04-Aug-23: In Security News Today

Cyberattack Suspends Operations at Hawaii’s Gemini North Observatory

The National Science Foundation’s National Optical-Infrared Astronomy Research Laboratory (NOIRLab) detected an attempted cyberattack on its computer systems, leading to the suspension of observations at Gemini North Observatory in Hawaii. The NOIRLab cybersecurity team acted quickly to prevent damage, but the observatory remains closed for investigation. This incident follows a similar cyberattack on the Atacama Large Millimeter Array (ALMA) radio telescope in Chile last November.

Burger King France Exposes Sensitive Data in Misconfiguration Incident

Burger King France has experienced a second misconfiguration incident that exposed sensitive data, including database credentials, job posts, and applicant data. Threat actors could have potentially executed arbitrary code and manipulated the site’s analytics by combining the compromised credentials with the site’s Google Tag Manager ID. The researchers alerted Burger King to the issue, and it has been resolved.

Google, Microsoft, and Others Embrace Rust Language for Better Security

Tech giants like Google and Microsoft are increasingly adopting the Rust programming language for its built-in memory safety and other security features. Rust’s ability to avoid memory safety issues and vulnerabilities has made it a popular choice among developers and companies focused on secure code. Companies like Fortanix, Google, and 1Password have committed to using Rust extensively, while Microsoft is rewriting parts of its kernel using Rust and plans to have Windows booting with Rust in the kernel.

Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks

Mallox ransomware has seen a 174% increase in activity in 2023, following the trend of stealing data before encrypting files and threatening to publish the stolen data as leverage. The group targets poorly secured MS-SQL servers through dictionary attacks to gain access to victims’ networks. The Mallox ransomware group has been recruiting affiliates for their ransomware-as-a-service program, indicating a potential increase in attacks.

Malicious npm Packages Exfiltrating Sensitive Data from Developers

Researchers have discovered a group of malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. The packages, published by the user malikrukd4732, have the ability to launch JavaScript that exfiltrates valuable information to a remote server. The motivation behind this campaign is unclear, but it is suspected to be targeted at the cryptocurrency sector.

Major Cybersecurity Agencies Collaborate to Unveil 2022’s Most Exploited Vulnerabilities

Cybersecurity agencies from the Five Eyes nations have identified a four-year-old critical security flaw in Fortinet FortiOS SSL as one of the most frequently exploited vulnerabilities in 2022. The agencies noted that attackers prioritize developing exploits for severe and widely known vulnerabilities, emphasizing the importance of organizations applying security updates promptly. Other widely exploited flaws include unauthenticated remote code execution vulnerabilities in Zoho ManageEngine ADSelfService Plus and Atlassian Confluence Server and Data Center, as well as remote code execution vulnerabilities in VMware Workspace ONE Access and Identity Manager.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.