A Cybersecurity briefing on noteworthy Cyber Attacks, Vulnerabilities, and InfoSec news.
Happy New Year from Cyber Outlook to all our subscribers, Discord members and supporters. We wish everyone a healthy, prosperous and secure 2023! We look forward to making big strides as we continue to develop, grow, and improve this year!
Noteworthy Cyber Attacks Reported
Malaysian Communications and Digital Minister (Fahmi Fadzil) ordered an inquiry into an alleged massive data breach affecting around 13 million citizens. The leak was first uncovered by the ThreatMon, a cyberthreat intelligence platform, on Dec. 26, 2022. The leaks reportedly involve data from Maybank, satellite broadcaster Astro and the Election Commission. https://www.bankinfosecurity.com/malaysian-agencies-investigate-alleged-breach-affecting-13-million-a-20839
As of 1/3/2023, a misconfigured server, belonging to an ERP Software provider based in California, was STILL exposing data to the public without any security authentication or password. This was confirmed by Anurag Sen, a prominent independent security researcher, who stated the server was being exposed since late December 2022. The server exposed records containing personal data of over 575,000 individuals, including Personally Identifiable Information (PII). https://www.hackread.com/erp-firm-expose-india-job-seekers-data/?web_view=true
ALPHV, also known as BlackCat ransomware, is known for testing new extortion tactics as a way to pressure and shame their victims into paying. They continue to get creative with their extortion tactic and, in at least one case, created a replica of the victim's site to publish stolen data on it. A financial company fell victim to this on 12/26/22. https://www.bleepingcomputer.com/news/security/ransomware-gang-cloned-victim-s-website-to-leak-stolen-data/
Noteworthy Vulnerabilities / Threats Discovered
Synology has released two new Critical vulnerabilities for their Routers with patches to remediate. https://www.synology.com/en-us/security/advisory/Synology_SA_22_26
A newly discovered ransomware, called CatB, has been found performing MSDTC service DLL hijacking to drop and execute its payload. The sample, first discovered on November 23, 2022, is assumed to share similarities with Pandora ransomware. https://minerva-labs.com/blog/new-catb-ransomware-employs-2-year-old-dll-hijacking-technique-to-evade-detection/
Noteworthy InfoSec News
Cyber training bulletin from the Cybersecurity and Infrastructure Security Agency (CISA) for January and February https://content.govdelivery.com/accounts/USDHSCISA/bulletins/340a8bc
This article provides details on trends in ransomware attacks on US hospitals, clinics, and other healthcare delivery organizations, from 2016 to 2021. Researchers from Jama Network studied 374 ransomware attacks and found interesting statistics. These 374 ransomware attacks exposed the PHI of 42 million Americans, an 11x increase - from 1.3 million in 2016 to over 16.5 million in 2021. https://jamanetwork.com/journals/jama-health-forum/fullarticle/2799961
Security teams expect breach and incident reporting requirements to create more work, so most IT security professionals will focus on improving “detect” and “respond” capabilities in 2023, amidst concerns over increasing costs and regulatory pressures, according to Deepwatch. https://www.helpnetsecurity.com/2023/01/03/breach-and-incident-reporting-requirements/?web_view=true
Check our Twitter and Discord Server for more information:
If you missed the last rundown, check it out here:
Cybersecurity and Infrastructure Security Agency (CISA) https://www.cisa.gov/