The past day has been filled with cybersecurity news, from arrests in phishing scams to the discovery of new zero-day exploits. Today we will take a closer look at these events and what they mean for the world of cybersecurity.
Busting a Multi-Million Dollar Phishing Syndicate
In a joint operation between Ukrainian Cyber Police and Czech law enforcement officials, several members of a cybercrime gang were arrested for their involvement in a phishing scam. The gang used over 100 phishing portals to steal financial information from unsuspecting victims in the European Union. The operation is estimated to have earned the criminals around $4.33 million. The perpetrators could face up to 12 years in prison.
3CX Supply Chain Attack: What We’ve Learned
Enterprise communications software creator, 3CX, has confirmed that a supply chain attack has impacted several versions of its desktop app for Windows and macOS. The company is working with Google-owned Mandiant to review the incident and is urging customers to update to version 18.12.422. The extent of the attack is still unknown, but it is suspected that the attackers may have compromised the software build pipeline. The attack has been attributed to North Korean state-sponsored group Labyrinth Chollima.
Biden’s Cybersecurity Strategy: A Path to Improved AppSec?
The Biden administration recently released a National Cybersecurity Strategy that calls for regulatory mandates on vital industry sectors that control critical infrastructure nationwide. The strategy aims to ensure minimum cybersecurity measures for companies providing critical infrastructure, but developers may not be adequately equipped to handle application security. The responsibility for application security ultimately lies with the company, and they must enforce standards and invest in secure code to achieve the proposed cybersecurity strategy.
Zero-Day Exploits in Spyware Campaigns: Android and iOS Under Attack
Google has discovered two advanced spyware campaigns that use zero-day exploits in the Android and iOS operating systems, as well as vulnerabilities in the Samsung Internet Browser. The campaigns were deemed “highly targeted” and Google has been vocal in campaigning against commercial surveillance companies. The use of such spyware puts countries without the resources to survey political dissidents at risk.
Microsoft Azure SFX Security Breach: The Rise of “Super FabriXss”
A critical security breach in Azure Service Fabric Explorer (SFX) has been discovered and patched by Microsoft. Known as “Super FabriXss,” the vulnerability could have led to unauthenticated remote code execution on a container hosted on a Service Fabric node. The issue has now been resolved in the March 2023 Microsoft Patch Tuesday update.
RedGolf Group Introduces KEYPLUG Backdoor
Chinese state-sponsored group RedGolf has been linked to the use of a customized Windows and Linux backdoor called KEYPLUG. The group has a global reach and has demonstrated the ability to exploit new vulnerabilities quickly. RedGolf has been detected using a wide range of malware families and has targeted government entities and state government networks in various nations. Organizations are advised to regularly patch their systems and monitor external-facing network devices to guard against RedGolf and other advanced persistent threats.
Latitude Financial Data Breach
Australian financial services company Latitude Financial has suffered a large-scale data breach that exposed the personal information of over 14 million customers. The breach was initially discovered on March 16 and was thought to have affected a fraction of the customers. The data breach was later found to be more extensive than originally believed and involved the theft of customer names, addresses, telephone numbers, driver’s license numbers, passport numbers, and Medicare numbers.
That wraps up todays cybersecurity brief. As always, Stay safe, stay vigilant and we’ll see you tomorrow with our weekly roundup!