Cyber Outlook Rundown 12/19/22

Cybersecurity News

A Cybersecurity briefing on noteworthy Cyber Attacks, Vulnerabilities, and InfoSec news.

Noteworthy Cyber Attacks Reported

1. SevenRooms is a CRM platform used by restaurant chains and hospitality service providers, such as MGM Resorts, Bloomin' Brands, Mandarin Oriental, Wolfgang Puck, and many more. On 12/15/22, a threat actor posted data samples on the Breached hacking forum, claiming to have stolen a 427 GB backup database with thousands of files containing information about SevenRooms customers. The samples provided by the seller include folders named after big restaurant chains, clients of SevenRooms, API keys, promo codes, payment reports, reservation lists, and more. https://www.bleepingcomputer.com/news/security/restaurant-crm-platform-sevenrooms-confirms-breach-after-data-for-sale/

2. The fire and rescue service in the state of Victoria, Australia, has shut down its network and turned to operating manually after a cyberattack identified late last week. A notice on their website confirms that systems are still impacted and down. Australia has been in the media a lot lately with numerous Cyber Attacks and is drawing serious government attention and concerns. https://securityaffairs.co/wordpress/139764/cyber-crime/fire-service-victoria-australia-australia.html

3. Colombian energy company Empresas Públicas de Medellín (EPM) suffered a BlackCat/ALPHV ransomware attack on Monday, severely disrupting the company's operations and taking down online services. EPM is one of Colombia’s largest public energy, water, and gas providers, providing services to 123 municipalities and generated over $25 billion in revenue in 2022. On Tuesday, the company told approximately 4,000 employees to work from home, with IT infrastructure down and the company's websites no longer available. We continue to see major utilities and municipalities get hit with crippling Cyber Attacks and unfortunately most have out-of-date and inadequate security controls and defenses... https://www.bleepingcomputer.com/news/security/colombian-energy-supplier-epm-hit-by-blackcat-ransomware-attack/

Noteworthy Vulnerabilities / Threats Discovered

1. Analysis of 600 apps on the Google Play store by CloudSEK’s BeVigil security search engine found that 50% were leaking application programming interface (API) keys of three popular transactional and marketing email service providers. The providers included Mailgun, MailChimp and SendGrid. CloudSEK has notified all involved entities and affected apps about the hardcoded API keys. The leaked API keys allow threat actors to perform a variety of unauthorized actions such as sending emails, deleting API keys, and modifying two-factor authentication (2FA). https://www.infosecurity-magazine.com/news/api-keys-email-marketing-services/

2. Beware of Highly Sophisticated DarkTortilla Malware Distributed Via Phishing Sites Use this as a new/current example for Security Awareness Training with users. The best practices and defenses are the same, but it's helpful to see current real examples of extremely convincing phishing scams. https://gbhackers.com/highly-sophisticated-darktortilla-malware/?web_view=true

Noteworthy InfoSec News

1. NIST is introducing a plan to transition away from the current limited use of the Secure Hash Algorithm 1 (SHA-1) hash function. Other approved hash functions are already available. The transition will be completed by December 31, 2030, and NIST will engage with stakeholders throughout the transition process. https://csrc.nist.gov/news/2022/nist-transitioning-away-from-sha-1-for-all-apps

2. Google announced on Friday that it's adding end-to-end encryption (E2EE) to Gmail on the web, allowing enrolled Google Workspace users to send and receive encrypted emails within and outside their domain. Once enabled, Gmail client-side encryption will ensure that any sensitive data delivered as part of the email's body and attachments (including inline images) can not be decrypted by Google servers — the email header (including subject, timestamps, and recipients lists) will not be encrypted. https://www.bleepingcomputer.com/news/security/google-introduces-end-to-end-encryption-for-gmail-on-the-web/?utm_source=tldrnewsletter

3. Meta released a recap of their bug bounty program for 2022. They received hundreds of impactful bug reports in 2022 from researchers all over the world that have helped to make their community more secure, and paid out more than $2 million in bounty awards. Since 2011, they have paid out more than $16 million in bug bounties. https://about.fb.com/news/2022/12/metas-bug-bounty-program-2022/

Check our Twitter and Discord Server for more information:

https://twitter.com/CyberOutlook

https://discord.com/invite/ZRMUz3Q9Uy

If you missed the last rundown, check it out here:

https://www.cyberoutlook.org/post/cyber-outlook-rundown-12-16-22

Additional resources:

1. Gmail Encryption Support Info https://support.google.com/a/answer/13069736#zippy=%2Csend-and-receive-gmail-cse-emails