In Other News: Microsoft Win32 App Isolation,Tsunami Hits Linux Servers, ChatGPT Credentials Exposed on Dark Web


SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:

Oracle EU Sovereign Cloud

Oracle has launched a new EU Sovereign Cloud offering designed to help organizations across the European Union gain more control over data privacy and sovereignty requirements. Oracle EU Sovereign Cloud is located and operated entirely within the European Union and aligned with EU standards of practice.

NineID seed funding

Advertisement. Scroll to continue reading.

Belgian access management start-up NineID raised $2.6 million in seed funding to build a secure bridge between the digital and physical worlds of corporate security.  After raising $1.4 million in 2022 and launching its product, the company announced raising another $1.2 million, closing its $2.6 million seed round. 

Microsoft launches public preview of Win32 app isolation

Microsoft has launched a public preview of Win32 app isolation, created to “encapsulate and restrict” the execution of processes. Built on the foundation of AppContainers, Win32 app isolation is a new security feature designed to be the default isolation standard on Windows clients and will bring added security features to help defend against attacks that leverage vulnerabilities in applications.

Zyxel patches critical vulnerability in NAS devices

Zyxel released patches for a critical-severity pre-authentication command injection vulnerability (CVE-2023-27992) impacting some NAS models, warning that unauthenticated attackers could exploit the bug via HTTP requests to execute operating system (OS) commands remotely.

Tsunami botnet hits Linux SSH servers

AhnLab Security Emergency Response Center (ASEC) discovered an attack campaign that consists of the Tsunami DDoS bot being installed on “inadequately managed” Linux SSH servers. According to AhnLab, hackers managed to install the Tsunami bot malware, along with various other malware such as ShellBot, XMRig CoinMiner, and Log Cleaner.

DDoS botnets target IoT vulnerabilities

Palo Alto Networks warned of a new malware campaign exploiting dozens of vulnerabilities in routers, CCTV cameras, and other IoT devices to gain control over them and infect them with a variant of the Mirai botnet, capable of launching DDoS attacks.

Fortinet has observed attacks targeting a recent vulnerability in TP-Link Archer AX21 (AX1800) routers (CVE-2023-1389) to infect them with the Condi DDoS bot.

U.S. Tracked Huawei, ZTE Workers at Suspected Chinese Spy Sites in Cuba

U.S. officials reportedly tracked workers from Chinese telecom companies Huawei Technologies and ZTE entering and exiting suspected Chinese spy facilities in Cuba, the WSJ reports.

UPS users targeted in Smishing attacks 

UPS is notifying individuals in Canada of an ongoing SMS phishing (Smishing) campaign designed to steal their personal information, including names and addresses. 

“We are constantly vigilant when it comes to phishing and other attempts from bad actors. UPS is aware of reports relating to an SMS phishing (“Smishing”) scheme focused on certain shippers and some of their customers in Canada. UPS has been working with partners in the delivery chain to understand how that fraud was being perpetrated, as well as with law enforcement and third-party experts to identify the cause of this scheme and to put a stop to it,” UPS told SecurityWeek.

Mondelez employees exposed in law firm hack 

Personal information of more than 51,000 current and former workers at snack food giant Mondelez International was exposed in a data breach at law firm Bryan Cave Leighton Paisner LLC, Mondelez said. The breach occurred in February 2023 and was discovered on May 22, 2023.

Over 100,000 ChatGPT credentials on the dark web

Singapore-based cybersecurity firm Group-IB has discovered over 100,000 ChatGPT credentials in the logs of information stealers traded on the dark web. Between June 2022 and May 2023, Asia-Pacific had the largest number of stolen ChatGPT accounts.

GitHub repositories vulnerable to RepoJacking

Aqua Security says that millions of GitHub repositories might be vulnerable to RepoJacking, potentially exposing organizations to remote code execution attacks. RepoJacking occurs when a user or organization changes their name, resulting in GitHub creating new repository links and automatically redirecting projects to the new repository. However, the old username/organization name becomes available and the attacker can register it and create a malicious repository that breaks the redirection.



Source link