Cyber Alerts

1. OpenCart Vulnerability Discovered A security expert, identified as “0xbro,” revealed a Static Code Injection vulnerability affecting OpenCart versions 4.0.0.0 to 4.0.2.3, allowing unauthorized data entry into critical files. While the flaw was responsibly disclosed, the researcher reported an unprofessional response from OpenCart’s administrator, Daniel Kerr, raising concerns about the company's approach to security matters.

2. Critical Flaws in ownCloud ownCloud has alerted users about three serious security vulnerabilities that could lead to data breaches and unauthorized file alterations. These vulnerabilities involve sensitive data exposure, WebDAV API authentication bypass, and subdomain validation bypass. Users are urged to address these issues by implementing fixes, disabling certain features, and updating their credentials. Additionally, a separate critical remote code execution vulnerability in CrushFTP has been identified, enabling attackers to access files and run arbitrary programs without authentication.

3. Increase in Black Friday Phishing Scams Researchers have observed a notable rise in phishing emails targeting shoppers during Black Friday and Cyber Monday. These deceptive emails often impersonate well-known brands and employ tactics such as realistic designs, authentic hyperlinks, and social engineering to trick recipients into revealing sensitive information or clicking on malicious links. To enhance safety, users are encouraged to thoroughly verify offers and utilize strong anti-phishing and anti-malware protections.

4. Malicious Chrome Extensions Targeting Brazil A recently identified malicious Google Chrome extension, "ParaSiteSnatcher," is capable of extracting sensitive data by monitoring and manipulating various sources. This extension exploits the Chrome Browser API to intercept and extract critical information from POST requests, especially those involving sensitive financial data, targeting Brazilian users and institutions like Banco do Brasil and Caixa Econômica Federal.

Cyber Incidents

5. Ransomware Attack on China Energy The Rhysida ransomware group has claimed responsibility for breaching the China Energy Engineering Corporation, with intentions to auction stolen data for 50 BTC. Their tactics, as noted in FBI-CISA warnings, involve targeting multiple sectors using advanced techniques such as Zerologon exploitation.

6. Vanderbilt Medical Center Cyber Investigation Vanderbilt University Medical Center is currently probing a cybersecurity incident linked to a compromised database, which has appeared on the Meow ransomware group's leak site. Initial findings suggest that the database did not contain sensitive patient or employee information, although it raises concerns about the evolving strategies of cybercriminals.

7. Cyber Av3ngers Breach Aliquippa Water Authority The Municipal Water Authority of Aliquippa revealed that an Iranian-backed cyber group, Cyber Av3ngers, successfully hacked one of their booster stations. Despite the breach, officials assured there is no current threat to the drinking water supply.

8. KyberSwap Suffers $55 Million Theft KyberSwap, a decentralized exchange, experienced a sophisticated cyber-attack on November 22, resulting in a loss of approximately $55 million from users' funds due to an exploit in its Elastic smart contracts. The company has paused deposits, launched investigations, and is in talks with attackers to recover the stolen funds.

9. General Electric Under Investigation for Data Breach General Electric is looking into claims of a cyberattack and data theft by a threat actor known as IntelBroker, who allegedly compromised GE's development environment. The company has acknowledged the claims and is investigating to ensure system integrity.

10. BlackCat Ransomware Affects Henry Schein Henry Schein, Inc. faced a cybersecurity incident on October 14 that disrupted its manufacturing and distribution processes. Initially, the AlphV (BlackCat) group claimed responsibility for the attack, causing ongoing issues with their ecommerce platforms. However, recent updates indicate efforts are underway to restore services soon.

Cyber News

11. Broadcom Completes VMware Acquisition Broadcom has overcome all regulatory hurdles for its $69 billion acquisition of VMware, with plans to finalize the deal soon after receiving approval from China. This acquisition is part of Broadcom's strategy to strengthen its position in cloud technology.

12. Toronto Library Systems Remain Offline Following a cyberattack in late October, the Toronto Public Library's systems will remain offline until 2024. Services are expected to gradually resume starting in January, as restoration efforts are prioritized.

13. Pentagon's AI Initiative Raises Ethical Concerns The Pentagon's Replicator initiative aims to deploy thousands of AI-enabled autonomous vehicles by 2026, raising alarm over the potential use of fully autonomous lethal weapons. While AI advancements assist in various military functions, they also pose ethical and operational dilemmas.

14. EU Commission Faces Criticism Over Spyware Regulations European lawmakers have criticized the European Commission for failing to act on stricter spyware regulations proposed by the PEGA Committee, which sought to limit spyware's use to legitimate national security needs.

15. CISA and UK NCSC Release AI Security Guidelines CISA and the UK NCSC have published comprehensive guidelines for secure AI system development, emphasizing the principles of security by design and the importance of transparency and accountability in AI systems.

Subscribe and Share Your Thoughts. Copyright © 2023 CyberMaterial. All Rights Reserved. Follow CyberMaterial on LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.