28-Sep-23: In Security News Today

Budworm APT Group Strikes Again with Enhanced Malware Toolkit

The Budworm APT group has been identified using an updated version of their SysUpdate backdoor to target a Middle Eastern telecommunications organization and an Asian government. The backdoor is activated through DLL sideloading, using the legitimate INISafeWebSSO application to execute a malicious payload. SysUpdate is a multifunctional backdoor that allows the attacker to perform various actions, such as listing, starting, and stopping services, capturing screenshots, and executing commands. Budworm has been operational since at least 2013 and targets high-value entities in government, technology, and defense sectors.

Ransomware attackers shifting focus to smaller organizations, says report

A new report from Trend Micro has found that ransomware attackers are increasingly targeting smaller, less defended organizations instead of larger, high-profile targets. The report observed a 47% increase in the number of new victims of ransomware attacks in the second half of 2022, many of which were small organizations with less mature cyber postures. The report also highlighted the rise of smaller ransomware groups and the leaking of source codes, which has enabled other actors to create new ransomware strains.

China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies

A state-backed hacking group from China known as BlackTech has been targeting U.S. and Japanese companies by exploiting routers. The group has the ability to modify router firmware without detection and use routers as jumping-off points to access networks. BlackTech has a history of operating in East Asia and has been attributed to various backdoors and malware, including PLEAD campaigns that exploit vulnerable routers for use as command-and-control servers.

Chinese Hackers Steal 60,000 Emails from US State Dept Accounts

Chinese hackers breached Microsoft’s email platform and stole around 60,000 emails from 10 U.S. State Department accounts, according to a Senate staffer. The compromised accounts were primarily focused on Indo-Pacific diplomacy efforts. The breach highlights the need for the U.S. government to fortify defenses against cyberattacks and reevaluate its reliance on a single vendor.

Google Publicly Indexes Users’ Conversations with Bard AI

Google Search has been indexing shared Bard conversational links, potentially exposing confidential information. Users who shared Bard conversation links with third parties may have their conversations scraped by Google’s crawler and displayed publicly in search results. Google has acknowledged the issue and stated that they are working on blocking these shared chats from being indexed.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.