02-Aug-23: In Security News Today

Hot Topic Faces Credential-Stuffing Attack Resulting in Cracked Accounts and Data Exposure

Hot Topic, an American retailer, has notified its customers about multiple credential-stuffing cyberattacks that occurred between February and June. The attacks resulted in cracked accounts and the exposure of sensitive information, including names, email addresses, order histories, phone numbers, mailing addresses, and birthdays. Hot Topic is taking the breaches seriously and is working with cybersecurity experts to implement new measures to safeguard its website and mobile application.

Iranian Company Cloudzy Allegedly Provides Command-and-Control Services to APT Groups and Ransomware Gangs

Cloudzy, an Iranian company posing as an American business, is accused of offering command-and-control services to over 20 nation-state actors and top ransomware gangs. The company is allegedly providing these services to APT groups tied to governmental entities in China, Iran, North Korea, Russia, India, Pakistan, and Vietnam. Halcyon’s report claims that Cloudzy’s policies have caused significant damage, and although the company was informed of its infrastructure being used in attacks, it brushed off the concerns.

Iran’s APT34 Targets UAE with Supply Chain Attack

APT34, also known as OilRig and MuddyWater, has been caught carrying out a supply chain attack in the United Arab Emirates (UAE) with the goal of gaining access to government targets. The attackers used a malicious IT job recruitment form as a lure, collecting sensitive information and credentials to access the IT company clients’ networks. APT34 has been linked to previous cyber-surveillance activities and is believed to work on behalf of the Iranian government.

Canon Inkjet Printers at Risk for Third-Party Compromise via Wi-Fi

Canon inkjet printers are at risk of third-party compromise due to a vulnerability that could give unauthorized access to sensitive information stored in memory. If exploited, this vulnerability could lead to a data breach and compromise overall data security. Canon has provided a list of affected printers and recommended mitigations, including resetting all settings and enabling wireless LAN.

New macOS Malware Allows Remote Control of Apple Devices

A new malware called hVNC has been discovered targeting macOS users, allowing complete takeovers of Apple devices without user permission. The malware is being sold on the Dark Web for $60,000 and can steal sensitive information such as login credentials and financial data. The discovery of this malware, along with the emergence of other macOS-targeting malware, suggests an imminent surge in cyberattacks against macOS users.

Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures

A Russian cyber adversary known as BlueCharlie has been linked to 94 new domains, indicating that the group is modifying its infrastructure in response to public disclosures. BlueCharlie, believed to be affiliated with Russia’s Federal Security Service (FSB), has been involved in phishing campaigns targeting private sector companies, nuclear research labs, and NGOs involved in Ukraine crisis relief. The group has recently adopted a new naming pattern for its domains, using keywords related to information technology and cryptocurrency.

Phishers Exploit Salesforce’s Email Services Zero-Day in Targeted Facebook Campaign

A sophisticated phishing campaign has been observed exploiting a zero-day flaw in Salesforce’s email services to send targeted phishing messages using the company’s domain and infrastructure. The phishing emails masquerade as coming from Meta and claim that the recipient’s Facebook account is under investigation. The attack is notable because the phishing kit is hosted as a game under the Facebook apps platform, making it difficult to detect.

Over One-Third of Industrial Control Systems Vulnerabilities Remain Unpatched in 2023

A report by SynSaber reveals that 34% of security vulnerabilities impacting industrial control systems (ICSs) reported in the first half of 2023 have no patch or remediation, a significant increase from the previous year. Critical manufacturing and energy sectors are the most affected, with Mitsubishi Electric, Siemens, and Rockwell Automation being the most impacted vendors. The report also highlights the presence of Forever-Day vulnerabilities and the need for organizations to monitor multiple sources of information to understand vulnerabilities in the context of their unique environments.

Top Industries Significantly Impacted by Illicit Telegram Networks

Illicit activities conducted within Telegram have become a growing concern for various industries. The financial sector is heavily impacted, with sensitive personal information being shared and fraudulent schemes organized. The retail and e-commerce industry faces challenges such as the sale of counterfeit goods, phishing, and financial fraud. The information technology sector is also affected, with cybercriminals coordinating attacks, distributing malware, and sharing hacking tools through illicit Telegram channels.

Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan

Researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments. The SSM Agent, a legitimate tool used by admins to manage instances, can be repurposed by attackers with high privilege access to carry out malicious activities. Attackers can use the SSM Agent to maintain access to compromised machines and perform various malicious activities, such as data theft, ransomware, and cryptocurrency mining.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.