Security Leftovers

posted by Roy Schestowitz on Jan 31, 2024

• Cyber Security News ☛ Linux Kernel’s IPv6 Implementation Flaw Let Attackers Execute Arbitrary Code

  With a CVSS score of 7.5, a high-severity IPv6 implementation issue in the Linux kernel identified as CVE-2023-6200 allowed attackers to execute arbitrary code execution.

  Due to this vulnerability, an attacker from an adjacent network may be able to transmit an ICMPv6 router advertisement packet, which is a crucial part of the IPv6 protocol.

• LWN ☛ Security updates for Tuesday

  Security updates have been issued by Debian (pillow, postfix, and redis), Fedora (python-templated-dictionary and selinux-policy), Red Hat (gnutls, kpatch-patch, libssh, and tomcat), and Ubuntu (amanda, ceph, linux-azure, linux-azure-4.15, linux-kvm, and tinyxml).

• LWN ☛ Security updates for Wednesday

  Security updates have been issued by Debian (bind9 and glibc), Fedora (ncurses), Gentoo (containerd, libaom, and xorg-server, xwayland), Mageia (python-pillow and zlib), Oracle (grub2 and tomcat), Red Hat (avahi, c-ares, container-tools:3.0, curl, firefox, frr, kernel, kernel-rt, kpatch-patch, libfastjson, libmicrohttpd, linux-firmware, oniguruma, openssh, perl-HTTP-Tiny, python-pip, python-urllib3, python3, rpm, samba, sqlite, tcpdump, thunderbird, tigervnc, and virt:rhel and virt-devel:rhel modules), SUSE (python-Pillow, slurm, slurm_20_02, slurm_20_11, slurm_22_05, slurm_23_02, and xen), and Ubuntu (libde265, linux-nvidia, mysql-8.0, openldap, pillow, postfix, and xorg-server, xwayland).

• The Globe And Mail CA ☛ Global Affairs hit by cyberattack, shuts down computer systems to fix

  For the second time in two years, Canada’s Foreign Ministry has fallen victim to a cyberattack that has forced the government to shutter part of its computer systems.

  Global Affairs Canada announced Tuesday it has sealed off remote access to its network across the country. It revealed it took this drastic step last week – on Jan. 24 – “to address the discovery of malicious cyber activity.”

  Hackers gained access to the personal data of users, including employees, the department said in a statement Tuesday.

• CBS ☛ FBI director to warn Congress of dangers Chinese hackers pose to American infrastructure, innovation

  Hackers backed by the Chinese government are targeting U.S. water treatment plants and electrical grids, strategically positioning themselves within critical infrastructure systems to “wreak havoc and cause real-world harm to American citizens and communities,” FBI Director Christopher Wray is expected to tell Congress Wednesday.

  “There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure,” Wray will warn the House Select Committee on the Chinese Communist Party, according to excerpts of his remarks obtained by CBS News. “The risk that poses to every American requires our attention — now.”

• Hackers obtain confidential information on Romanian officials after cyber attack at Parliament

  Hackers breached the database of the Romanian Chamber of Deputies, the lower house of the Parliament, after a recent cyber attack. They reportedly managed to obtain confidential information, such as the prime minister’s identity documents, medical analyses, and other personal data.

  The attack was reported after Digi24 discovered that a group of hackers was boasting about it online. The hackers threatened to release the personal data of the deputies if they did not receive a ransom. They even published some of the information, including identity cards, specifically those of prime minister Marcel Ciolacu and UDMR leader Kelemen Hunor. The PM said on Wednesday, January 31, that he would change his ID card following this incident.

• Cyble Inc ☛ Leading Mobile Banking App Hit by IntelBroker Hackers, Sensitive Data Up for Sale

  The IntelBroker hacker group has claimed responsibility for a potential cyberattack on a popular (undisclosed) mobile banking app boasting over 10 million users. The threat actor, known for their prowess in exploiting vulnerabilities, posted details of the exploit on a hacker forum on Saturday, January 27, 2024.

  The post by IntelBroker, titled “[Cyber Niggers] Popular Mobile Bank Vulnerability,” offers an exploit capable of scraping and leaking sensitive information from the banking app. The data for sale includes full names, countries, and payment methods of users. The hacker is demanding payment exclusively in XMR (Monero) and has provided visuals to emphasize the gravity of the exploit.

  The exact target of this attack is not explicitly mentioned in the post. However, speculations stemming from the initial X post by Daily Dark Web hint at Nu Bank being the potential target.

• Krebs On Security ☛ Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

  On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

• Reuters ☛ US disabled Chinese hacking network targeting critical infrastructure

  The U.S. government in recent months launched an operation to fight a pervasive Chinese hacking operation that successfully compromised thousands of internet-connected devices, according to two Western security officials and one person familiar with the matter.

  The Justice Department and Federal Bureau of Investigation sought and received legal authorization to remotely disable aspects of the Chinese hacking campaign, the sources told Reuters.

  The Biden administration has increasingly focused on hacking, not only for fear nation states may try to disrupt the U.S. election in November, but because ransomware wreaked havoc on Corporate America in 2023.

• The Times Of Israel ☛ Hospitals across country issued patients wrong prescriptions due to system glitch [Ed: System breach, not glitch, probably Windows]

  Hospitals across the country issued prescriptions to patients for the wrong medicines over some time due to a problem with an administration system, the Health Ministry notified Tuesday.

  Though the ministry said in a statement that it was still trying to assess the scale of the problem with its Chameleon medical records system, sources said it impacted dozens, if not hundreds, of patients over the past few weeks at least.

  Patients were prescribed medicines that were supposed to be given to others or incorrect drugs for their treatment, according to Hebrew media reports, citing ministry sources. The problem did not affect all patients.

  Initially, sources said it was not clear if the problem was caused by a bug in the software or a cyberattack and the matter was being probed. Later, ministry officials and the company that provides Chameleon said it was a problem with the program and that an update in the software was circulated to resolve the issue.

• Bloomberg ☛ Russia Hit With Widespread Internet Outage Across Country

  Russia is facing a widespread internet outage that’s affected users across the country, with access to websites on the local .ru domain down.

  The issue was linked to a technical problem with the .ru domain’s global Domain Name System Security Extensions, or DNSSEC, which is used to secure data exchanged in internet protocol networks, Russia’s Digital Ministry said in a statement on Telegram Tuesday.

  Websites including the most popular local search engine Yandex.ru, ecommerce leaders Ozon.ru and Wildberries.ru, and apps of the country’s biggest banks — Sberbank PJSC and VTB Group — were all affected, state-run Ria reported, citing Downradar, a traffic monitoring service.

• RFERL ☛ Internet Down For Hours In One Of Russia's Largest Outages

  Russia has suffered one of its largest Internet outages as sites with the .ru domain were unavailable for hours on the evening of January 30.

• Fulton court clerks, tax and DMV offices closed to residents due to hack

  Many Fulton County government systems remain down Tuesday following discovery of a cyberattack over the weekend.

  Phones are out at county offices, according to county spokeswoman Jessica Corbitt. Several offices are also closed to the public.

  The Clerk of Superior Court offices at both North and South Service Centers are closed, Corbitt said. So is Probate Court at both service centers.

• Attorney General James Sues Citibank for Failing to Protect and Reimburse Victims of Electronic Fraud

  New York Attorney General Letitia James today sued Citibank, N.A. (Citi) for failing to protect and refusing to reimburse victims of fraud. The lawsuit alleges that Citi does not implement strong online protections to stop unauthorized account takeovers, misleads account holders about their rights after their accounts are hacked and funds are stolen, and illegally denies reimbursement to victims of fraud. The Office of the Attorney General (OAG) has found that the bank fails to respond to fraudulent activity appropriately and quickly. As a result of Citi’s lax security, New York customers have lost millions of dollars, and in some instances, their entire lifesavings, to scammers and hackers. Attorney General James is seeking to hold Citi accountable for failing to protect its customers and require the company to pay back defrauded New Yorkers with interest, pay penalties, and adopt enhanced anti-fraud defenses to prevent scammers from stealing consumers’ funds.