20-Sep-23: In Security News Today

China-Linked Actor Expands Espionage Campaign with Linux Backdoor

A China-linked cyber espionage actor known as Earth Lusca has been targeting government organizations in Asia, Latin America, and other regions since at least 2021. The actor has recently started using a Linux backdoor called SprySOCKS, which is a variant of the Windows remote access Trojan (RAT) Trochilus. SprySOCKS incorporates features from multiple previously known malware tools and has a unique launching mechanism that is typically used by APT groups targeting Windows systems. Earth Lusca has targeted a wide range of organizations, including government agencies, educational institutions, media organizations, and cryptocurrency and gambling firms.

Pro-Iranian Cyberattack Group Targets Israeli Railway Infrastructure

The Cyber Avengers, a pro-Iranian cyberattack group, has targeted Israel’s railway infrastructure, causing disruptions in the central signaling computer and subsequent train halts. The group released images showcasing sections of the railway infrastructure and confirmed the cyberattacks on Israel’s railway infrastructure. This is not the first time that Israeli civilian infrastructure has been targeted, as earlier this month, a group called Ragnar Locker breached and leaked Israeli medical data on the Dark Web.

Scams Cost UK Citizens Estimated $9.3 Billion in 1 Year, GASA Reports

A recent report by the Global Anti-Scam Alliance (GASA) and Cifas reveals that approximately 10% of UK adults fell victim to scams in the past year, resulting in an estimated $9.3 billion in losses. The report also highlights that 62% of respondents received scam messages at least once a month, with 53% noticing a significant rise in these deceptive messages. Most victims received scam messages via email and phones, and surprisingly, 66% did not report the scams to any authority.

ValleyRAT Malware Targets Chinese Users in Rising Phishing Campaigns

Proofpoint has reported an increase in email phishing campaigns targeting Chinese-language speakers, distributing malware such as Sainbox RAT, Purple Fox, and a newly identified trojan called ValleyRAT. These campaigns use Chinese-language lures and malware commonly associated with Chinese cybercrime, and involve sending emails with URLs that install the malware upon interaction. The emergence of ValleyRAT suggests a potential increase in its future deployment, contributing to the evolving Chinese malware landscape.

‘Culturestreak’ Malware Found in GitLab Python Package

Security researchers have discovered a malicious open source Python package called ‘culturestreak’ on GitLab that hijacks system resources to mine cryptocurrency. The package, found in an active repository on GitLab, runs in an infinite loop and exploits system resources for unauthorized mining of Dero cryptocurrency. This discovery highlights the persistent threat of supply chain attacks and the need for developers to vet code and packages from unverified or suspicious sources.

Finnish Authorities and Europol Seize Dark Web Drug Marketplace

Finnish authorities, in collaboration with Europol and private cybersecurity companies, have seized Piilopuoti, a drugs marketplace operating on the Tor network. The Finnish-language website facilitated the anonymous trade of narcotics smuggled into Finland. The takedown highlights the importance of cooperation between authorities and the private sector in disrupting illegal online activities and demonstrates that the dark web no longer offers absolute anonymity.

Critical Security Flaws Exposed in Nagios XI Network Monitoring Software

Multiple security flaws have been disclosed in Nagios XI network monitoring software, including SQL injection and cross-site scripting vulnerabilities. These flaws could lead to privilege escalation, information disclosure, and the ability to execute arbitrary SQL commands. The vulnerabilities have been patched in the latest release of the software. This is not the first time security issues have been found in Nagios XI, with previous discoveries of flaws that could result in remote code execution.

Atos Unify Vulnerabilities Could Allow Hackers to Backdoor Systems

Researchers at SEC Consult have discovered two vulnerabilities in Atos Unify products that could be exploited by attackers to cause disruption and backdoor targeted systems. The vulnerabilities affect the Atos Unify Session Border Controller, Unify OpenScape Branch, and Border Control Function. The flaws allow attackers to execute arbitrary PHP functions and operating system commands with root privileges, as well as access and execute certain scripts. Atos has released updates and suggested workarounds to mitigate the risk.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.