Daily Cybersecurity Wire – January 22, 2024
| Daily Cybersecurity Wire |
| January 22, 2024 |
New Developments
| CYBERCRIMINALS LEAKED MASSIVE VOLUMES OF STOLEN PII DATA FROM THAILAND IN DARK WEB |
| Source: Security Affairs |
| Cybercriminals, notably one identified as Naraka, are actively leaking large volumes of stolen personally identifiable information (PII) from Thai citizens on the Dark Web. Resecurity researchers highlight a significant surge in data breaches targeting Thai e-commerce, fintech, and government resources, exploiting personal documents for Know Your Customer (KYC) purposes. The frequency of attacks has notably increased in early 2024, with at least 14 major data breaches reported on cybercriminal forums in January alone, nearly surpassing the total from the previous year. This poses a serious threat as threat actors exploit the stolen PII data to defraud citizens and target financial organizations involved in the ongoing digitization efforts serving Thailand’s 71.6 million population. |
| Article Link |
| Resecurity and Cybercrime Atlas join forces to disrupt cybercriminal operations |
| Source:Help Net Security |
| Resecurity and Cybercrime Atlas have formed a strategic partnership to collectively combat the escalating global threat of cybercrime. The collaboration merges Resecurity’s expertise with the Cybercrime Atlas, an initiative hosted by the World Economic Forum’s Centre for Cybersecurity. This alliance aims to pool resources, knowledge, and technology, fostering operational collaboration against cyber threats on a global scale. Resecurity, through its involvement in the Cybercrime Atlas Initiative, brings advanced technological capabilities to compile a comprehensive understanding of the cybercrime landscape. This joint effort seeks to disrupt cybercriminal operations, allocate resources efficiently, and make cybercrime efforts more challenging and cost-prohibitive. With cybercrime estimated at €8.5 trillion and projected to reach €10 trillion in 2025, this united front addresses the critical need for enhanced collaboration in the face of escalating threats, promising a safer digital environment. |
| Article Link |
| Owner of Cybercrime Website BreachForums Sentenced to Supervised Release |
| Source: Security Week |
| Conor Brian Fitzpatrick, the owner of the cybercrime website BreachForums, received a sentence of time served and 20 years of supervised release. Fitzpatrick, known online as ‘Pompompurin,’ pleaded guilty to conspiracy to commit device fraud, access device fraud, and possession of child pornography. BreachForums, a prominent hacker marketplace, was taken down in March 2023 but reemerged soon after under a new administrator. Despite prosecutors recommending a 188-month prison sentence, Fitzpatrick’s sentence includes time served on each count and two years of supervised release, with special conditions such as home arrest for the initial period. |
| Article Link |
| BACKDOORED PIRATED APPLICATIONS TARGETS APPLE MACOS USERS |
| Source: Security Week |
| Pirated applications have been used as a delivery method for a backdoor targeting Apple macOS users, according to researchers from Jamf Threat Labs. These pirated apps, discovered on Chinese pirating websites, are similar to the ZuRu malware, allowing attackers to download and execute multiple payloads in the background. The backdoor, known as “bd.log,” is delivered through a malicious dylib library, and the malware-laced DMG files include popular software such as Navicat Premium, UltraEdit, FinalShell, SecureCRT, and Microsoft Remote Desktop. |
| Article Link |
| TCE Exclusive: DENHAM the Jeanmaker Confirms Cyberattack |
| Source: The Cyber Express by Cyble |
| DENHAM the Jeanmaker, a well-known denim brand founded in Amsterdam, has confirmed falling victim to a cyberattack. The company detected the cyberattack on December 27, 2023, and responded promptly by engaging a specialized cybersecurity firm. Although DENHAM did not provide specific details about the incident, it clarified that the cyberattack did not materially impact its services in stores and online. The company reassured customers, business partners, and employees about its commitment to data confidentiality and stated that the compromised data did not include personal information of consumers who visited the webshop. DENHAM has taken precautionary measures, including notifying the Dutch Data Protection Authority. Despite the severity of the cyberattack, the company’s business operations have remained uninterrupted. |
| Article Link |
Vulnerabilities to Watch
| Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks |
| Source: The Hacker News |
| Cybersecurity researchers are alerting the public to increased exploitation of a now-patched vulnerability (CVE-2023-46604) in Apache ActiveMQ. Threat actors are utilizing this flaw to deploy the Godzilla web shell on compromised hosts despite attempts to conceal it within an unknown binary format. The vulnerability, which allows remote code execution, has been actively exploited since its disclosure in October 2023, leading to the deployment of ransomware, rootkits, cryptocurrency miners, and DDoS botnets. The Godzilla web shell, hidden within the “admin” folder of ActiveMQ installations, possesses advanced functionalities, making it a potent tool for threat actors to gain control over compromised systems. Users of Apache ActiveMQ are strongly advised to promptly update to the latest version to mitigate potential security risks. |
| Article Link |
| 52% of Serious Vulnerabilities We Find are Related to Windows 10 |
| Source: The Hacker News |
| An analysis of 2.5 million vulnerabilities discovered in customer assets reveals that 52% of serious vulnerabilities are related to Windows 10. The dataset covers assets reachable across the internet and internal networks, including network equipment, desktops, web servers, and more. While the average number of critical and high findings has decreased compared to previous results, the report emphasizes the persistence of unresolved system weaknesses. The findings highlight the importance of patch management and robust security systems, with a focus on addressing vulnerabilities in assets running Microsoft Windows or Windows Server operating systems. |
| Article Link |
| Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 |
| Source: Security Week |
| Chinese cyberespionage group UNC3886 is believed to have exploited a VMware vCenter Server vulnerability, tracked as CVE-2023-34048, as a zero-day since 2021, according to cybersecurity firm Mandiant. The vulnerability is an out-of-bounds write bug in VMware’s implementation of the DCERPC protocol, with a CVSS score of 9.8. UNC3886 is known for utilizing zero-day vulnerabilities to complete its missions undetected. The exploitation of CVE-2023-34048 was discovered approximately a year and a half after the attackers gained access to the vulnerability. VMware released patches for the vulnerability in October 2023. |
| Article Link |
Special Reports
| New method to safeguard against mobile account takeovers |
| Source: Help Net Security |
| Computer science researchers have developed a novel method to identify security weaknesses leading to account takeover attacks on mobile devices. The increased interconnectivity of operating software and apps on mobiles has expanded opportunities for hackers, prompting researchers to understand and model complex attack strategies. The new approach, based on formal logic, catalogs security vulnerabilities and models account takeovers by reducing them into constituent building blocks. By overcoming the limitations of traditional account access graphs, the researchers provide a more comprehensive understanding of attacks, helping device manufacturers and app developers catalog vulnerabilities and enhance security measures. The study also identified specific vulnerabilities in manufacturer-specific accounts and prompted security fixes, such as the implementation of a previous password requirement for iPhone users. |
| Article Link |