 500 million WhatsApp users. In the post, which was uploaded to hacking forum BreachForums on November 16, the hacker claimed to be selling up-to-date personal information of 487 million WhatsApp users from 84 countries. In the post, the alleged hacker said those who bought the datasets would receive “very recent mobile numbers” of WhatsApp users. The leak was originally reported by technology news site CyberNews, which said it had “investigated” a sample of the data set provided by the hacker. According to CyberNews, the site was able to verify that 1,914 phone numbers provided by the malicious party did belong to WhatsApp users, meaning the hacker’s claims were “likely…to be true”.

https://www.cshub.com/attacks/news/hacker-attempts-to-sell-data-of-500m-whatsapp-users-on-dark-web

AIIMS hit by ransomware attack: 7 other big hackings that hurt Indian businesses

Ransomware attacks are among the biggest cyber threats in India. Recently, a report by the country’s cyber watchdog CERT-In claimed that India logged a 51% rise in ransomware attacks in the first half of the year as compared to 2021. Not only the first half, there have been multiple cyber-attacks in the second half of this year that have kept cyber authorities on their toes.

www.gadgetsnow.com/slideshows/aiims-hit-by-ransomware-attack-7-other-big-hackings-that-hurt-indian-businesses/photolist/95793675.cms

MALWARE:

TikTok ‘Invisible Body’ challenge exploited to push malware

Hackers are capitalizing on a trending TikTok challenge named ‘Invisible Challenge’ to install malware on thousands of devices and steal their passwords, Discord accounts, and, potentially, cryptocurrency wallets. A new and trending TikTok challenge requires you to film yourself naked while using TikTok’s “Invisible Body” filter, which removes the body from the video and replaces it with a blurry background. This challenge has led to people posting videos of them allegedly naked but obscured by the filter.

https://www.bleepingcomputer.com/news/security/tiktok-invisible-body-challenge-exploited-to-push-malware/

Cyber-mercenary group is targeting Android users with fake VPN apps

Security researchers at ESET discovered that the infamous cyber-mercenary group, Bahamut APT, has been using fake VPN apps as a carrier for dangerous malware targeting Android phones. The researchers found at least eight versions of Bahamut spyware on trojanized versions of popular Android apps, SoftVPN and OpenVPN. These apps were never available to download from the Google Play Store, though. Once installed, the spyware can access sensitive data such as contacts, SMS messages, call logs, device location, and recorded phone calls. The spyware can also spy on information about calls and chat messages from messaging apps like Messenger, Viber, Signal, WhatsApp, Telegram, and WeChat and can extract other data like banking information using keylogging.

VULNERABILITIES:

Hyundai app bugs allowed hackers to remotely unlock, start cars

Vulnerabilities in mobile apps exposed Hyundai and Genesis car models after 2012 to remote attacks that allowed unlocking and even starting the vehicles. Security researchers at Yuga Labs found the issues and explored similar attack surfaces in the SiriusXM “smart vehicle” platform used in cars from other makers (Toyota, Honda, FCA, Nissan, Acura, and Infinity) that allowed them to “remotely unlock, start, locate, flash, and honk” them. At this time, the researchers have not published detailed technical write-ups for their findings but shared some information on Twitter, in two separate threads (Hyundai, SiriusXM).

https://www.bleepingcomputer.com/news/security/hyundai-app-bugs-allowed-hackers-to-remotely-unlock-start-cars/

Cybercriminals Selling Access to Networks Compromised via Recent Fortinet Vulnerability

Security researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical vulnerability in Fortinet products. Tracked as CVE-2022-40684 and impacting FortiOS, FortiProxy, and FortiSwitchManager products, the vulnerability was publicly disclosed in early October, when it was already exploited in malicious attacks. The issue is an authentication bypass allowing a remote attacker to use specially crafted HTTP or HTTPS requests to perform unauthorized operations on a vulnerable appliance’s admin interface.

https://www.securityweek.com/cybercriminals-selling-access-networks-compromised-recent-fortinet-vulnerability

A flaw in some Acer laptops can be used to bypass security features

ESET researchers announced in a series of tweets the discovery of a vulnerability impacting Acer laptops, the issue can allow an attacker to deactivate UEFI Secure Boot. The experts explained that the flaw, tracked as CVE-2022-4020, is similar to the Lenovo vulnerabilities the company disclosed earlier this month. Same as in Lenovo’s case, an attacker can trigger the issue to deactivate the UEFI Secure Boot by creating NVRAM variable directly from OS.

Cyber4Dev collates data from Open-Source websites, any opinions or attributions expressed in the articles are not those of Cyber4Dev and are not endorsed by the project or the EU.