InfoSec News 20221222
Top News
-
'Russian hackers' help two New York men game JFK taxi system
"A pair of men living in New York, working with unnamed Russian nationals, hacked and manipulated the electronic taxis dispatch system at John F. Kennedy International Airport as part of a money-making scheme over a period of at least two years, federal prosecutors said Tuesday. "
TLP1 : Green
-
Ransomware Attack Hits The Guardian Newspaper
"One of the world’s most famous newspapers has been hit by a serious ransomware attack which forced it to send staff home, it has revealed. The incident began late on Tuesday night local time and has affected “parts of the company’s technology infrastructure,” and “behind-the-scenes services,” according to Jim Waterson, media editor at The Guardian."
TLP1 : Green
-
NASA infosec again falls short of required US government standard
"The NASA Office of Inspector General (OIG) has published its annual audit of the aerospace agency's infosec capabilities and practices, which earned an overall rating of "Not Effective." The review was conducted by accounting firm RMA Associates using the Council of the Inspectors General on Integrity and Efficiency's Quality Standards for Inspection and Evaluation and using reporting metrics spelled out in the Federal Information Security Modernization Act of 2014, which define five levels of infosec maturity."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
Infamous hacker steals 14 BAYCs worth over 852 ETH ($1.07 million)
"Over the weekend, an infamous hacker known as Jason Brubeck succeeded in stealing approximately 850 ETH ($1+ million) worth of Bored Ape collection, leaving his victim completely devastated. The news was first broken by @serpent, who had been able to trace and identify the suspect’s activity with impressive precision through phishing tactics. Such egregious fraudulence is a stark reminder of how important it is for all users to remain vigilant when trading digital assets online."
TLP1 : Green
-
Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks
"Royal ransomware may have been first observed by researchers around September 2022, but it has seasoned cybercriminals behind it: The threat actors running this ransomware — who used to be a part of Conti Team One, according to a mind map shared by Vitali Kremez — initially dubbed it Zeon ransomware, until they rebranded it to Royal ransomware."
TLP1 : Green
-
Royal overtakes LockBit as top ransomware in November as attacks increase 41%
"Ransomware attacks rose 41% last month as threat actor groups shifted top spots, according to new research from NCC Group. November’s sharp increase in reported incidents is backed by uncommon contributions. According to the research, threat groups Royal and Cuba claimed first and second place as most active and accounted for 16% and 15% of all attacks, knocking LockBit from the top spot for the first time since September 2021. "
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Shoemaker Ecco leaks over 60GB of sensitive data for 500+ days
"Ecco, a global shoe manufacturer and retailer, exposed millions of documents. Not only could anyone have modified the data, but the server misconfiguration’s severity likely left the company open to an attack that could have affected customers all over the world."
TLP1 : Green
-
Antwerp denies negotiating ransomware payment as city disappears from leak site
"A listing for the City of Antwerp was removed from the PLAY ransomware group’s leak site this weekend, despite its mayor announcing that the municipality did not pay the gang to unlock its data. Antwerp, which has a population of just over 500,000, confirmed it had been hit by a cyberattack two weeks ago which has disrupted services including the city’s residential care centers."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits
-
Critical Vulnerability in Hikvision Wireless Bridges Allows CCTV Hacking
"Chinese video surveillance company Hikvision has patched a critical vulnerability in some of its wireless bridge products. The flaw can lead to remote CCTV hacking, according to the researchers who found it. In an advisory published on December 16, Hikvision revealed that two of its wireless bridge products, designed for elevator and other video surveillance systems, are affected by CVE-2022-28173, a critical access control vulnerability."
TLP1 : Green
-
Critical Security Flaw Reported in Passwordstate Enterprise Password Manager
"Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user's plaintext passwords."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
Amplified security trends to watch out for in 2023
"In 2023 and beyond, organizations can expect to continue dealing with many of the same threats they face today but with one key difference: expect criminals to leverage technological advancements to optimize the effectiveness of their attacks. You should also expect the adoption of new technologies to support new working practices (remote/hybrid) to play a big part."
TLP1 : Green
-
Dealing with cloud security shortfalls
"72% of IT leaders believe their companies moved to the cloud without properly understanding the skills, maturity curve, and complexities of making it all work securely, according to a recent CloudBolt Software report. "
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
The Top Security Vulnerabilities of 2022 and Their Workarounds
"As technology continues to evolve, so too does the cyber-threat landscape. Keeping up with the latest security vulnerabilities is critical for security and technology teams. With the new year just around the corner, let’s look at some of the top security vulnerabilities organizations should be aware of from 2022. Have a read and check for these vulnerabilities in your environment before these get picked up by threat actors (most were exploited in the wild, therefore, exploits exist) or by your penetration testing service provider."
TLP1 : Green
-
Meddler-in-the-Middle Phishing Attacks Explained
"We’ve probably all received advice for how to avoid phishing, such as to be on the lookout for spelling errors or other mistakes that would alert us to the presence of fraudsters. However, this advice is only helpful for traditional phishing techniques. Meddler in the Middle (MitM) phishing attacks show how threat actors find ways to get around traditional defenses and advice."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.