News
University of Minnesota Hacked: Data Breach Confirmed [Week 1]
In a recent development that has many students of the Unversity concerned, U of M officials have confirmed a data breach that exposed sensitive information of students and staff. This information was revealed after security researchers discovered the issue last month.
The breach, which occured on July 15th, 2023 was originally disclosed by a hacker on an anonymous online dark web forum. The hacker claimed to have gained access to a data warehouse used by the University and claimming to have access to roughly 7 million social security numbers! According to the hacker's own statement (take it with a grain of salt) the records they managed to obtain date all the way back to 1989.
The breach appears to be a response to the Supreme Courts decision to strike down Affrimative Action. The hacker allegedly instructed others to organized data by race and admission test scores. The breach post came to the publics attention after being reported on by the website Cyber Express on July 21st, a full month before the University of Minnesota officially acknowledged the situation.
A university spokesperson has stated that the data accessed was primarily limited to 2021 and before. It's likely that the reason most of the data is from two years ago and before is because of bolstered security efforts that took effect that year.
Source
Twitter/X to Introduce Voice and Video Calling, Update Privacy Policy [Week 2]
Elon Musk announced that, X (formerly known as Twitter), will soon offer voice and video call features for users on Apple and Android devices, as well as computers. However, no specific release date was mentioned. Additionally, X updated its privacy policies, allowing for the collection of biometric data and employment history. The new policy will take effect on September 29, though it doesn't specify what exactly is being collected. This move is seemingly in response to Meta/Facebook's Messenger as well as Snapchat. X's privacy policy changes have raised concerns about data privacy and the potential for directed advertising. For users in the European Union, X introduced a reporting tool for posts and ads that may violate new regulations, as part of the Digital Services Act. Interestingly enough, a phone number may not be required to use the service (hence the excuse to employ some mysterious biometric data).
Source
Unpatched Security Flaws Discovered in Zavio Cameras Still in Use: BugProve and CISA Issue Warnings [Week 3]
BugProve, a provider of IoT firmware analysis platforms, has revealed multiple security vulnerabilities in IP cameras manufactured by Zavio, a now-defunct Chinese company. Despite Zavio's closure, its cameras are still in use in the United States and Europe, making the vulnerabilities a significant concern. BugProve identified over 34 memory corruption and command injection flaws, seven of which allow for unauthenticated remote code execution with root privileges. These vulnerabilities could let attackers gain full control over the cameras, potentially using them for DDoS attacks or other malicious activities. In collaboration with CCTV Camera Pros, the main North American distributor of Zavio cameras, and CISA, BugProve has verified these vulnerabilities and has obtained CVE identifiers. Due to the unlikelihood of patches being released for the affected cameras, users are being advised to replace their existing devices.
Source
Apple patches 3 brand new "Zero-Day" Security Flaws [Week 4]
Apple has rolled out another series of crucial security patches addressing three zero-day flaws affecting iOS, iPadOS, macOS, watchOS, and Safari, marking the 16th zero-day bug found in Apple software this year. The flaws included a certificate validation issue, a security glitch in Kernel, and a WebKit flaw, all potentially leaving Apple users vulnerable to malicious attacks. Updates have been rolled out across multiple Apple devices and operating systems, including the latest versions of iOS and iPadOS. Researchers Bill Marczak and Maddie Stone uncovered these flaws, hinting at the potential exploitation of these vulnerabilities in highly sophisticated spyware attacks targeting high-risk individuals. This revelation comes shortly after Apple patched up other zero-day vulnerabilities. Other companies like Google have been expereiencing similar issues as of late. Moreover, it has been highlighted that the vulnerabilities in question have broader implications, affecting various operating systems and software packages, with the libwebp library being a common point of exploitation. However, while the patches are gradually reaching all affected areas, Ben Hawkes from Isosceles stressed that it could take some time for the patches to reach saturation due to the widespread use of libwebp, although they seem to be correctly patched in upstream libwebp.
Source
Asian Government and Telecom Sectors Targeted by 'Stayin' Alive' Cyber-Espionage Campaign [Week 5]
High-profile government and telecom sectors in Asian nations such as Vietnam, Uzbekistan, Pakistan, and Kazakhstan have been under the scanner of a cyber-espionage campaign since 2021, aiming to inject rudimentary backdoors for the purpose of delivering advanced malware. The campaign, dubbed "Stayin' Alive" by cybersecurity firm Check Point, starts its attack via spear-phishing emails containing attachments that introduce backdoors into the system. Notably, the cyber-infrastructure used in this campaign bears similarities to ToddyCat, a group linked to China previously associated with cyberattacks on European and Asian government and military agencies. Additionally, the usage of disposable tools, which are frequently replaced or potentially built anew, has been observed to be on the rise, making detection and attribution more challenging. The findings also indicate targeted cyberattacks on South Korean and Thai entities, with some links traced back to a Chinese hacker group named Dalbit.
Source
Google Advances Towards a Passwordless Future with Default Passkey Implementation [Week 6]
Google has unveiled a feature that enables users to set up passkeys by default, bolstering its commitment to a passwordless future. This development follows five months after Google integrated the FIDO Alliance-backed passwordless standard across all platforms for Google Accounts. Passkeys offer a new authentication method, eliminating the need for traditional usernames and passwords. This passwordless system utilizes public-key cryptography: the device securely houses the private key, while the server stores the public key. Each passkey is distinctive, associated with a username and a specific service, ensuring that users will have unique passkeys for different platforms like Android, iOS, macOS, and Windows. The authentication process involves the server sending a random challenge to the client, which then requires user verification, such as biometrics or a PIN, to sign the challenge with the private key. Not only does this mechanism make password management simpler, but it also offers enhanced protection against phishing. This initiative mirrors similar moves in the industry, with companies like Microsoft, eBay, and Uber recently incorporating passkey support to enhance security.
Source
Microsoft's Advanced Containment Feature Foils Akira Ransomware's Encryption Attempt [Week 7]
In a recent cybersecurity update, Microsoft revealed that its "user containment" feature in Microsoft Defender for Endpoint effectively prevented a major remote encryption attempt by Akira ransomware actors against an unspecified industrial entity in June 2023. Monitored by Microsoft's intelligence team under the alias Storm-1567, the attackers sought to exploit devices not integrated with Microsoft Defender for Endpoint and engaged in a series of preparatory activities before attempting encryption via a breached user account. However, Microsoft's automatic disruption feature countered this by restricting the compromised accounts from accessing network resources, effectively hindering the attackers' lateral movements depite the accounts insider status. The disruption feature stops any form of communication, preventing human-led attacks from accessing other devices within the network. Microsoft also highlighted a separate incident where its security platform halted lateral moves against a medical research lab in August 2023. Emphasizing the significance of safeguarding privileged user accounts, Microsoft stated that identifying and containing such compromised accounts is crucial to halt the progression of attacks.
Source
Stealthy Malware Disguised as WordPress Plugin Enables Remote Site Control [Week 8]
Cybersecurity experts have uncovered an advanced malware variant that disguises itself as a WordPress plugin, giving cybercriminals the ability to secretly gain administrative control and remotely operate the infiltrated site. Presented as a caching plugin, this deceptive code boasts a myriad of features including the ability to stay hidden from the list of active plugins and modify files. Not only can it remotely activate or deactivate plugins, but it can also establish unauthorized admin accounts using the preset username "superadmin" and a specific password. To maintain a low profile, the malware has a function that deletes the superadmin account when its role is fulfilled. This malware can also manipulate content, insert malicious links or buttons, and mislead search engine crawlers to prioritize suspicious content, thus directing visitors to unsafe web pages. Marco Wotschka, a researcher, noted that the malware's comprehensive capabilities allow attackers to exploit and profit from the victim's site while compromising its SEO rankings and user privacy. While the scale and entry method of these attacks remain undetermined, it's been reported that over 17,000 WordPress sites fell victim to the Balada Injector malware last month, which similarly added malevolent plugins and generated unauthorized blog admin accounts. This is a warning to all you bloggers using WordPress!!!
Source
North Korean Bluenoroff Hackers Escalate Attacks with macOS Malware [Week 9]
The North Korean hacking collective Bluenoroff, known for its financial cyber heists, has expanded its arsenal to include macOS-targeting malware. This group, a subset of the infamous Lazarus APT, has been actively exploiting system vulnerabilities to breach financial institutions. The latest findings point to a sophisticated malware strain designed specifically for macOS, signaling an escalation in the group's capabilities and the broadening scope of their attacks. The cybersecurity community is on high alert, emphasizing the need for robust, multi-platform defenses against these increasingly advanced state-sponsored cyber threats.
Source
Evolved Gootloader Malware Variant Outsmarts Detection Systems [Week 10]
A new variant of the Gootloader malware has emerged, alarming cybersecurity experts with its sophisticated evasion tactics. This evolved version of the malware, initially a banking trojan, now stealthily delivers various payloads while avoiding detection through obfuscated scripts and covert network communications. The threat underscores the need for robust cybersecurity defenses, as traditional detection methods may fall short against Gootloader's advanced techniques. Organizations are advised to reinforce their security posture and remain vigilant against such adaptive cyber threats.
Source
StripedFly: The Stealthy Malware That Hid in Plain Sight for Five Years [Week 11]
The StripedFly malware, undetected for half a decade, has compromised over a million devices by masquerading as a crypto miner. The Cybersecurity company Kaspersky's analysis reveals it as a dual-platform threat for Linux and Windows, utilizing a variant of the EternalBlue exploit to breach systems. It's equipped with a range of capabilities, including data harvesting and self-deletion, and uses encrypted channels for communication and updates via popular code repositories.
StripedFly's sophistication suggests it's the work of an advanced persistent threat (APT) group, with potential ties to the Equation Group known for cyber espionage. While it includes a Monero miner, the true purpose of StripedFly remains enigmatic, hinting at motives beyond financial gain.
Source
The breach, which occured on July 15th, 2023 was originally disclosed by a hacker on an anonymous online dark web forum. The hacker claimed to have gained access to a data warehouse used by the University and claimming to have access to roughly 7 million social security numbers! According to the hacker's own statement (take it with a grain of salt) the records they managed to obtain date all the way back to 1989.
The breach appears to be a response to the Supreme Courts decision to strike down Affrimative Action. The hacker allegedly instructed others to organized data by race and admission test scores. The breach post came to the publics attention after being reported on by the website Cyber Express on July 21st, a full month before the University of Minnesota officially acknowledged the situation.
A university spokesperson has stated that the data accessed was primarily limited to 2021 and before. It's likely that the reason most of the data is from two years ago and before is because of bolstered security efforts that took effect that year.
Source
Twitter/X to Introduce Voice and Video Calling, Update Privacy Policy [Week 2]
-
Elon Musk announced that, X (formerly known as Twitter), will soon offer voice and video call features for users on Apple and Android devices, as well as computers. However, no specific release date was mentioned. Additionally, X updated its privacy policies, allowing for the collection of biometric data and employment history. The new policy will take effect on September 29, though it doesn't specify what exactly is being collected. This move is seemingly in response to Meta/Facebook's Messenger as well as Snapchat. X's privacy policy changes have raised concerns about data privacy and the potential for directed advertising. For users in the European Union, X introduced a reporting tool for posts and ads that may violate new regulations, as part of the Digital Services Act. Interestingly enough, a phone number may not be required to use the service (hence the excuse to employ some mysterious biometric data).
Source
Unpatched Security Flaws Discovered in Zavio Cameras Still in Use: BugProve and CISA Issue Warnings [Week 3]
-
BugProve, a provider of IoT firmware analysis platforms, has revealed multiple security vulnerabilities in IP cameras manufactured by Zavio, a now-defunct Chinese company. Despite Zavio's closure, its cameras are still in use in the United States and Europe, making the vulnerabilities a significant concern. BugProve identified over 34 memory corruption and command injection flaws, seven of which allow for unauthenticated remote code execution with root privileges. These vulnerabilities could let attackers gain full control over the cameras, potentially using them for DDoS attacks or other malicious activities. In collaboration with CCTV Camera Pros, the main North American distributor of Zavio cameras, and CISA, BugProve has verified these vulnerabilities and has obtained CVE identifiers. Due to the unlikelihood of patches being released for the affected cameras, users are being advised to replace their existing devices.
Source
Apple patches 3 brand new "Zero-Day" Security Flaws [Week 4]
-
Apple has rolled out another series of crucial security patches addressing three zero-day flaws affecting iOS, iPadOS, macOS, watchOS, and Safari, marking the 16th zero-day bug found in Apple software this year. The flaws included a certificate validation issue, a security glitch in Kernel, and a WebKit flaw, all potentially leaving Apple users vulnerable to malicious attacks. Updates have been rolled out across multiple Apple devices and operating systems, including the latest versions of iOS and iPadOS. Researchers Bill Marczak and Maddie Stone uncovered these flaws, hinting at the potential exploitation of these vulnerabilities in highly sophisticated spyware attacks targeting high-risk individuals. This revelation comes shortly after Apple patched up other zero-day vulnerabilities. Other companies like Google have been expereiencing similar issues as of late. Moreover, it has been highlighted that the vulnerabilities in question have broader implications, affecting various operating systems and software packages, with the libwebp library being a common point of exploitation. However, while the patches are gradually reaching all affected areas, Ben Hawkes from Isosceles stressed that it could take some time for the patches to reach saturation due to the widespread use of libwebp, although they seem to be correctly patched in upstream libwebp.
Source
Asian Government and Telecom Sectors Targeted by 'Stayin' Alive' Cyber-Espionage Campaign [Week 5]
-
High-profile government and telecom sectors in Asian nations such as Vietnam, Uzbekistan, Pakistan, and Kazakhstan have been under the scanner of a cyber-espionage campaign since 2021, aiming to inject rudimentary backdoors for the purpose of delivering advanced malware. The campaign, dubbed "Stayin' Alive" by cybersecurity firm Check Point, starts its attack via spear-phishing emails containing attachments that introduce backdoors into the system. Notably, the cyber-infrastructure used in this campaign bears similarities to ToddyCat, a group linked to China previously associated with cyberattacks on European and Asian government and military agencies. Additionally, the usage of disposable tools, which are frequently replaced or potentially built anew, has been observed to be on the rise, making detection and attribution more challenging. The findings also indicate targeted cyberattacks on South Korean and Thai entities, with some links traced back to a Chinese hacker group named Dalbit.
Source
Google Advances Towards a Passwordless Future with Default Passkey Implementation [Week 6]
-
Google has unveiled a feature that enables users to set up passkeys by default, bolstering its commitment to a passwordless future. This development follows five months after Google integrated the FIDO Alliance-backed passwordless standard across all platforms for Google Accounts. Passkeys offer a new authentication method, eliminating the need for traditional usernames and passwords. This passwordless system utilizes public-key cryptography: the device securely houses the private key, while the server stores the public key. Each passkey is distinctive, associated with a username and a specific service, ensuring that users will have unique passkeys for different platforms like Android, iOS, macOS, and Windows. The authentication process involves the server sending a random challenge to the client, which then requires user verification, such as biometrics or a PIN, to sign the challenge with the private key. Not only does this mechanism make password management simpler, but it also offers enhanced protection against phishing. This initiative mirrors similar moves in the industry, with companies like Microsoft, eBay, and Uber recently incorporating passkey support to enhance security.
Source
Microsoft's Advanced Containment Feature Foils Akira Ransomware's Encryption Attempt [Week 7]
-
In a recent cybersecurity update, Microsoft revealed that its "user containment" feature in Microsoft Defender for Endpoint effectively prevented a major remote encryption attempt by Akira ransomware actors against an unspecified industrial entity in June 2023. Monitored by Microsoft's intelligence team under the alias Storm-1567, the attackers sought to exploit devices not integrated with Microsoft Defender for Endpoint and engaged in a series of preparatory activities before attempting encryption via a breached user account. However, Microsoft's automatic disruption feature countered this by restricting the compromised accounts from accessing network resources, effectively hindering the attackers' lateral movements depite the accounts insider status. The disruption feature stops any form of communication, preventing human-led attacks from accessing other devices within the network. Microsoft also highlighted a separate incident where its security platform halted lateral moves against a medical research lab in August 2023. Emphasizing the significance of safeguarding privileged user accounts, Microsoft stated that identifying and containing such compromised accounts is crucial to halt the progression of attacks.
Source
Stealthy Malware Disguised as WordPress Plugin Enables Remote Site Control [Week 8]
-
Cybersecurity experts have uncovered an advanced malware variant that disguises itself as a WordPress plugin, giving cybercriminals the ability to secretly gain administrative control and remotely operate the infiltrated site. Presented as a caching plugin, this deceptive code boasts a myriad of features including the ability to stay hidden from the list of active plugins and modify files. Not only can it remotely activate or deactivate plugins, but it can also establish unauthorized admin accounts using the preset username "superadmin" and a specific password. To maintain a low profile, the malware has a function that deletes the superadmin account when its role is fulfilled. This malware can also manipulate content, insert malicious links or buttons, and mislead search engine crawlers to prioritize suspicious content, thus directing visitors to unsafe web pages. Marco Wotschka, a researcher, noted that the malware's comprehensive capabilities allow attackers to exploit and profit from the victim's site while compromising its SEO rankings and user privacy. While the scale and entry method of these attacks remain undetermined, it's been reported that over 17,000 WordPress sites fell victim to the Balada Injector malware last month, which similarly added malevolent plugins and generated unauthorized blog admin accounts. This is a warning to all you bloggers using WordPress!!!
Source
North Korean Bluenoroff Hackers Escalate Attacks with macOS Malware [Week 9]
-
The North Korean hacking collective Bluenoroff, known for its financial cyber heists, has expanded its arsenal to include macOS-targeting malware. This group, a subset of the infamous Lazarus APT, has been actively exploiting system vulnerabilities to breach financial institutions. The latest findings point to a sophisticated malware strain designed specifically for macOS, signaling an escalation in the group's capabilities and the broadening scope of their attacks. The cybersecurity community is on high alert, emphasizing the need for robust, multi-platform defenses against these increasingly advanced state-sponsored cyber threats.
Source
Evolved Gootloader Malware Variant Outsmarts Detection Systems [Week 10]
-
A new variant of the Gootloader malware has emerged, alarming cybersecurity experts with its sophisticated evasion tactics. This evolved version of the malware, initially a banking trojan, now stealthily delivers various payloads while avoiding detection through obfuscated scripts and covert network communications. The threat underscores the need for robust cybersecurity defenses, as traditional detection methods may fall short against Gootloader's advanced techniques. Organizations are advised to reinforce their security posture and remain vigilant against such adaptive cyber threats.
Source
StripedFly: The Stealthy Malware That Hid in Plain Sight for Five Years [Week 11]
-
The StripedFly malware, undetected for half a decade, has compromised over a million devices by masquerading as a crypto miner. The Cybersecurity company Kaspersky's analysis reveals it as a dual-platform threat for Linux and Windows, utilizing a variant of the EternalBlue exploit to breach systems. It's equipped with a range of capabilities, including data harvesting and self-deletion, and uses encrypted channels for communication and updates via popular code repositories.
StripedFly's sophistication suggests it's the work of an advanced persistent threat (APT) group, with potential ties to the Equation Group known for cyber espionage. While it includes a Monero miner, the true purpose of StripedFly remains enigmatic, hinting at motives beyond financial gain.
Source