Security Leftovers

posted by Roy Schestowitz on Nov 03, 2022

• OPERA1ER APT Hackers Targeted Dozens of Financial Organizations in Africa

  A French-speaking threat actor dubbed OPERA1ER has been linked to a series of more than 30 successful cyber attacks aimed at banks, financial services, and telecom companies across Africa, Asia, and Latin America between 2018 and 2022.

  According to Singapore-headquartered cybersecurity company Group-IB, the attacks have led to thefts totaling $11 million, with actual damages estimated to be as high as $30 million.

  Some of the more recent attacks in 2021 and 2021 have singled out five different banks in Burkina Faso, Benin, Ivory Coast, and Senegal. Many of the victims identified are said to have been compromised twice, and their infrastructure subsequently weaponized to strike other organizations.

• What closed-source software developers can learn from their open-source counterparts - Help Net Security

  Open-source software has reached greater levels of security than ever before, but its increased adoption comes with new challenges.

  In this Help Net Security video, Josep Prat, Open Source Engineering Director at Aiven, illustrates how threat actors see greater use of open-source software as an opportunity, deploying new methods targeting tech professionals and open-source projects. Phishing attacks and compromised open-source applications are now a clear and constant danger for developers and the community.

  By its very nature, open source is easily accessible and open to all, making it all the more concerning that many hacking groups carrying out these attacks are linked to hostile groups and organizations. Open-source developers must be aware of these new trends and carefully check change requests in their projects.

• CISA Releases Three Industrial Control Systems Advisories | CISA

  CISA has released three (3) Industrial Control Systems (ICS) advisories on November 3, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ETIC Telecom Remote Access Server (RAS) | CISA

  Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information and compromise the vulnerable device and other connected machines.

• Security updates for Thursday [LWN.net]

  Security updates have been issued by Debian (pypy3), Fedora (drupal7, git, java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk, and php), Oracle (kernel, lua, openssl, pcs, php-pear, pki-core, python3.9, and zlib), Red Hat (kernel, kernel-rt, kpatch-patch, lua, openssl-container, pcs, php-pear, pki-core, python3.9, and zlib), Scientific Linux (kernel, pcs, and php-pear), SUSE (EternalTerminal, hsqldb, ntfs-3g_ntfsprogs, privoxy, rubygem-actionview-4_2, sqlite3, and xorg-x11-server), and Ubuntu (ntfs-3g, python3.10, and sqlite3).

• iTWire - Ransomware most destructive online crime, ACSC report claims

  Ransomware attacks are more or less exclusively limited to systems running versions of Microsoft's Windows operating system.

• iTWire - Real estate firm Harcourts latest to suffer data breach

  Real estate company Harcourts says its Melbourne City franchise has been breached in what it describes as a "cyber incident", with the route for entry being a device used by the franchisee's service provider Stafflink.

  The company said in a statement on Thursday it became aware on 24 October that its rental property database had been infiltrated by a third party.

  Harcourts lists a total of 216 franchisees on its website and the statement said each office had its own operating system and IT infrastructure.

  Regarding the data that was accessed, the statement said: "The rental property database holds personal information relating to landlords, tenants and trades and was used by the franchisee’s service provider, Stafflink, to provide it with administrative support.

• Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers

  A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group.

  This link "could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups," cybersecurity firm SentinelOne said in a technical write-up shared with The Hacker News.

  Black Basta, which emerged earlier this year, has been attributed to a ransomware spree that has claimed over 90 organizations as of September 2022, suggesting that the adversary is both well-organized and well-resourced.

• Apple Releases Security Update for Xcode | CISA

  Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

• Cisco Releases Security Updates for Multiple Products | CISA

  Cisco has released security updates for vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.