Attacks

While there is currently not a lot of information available into how the breach of Digipolis occurred, the effects of the breach on the City of Antwerp are apparent. This attack is a recent example of a supply-chain attack, where a threat actor infiltrates one organization through a breach of another. Overall, the recommended strategy to protect against attacks such as these is to have a defense in depth strategy when it comes to security.…

As with any crypto giveaway scam, the victim ends up sending the funds to the attacker’s wallet but never receives any amount back. Twitter accounts following famous personalities should be wary of suspicious messages and notifications heading their way. https://www.bleepingcomputer.com/news/security/elon-musks-twitter-followers-targeted-in-fake-crypto-giveaway-scam/

Threat actors observed using this technique have been able to utilize free file sharing services like Google Drive, Dropbox, or OneDrive to host their compressed filesystem containing their malware, making them readily accessible from victim devices. Organizations should be sure to monitor for connections to these file sharing services, especially ones that are not commonly used for an organization’s business processes.Organizations may also find it useful to monitor for the execution of the PRoot tool,…

This is the ninth high severity bug for which Chrome has released a patch during 2022. CISA has given three weeks to its agencies to patch their systems. Because of this timeline, it is likely we will not see technical details of this vulnerability until after this date. It is highly recommended that any organization with users running Google Chrome should use CISA’s requirements as a guideline for themselves, and endeavor to have all systems…

Much of the risk of these vulnerabilities can be mitigated by controlling access to remote management interfaces. Companies should endeavor to never leave these exposed to the internet, and further limit which devices or networks can access these interfaces. User behavior analysis can help identify exploitation of vulnerabilities like these; mass password reset requests and root-level activities that differ from baseline can be reliable indicators of a compromise. https://thehackernews.com/2022/12/new-bmc-supply-chain-vulnerabilities.html

According to researchers, ransom payment does not guarantee file recovery. CryWiper is the second retaliatory malware strain that targeted Russian companies after RURansom, a.NET-based wiper discovered in March. Numerous wipers have been launched in the current conflict between Russia and Ukraine, including WhisperGate, AcidRain, HermeticWiper, IsaacWiper, DoubleZero, Industroyer2, and CaddyWiper. “Wipers can be effective regardless of the technical skills of the attacker, as even the simplest wiper can wreak havoc on affected systems,” stated Max…

Curry also discussed another flaw that affects Hyundai and Genesis vehicles manufactured after 2012. The vulnerability could be used to remotely control locks, engines, headlights, and trunks by using the registered email addresses. “By adding a CRLF character at the end of an already existing victim email address during registration, we could create an account that bypassed the JWT and email parameter comparison check,” stated Curry. However, since then, SiriusXM and Hyundai have released patches…