Cyber Outlook Rundown 1/19/23

Cybersecurity News

A Cybersecurity briefing on noteworthy Cyber Attacks, Vulnerabilities, and InfoSec news.

Noteworthy Cyber Attacks Reported

1. PayPal accounts have been breached in large-scale credential stuffing attack. PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data. PayPal explains that the credential stuffing attack occurred between December 6 and December 8, 2022. The company detected and mitigated it at the time but also started an internal investigation to find out how the hackers obtained access to the accounts. By December 20, 2022, PayPal concluded its investigation, confirming that unauthorized third parties logged into the accounts with valid credentials. https://www.bleepingcomputer.com/news/security/paypal-accounts-breached-in-large-scale-credential-stuffing-attack

2. Email marketing and newsletter giant Mailchimp says it was hacked and that dozens of customers’ data was exposed. It’s the second time the company was hacked in the past six months. Worse, this breach appears to be almost identical to a previous incident. https://techcrunch.com/2023/01/18/mailchimp-hacked

3. Bankrupt crypto firm FTX said on Tuesday that $415 million worth of crypto was hacked from the exchange’s accounts, representing a sizable portion of the identified assets the company is trying to recover. https://www.cnbc.com/2023/01/17/ftx-says-415-million-of-crypto-was-hacked.html

4. Nearly one million active and inactive Norton LifeLock accounts have been targeted by credential stuffing attacks, according to a statement from the cybersecurity product’s parent company. The attack started on December 1, the company said, with a large number of failed login attempts on December 12. The company finished its investigation by December 22 and determined that the credential stuffing attacks had been successful for thousands of accounts. https://therecord.media/norton-lifelock-says-925000-accounts-targeted-by-credential-stuffing-attacks/

Noteworthy Vulnerabilities / Threats Discovered

1. Cisco reported a new "High" severity vulnerability on January 18th, CVE-2023-20010, for their Cisco Unified Communications Manager. A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n

2. IcedID is a banking Trojan that has been actively used by cybercriminals since 2017 and shared part of its code with another widely used malware family known as Pony, whose source code leaked in 2015. While mostly distributed via spam emails built to infect users, IcedID was also delivered in the beginning of 2023 by a phishing campaign pretending to spread a Zoom software update. This is a good high-level article explaining the order of operations for the popular IcedID malware and just how quickly attackers can spread through a network and extract data. https://www.techrepublic.com/article/threat-attacks-own-data-two-days

3. Oracle on Tuesday announced the release of its first Critical Patch Update for 2023, which includes 327 new security patches. More than 70 fixes address critical-severity vulnerabilities. https://www.securityweek.com/oracles-first-security-update-2023-includes-327-new-patches

4. Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any time soon. This time, the repository was PyPI, short for the Python Package Index, which is the official software repository for the Python programming language. https://arstechnica.com/information-technology/2023/01/more-malicious-packages-posted-to-online-repository-this-time-its-pypi/

5. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released several Industrial Control Systems (ICS) advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio, which could be exploited by an attacker to "obtain unauthorized access to the server, alter information, create a denial-of-service condition, gain escalated privileges, and execute arbitrary code," according to CISA. https://thehackernews.com/2023/01/cisa-warns-for-flaws-affecting.html

Noteworthy InfoSec News

1. ChatGPT could easily be used to create polymorphic malware. This malware’s advanced capabilities can easily evade security products and make mitigation cumbersome with very little effort or investment by the adversary. The intention of this post is to raise awareness about the potential risks and to encourage further research on this topic. This is a great article from CyberArk on the research they are conducting around the risks of ChatGPT and it's uses to develop and evolve malware. https://www.cyberark.com/resources/threat-research-blog/chatting-our-way-into-creating-a-polymorphic-malware

2. Meta has been fined an additional 5.5 million euros ($5.9 million) for violating EU data protection regulations with its instant messaging platform WhatsApp, Ireland's regulator announced Thursday. The penalty follows a far larger 390-million-euro fine for Meta's Instagram and Facebook platforms two weeks ago after they were found to have flouted the same EU rules. https://www.securityweek.com/meta-slapped-55-million-euro-fine-eu-data-breach

3. A New York resident has pleaded guilty to charges of conspiracy to commit bank fraud using stolen credit cards purchased on dark web cybercrime marketplaces. Trevor Osagie, a 31 year old man from the Bronx, admitted to playing a key role in the operation of a credit card conspiracy group that caused over $1,500,000 in damages to 4,000 account holders. https://www.bleepingcomputer.com/news/security/new-york-man-defrauded-thousands-using-credit-cards-sold-on-dark-web/

4. Security professionals must update their skill sets and be proactive to stay ahead of cybercriminals. It's time to learn to think and act like an attacker to cope with the cyber "new normal." https://www.darkreading.com/attacks-breaches/why-businesses-need-to-think-like-hackers-this-year

Check our Twitter and Discord Server for more information:

https://twitter.com/CyberOutlook

https://discord.com/invite/ZRMUz3Q9Uy

If you missed the last rundown, check it out here:

https://www.cyberoutlook.org/post/cyber-outlook-rundown-1-10-23

Additional resources:

1. Learn more about OpenAI's ChatGPT https://openai.com/blog/chatgpt

2. Cyware - provides threat intelligence, security orchestration and other cybersecurity resources https://cyware.com/