Top News

• Breached hacking forum shuts down, fears it's not 'safe' from FBI

"The notorious Breached hacking forum has shut down after the remaining administrator, Baphomet, disclosed that they believe law enforcement has access to the site's servers.
Breached was a popular hacking and data leak forum notorious for hosting, leaking, and selling data obtained from breached companies, governments, and various organizations. 
It was a community that attracted people from all realms of cybercrime, including ransomware gangs, data extortionists, security researchers, and those simply interested in the darker side of cybersecurity.
The site, and its members, have been responsible for a wide range of breaches, extortion attempts, and ransomware attacks, leaking the data for many high-profile attacks. These breaches include DC Health Link, Twitter, RobinHood, Acer, Activision, and many more. 
Breached was the spiritual successor to RaidForums, a data leak forum frequented by many of the same people before the FBI seized it in April 2022, a few months after the arrest of its founder, 'Omnipotent,' in the UK."

Link

TLP¹ : Green

• TikTok CEO launches PR campaign against app ban – on TikTok of course

"In the run-up to his widely anticipated battle with US lawmakers on Capitol Hill Thursday, TikTok CEO Shou Zi Chew has posted a message on the video sharing app appealing to its millions of users.
Chew posted the video message from Washington DC, Tuesday.
“Our CEO, Shou Chew, shares a special message on behalf of the entire TikTok team to thank our community of 150 million Americans ahead of his congressional hearing later this week,” the video’s description stated.
Chew is set to be grilled by US lawmakers during a congressional House Energy and Commerce Committee hearing on whether the Chinese-owned app is a national security concern and should be banned throughout the US."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• Spain Needs More Transparency Over Pegasus: EU Lawmakers

"Spain needs more transparency over the Pegasus spyware hacking scandal, a European Parliament committee said Tuesday at the end of a two-day fact-finding mission to Madrid.
The cross-party European committee, which investigates the illegal use of spyware in EU states, has been looking into espionage allegations involving Pegasus software which can turn smartphones into pocket spying devices.
“We urge the authorities to expeditiously cooperate with the courts to allow the maximum transparency” in these cases, committee chair Jeroen Lenaers, a Dutch MEP, told reporters.
“Victims of spyware deserve more information and transparency,” he said, while acknowledging that the legal framework in Spain was “in line with fundamental rights protection”."

Link

TLP¹ : Green

• Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA

"Ransomware has become the top threat to the transport sector in the EU, and the European Union Agency for Cybersecurity (ENISA) expects ransomware groups to disrupt operational technology (OT) systems.
The overall number of cyberattacks targeting aviation, maritime, railway and road transport organizations has increased between January 2021 and October 2022, with cybercriminals responsible for most of the incidents (54%), according to a new report from ENISA.
Ransomware emerged as the primary threat, being used in 38% of the observed incidents, with data related attacks taking the second position, at 30%.
Malware (17%), DoS and DDoS (16%), phishing (10%) and supply chain attacks (10%) were also observed, along with breaches, fraud, and vulnerability exploitation."

Link

TLP¹ : Green

• US Citizen Hacked by Spyware

"The New York Times is reporting that a US citizen’s phone was hacked by the Predator spyware.
A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case."

Link

TLP¹ : Green

• Oakland’s nightmare continues as LockBit strikes again

"Oakland continues to suffer from cyberattacks as LockBit, the infamous ransomware gang, adds the Californian city to its list of victims.
This is shaping up to be a truly awful year for Oakland city services, which were offline after a ransomware attack in February, when the Play gang published almost 10GB of sensitive government files on its extortion leak site.
More than a month has passed since a local state of emergency was declared on February 14.
Now, it seems another ransomware attack has been launched against the embattled city – LockBit has just uploaded Oakland to its dark-web blog, suggesting that the city’s services have once again been breached by cyberattackers."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Independent Living Systems data breach impacts more than 4M individuals

"US health services company Independent Living Systems (ILS) disclosed a data breach that exposed personal and medical information for more than 4 million individuals.
Independent Living Systems, offers a comprehensive range of turnkey payer services including clinical and third-party administrative services to managed care organizations and providers.
ILS provides assistance beyond the clinical realm at every stage of care from hospitalization to the treatment of chronic illnesses to personalized care management including nutritional support.
The company provides its services to over 4.2 million individuals."

Link

TLP¹ : Green

• Lionsgate streaming platform with 37m subscribers leaks user data

"Entertainment industry giant Lionsgate leaked users' IP addresses and information about what content they watch on its movie-streaming platform, according to research from Cybernews.
During their investigation, our researchers discovered that the video-streaming platform Lionsgate Play had leaked user data through an open ElasticSearch instance.
The Cybernews research team discovered an unprotected 20GB of server logs that contained nearly 30 million entries, with the oldest dated May 2022. The logs exposed subscribers' IP addresses and user data concerning device, operating system, and web browser.
Logs also leaked the platform’s usage data, typically used for analytics and performance tracking. URLs found in logs contained titles and IDs of what content users watched on the platform, along with search queries entered by the users."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• Windows 10 KB5023773 preview update released with 10 fixes

"Microsoft has released the optional KB5023773 Preview cumulative update for Windows 10 20H2, Windows 10 21H2, and Windows 10 22H2, with ten fixes for various issues.
This release is primarily a maintenance release, fixing a bug with USB printer drivers, FIDO2, and other issues causing processes to hang, crash, or become unresponsive.
The KB5023773 cumulative update preview is part of Microsoft's March 2023 monthly "C" update, allowing admins to test upcoming fixes released in the April 2023 Patch Tuesday.
Unlike Patch Tuesday cumulative updates, the "C" preview updates are optional and do not include security updates. 
Windows users can install this update by going into Settings, clicking on Windows Update, and manually performing a 'Check for Updates.'"

Link

TLP¹ : Green

• Mozilla Firefox 111.0.1 fixes Windows 11 and macOS crashes

"Mozilla has addressed issues causing Firefox to crash on macOS and to freeze with a non-responding blank window when starting on Windows 11 systems.
According to the user who first reported the Windows freeze issue, the bug likely impacts Firefox users running Windows 11 who have also installed this month's KB5023706 cumulative update.
"When Firefox starts it is just a blank window (not a blank web page) with just the Windows min, max, [and] close buttons. If I close the window is says it's not responding and sends a bug report to Microsoft," the bug report filed three days ago reads.
The crash report sent to Microsoft after the Firefox process crashes says the web browser "stopped responding and was closed" because a "problem caused this program to stop interacting with Windows."
The user who reported the issue added that after uninstalling the KB5023706 Windows update, Firefox again started as expected."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Virtual Event Today: Supply Chain & Third-Party Risk Summit

"SecurityWeek’s Supply Chain & Third-Party Risk Summit takes place today in SecurityWeek’s virtual conference center.
Join us for the virtual experience as we bring together security experts to discuss the complex nature of the supply chain problem, best practices for mitigating security issues, and the frameworks and specifications available.
The first session kicks off today, Wednesday, March 22nd at 11AM ET, and is a fully immersive virtual conference and expo that you won’t want to miss."

Link

TLP¹ : Green

• Tristan Mayer, Castor: “locating the right data is still a daunting task for many data analysts”

"These days the amount of data has been growing exponentially, and it is getting harder to keep track of it all, both for businesses and individuals.
Luckily, besides data protection and storage measures like cloud storage, secure VPNs, or antivirus software, there are solutions like Castor that help users navigate through vast amounts of information faster and more efficiently.
To find out more about how one can locate needed data quickly, our team sat down with Tristan Mayer, CEO at Castor – a catalog tool that provides automated documentation, data lineage, and social discovery."

Link

TLP¹ : Green

• Preventing Insider Threats in Your Active Directory

"Active Directory (AD) is a powerful authentication and directory service used by organizations worldwide. With this ubiquity and power comes the potential for abuse. Insider threats offer some of the most potentials for destruction. Many internal users have over-provisioned access and visibility into the internal network.
Insiders' level of access and trust in a network leads to unique vulnerabilities. Network security often focuses on keeping a threat actor out, not on existing users' security and potential vulnerabilities. Staying on top of potential threats means protecting against inside and outside threats."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Microsoft: Defender update behind Windows LSA protection warnings

"Microsoft says the KB5007651 Microsoft Defender Antivirus update triggers Windows Security warnings on Windows 11 systems saying that Local Security Authority (LSA) Protection is off.
LSA Protection is a security feature that defends sensitive information like credentials from theft by blocking untrusted LSA code injection and process memory dumping.
Widespread user reports say that "Local Security Authority protection is off. Your device may be vulnerable." warnings have been showing up even when LSA Protection is enabled, as BleepingComputer reported on Monday.
Today, Microsoft acknowledged this as a new known issue causing affected Windows devices to persistently warn that they're vulnerable and that a restart is required after toggling on LSA Protection."

Link

TLP¹ : Green

• NAPLISTENER: New Malware in REF2924 Group's Arsenal for Bypassing Detection

"The threat group tracked as REF2924 has been observed deploying previously unseen malware in its attacks aimed at entities in South and Southeast Asia.
The malware, dubbed NAPLISTENER by Elastic Security Labs, is an HTTP listener programmed in C# and is designed to evade "network-based forms of detection."
REF2924 is the moniker assigned to an activity cluster linked to attacks against an entity in Afghanistan as well as the Foreign Affairs Office of an ASEAN member in 2022.
The threat actor's modus operandi suggests overlaps with another hacking group dubbed ChamelGang, which was documented by Russian cybersecurity company Positive Technologies in October 2021."

Link

TLP¹ : Green

• Hackers use new PowerMagic and CommonMagic malware to steal data

"Security researchers have discovered attacks from an advanced threat actor that used “a previously unseen malicious framework” called CommonMagic and a new backdoor called PowerMagic.
Both malware pieces have been used since at least September 2021 in operations that continue to this day and target organizations in the administrative, agriculture, and transportation sectors for espionage purposes."

Link

TLP¹ : Green

​​

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp