Published on 17 July 2023 on The Hacker News 

Summary:

A new AI cybercrime tool, WormGPT, has emerged, enabling cybercriminals to launch sophisticated phishing and business email compromise (BEC) attacks with ease. It automates the creation of convincing fake emails, increasing the chances of success for the attack. Additionally, the use of generative AI allows attackers to spread disinformation and execute harmful code, making it accessible to even less skilled cybercriminals.

Cybersecurity Threats:

• WormGPT - AI Cybercrime Tool: WormGPT facilitates automated creation of realistic fake emails for phishing and BEC attacks.

• Jailbreaks for ChatGPT: Threat actors manipulate OpenAI ChatGPT, generating harmful content and disclosing sensitive information.

• LLM Supply Chain Poisoning - PoisonGPT: Researchers modify AI models to spread disinformation, potentially leading to supply chain poisoning.

Recommendations for Protection:

• Educate users about phishing and BEC to recognize and report suspicious emails.

• Implement multi-factor authentication (MFA) for enhanced account security.

• Deploy robust security monitoring to detect and respond to unusual activities.

• Secure APIs to prevent unauthorized access and misuse.

• Validate AI models from trusted sources to avoid supply chain risks.

By taking these precautions, organizations can defend against the growing threat of AI-based cybercrime and protect their critical assets. Collaboration between cybersecurity experts and researchers will be crucial to stay ahead of malicious actors in this evolving landscape.

Published on 16 Jun 2023 | Updated on 17 July 2023

Summary:

Progress Software has recently identified a critical vulnerability (CVE-2023-35708) in MOVEit Transfer, a popular managed file transfer software. If exploited, this SQL Injection vulnerability could allow unauthorized attackers to gain escalated privileges and unauthorized access to the affected environment. The vulnerability impacts several product versions, making it essential for users and administrators to take prompt action to safeguard their systems.

Cybersecurity Threats:

SQL Injection Vulnerability (CVE-2023-35708): This flaw allows unauthenticated attackers to execute malicious SQL queries, potentially accessing sensitive data, bypassing authentication, and compromising the targeted environment.

Recommendations for Protection:

Organizations using affected versions of MOVEit Transfer must act swiftly to secure their systems. Follow these recommendations to mitigate the risk:

• Update to the Latest Versions: Users and administrators should immediately update their MOVEit Transfer installations to the latest patched versions to eliminate the vulnerability.

• Temporary Workaround for Unpatched Systems: If immediate updates are not possible, apply a temporary workaround by disabling all HTTP and HTTPS traffic to the MOVEit Transfer environment. Modify firewall rules to deny traffic on ports 80 and 443. However, note that this workaround may impact certain functionalities temporarily.

• Monitor for Suspicious Activity: Keep a vigilant eye on your network for any signs of unauthorized access or unusual activities. Implement robust security monitoring and intrusion detection systems to detect and respond to potential threats.

• Implement Least Privilege Principle: Ensure that users and applications have only the necessary permissions to access specific resources. This practice reduces the potential impact of a successful attack.

• Educate Users and Staff: Raise awareness among employees about cybersecurity best practices, such as recognizing phishing emails and suspicious links, and encourage reporting of any unusual activities.

• Regular Security Audits and Penetration Testing: Conduct regular security audits and penetration testing to identify and address vulnerabilities in your systems proactively.

By following these recommendations and promptly applying updates, organizations can fortify their MOVEit Transfer deployments and better protect their sensitive data from potential cyber threats.

For more detailed information, you can refer to the official advisory from Progress Software: MOVEit Transfer Critical Vulnerability. Stay proactive and ensure your cybersecurity measures are robust to safeguard your critical assets from evolving threats.

Source: https://www.csa.gov.sg/alerts-advisories/alerts/2023/al-2023-080

Published date Jul 14, 2023 

Source https://www.itworldcanada.com/article/cyber-security-today-july-14-2023-ransomware-payments-are-up-google-is-squeezing-bad-android-developers-and-more/542832

Ransomware gangs are having a lucrative year, amassing almost US$450 million in the first six months alone. This surge in profits has been driven by increased targeting of larger organizations, indicating a shift in tactics. However, it's not all bad news for the cybersecurity landscape, as efforts to combat cryptocurrency-related crimes are showing promising results. In this blog, we'll delve into the recent cybersecurity threats mentioned in the news and provide recommendations for organizations to safeguard themselves against these evolving risks.

Ransomware Profits Soar: According to Chainalysis researchers, ransomware gangs have already reaped substantial profits this year, surpassing the same period last year by a significant margin. If the current trend continues, 2023 could become the second-largest year for ransomware attacks, following the record-breaking year of 2021 when gangs earned US$940 million through illicit transactions. This year, more ransomware gangs are targeting larger organizations, leading to an increase in successful attacks on them.

Decrease in Other Cryptocurrency Crimes: While ransomware attacks are flourishing, the good news is that other cryptocurrency-related crimes, like scams, have seen a sharp decline in 2023. The efforts of cybersecurity firms and law enforcement agencies in targeting criminal infrastructure supporting cryptocurrency payments appear to be paying off, deterring criminals from engaging in other illicit activities.

Google's Play Store Security Measures: Google is stepping up its defense against malicious Android applications in the Play store. Starting August 31st, new Play Console developer accounts for organizations will require a D-U-N-S number, a unique identifier assigned by Dunn & Bradstreet. This measure allows Google to verify business information and enhance the legitimacy of app developers. Additionally, developers will need to provide more identity information to increase transparency and accountability.

BlackLotus Bootkit Source Code Leak: In concerning news, the source code for the BlackLotus bootkit for Windows has been leaked on GitHub. This bootkit enables the loading of unsigned drivers, posing serious risks to system security. Although this leak could aid security researchers in understanding the malware's inner workings, it also raises concerns about potential misuse by threat actors.

Critical Vulnerability in Cisco SD-WAN vManage: Administrators using Cisco Systems SD-WAN vManage must update it to the latest version promptly. This update addresses a critical vulnerability that could enable attackers to retrieve or alter configuration information. Staying up-to-date with security patches is crucial to prevent exploitation.

Implementation Plan for U.S. National Cybersecurity Strategy: An important step in the fight against cyber threats is the recent announcement of an implementation plan for the U.S. National Cybersecurity Strategy. This plan provides federal agencies with a timeline for executing cybersecurity actions. Key measures include updating the U.S. National Cyber Incident Response Plan to provide clear guidance to third parties and establishing a National Cyber Workforce and Education Strategy.

Conclusion: The cybersecurity landscape is witnessing a surge in ransomware profits and evolving threats. Organizations must stay vigilant and take proactive measures to protect themselves. Implementing strong security practices, regularly updating software, and collaborating with law enforcement agencies are essential steps to stay resilient against cyber threats in this dynamic digital landscape.

Published date Jul 14, 2023 

Source https://thehackernews.com/2023/07/new-soho-router-botnet-avrecon-spreads.html

A new strain of malware called AVrecon has emerged, targeting small office/home office (SOHO) routers for over two years. This covert campaign has infected over 70,000 devices across 20 countries, forming one of the largest SOHO router-targeting botnets. In this blog, we will summarize the key details of AVrecon, the threats it poses, and provide recommendations to protect against it.

Summary

AVrecon is a sophisticated malware strain that has evaded detection for an extended period. It creates a covert network for criminal activities such as password spraying and digital advertising fraud. The infected devices span 20 countries, with a significant concentration in the U.K. and the U.S.

Cybersecurity Threats

1. Infiltration of SOHO Routers: AVrecon exploits vulnerabilities in SOHO routers, forming a botnet for malicious activities.

2. Covert Network Creation: AVrecon aims to establish a covert network for password spraying and digital advertising fraud.

3. Data Exfiltration and Advertising Fraud: AVrecon interacts with Microsoft Outlook and engages with Facebook and Google ads, potentially facilitating data exfiltration and advertising fraud.

Recommendations

1. Update SOHO Routers: Regularly update router firmware and software to patch vulnerabilities.

2. Strengthen Router Security: Change default credentials, disable remote management if not needed, and use strong Wi-Fi encryption.

3. Implement Network Segmentation: Isolate critical devices and segments to limit malware spread.

4. Deploy Intrusion Detection and Prevention Systems (IDPS): Implement IDPS solutions to detect and prevent AVrecon-related activity.

5. Educate Employees: Train employees to recognize phishing emails and practice good cyber hygiene.

6. Monitor Network Traffic: Watch for anomalies, especially outbound connections, to detect command-and-control communications or data exfiltration.

Conclusion

AVrecon poses a significant threat to organizations by exploiting SOHO routers. Implementing security measures such as updates, strong router settings, network segmentation, employee education, and traffic monitoring can help protect against this malware. Stay vigilant and safeguard your networks against emerging threats.

Published date Jul 13, 2023 

Source https://thehackernews.com/2023/07/new-vulnerabilities-disclosed-in.html

In a recent development, SonicWall, a renowned cybersecurity company, has highlighted 15 security flaws present in their Global Management System (GMS) and Analytics software. These vulnerabilities have the potential to compromise authentication protocols, granting unauthorized access to sensitive information. It is crucial for organizations to take immediate action by applying the latest fixes provided by SonicWall to safeguard their systems.

The disclosed vulnerabilities, ranging from critical to medium severity, affect specific versions of the GMS and Analytics software. By exploiting these flaws, threat actors can not only view confidential data belonging to other users but also modify or delete it, resulting in persistent changes to the application's content and behavior. To counter these risks, organizations should prioritize the following recommendations:

1. Apply the latest fixes and patches: SonicWall has released updates that address these security flaws. Ensure that the latest versions of GMS (9.3.3) and Analytics (2.5.2) are installed to mitigate the identified vulnerabilities effectively.

2. Regularly update and patch software: Maintain a robust patch management process to promptly address known vulnerabilities. Regular updates play a vital role in strengthening your security posture and protecting against emerging threats.

3. Implement stringent authentication and security filters: Strengthen the authentication mechanisms within your software and network infrastructure to prevent unauthorized access. Additionally, deploy security filters to detect and block any attempts at SQL injection or security bypass attacks.

4. Monitor and log application activities: Implement comprehensive logging and monitoring systems to track user activities and detect any unauthorized modifications or data deletions. Timely detection can help mitigate the potential damage caused by intrusions and enable swift incident response.

Simultaneously, Fortinet, a prominent cybersecurity provider, has recently disclosed a critical flaw (CVE-2023-33308) impacting their FortiOS and FortiProxy software. This vulnerability exposes organizations to the risk of remote code execution under specific circumstances. Fortinet has recommended immediate action by either upgrading to the patched versions or disabling specific vulnerable features until the updates can be applied.

To protect your organization from potential remote code execution attacks, consider the following best practices:

1. Upgrade to patched versions or disable vulnerable features: Fortinet has released patched versions (FortiOS 7.4.0 or above, FortiProxy 7.2.3 or above) that address the identified vulnerability. Prioritize the installation of these updates. If immediate updates are not feasible, disable the specific features that are susceptible to exploitation.

2. Implement network segmentation and access controls: Restricting network access through proper segmentation and implementing access controls reduces the impact of potential code execution attacks. Limiting the lateral movement of threats within your network enhances overall security.

3. Monitor network traffic for suspicious activity: Deploy robust network monitoring solutions capable of detecting any suspicious or crafted packets that may indicate attempts to exploit the vulnerability. Timely detection allows for swift incident response and mitigation.

By promptly addressing these security flaws and implementing recommended safeguards, organizations can bolster their defenses against potential threats. Proactive measures, such as regular updates, robust authentication protocols, and effective monitoring, are vital in maintaining a secure cybersecurity posture. Stay vigilant, protect your systems, and ensure the safety of your sensitive data.