03-Aug-23: In Security News Today

Russian Hackers Launch Targeted Microsoft Teams Attacks

The Russian state-sponsored hacking group known as Midnight Blizzard, or Nobelium, has been launching highly targeted phishing attacks using compromised Microsoft 365 tenants and the Microsoft Teams application. The group aims to steal Microsoft 365 passwords and gain access to organizations’ Azure Active Directory environments. The attacks have targeted government organizations, NGOs, IT services, technology, discrete manufacturing, and media sectors globally, with small businesses being the main victims.

CISA Calls for Improved Security for UEFI Update Mechanisms

The Cybersecurity and Infrastructure Security Agency (CISA) is urging the computer industry to take a secure-by-design approach to enhance the security of Unified Extensible Firmware Interface (UEFI) update mechanisms. UEFI is a popular attack surface for threat actors to achieve persistence on a system. The call to action by CISA is a demand for standard movement to neutralize threats to UEFI by creating inherently hardened software and update pathways.

Hacktivist Group ‘Mysterious Team Bangladesh’ Conducts DDoS Attacks and Website Defacements

A hacktivist group known as ‘Mysterious Team Bangladesh’ has emerged as a significant threat, carrying out over 750 distributed denial of service (DDoS) attacks and 78 website defacements in just one year. The group primarily targets government, financial, and transportation-sector organizations in India and Israel, but has also attacked organizations in other countries. Mysterious Team Bangladesh uses open-source utilities and exploits vulnerable versions of PHPMyAdmin and WordPress to carry out its attacks.

Malicious Apps Use Sneaky Versioning Technique to Bypass Google Play Store Scanners

Threat actors are using a technique called versioning to evade Google Play Store’s malware detections and target Android users. In this method, a developer releases an initial version of an app on the Play Store that passes Google’s pre-publication checks, but is later updated with a malware component. The malware is delivered through dynamic code loading, effectively turning the app into a backdoor. Users are advised to stick to trusted sources for downloading apps and enable Google Play Protect to receive notifications of potentially harmful apps.

Piles of Unpatched IoT, OT Devices Attract ICS Cyberattacks

Threat actors are increasingly targeting unpatched Internet of Things (IoT) and operational technology (OT) devices in industrial control systems (ICS). Nozomi Networks found that manufacturing, water treatment, food and agriculture, and chemical sectors were the most frequently targeted. The delay in patching ICS systems is due to the expensive downtime and the cost of upgrading, but efforts to protect these systems are showing progress.

New Version of Rilide Data Theft Malware Adapts to Chrome Extension Manifest V3

Cybersecurity researchers have discovered an updated version of the Rilide malware that targets Chromium-based web browsers to steal sensitive data and cryptocurrency. The new version exhibits a higher level of sophistication through modular design, code obfuscation, and adoption of the Chrome Extension Manifest V3. It is equipped with features such as exfiltration of stolen data to a Telegram channel, interval-based screenshot captures, and the ability to disable other browser add-ons. The malware is sold on dark web forums and has been found to impersonate legitimate applications to deceive users into installing it.

US Government Services Provider Maximus Inc. Falls Victim to Clop Ransomware Attack

Maximus Inc., a US government services provider, has been targeted by the Clop ransomware gang through a critical vulnerability in Progress Software Corp.’s MOVEit file transfer software. The attack has potentially affected up to 11 million people, including those outside the US. Cybersecurity experts emphasize the importance of closely monitoring and evaluating the security of suppliers and supply chains, implementing robust data-centric security measures, and securing the software supply chain to protect against future ransomware attacks.

Microsoft Flags Growing Cybersecurity Concerns for Major Sporting Events

Microsoft warns that the cyber risk surface of live sporting events is expanding rapidly, posing a threat to stadium operations. The company highlights the valuable information stored in sports teams, major league associations, and entertainment venues that is desirable to cybercriminals. Microsoft recommends measures such as disabling unnecessary ports, securing apps and devices, patching point-of-sale devices, and implementing logical network segmentations to defend against attacks.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.