The U.S is facing a new wave of cyber attacks, with the FBI investigating a data breach that has impacted U.S House of Representatives members and their staff. Cybersecurity firm Fortinet has warned of a critical unauthenticated RCE vulnerability within its environment, while Jenkins and Veeam have issued their own security alerts. Meanwhile, a bipartisan Senate proposal is setting the stage to ban TikTok and other foreign technology companies. Finally, Iran is targeting researchers with a social engineering campaign, and Israel is pointing the finger at an Iranian-linked group for an attack on one of its universities.
FBI Investigating Data Breach Impacting U.S House Members and Staff
The FBI is investigating a data breach where personal information of U.S House of Representatives members and their staff has been stolen from a DC Health Links server. DC Health Link is the organization that administers healthcare plans to house members, their staff, and their families. Individuals impacted by the breach have been notified via email from Catherine Spender, U.S House Chief Administrative Officer.
Leaping computer has discovered that a threat actor known as “Intel Broker” is selling U.S House member information stolen from the servers on a forum, including subscriber ID, member ID, policy, employee employer contribution, coverage start and end date, employer name, mailing address, work email, and more. Adam Hudson, public information officer for the Health Benefit Exchange Authority, has confirmed that some of the stolen DC Health Link data was exposed online and that notifications will be sent to those impacted.
Fortinet Warns of Critical Unauthenticated RCE Vulnerability
Fortinet is now warning of a critical unauthenticated RCE vulnerability within its environment that is affecting FortiOS and FortiProxy. The vulnerability can allow an unauthenticated attacker to execute arbitrary code or perform denial of service on the GUI of the vulnerable devices using a specially crafted request. It has been tagged with CVE-2023-25610 and has a CVSS score of 9.3, rating it as critical. All affected versions of FortiOS and FortiProxy have been issued upgraded versions to mitigate the vulnerability.
Jenkins Issues Security Alert
Jenkins has issued its own security alert, with a flaw that could allow attackers to gain access to its open source automation server, potentially leading to code execution on targeted systems. Both flaws have been tagged with CVE-2023-2789 and have been collectively christened ‘core plague’ by cloud security firm Aqua. All versions of Jenkins prior to 2.319 or 0.2 are vulnerable and exploitable. Jenkins has released patches for both and are urging everyone to install them immediately.
Veeam Backup Service Security Vulnerability
Veeam are urging customers to patch a high severity Backup Service security vulnerability that is impacting its backup and replication software. The flaw, with CVE-2023-27532 was reported in mid-February by security researcher known as chanigan. It affects all Veeam Backup and Replication versions and an unauthenticated attacker can exploit it to access backup infrastructure host. Veeam has developed patches for version 11s and version 12 to mitigate this vulnerability, and they are urging customers to install them right away.
Bipartisan Senate Proposal to Ban TickTock and Other Foreign Technology
A bipartisan Senate proposal is setting the stage to ban TickTock and other foreign technology. The RESTRICT Act, presented by Senator Mark Warner, would grant the Commerce Department wide-ranging powers to review and potentially ban the U.S operations of tech companies like TickTock that are deemed to be a national security threat. Noting that the federal government lacks a holistic, interagency approach to mitigate the presence of foreign technology companies, the bill would hand the Commerce Department overarching responsibility to do so.
Iran Targeting Researchers with Social Engineering Campaign
Iranian state-sponsored actors are continuing to engage in social engineering campaigns targeting researchers by impersonating a U.S Think Tank. Notably, the targets in this instance were all women, happening to be the day after International Women’s Day. The group is suspected of operating on behalf of the IRGC and has exhibited a pattern of using fake personas to establish contact with individuals who have a strategic interest. Chief among the tactics is leveraging credential harvesting to gain control of victim mailboxes, as well as employing custom tools like Hyperscrape to steal data from Gmail, Yahoo, and Outlook accounts.
Israel Points Finger at Iranian-Linked Group for University Attack
Israel is pointing the finger at an Iranian-linked group for the attack on one of its universities, Technion, the equivalent of MIT. The Israel National Cyber Directorate has attributed the attack to Muddy Waters, saying the group used malware designed to encrypt OSs. With Ramadan kicking off in just a few short weeks, the agency has warned that the month is prone to cyber attacks against diverse targets in Israel, aiming to disrupt their business activities and sell their reputation.