Top News

• Hackers Steal $20 Million by Exploiting Flaw in Revolut's Payment Systems

"Malicious actors exploited an unknown flaw in Revolut's payment systems to steal more than $20 million of the company's funds in early 2022.
The development was reported by the Financial Times, citing multiple unnamed sources with knowledge of the incident. The breach has not been disclosed publicly.
The fault stemmed from discrepancies between Revolut's U.S. and European systems, causing funds to be erroneously refunded using its own money when some transactions were declined.
The problem was first detected in late 2021. But before it could be closed, the report said organized criminal groups leveraged the loophole by "encouraging individuals to try to make expensive purchases that would go on to be declined." The refunded amounts would then be withdrawn from ATMs.
The exact technical details associated with the flaw are currently unclear."

Link

TLP¹ : Green

• Barracuda working on fix for ongoing Email Gateway login issues

"Email and network security firm Barracuda is working to fix an ongoing issue that triggers invalid login errors and prevents Email Gateway Defense users from signing into their accounts.
The root cause of the sign-in problems showing "The link to login is invalid" errors has already been identified, and the company says this known issue will be addressed until next Friday according to the current projected timeline.
"We are investigating login problems seen by users and have identified the problem. We are working on fixing the issue with a tentative timeline for the fix to be released on or before July 14th," Barracuda says.
"We thank you for your understanding and support as we work through this issue and sincerely apologize for any inconvenience it may cause."
The company is yet to reveal details on what is causing these login issues and how widespread they are."

Link

TLP¹ : Green

• After Zero-Day Attacks, MOVEit Turns to Security Service Packs

"Faced with a barrage of ransomware attacks hitting zero-days in its MOVEit product line, Progress Software late Thursday announced plans to release regular service packs promising a “predictable, simple and transparent process for product and security fixes.”
Less than a month after the notorious Cl0p ransomware gang started naming organizations hit by MOVEit zero-day exploits, Progress Software rolled out its first service pack with patches for at least three critical security defects that expose customer database content to malicious attackers."

Link

TLP¹ : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

• France’s government is giving the police more surveillance power

"French legislators are going to approve a justice reform bill that also gives more power to law enforcement, allowing them to spy on suspects through their smartphones and other electronic devices.
According to the French newspaper Le Monde, law enforcement will be allowed to use spyware for their investigation, the software can remotely spy on the suspects using the microphone and camera of the devices and also collect their GPS location.
The Assemblée Nationale has approved the measure, which forms one of the articles encompassing multiple provisions."

Link

TLP¹ : Green

• RomCom RAT Targeting NATO and Ukraine Support Groups

"The threat actors behind the RomCom RAT have been suspected of phishing attacks targeting the upcoming NATO Summit in Vilnius as well as an identified organization supporting Ukraine abroad.
The findings come from the BlackBerry Threat Research and Intelligence team, which found two malicious documents submitted from a Hungarian IP address on July 4, 2023.
RomCom, also tracked under the names Tropical Scorpius, UNC2596, and Void Rabisu, was recently observed staging cyber attacks against politicians in Ukraine who are working closely with Western countries and a U.S.-based healthcare organization involved with aiding refugees fleeing the war-torn country."

Link

TLP¹ : Green

• A man has been charged with a cyber attack on the Discovery Bay water treatment facility

"Rambler Gallo (53), a man from Tracy (California) has been charged with intentionally causing damage to a computer after he allegedly breached the network of the Discovery Bay Water Treatment Facility.
The man targeted the water treatment facility in the Town of Discovery Bay, California, which provides treatment for the water and wastewater systems for the town’s 15,000 residents. Gallo was an employee of a private Massachusetts-based company (Company A), which contracted with Discovery Bay to operate the town’s wastewater treatment facility."

Link

TLP¹ : Green

• Top Suspect in 2015 Ashley Madison Hack Committed Suicide in 2014

"When the marital infidelity website AshleyMadison.com learned in July 2015 that hackers were threatening to publish data stolen from 37 million users, the company’s then-CEO Noel Biderman was quick to point the finger at an unnamed former contractor. But as a new documentary series on Hulu reveals [SPOILER ALERT!], there was just one problem with that theory: Their top suspect had killed himself more than a year before the hackers began publishing stolen user data.
The new documentary, The Ashley Madison Affair, begins airing today on Hulu in the United States and on Disney+ in the United Kingdom. The series features interviews with security experts and journalists, Ashley Madison executives, victims of the breach and jilted spouses."

Link

TLP¹ : Green

Breaches: Data Breaches and Hacks

• Bangladesh government website leaked data of millions of citizens

"The researcher Viktor Markopoulos discovered a Bangladeshi government website that was leaking the personal information of millions of Bangladesh citizens.
According to TechCrunch, which first reported the news, the leaked data included full names, phone numbers, email addresses, and national ID number
Markopoulos discovered the leak on June 27 and reported his discovery to the Bangladeshi e-Government Computer Incident Response Team (CERT)
The researcher explained that it was easy to find the leaked data only, he told TechCrunch that the data appeared in the results of a Google query related to an SQL error."

Link

TLP¹ : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days, Patches and Exploits

• Critical TootRoot bug lets attackers hijack Mastodon servers

"Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, one of them critical that allows hackers to create arbitrary files on the server using specially crafted media files.
Mastodon has about 8.8 million users spread across 13,000 separate servers (instances) hosted by volunteers to support distinct yet inter-connected (federated) communities.
All the four issues fixed were discovered by independent auditors at Cure53, a company that provides penetration testing for online services. The auditors inspected Mastodon's code at Mozilla's request.
The most severe of the vulnerabilities is tracked as CVE-2023-36460 and has been named TootRoot. It gives attackers a particularly easy way to compromise target servers."

Link

TLP¹ : Green

• Vulnerabilities in PiiGAB Product Could Expose Industrial Organizations to Attacks

"Potentially serious vulnerabilities discovered by researchers in a PiiGAB product could expose industrial organizations to remote hacker attacks.
PiiGAB is a Sweden-based company that provides industrial and building automation hardware and software solutions. 
Researchers Floris Hendriks and Jeroen Wijenbergh conducted an in-depth security assessment of PiiGAB’s M-Bus 900s gateway/converter as part of their master’s in cybersecurity at Radboud University in the Netherlands. The product is designed for the remote monitoring of devices using the M-Bus protocol. "

Link

TLP¹ : Green

• Windows Subsystem for Android gets July 2023 preview with new features

"Windows 11, with its Windows Subsystem for Android (WSA), allows users to access almost all popular Android apps directly from the Microsoft Store.
The WSA on Windows 11 mirrors the functionality of the Linux Subsystem for Linux (WSL), enabling a seamless transition for Android apps onto the desktop operating system. 
Today's update introduces several significant Android Windows Subsystem improvements. Firstly, enhancements have been made to camera compatibility, thus improving the experience of using Android apps that require camera access."

Link

TLP¹ : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

• Now’s the Time for a Pragmatic Approach to New Technology Adoption

"To say there’s been a lot of hype around AI lately would be an understatement. We’ve all seen headlines touting how AI could change the future of work – even the entire course of history. And we shouldn’t be surprised to see AI live up to its billing, eventually. But for AI to have a positive impact on organizations more quickly than any technology innovation to date, we need to learn from the past.
For those of us who have been in technology for a while, particularly as it applies to enterprise environments, let’s remember that “technology for technology’s sake” is merely interesting. It becomes meaningful and, yes, even life-changing when it is approached pragmatically and used to solve specific problems."

Link

TLP¹ : Green

• OWASP SwSec 5D Tool Provides SDLC Maturity Ratings, Aids Software Supply Chain

"The Open Source Foundation for Application Security (OWASP) announced a five-dimensional secure software development maturity reference framework (SwSec 5D) in May 2023. Its function is to provide a roadmap for secure software development, and its use would help improve security in the software supply chain.
The project lead for the OWASP SwSec 5D is Matteo Meucci, CEO at IMQ Minded Security. The company is an SDLC consulting firm, and Meucci has worked with OWASP since 2002. The five-dimensional approach to SDLC was conceived by IMQ Minded Security, donated to OWASP in 2018, and since then refined for release by OWASP."

Link

TLP¹ : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

• Charming Kitten hackers use new ‘NokNok’ malware for macOS

"Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems.
The campaign started in May and relies on a different infection chain than previously observed, with LNK files deploying the payloads instead of the typical malicious Word documents seen in past attacks from the group.
Charming Kitten is also known as APT42 or Phosphorus and has launched at least 30 operations in 14 countries since 2015, according to according to Mandiant.
Google has linked the threat actor to the Iranian state, more specifically, the Islamic Revolutionary Guard Corps (IRGC).
In September 2022, the U.S. government managed to identify and charge members of the threat group."

Link

TLP¹ : Green

• Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing

"Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as "Letscall." This technique is currently targeting individuals in South Korea.
The criminals behind "Letscall" employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store website.
Once the malicious software is installed, it redirects incoming calls to a call center under the control of the criminals. Trained operators posing as bank employees then extract sensitive information from unsuspecting victims."

Link

TLP¹ : Green

• New ‘Big Head’ ransomware displays fake Windows update alert

"Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers.
Two samples of the malware have been analyzed before by cybersecurity company Fortinet, who looked at the infection vector and how the malware executes.
Today, Trend Micro published a technical report on Big Head that claiming that both variants and a third they sampled originate from a single operator who is likely experimenting with different approaches to optimize their attacks."

Link

TLP¹ : Green

¹Traffic Light Protocol (TLP) [1] for information sharing:

• Red:Not for disclosure, restricted to participants only.
• Amber: Limited disclosure, restricted to participants organizations.
• Green: Limited disclosure, restricted to the community.

[1]https://www.first.org/tlp