Cyber Security News - 18-25 March

Microsoft Outlook Zero Day Vulnerability CVE-2023-23397 Actively Exploited In The Wild

Microsoft has recently issued patches for around 80 newly discovered security vulnerabilities on March 14th, 2023. Among these vulnerabilities were two zero-day exploits, namely CVE|2023|23397 and CVE|2023|24880. The severity of these two exploits was rated using the Common Vulnerability Scoring System (CVSS), with scores of 9.8 and 5.1, respectively. In addition to the security patches, Microsoft has published a detailed advisory for CVE|2023|23397, which provides details of the vulnerability.

Mental Health Provider Cerebral Alerts 3.1M People of Data Breach

Cerebral is a remote telehealth company that provides online therapy and medication management for various mental health conditions, including anxiety, depression, ADHD, Bipolar Disorder, and substance abuse. Cerebral reported on the U.S. Department of Health and Human Services breach portal that 3,179,835 people had their information exposed as part of this breach.

A New APT Group, Dubbed YoroTrooper, Has Been Targeting Government and Energy Organizations Across Europe, Experts Warn

 Talos states that there are some similarities in their TTPs and victimology between PoetRAT and YoroTrooper groups. Some evidence collected by the experts suggests the threat actor is Russian-speaking, such as the presence of telegram messages in Russian and Cyrillic snippets in the source code of the malware used by the actor.

Data Security Firm Rubrik Targeted With GoAnywhere Zero-Day Exploit Michael Mestrovich, Rubrik’s CISO, said in a statement on Tuesday that the company detected unauthorized access to a “limited amount of information” in one of its non-production IT testing environments. Rubrik’s investigation, conducted with assistance from outside experts, has not found evidence that data secured on behalf of customers has been compromised. There is also no evidence of lateral movement to other systems.

Malware Distribution via YouTube Videos Up 300%

Cybersecurity researchers at Cloudsek discovered that the number of AI-generated YouTube videos infected with and distributing malware has surged by 200-300% month-on-month. “It is well known that videos featuring humans, especially those with certain facial features, appear more familiar and trustworthy” - Cloudsek researchers noted. “Hence, there has been a recent trend of videos featuring AI-generated personas, across languages and platforms (Twitter, Youtube, Instagram), providing recruitment details, educational training, promotional material, etc. And threat actors have also now adopted this tactic”.

Feds Arrested Pompompurin, the Alleged Owner of BreachForums

Fitzpatrick was released on a $300,000 bond signed by his parents, he is scheduled to appear before the District Court for the Eastern District of Virginia on March 24, 2023. The defendant must: submit to supervision by and report for supervision to the PRETRIAL SERVICES As Directed; he was ordered to surrender any passport.

Ferrari Confirms Data Breach After Receiving a Ransom Demand From an Unnamed Extortion Group

The threat actor had access to a limited number of systems in our IT environment. According to the company the exposed data include customers’ names, addresses, email addresses, and telephone numbers. Financial data, such as payment details and, bank account info was not accessed by the attackers. “As a policy, Ferrari will not be held to ransom as paying such demands funds criminal activity and enables threat actors to perpetuate their attacks” - continues the statement. “Instead, we believed the best course of action was to inform our clients and thus we have notified our customers of the potential data exposure and the nature of the incident”.

CISA joins forces with Women in CyberSecurity to break up the boy's club

The US department of Homeland Security agency and Women in CyberSecurity (WiCyS) signed a memorandum of understanding to help raise awareness of job opportunities for women in cybersecurity and build "a pipeline for the next generation of women" able to fill those roles, the agency said. CISA said in its announcement of the partnership that one of its first joint initiatives will be CISA's participation in WiCyS' mentorship program. Open to all WiCyS members, the nine-month program groups mentees into cohorts for virtual meetings with cybersecurity industry mentors, of whom CISA employees will presumably now be part. Last year, the program included 746 learners from entry to senior levels.

Bitwarden to Release Fix for four-year-old Vulnerability

Researchers from Flashpoint identified earlier this month that the password manager’s autofill feature contained a flaw that could allow websites to steal users' passwords. IT Pro has asked the company why it decided to release the fix now even though it has known about the issue since 2018.

US Health Services Company Independent Living Systems (ILS) Discloses a Data Breach that Impacted More Than 4 Million Individuals

 The notice of data breach states that the types of impacted information varies by individual and could have included: - Name - Address - Date of birth - Driver’s license - State identification - Social Security number - Financial account information - Medical record number - Medicare or Medicaid identification - CIN# - Mental or physical treatment/condition information - Food delivery information - Diagnosis code or diagnosis information - Admission/discharge date - Prescription information - Billing/claims information - Patient name - Health insurance information The company is notifying the impacted individuals via letters.