Week 8th May 2023 - 12th May 2023

:tada: Welcome to this week’s newsletter, where we explore a common subject that affects us all: cybersecurity and privacy in the digital age. :heart:

This week we’ve handpicked interesting articles ranging from FBI take down of Snake data theft malware after nearly 2 decades to U.S. government seizing 13 DDoS-for-hire domain to Github’s new push notification feature and attacks on PaperCut vulnerability. So stay up-to-date with the latest developments in the field and enjoy these short summaries.

Bl00dy ransomware gang strikes education sector with critical PaperCut vulnerability

The U.S. cybersecurity and intelligence agencies have issued a warning against the Bl00dy Ransomware gang that targets to exploit PaperCut vulnerability against the education sector of the country. The gang, using CVE-2023-27350 which is a now-patched critical security flaw affecting versions of PaperCut MF and NG, were able to bypass authentication and conduct remote code execution in affected installations. Attacks against the PaperCut vulnerability have been observed since mid-April 2023.

Date: May 12, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Ransomware, Vulnerability

Github extends push protection to prevent accidental leaks of keys and other secrets

Github introduced a new security feature called push protection, which aims to prevent developers from inadvertently leaking keys and other secrets in their code. This feature is available to all public repositories at no extra cost. The push notification can be bypassed by providing a reason, but repository and organisation admins and security managers will be notified of such events via email. Push notification has prevented 17,000 accidental secret leaks since it went live as beta in April 2022. To enable this feature, users can head to Settings > Select “Code security and analysis” > Enable “Secret scanning” and “Push protection.”

Date: May 11, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: New Features

A zero-click vulnerability in Windows allows stealing NTLM credentials

A security researcher from Akamai Technologies shared details about a now-patched security flaw, tracked as CVE-2023-29324 (CVSS score: 6.5), in Windows MSHTML platform. It is seen that an attacker can exploit the vulnerability by crafting a malicious URL that would evade zone checks. The issue causes the Windows API function MapURLToZone to incorrectly think that a remote path is a local one. This vulnerability affects all supported versions of Microsoft Windows. Microsoft responded to this by releasing Patch Tuesday security updates for May 2023.

Date: May 11, 2023
Source: Security Affairs
Author: Pierluigi Paganini
Tag: Vulnerability, Cyber Risk/Cyber Threats

Cybersecurity firm Dragos discloses cybersecurity incident, extortion attempt

Dragos, an industrial cybersecurity company, disclosed a failed extortion attempt by a cybercrime gang against Dragos system. Although the attackers were able to access the company’s SharePoint cloud service and contract management system, they did not breach its network or cybersecurity platform. During the 16 hour attack, they had access to an employee’s account but failed to access multiple Dragos systems due to role-based access control (RBAC) rules. Dragos are confident that their layered security controls prevented the threat actors from further launching ransomware.

Date: May 10, 2023
Source: Bleeping Computer
Author: Sergiu Gatlan
Tag: Ransomware, Cyber Risk/Cyber Threats

U.S. authorities seize 13 domains offering criminal DDoS-for-Hire services

In an ongoing operation called Operation PowerOFF which aims to dismantle criminal DDoS-for-hire infrastructures worldwide, the U.S. authorities have seized 13 internet domains that offered DDoS-for-hire services (also known as ‘booter’ or ‘stressor’ services) to other criminal actors. The takedown follows a December 2022 closure of dismantling 48 similar services for abetting paying users to launch distributed denial-of-service (DDoS) attacks against targets of interest. The U.S. Department of Justice states that four of the six persons charged in December 2022 have entered into a guilty plea.

Date: May 9, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Cyber Crime

FBI nukes Russian Snake data theft malware with self-destruct command

Five Eyes member nations have collaborated together to take down the Snake malware operated by Russia’s Federal Security Service (FSB). Snake malware, which allows its operators to remotely install malware on compromised devices, is used to steal sensitive documents and information and involve in cyber-espionage activities including targeting NATO allies. In the coordinated effort called Operation MEDUSA, the member nations were able to disrupt the malware which is linked to a unit within Center 16 of the FSB, the Russian Turla hacking group after almost 2 decades.

Date: May 9, 2023
Source: Bleeping Computer
Author: Sergiu Gatlan
Tag: Cyber Crime, Malware

MSI’s firmware, Intel Boot Guard private keys leaked

MSI suffered an attack in early April this year. In response to non-payment of the ransomware, a group called Money Message which claimed responsibility for the attack has now apparently leaked the company’s private code signing keys on their dark web site. Leaked Intel OEM private Key Manifest (KM) and Boot Policy Manifest (BPM) keys could be used to sign malicious firmware images so they could pass Intel Boot Guard’s verification. The company has urged its users to obtain firmware/BIOS updates only from its official website.

Date: May 8, 2023
Source: Helpnet Security
Author: Zeljka Zorz
Tag: Ransomware, Cyber Crime

NextGen Healthcare says hackers accesses personal data of more than 1 million patients

NextGen Healthcare which is a U.S.-based provider of electronic health record software revealed that hackers breached its system which resulted in a leak of personal data of more than 1 million patients. The company stated that the hackers accessed patients’ names, dates of birth, addresses and Social Security numbers but no access to any health or medical records. It also noted that the attackers gained access to its NextGen Office system using client credentials that appear to be stolen from other sources. NextGen was also a victim to a ransomware attack in January 2023.

Date: May 8, 2023
Source: Tech Crunch
Author: Carly Page
Tag: Hack, Encryption

Well that’s it for ‘This Week in Cybersecurity’ roundup and trust you found these brief summaries of recent cybersecurity developments enjoyable. As always, our goal is to keep you informed and encourage you to implement secure measures in the digital world.

Feel free to share any interesting articles you come across at the ‘In the News’ category in passbolt community forum and contribute to keeping people informed. Thank you for your participation. :partying_face: :tada: