top of page

Cyber Outlook Rundown 2/27/23

Cybersecurity News


A Cybersecurity briefing on recent noteworthy Cyber Attacks, Vulnerabilities, and InfoSec news. We highlight useful resources to help people improve Information Security.

 

Noteworthy Cyber Attacks Reported

  1. The websites of nine hospitals in Denmark went offline on Sunday evening following distributed-denial-of-service (DDoS) attacks from a group calling itself Anonymous Sudan. They have been threatening attacks for several weeks now and have shown to follow through on several previous occasions. https://therecord.media/danish-hospitals-hit-by-cyberattack-from-anonymous-sudan/

  2. A group of hackers going by the online handle of “CH01” has taken responsibility for defacing at least 32 Russian websites to mark a protest over the one-year anniversary of the Russian invasion of Ukraine. The group also announced launching a cyber war against the Russian government. https://www.hackread.com/hackers-deface-russia-websites-ukraine/

  3. Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023. https://www.bleepingcomputer.com/news/security/stanford-university-discloses-data-breach-affecting-phd-applicants/

  4. Community Health Systems (CHS) says it was impacted by a recent wave of attacks targeting a zero-day vulnerability in Fortra’s GoAnywhere MFT secure file transfer platform. A subsequent investigation revealed that the resulting data breach affected the personal and health information of up to 1 million patients. https://www.bleepingcomputer.com/news/security/healthcare-giant-chs-reports-first-data-breach-in-goanywhere-hacks/

Noteworthy Vulnerabilities / Threats Discovered

  1. A recently patched bug in the Chromium project could allow malicious actors to bypass a security feature that protects sensitive cookies on Android browsers. Security researcher Axel Chong, discovered that he could bypass SameSite protection if he used the intent scheme to navigate to the target website. Intents are external protocol handlers that allow Android apps to open other apps, such as jumping from the browser to the Maps application or from an SMS to the browser. https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices

  2. Menlo Labs researchers uncovered an unknown threat actor is using the PureCrypter downloader in attacks aimed at government entities. The campaign relies on the domain of a compromised non-profit organization as a C2 server to deliver a second-stage payload. The malware campaign delivers multiple malware, including Redline Stealer, AgentTesla, Eternity, Blackmoon and Philadelphia Ransomware. The experts spotted multiple attempts of delivering malware to several government customers in the Asia-Pacific (APAC) and North America. https://securityaffairs.com/142749/hacking/purecrypter-deliver-agenttesla.html

  3. Citrix has recently announced patches for several severe vulnerabilities in Virtual Apps and Desktops, as well as in Workspace apps for Windows and Linux, giving potential ability to takeover the system remotely. Make sure you have reviewed your Citrix environment to ensure all the latest patches are successfully installed. https://www.securityweek.com/citrix-patches-high-severity-vulnerabilities-in-windows-linux-apps

  4. Analyzing wiper malware data reveals a trend of cyber adversaries consistently using destructive attack techniques against their targets. It also shows that with the lack of borders on the internet, cyber adversaries can easily scale these types of attacks, which have been largely enabled by the Cybercrime-as-a-Service (CaaS) model. In early 2022, FortiGuard Labs reported the presence of several new wipers in parallel with the Russia-Ukraine war. Later in the year, wiper malware expanded into other countries, fueling a 53% increase in wiper activity from Q3 to Q4 alone. https://www.helpnetsecurity.com/2023/02/27/destructive-wiper-malware/

  5. Cybersecurity researchers have unearthed a new piece of evasive malware dubbed Beep that's designed to fly under the radar and drop additional payloads onto a compromised host. https://www.bleepingcomputer.com/news/security/hacker-develops-new-screenshotter-malware-to-find-high-value-targets/

Noteworthy InfoSec News

  1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations and individuals to increase their cyber vigilance, as Russia's military invasion of Ukraine officially enters one year. Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Every organization—large and small—must be prepared to respond to disruptive cyber incidents. https://thehackernews.com/2023/02/cisa-sounds-alarm-on-cybersecurity.html

  2. New York-based cloud security company Wiz announced on Monday that it has raised another $300 million in funding, reaching a valuation of $10 billion. Wiz has developed a cloud security platform that provides security posture management, container security, infrastructure-as-code (IaC) scanning, cloud-native application protection, vulnerability management, detection and response, entitlement management, and compliance capabilities. https://www.securityweek.com/cloud-security-firm-wiz-raises-300-million-at-10-billion-valuation/

  3. Check out the CIS Benchmarks Update for February 2023 - There are updates to some existing Benchmarks and new Benchmarks added, including Microsoft Intune for Windows 11, Azure Compute Microsoft Windows Server 2022, and pfSense Firewall. https://www.cisecurity.org/insights/blog/cis-benchmarks-february-2023-update

Highlighted InfoSec Resources

  1. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. https://www.cisa.gov/shields-up

  2. Are you leveraging a Risk Management process to help build your Information Security Program? Leveraging the findings from a Risk Assessment is the best way to prioritize security objectives. Check out the Center for Internet Security Risk Assessment Method (CIS RAM), which is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Critical Security Controls (CIS Controls) cybersecurity best practices. The CIS RAM Family of Documents provides instructions, examples, templates, and exercises for conducting a cyber risk assessment. https://www.cisecurity.org/insights/blog/defining--reasonable-security-with-a-risk-assessment-method


Check our Twitter and Discord Server for more information:

https://twitter.com/CyberOutlook

https://discord.com/invite/ZRMUz3Q9Uy


If you missed the last rundown, check it out here:

https://www.cyberoutlook.org/post/cyber-outlook-rundown-2-3-23

 

References:

  1. The CIS Controls is a publication of best practice guidelines for computer security. The project was initiated early in 2008 in response to extreme data losses experienced by organizations in the US defense industrial base, initially developed by the SANS Institute. https://www.cisecurity.org/

  2. Wiz helps organizations create secure cloud environments by creating a normalizing layer between cloud environments, the platform enables organizations to rapidly identify and remove critical risks. https://www.wiz.io/

  3. Citrix Support Knowledge Center https://support.citrix.com/knowledge-center/search/#/All%20Products?ct=Security%20Bulletins

  4. Cyware - provides threat intelligence, security orchestration and other cybersecurity resources https://cyware.com/

blockchain concept illustration in 3d, connected blocks in blockchain_edited.jpg

Check out our Twitter feed!

pngegg.png
  • Discord
  • Twitter
  • LinkedIn
bottom of page