The Russian state-sponsored hacking group known as Midnight Blizzard, or Nobelium, has been launching highly targeted phishing attacks using compromised Microsoft 365 tenants and the Microsoft Teams application. The group aims to steal Microsoft 365 passwords and gain access to organizations’ Azure Active Directory environments. The attacks have targeted government organizations, NGOs, IT services, technology, discrete manufacturing, and media sectors globally, with small businesses being the main victims.
The Cybersecurity and Infrastructure Security Agency (CISA) is urging the computer industry to take a secure-by-design approach to enhance the security of Unified Extensible Firmware Interface (UEFI) update mechanisms. UEFI is a popular attack surface for threat actors to achieve persistence on a system. The call to action by CISA is a demand for standard movement to neutralize threats to UEFI by creating inherently hardened software and update pathways.
A hacktivist group known as ‘Mysterious Team Bangladesh’ has emerged as a significant threat, carrying out over 750 distributed denial of service (DDoS) attacks and 78 website defacements in just one year. The group primarily targets government, financial, and transportation-sector organizations in India and Israel, but has also attacked organizations in other countries. Mysterious Team Bangladesh uses open-source utilities and exploits vulnerable versions of PHPMyAdmin and WordPress to carry out its attacks.
Threat actors are using a technique called versioning to evade Google Play Store’s malware detections and target Android users. In this method, a developer releases an initial version of an app on the Play Store that passes Google’s pre-publication checks, but is later updated with a malware component. The malware is delivered through dynamic code loading, effectively turning the app into a backdoor. Users are advised to stick to trusted sources for downloading apps and enable Google Play Protect to receive notifications of potentially harmful apps.
Threat actors are increasingly targeting unpatched Internet of Things (IoT) and operational technology (OT) devices in industrial control systems (ICS). Nozomi Networks found that manufacturing, water treatment, food and agriculture, and chemical sectors were the most frequently targeted. The delay in patching ICS systems is due to the expensive downtime and the cost of upgrading, but efforts to protect these systems are showing progress.
Cybersecurity researchers have discovered an updated version of the Rilide malware that targets Chromium-based web browsers to steal sensitive data and cryptocurrency. The new version exhibits a higher level of sophistication through modular design, code obfuscation, and adoption of the Chrome Extension Manifest V3. It is equipped with features such as exfiltration of stolen data to a Telegram channel, interval-based screenshot captures, and the ability to disable other browser add-ons. The malware is sold on dark web forums and has been found to impersonate legitimate applications to deceive users into installing it.
Maximus Inc., a US government services provider, has been targeted by the Clop ransomware gang through a critical vulnerability in Progress Software Corp.’s MOVEit file transfer software. The attack has potentially affected up to 11 million people, including those outside the US. Cybersecurity experts emphasize the importance of closely monitoring and evaluating the security of suppliers and supply chains, implementing robust data-centric security measures, and securing the software supply chain to protect against future ransomware attacks.
Microsoft warns that the cyber risk surface of live sporting events is expanding rapidly, posing a threat to stadium operations. The company highlights the valuable information stored in sports teams, major league associations, and entertainment venues that is desirable to cybercriminals. Microsoft recommends measures such as disabling unnecessary ports, securing apps and devices, patching point-of-sale devices, and implementing logical network segmentations to defend against attacks.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.