ZeroFox Weekly Threat Bulletin: 07/21/2023 - 07/27/2023

ZeroFox Daily Intelligence:

ZeroFox Daily Intelligence Brief - July 27, 2023

Brief Highlights

AI Tool “FraudGPT” with Wide Offensive Capabilities Promoted by Threat Actors
NATO Investigates Alleged Data Theft By Siegedsec Hackers
Clop Lists 46 New Victims, Including Deloitte and Informatica
Data broker / initial-access broker / hacktivist group: Cyber Cat and Anonymous Sudan
Vulnerabilities: CVE-2023-33231 and CVE-2023-28021
Exploits: CVE-2018-0840 and CVE-2016-9566
Breaches: Credit Card Data Breach: BreachForums: PM Simplify Data Breach and Leakbase: ProInteracive Data Breach

Report: https://zerofox.com/advisories/21388

ZeroFox Daily Intelligence Brief - July 26, 2023

Brief Highlights

Remote Execution Vulnerability in MikroTik RouterOS
IYamaha Canada Music Issues Statement on Ransomware Incident
VMware Fixes Bug Exposing CF API Admin Credentials in Audit Logs
Data broker / initial-access broker / XSS: RDP Access To Unnamed Brazilian Construction Company and SSH Access To API Server Of Taiwanese Taxi Company Advertised
Vulnerabilities: CVE-2023-23719 and CVE-2023-39130
Exploits: CVE-2010-1871 and CVE-2020-11857
Breaches: Spamhaus Data Breach and Telegram: TIZIX FREE.rar

Report: https://zerofox.com/advisories/21387

ZeroFox Daily Intelligence Brief - July 25, 2023

Brief Highlights

Critical Zero-Days in Atera Installers Expose Users to Attacks
Ivanti Releases Security Updates for Endpoint Manager Mobile Vulnerability
Zenbleed Attack Leaks Sensitive Data from AMD Zen2 Processors
Data broker / initial-access broker / BlackPass: 4 Compromised E-commerce Accounts Linked to U.S. Military Emails and 2easy: Compromised Live Nation and TicketMaster accounts
Vulnerabilities: CVE-2023-25074 and CVE-2023-28321
Exploits: CVE-2018-15152 and CVE-2016-7255
Breaches: Telegram: Audi Cloud Breach and Credit Card Data Breach

Report: https://zerofox.com/advisories/21366

ZeroFox Daily Intelligence Brief - July 24, 2023

Brief Highlights

Unpatched Zyxel Vulnerability Exposes Organizations to Persistent DDoS Attacks
Malware Targeting Banks via Open Source Supply Chain
AsyncRAT Variant Malware HotRat Spreading Through Pirated Software
Data broker / initial-access broker / NulledBB: Actor Shares 253,000 Compromised Email Accounts and HackForums: Actor Selling Student Email Accounts for Amazon Prime
Vulnerabilities: CVE-2023-28133 and CVE-2023-3850
Exploits: CVE-2020-10220 and CVE-2012-4869
Breaches: Telegram: OnionLABS Botnet Breach and Credit Card Data Breach

Report: https://zerofox.com/advisories/21355

ZeroFox Daily Intelligence Brief - July 21, 2023

Brief Highlights -Flash Report: New Gold-Backed Currency Potentially Introduced by BRICS

Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities
Github Warns of Lazarus Hackers Targeting Devs with Malicious Projects
Data broker / initial-access broker / Cactus Blog: ZeroFox Intelligence observed a new leak site listing 18 victims and ShadowHacker Leaks: Posted data allegedly stolen from the Government of Taiwan website
Vulnerabilities: CVE-2023-29405 and CVE-2023-37291
Exploits: CVE-2011-1653 and CVE-2019-0232
Breaches: BreachForums/XSS: Duelingnetwork Data Breach and BreachForums/XSS: Canva Data Breach_Additional Dataset

Report: https://zerofox.com/advisories/21329

Breach Disclosures:

Houzz

An alleged data breach at Houzz – a U.S.-based online community and software for home remodeling and design – exposed 3,267,976 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21377

HealthLink

An alleged data breach at HealthLink – a U.S.-based insurance company – exposed 48,196 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21369

Onebip

An alleged data breach at Onebip – an Italy-based mobile payment provider – exposed 2,927,777 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21368

MemberReportAccess.com

An alleged data breach at MemberReportAccess.com – a U.S.-based search site for vehicle history, driving records, public records, and arrest records – exposed 895,789 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21367

ProInteractive

An alleged data breach at ProInteractive – a France-based company that manufacture and retail educational equipments – exposed 17,682 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21365

Devir

An alleged data breach at Devir – a U.S.-based company that operates in editing and distribution of analog games – exposed 491 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21349

StockX

An alleged data breach at StockX – a U.S.-based online marketplace to buy and sell sneakers and other fashion items – exposed 2,366,411 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21348

Duelingnetwork

An alleged data breach at Duelingnetwork – aa U.S.-based online trading card game simulator – exposed 2,506,226 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21347

Stronghold kingdoms

An alleged data breach at Stronghold kingdoms – a U.S.-based multiplayer online real-time strategy game video – exposed 2,629,067 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21346

Renren

An alleged data breach at Renren – a China-based online social network service – exposed 3,117,674 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21345

WeHeartIt

An alleged data breach at WeHeartIt – a U.S.-based social networking application for sharing images online – exposed 2,694,162 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21344

Job&Talent

An alleged data breach at Job&Talent – a Spain-based staffing agency – exposed 2,681,504 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21343

Wanelo

An alleged data breach at Wanelo – a U.S.-based social media shopping site – exposed 2,963,809 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21342

BlankMediaGames

An alleged data breach at BlankMediaGames – a U.S.-based game developing and publishing company – exposed 2,574,816 email addresses, which were subsequently shared on a deep web platform.

Report: https://zerofox.com/advisories/21341

Breaking News:

Rust-based Realst Infostealer Targeting Apple macOS Users' Cryptocurrency Wallets

A new malware family called Realst has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system.

See the full report here: https://thehackernews.com/2023/07/rust-based-realst-infostealer-targeting.html

New AI Tool "FraudGPT" Emerges, Tailored for Sophisticated Attacks

Following the footsteps of WormGPT, threat actors are advertising yet another cybercrime generative artificial intelligence (AI) tool dubbed FraudGPT on various dark web marketplaces and Telegram channels. The AI bot is exclusively targeted for offensive purposes, such as crafting spear phishing emails, creating cracking tools, carding, etc. The tool has been circulating since at least July 22, 2023, for a subscription cost of USD 200 a month (or USD 1,000 for six months and USD 1,700 for a year).

See the full report here: https://thehackernews.com/2023/07/new-ai-tool-fraudgpt-emerges-tailored.html

Fenix Cybercrime Group Poses as Tax Authorities to Target Latin American Users

Tax-paying individuals in Mexico and Chile have been targeted by a Mexico-based cybercrime group that goes by the name Fenix to breach targeted networks and steal valuable data. A key hallmark of the operation entails cloning official portals of the Servicio de Administración Tributaria (SAT) in Mexico and the Servicio de Impuestos Internos (SII) in Chile and redirecting potential victims to those sites.

See the full report here: https://thehackernews.com/2023/07/fenix-cybercrime-group-poses-as-tax.html

Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks

A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it's a significant upgrade over the Pupy RAT, an open-source remote access trojan it's modeled on. Decoy Dog has a full suite of powerful, previously unknown capabilities – including the ability to move victims to another controller, allowing them to maintain communication with compromised machines and remain hidden for long periods of time.

See the full report here: https://thehackernews.com/2023/07/decoy-dog-new-breed-of-malware-posing.html

New Nitrogen malware pushed via Google Ads for ransomware attacks

A new "Nitrogen" initial access malware campaign uses Google and Bing search ads to promote fake software sites that infect unsuspecting users with Cobalt Strike and ransomware payloads. The goal of the Nitrogen malware is to provide the threat actors initial access to corporate networks, allowing them to conduct data-theft, cyberespionage, and ultimately deploying the BlackCat/ALPHV ransomware.

See the full report here: https://www.bleepingcomputer.com/news/security/new-nitrogen-malware-pushed-via-google-ads-for-ransomware-attacks/

NATO investigates alleged data theft by SiegedSec hackers

NATO has confirmed that its IT team is investigating claims about an alleged data-theft hack on the Communities of Interest (COI) Cooperation Portal by a hacking group known as SiegedSec. The hacking group "SiegedSec" posted on Telegram what they claimed to be hundreds of documents stolen from the COI Cooperation Portal.

See the full report here: https://www.bleepingcomputer.com/news/security/nato-investigates-alleged-data-theft-by-siegedsec-hackers/

SEC now requires companies to disclose cyberattacks in 4 days

The U.S. Securities and Exchange Commission has adopted new rules requiring publicly traded companies to disclose cyberattacks within four business days after determining they're material incidents. Material incidents are those that a public company's shareholders would consider important in making an investment decision.

See the full report here: https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/

Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws

Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices. Two recent flaws tracked as CVE-2023-32629 and CVE-2023-2640 were recently introduced into the operating system, impacting roughly 40% of Ubuntu's userbase.

See the full report here: https://www.bleepingcomputer.com/news/security/almost-40-percent-of-ubuntu-users-vulnerable-to-new-privilege-elevation-flaws/

Lazarus hackers linked to USD 60 million Alphapo cryptocurrency heist

Blockchain analysts blame the North Korean Lazarus hacking group for a recent attack on payment processing platform Alphapo where the attackers stole almost USD 60 million in crypto. This theft included over 6 million USDT, 108k USDC, 100.2 million FTN, 430k TFL, 2.5k ETH, and 1,700 DAI, all drained from hot wallets, likely made possible by a leak of private keys.

See the full report here: https://www.bleepingcomputer.com/news/security/lazarus-hackers-linked-to-60-million-alphapo-cryptocurrency-heist/

China says Wuhan earthquake centre attacked by overseas hackers

An earthquake monitoring centre in central China's Wuhan reportedly suffered a cyberattack from overseas hackers as claimed by local authorities and China's state media. The attacks were claimed to originate from the United States.

See the full report here: https://www.reuters.com/world/china/china-says-wuhan-earthquake-centre-attacked-by-overseas-hackers-2023-07-26/

Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique

The financially motivated threat actors behind the Casbaneiro banking malware family have been observed making use of a User Account Control (UAC) bypass technique to gain full administrative privileges on a machine, a sign that the threat actor is evolving their tactics to avoid detection and execute malicious code on compromised assets.

See the full report here: https://thehackernews.com/2023/07/casbaneiro-banking-malware-goes-under.html

North Korean Nation-State Actors Exposed in JumpCloud Hack After OPSEC Blunder

North Korean nation-state actors affiliated with the Reconnaissance General Bureau (RGB) have been attributed to the JumpCloud hack following an operational security (OPSEC) blunder that exposed their actual IP address.

See the full report here: https://thehackernews.com/2023/07/north-korean-nation-state-actors.html

Critical MikroTik RouterOS Vulnerability Exposes Over Half a Million Devices to Hacking

A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices. Cataloged as CVE-2023-30799 (CVSS score: 9.1), the shortcoming is expected to put approximately 500,000 and 900,000 RouterOS systems at risk of exploitation via their web and/or Winbox interfaces.

See the full report here: https://thehackernews.com/2023/07/critical-mikrotik-routeros.html

Fenix Cybercrime Group Poses as Tax Authorities to Target Latin American Users

See the full report here: https://thehackernews.com/2023/07/fenix-cybercrime-group-poses-as-tax.html

VMware fixes bug exposing CF API admin credentials in audit logs

VMware has patched an information disclosure vulnerability in VMware Tanzu Application Service for VMs (TAS for VMs) and Isolation Segment caused by credentials being logged and exposed via system audit logs. Threat actors who exploit this vulnerability can use the stolen credentials to push malicious app versions.

See the full report here: https://www.bleepingcomputer.com/news/security/vmware-fixes-bug-exposing-cf-api-admin-credentials-in-audit-logs/

New Realst macOS malware steals your cryptocurrency wallets

A new Mac malware named "Realst" is being used in a massive campaign targeting Apple computers, with some of its latest variants including support for macOS 14 Sonoma, which is still in development. The malware is distributed to both Windows and macOS users in the form of fake blockchain games using names such as Brawl Earth, WildWorld, Dawnland, Destruction, Evolion, Pearl, Olymp of Reptiles, and SaintLegend.

See the full report here: https://www.bleepingcomputer.com/news/security/new-realst-macos-malware-steals-your-cryptocurrency-wallets/

CISA warns govt agencies to patch Ivanti bug exploited in attacks

The Cybersecurity and Infrastructure Security Agency (CISA) warned U.S. federal agencies to secure their systems against a maximum severity authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM), formerly MobileIron Core.

See the full report here: https://www.bleepingcomputer.com/news/security/cisa-warns-govt-agencies-to-patch-ivanti-bug-exploited-in-attacks/

ALPHV ransomware adds data leak API in new extortion strategy

The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their attacks. This move follows the gang’s recent breach of Estée Lauder that ended with the beauty company completely ignoring the threat actor’s effort to engage in negotiations for a ransom payment.

See the full report here: https://www.bleepingcomputer.com/news/security/alphv-ransomware-adds-data-leak-api-in-new-extortion-strategy/

Zenbleed attack leaks sensitive data from AMD Zen2 processors

A security researcher has discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as passwords and encryption keys, at a rate of 30KB/sec from each CPU core. The vulnerability is tracked as CVE-2023-20593 and is caused by the improper handling of an instruction called 'vzeroupper' during speculative execution, a common performance-enhancing technique used in all modern processors.

See the full report here: https://www.bleepingcomputer.com/news/security/zenbleed-attack-leaks-sensitive-data-from-amd-zen2-processors/

Apple Rolls Out Urgent Patches for Zero-Day Flaws Impacting iPhones, iPads and Macs

Apple has rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities, including one actively exploited zero-day bug in the wild. Tracked as CVE-2023-38606, the shortcoming resides in the kernel and permits a malicious app to modify sensitive kernel state potentially.

See the full report here: https://thehackernews.com/2023/07/apple-rolls-out-urgent-patches-for-zero.html

Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation

Ivanti is warning users to update their Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core) to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access vulnerability that impacts currently supported version 11.4 releases 11.10, 11.9, and 11.8 as well as older releases. It has the maximum severity rating of 10 on the CVSS scale.

See the full report here: https://thehackernews.com/2023/07/ivanti-releases-urgent-patch-for-epmm.html

Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo

Atlassian has released updates to address three security flaws impacting its Confluence Server, Data Center, and Bamboo Data Center products that, if successfully exploited, could result in remote code execution on susceptible systems.

See the full report here: https://thehackernews.com/2023/07/atlassian-releases-patches-for-critical.html

5 New Vulnerabilities Exposed in Widely Used Radio Communication System

A set of five security vulnerabilities have been disclosed in the Terrestrial Trunked Radio (TETRA) standard for radio communication used widely by government entities and critical infrastructure sectors, including what's believed to be an intentional backdoor that could have potentially exposed sensitive information.

See the full report here: https://thehackernews.com/2023/07/tetraburst-5-new-vulnerabilities.html

Casbaneiro Banking Malware Improves Evasion with UAC Bypass Technique

See the full report here: https://thehackernews.com/2023/07/casbaneiro-banking-malware-goes-under.html

Over 15K Citrix servers vulnerable to CVE-2023-3519 RCE attacks

Thousands of Citrix Netscaler ADC and Gateway servers exposed online are vulnerable to attacks exploiting a critical remote code execution (RCE) bug that was previously abused in the wild as a zero-day. Security researchers revealed that at least 15,000 appliances were identified as exposed to attacks leveraging the flaw (CVE-2023-3519) based on their version information.

See the full report here: https://www.bleepingcomputer.com/news/security/over-15k-citrix-servers-vulnerable-to-cve-2023-3519-rce-attacks/

CISA warns govt agencies to patch Adobe ColdFusion servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two critical security flaws exploited in attacks, one of them as a zero-day.

See the full report here: https://www.bleepingcomputer.com/news/security/cisa-warns-govt-agencies-to-patch-adobe-coldfusion-servers/

DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks

Several distributed denial-of-service (DDoS) botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems. The attacks were occurring in multiple regions, including Central America, North America, East Asia, and South Asia

See the full report here: https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html

Sophisticated BundleBot Malware Disguised as Google AI Chatbot and Utilities

A new malware strain known as BundleBot has been stealthily operating under the radar by taking advantage of .NET single-file deployment techniques, enabling threat actors to capture sensitive information from compromised hosts.

See the full report here: https://thehackernews.com/2023/07/sophisticated-bundlebot-malware.html

HotRat: New Variant of AsyncRAT Malware Spreading Through Pirated Software

A new variant of AsyncRAT malware dubbed HotRat is being distributed via free, pirated versions of popular software and utilities such as video games, image and sound editing software, and Microsoft Office. HotRat malware equips attackers with a wide array of capabilities, such as stealing login credentials, cryptocurrency wallets, screen capturing, keylogging, installing more malware, and gaining access to or altering clipboard data

See the full report here: https://thehackernews.com/2023/07/hotrat-new-variant-of-asyncrat-malware.html

Banking Sector Targeted in Open-Source Software Supply Chain Attacks

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. The attacks showcased advanced techniques, including targeting specific components in web assets of the targeted bank.

See the full report here: https://thehackernews.com/2023/07/banking-sector-targeted-in-open-source.html

Indian Government warns internet users of "AKIRA" ransomware

The Indian Computer Emergency Response Team (CERT-In) has issued a warning about a new internet ransomware virus called "Akira," which is causing significant concern. This malicious software is designed to target both Windows and Linux-based systems.

See the full report here: https://tech.hindustantimes.com/tech/news/government-warns-internet-users-about-akira-ransomware-hackers-using-anydesk-winrar-71690168901674.html

New OpenSSH Vulnerability Exposes Linux Systems to Remote Command Injection

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. The vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent.

See the full report here: https://thehackernews.com/2023/07/new-openssh-vulnerability-exposes-linux.html

Turla's New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector

The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor called DeliveryCheck (aka CAPIBAR or GAMEDAY) that's capable of delivering next-stage payloads. The Microsoft threat intelligence team, in collaboration with the Computer Emergency Response Team of Ukraine (CERT-UA), attributed the attacks to a Russian nation-state actor known as Turla, which is also tracked under the names Iron Hunter, Secret Blizzard (formerly Krypton), Uroburos, Venomous Bear, and Waterbug. It's linked to Russia's Federal Security Service (FSB).

See the full report here: https://thehackernews.com/2023/07/turlas-new-deliverycheck-backdoor.html

Apache OpenMeetings Web Conferencing Tool Exposed to Critical Vulnerabilities

Multiple security flaws have been disclosed in Apache OpenMeetings, a web conferencing solution, that could be potentially exploited by malicious actors to seize control of admin accounts and run malicious code on susceptible servers.

See the full report here: https://thehackernews.com/2023/07/apache-openmeetings-web-conferencing.html

Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks

Mallox ransomware activities in 2023 have witnessed the group and its pattern of exploiting poorly secured MS-SQL servers via dictionary attacks as a penetration vector to compromise victims' networks.

See the full report here: https://thehackernews.com/2023/07/mallox-ransomware-exploits-weak-ms-sql.html

DDoS Botnets Hijacking Zyxel Devices to Launch Devastating Attacks

Several distributed denial-of-service (DDoS) botnets have been observed exploiting a critical flaw in Zyxel devices that came to light in April 2023 to gain remote control of vulnerable systems. Through the capture of exploit traffic, the attacker's IP address was identified, and it was determined that the attacks were occurring in multiple regions, including Central America, North America, East Asia, and South Asia.

See the full report here: https://thehackernews.com/2023/07/ddos-botnets-hijacking-zyxel-devices-to.html

APT41 hackers target Android users with WyrmSpy, DragonEgg spyware

The Chinese state-backed APT41 hacking group is targeting Android devices with two newly discovered spyware strains dubbed WyrmSpy and DragonEgg by researchers. APT41 is one of the oldest state hacking groups with a history of targeting various industries in the USA, Asia, and Europe.

See the full report here: https://www.bleepingcomputer.com/news/security/apt41-hackers-target-android-users-with-wyrmspy-dragonegg-spyware/

New P2PInfect worm malware targets Linux and Windows Redis servers

Security researchers discovered a new peer-to-peer (P2P) malware with self-spreading capabilities that targets Redis instances running on Internet-exposed Windows and Linux systems. The researchers who spotted the Rust-based worm (named P2PInfect) on July 11, 2023 also found that it hacks into Redis servers that have been left vulnerable to the maximum severity CVE-2022-0543 Lua sandbox escape vulnerability.

See the full report here: https://www.bleepingcomputer.com/news/security/new-p2pinfect-worm-malware-targets-linux-and-windows-redis-servers/

JumpCloud breach traced back to North Korean state hackers

US-based enterprise software company JumpCloud was breached by North Korean Lazarus Group hackers. Researchers linked the North Korean threat group to the JumpCloud hack based on multiple indicators of compromise shared by the company in a recent incident report.

See the full report here: https://www.bleepingcomputer.com/news/security/jumpcloud-breach-traced-back-to-north-korean-state-hackers/

Critical AMI MegaRAC bugs can let hackers brick vulnerable servers

Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller (BMC) software made by hardware and software company American Megatrends International. The two security flaws enable attackers to bypass authentication or inject malicious code via Redfish remote management interfaces exposed to remote access:

See the full report here: https://www.bleepingcomputer.com/news/security/critical-ami-megarac-bugs-can-let-hackers-brick-vulnerable-servers/

GitHub warns of Lazarus hackers targeting devs with malicious projects

GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware. The campaign was linked to the North Korean state-sponsored Lazarus hacking group, also known as Jade Sleet (Microsoft Threat Intelligence) and TraderTraitor (CISA). The US government released a report in 2022 detailing the threat actors' tactics.

See the full report here: https://www.bleepingcomputer.com/news/security/github-warns-of-lazarus-hackers-targeting-devs-with-malicious-projects/

VirusTotal apologizes for data leak affecting 5,600 customers

VirusTotal apologized for leaking the information of over 5,600 customers after an employee mistakenly uploaded a CSV file containing their info to the platform. The data leak impacted only Premium account customers, with the uploaded file containing their names and corporate email addresses.

See the full report here: https://www.bleepingcomputer.com/news/security/virustotal-apologizes-for-data-leak-affecting-5-600-customers/

ZeroFox Intelligence Reports:

ZeroFox Intelligence Flash Report - Middle East-Sweden Quran Protests

In this flash report, ZeroFox’s Geopolitical Working Group provides updates on the unrest in the Middle East and other fallout stemming from the recent demonstration in Stockholm, Sweden, which desecrated the Quran.

Report: https://zerofox.com/advisories/21350