New Phishing scam aimed at Facebook users discovered
Black Basta strikes again, this time against Canadian Yellow Pages Group
Wiltshire School Crippled by Cyber Attack: Ransom Demanded as IT Infrastructure Held Hostage
Welcome to our weekly cyber news roundup, where we bring you the latest and most important updates from the world of cyber security.
VMware has rolled out security fixes to tackle zero-day weaknesses that, if combined, could result in code execution on systems using unpatched editions of the company's Workstation and Fusion software hypervisors.
These twin vulnerabilities were demonstrated as part of an exploit sequence by STAR Labs team's cybersecurity specialists one month earlier during day two of the Pwn2Own Vancouver 2023 hacking contest.
After the Pwn2Own event, companies have a 90-day grace period to remedy the zero-day issues before Trend Micro's Zero Day Initiative unveils the technical particulars. The primary vulnerability (CVE-2023-20869) pertains to a stack-based buffer overflow problem within the Bluetooth device-sharing feature, allowing local threat actors to execute code as the virtual machine's VMX process on the host system.
The other bug resolved today (CVE-2023-20870) is an information leakage vulnerability in the mechanism for sharing host Bluetooth devices with the VM, permitting malicious parties to access sensitive data stored in the hypervisor memory from a VM.
In addition, VMware has offered a provisional workaround for system administrators who cannot immediately implement patches to address both vulnerabilities on their networks. The workaround can be found here
A new phishing scam targeting Facebook users has been discovered by security experts, with threat actors leveraging over 3,000 counterfeit profiles to pilfer account credentials.
Throughout February and March 2023, Group-IB researchers uncovered more than 3,200 fraudulent profiles, either hijacked or created by the cybercriminals orchestrating this operation. The scam has been conducted in over 20 languages, with the majority of profiles imitating Meta posting in English.
Security experts believe the primary objective of this campaign is to infiltrate the Facebook accounts of public figures, celebrities, businesses, and sports teams, among others. The aim is to obtain sensitive information and use it to breach additional accounts.
Technically, the cybercriminals behind this scheme predominantly employ phishing websites that mimic the Facebook login page, as well as session hijacking attacks designed to steal browser cookies.
The scammers impersonate Meta, Facebook's parent company, in their public posts and on over 220 phishing sites. They misuse Meta and Facebook's official logos on their social media profiles and phishing web pages to appear legitimate and gain users' trust. These fraudulent profiles, however, have no association with Facebook and are often promptly removed by the social media platform.
The scam highlights the risk posed by the frequent practice of using identical username and password combinations across multiple services.
Ransomware group Black Basta has continued its campaign of double extortion and in the last week has published the data of the Canadian yellow pages.
The released data contains several sensitive documents and the breach has been confirmed by Yellow pages Canada, who in a statement confirmed they had performed an Incident Response investigation in order to assess the extent of the attacker's activity and secure systems moving forward. The group will also be moving to notify affected parties in compliance with data protection regulation.
Although this attack is likely devastating, Yellow Pages has shown maturity and resilience in its response to this attack and will likely greatly improve its future security posture as a result.
Cyber security experts have recently revealed that the Bumblebee malware, specifically designed to target enterprises is being spread via Google Ads and SEO manipulation.
Initially detected in April 2022, Bumblebee is thought to be the brainchild of the Conti group, intended as a replacement for the notorious BazarLoader backdoor. The latter was primarily used to gain a foothold in networks and launch ransomware campaigns.
In September 2022, a new iteration of the Bumblebee malware loader was detected in the wild. As the trojanised software is aimed at corporate users, compromised devices are at risk of becoming the epicentre of future ransomware attacks.
Upon investigating a recent Bumblebee attack, cyber security researchers found that the threat actor capitalised on their access to the compromised system, manoeuvring laterally within the network just three hours after the initial breach.
A range of tools was deployed by the attackers and this extensive toolkit forms an attack profile indicative of the malware operators' intent to locate vulnerable network entry points, pivot to additional machines, extract data, and ultimately launch a ransomware attack.
According to the recently released Cyber Security Breaches Survey 2023, a lower proportion of organisations are prioritising cyber security this year. This shift in focus was attributed to changes in the external business environment, which are causing increased concerns for many companies.
Organisations across various sectors have reported facing higher costs and greater difficulties in financial planning due to inflation, increased energy prices, and uncertainty surrounding the economy. As a result, cyber security has seemingly taken a back seat among senior managers, who are now more preoccupied with these pressing issues.
Smaller businesses and charities appear to be most affected by this change in priorities. In these organisations, senior individuals responsible for cyber security are also grappling with a myriad of other challenges their organisations face.
This shift in priorities has led to a more reactive, rather than proactive, approach to cyber security, potentially leaving these organisations more vulnerable to cyber threats in the long run.
The survey also pointed out a change in the percentage of charities regarding cyber security as a high priority in recent years. In 2019, 75% of organisations deemed it a "fairly" high priority, compared to 72% in 2022 and 62% this year.
A secondary school in Wiltshire UK has faced significant disruption due to a cyber attack, with the culprits now insisting on a ransom for reinstating the school's IT infrastructure.
Chippenham's Hardenhuish School has had no choice but to inform the parents of its 1,623 students, following the discovery that cybercriminals had breached its systems during the weekend.
The cyber-attack impacted the school's local server, website, internet connectivity, WiFi, printing facilities, and internal phone networks.
Schools and educational institutions are increasingly becoming targets for such attacks, as they often hold sensitive data and may be more likely to pay the ransom to prevent further disruption to their operations. It is crucial for these organisations to implement robust cyber security measures to mitigate the risk of ransomware and other cyber threats.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you are worried about any of the threats outlined in this roundup or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager or fill in the form for a complimentary no-commitment consultation.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Join us in Dublin or London for the Security First 2022 conference. We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.