11-Sep-23: In Security News Today

The EU AI Act and Its Impact on Businesses and Cybersecurity

The draft AI Act in the European Union represents a significant step in regulating AI technologies, addressing potential risks and ethical concerns. Compliance with these regulations will require businesses to establish cohesive data and AI/machine learning operational practices, while also ensuring AI transparency and accountability. The EU’s decision will have a global impact, and it is important for major powers like the US and China to regulate AI universally. However, the US faces challenges in implementing comprehensive AI regulations due to privacy issues and the influence of Big Tech.

Massive Ransomware Attack on Sri Lankan Government Cloud System Leads to Permanent Data Loss

Sri Lanka’s government cloud system, Lanka Government Cloud (LGC), was hit by a large-scale ransomware attack, resulting in the encryption of LGC services and backup systems. While the system and its backup were restored within 12 hours, data from May 17 to August 26, 2023, was permanently lost due to the lack of available backups. The outdated version of Microsoft Exchange being used at the time of the attack was deemed vulnerable, highlighting the need for timely software updates and budget allocation for cybersecurity measures.

Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger

A new phishing attack originating from a Vietnamese-based group is using Facebook Messenger to propagate messages with malicious attachments. The attack, known as MrTonyScam, entices victims to click on RAR and ZIP archive attachments, leading to the deployment of a dropper that fetches the next-stage from a GitHub or GitLab repository. The payload contains an obfuscated Python-based stealer that exfiltrates cookies and login credentials from web browsers to an actor-controlled endpoint, allowing the attackers to hijack victims’ accounts.

Anonymous Sudan Launches DDoS Attack on Telegram in Retaliation for Account Suspension

The hacker group Anonymous Sudan has launched a distributed denial-of-service (DDoS) attack against Telegram in retaliation for the messaging platform’s decision to suspend their primary account. Anonymous Sudan, claiming to be a hacktivist group motivated by political and religious causes, has previously targeted organizations in various countries. The group’s recent attack on Telegram did not achieve its purpose, and there are suspicions that they may have ties to the Russian hacking group KillNet.

Charming Kitten’s New Backdoor ‘Sponsor’ Targets Brazil, Israel, and U.A.E.

The Iranian threat actor known as Charming Kitten has been linked to a new wave of attacks targeting entities in Brazil, Israel, and the U.A.E. using a previously undocumented backdoor named Sponsor. The group primarily targets education, government, and healthcare organizations, as well as human rights activists and journalists. The backdoor, called Sponsor, uses configuration files stored on disk and is designed to evade detection by scanning engines.

Data Breach at Dymocks Bookstore Chain Impacts 800k Customers

Dymocks Booksellers, an Australian bookstore chain, has disclosed a data breach that may have affected over 800,000 individuals. The breach involved unauthorized access to customer records, potentially compromising personal information such as names, addresses, birth dates, gender, email addresses, and membership details. While no financial information was compromised, Dymocks advises customers to change their passwords and be cautious of potential fraud and attacks.

Phishing Attack Targets AP Stylebook Users Following Data Breach

Cybercriminals breached an old version of the AP Stylebook website and obtained information on over 220 customers, including personal and financial data. The attackers then targeted these customers in phishing attacks, directing them to a fake AP Stylebook website to provide updated payment card information. The old website has been shut down, the phishing site disabled, and affected customers are being offered two years of free credit monitoring and identity restoration services.

Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows

A new cyber attack campaign, codenamed Steal-It, is using a customized version of the Nishang PowerShell script to steal NTLMv2 hashes from compromised Windows systems primarily in Australia, Poland, and Belgium. The attacks involve phishing emails containing ZIP archives as the initial point of infiltration, and they employ different infection chains depending on the target location. One of the attack sequences was previously highlighted by CERT-UA as part of an APT28 campaign against government institutions in Ukraine.

FBI Blames North Korean Hackers for $41 Million Stake.com Heist

The FBI has confirmed that the North Korea-linked hacking group Lazarus is responsible for stealing $41 million in cryptocurrency from online betting platform Stake.com. The hackers stole approximately $15.7 million in Ethereum and $25.6 million in Binance Smart Chain and Polygon. Lazarus has been involved in several high-profile cyber-heists in recent years, targeting banks and cryptocurrency exchanges to generate funds for the North Korean regime.

Vulnerabilities in Socomec UPS Devices Allow Hijacking and Disruption

Several vulnerabilities have been discovered in Socomec UPS devices that can be exploited to hijack and disrupt the devices. The vulnerabilities include cross-site scripting, plaintext password storage, code injection, session cookie theft, cross-site request forgery, and insecure storage of sensitive information. The impacted product has reached end of life, and organizations are advised to upgrade to a newer model to mitigate the risks.

New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World

HijackLoader is a new malware loader that is gaining popularity among cybercriminals for delivering various payloads. It uses a modular architecture, allowing for code injection and execution with different modules. The malware employs techniques to evade detection, such as using syscalls and monitoring processes associated with security software. Additionally, a new version of the information-stealing malware RisePro has been discovered, which promises improved features and the ability for users to host their own panels to protect logs from being stolen.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.