Acer suffers data breach with hacker seeking to sell stolen dataset
Israel blames Iran for Technion cyber attack
Phishing campaign targets Eurovision 2023 fans
Emotet malware returns after hiatus
03. Closing Summary
Welcome to our weekly cyber news roundup, where we bring you the latest and most important updates from the world of cyber security.
A "Critical" vulnerability has been revealed by Fortinet, affecting FortiOS and FortiProxy. This flaw allows unauthenticated attackers to execute arbitrary code or perform denial of service (DoS) on vulnerable devices' GUI by using specially crafted requests. Tracked as CVE-2023-25610, the vulnerability has a CVSS v3 score of 9.3, making it a critical issue. A buffer underflow vulnerability, it occurs when a program tries to read more data from a memory buffer than what is available. This results in accessing adjacent memory locations, leading to risky behaviour or crashes.
As critical-severity flaws in Fortinet products, particularly those that require no authentication to exploit, provide threat actors with a way to gain initial access to corporate networks, they keep a lookout for them. Hence, it is crucial to mitigate this vulnerability swiftly to prevent unauthorized access.
Acer, the Taiwanese computer giant, has confirmed a data breach resulting from threat actors hacking a server hosting private documents used by repair technicians. Despite the breach, the company's investigation has thus far not shown any impact on customer data. The confirmation follows a threat actor's claim on a popular hacking forum to be selling 160GB of data stolen from Acer in mid-February 2023.
The stolen data includes technical manuals, software tools, backend infrastructure details, and product model documentation for phones, tablets, and laptops, as well as BIOS images, ROM files, ISO files, and replacement digital product keys. The threat actor shared screenshots of technical schematics for the Acer V206HQL display, documents, BIOS definitions, and confidential documents as evidence of their theft.
The poster of the data is selling the entire dataset to the highest bidder and will only accept the cryptocurrency Monero (XMR) as payment due to its hard-to-trace nature.
Last month, the Technion, a top Israeli research and education institute, fell victim to an internet attack, which has now been attributed to a group affiliated with Iranian intelligence, according to the Israel National Cyber Directorate. The group in question, known as MuddyWater, has been held responsible for numerous other attacks across the globe.
The probe into the Technion attack revealed that the group used malware designed to encrypt operating systems. To prevent similar attempts in the future, the directorate has disseminated methods to identify the attack and provided additional recommendations for self-defence to other organisations.
Scammers targeting hotel chains are putting Eurovision fans' data at risk after they booked rooms for May's song contest in Liverpool. According to Booking.com, some accommodation partners have received phishing emails, though the company denied suffering any data security breach. In response, customers are advised to contact their hotels directly if they have concerns. Booking.com stated that cyber-attacks have affected "a number of accounts," which were quickly secured, adding that some businesses had unintentionally compromised their internal systems by clicking on links in the phishing emails.
Some quick tips on how to spot phishing emails include:
After a three-month hiatus, the Emotet malware operation has resumed spamming malicious emails on Tuesday, rebuilding its network and infecting devices worldwide. Emotet is a well-known malware that is distributed through email, often containing Microsoft Word and Excel document attachments that are malicious. When users enable macros by opening these documents, the Emotet DLL will be downloaded and loaded into memory.
Once Emotet is loaded, it remains inactive until it receives instructions from a remote command and control server. However, its current method may not be very successful after recent changes made by Microsoft. In July 2022, Microsoft disabled macros by default in Office documents downloaded from the Internet. As a result, users opening an Emotet document will receive a message stating that macros are disabled as the file's source is not trusted.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.
The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.
If you’d like more detailed threat intelligence news, Integrity360 offers this as part of our security monitoring managed services.
We also offer a tailored threat intelligence monitoring service for your organisation that actively monitors for threat actors and campaigns of direct relevance to your organisation, brand damage, copycat & spoofed domains, credential leakage and dark web monitoring.
Join us in Dublin or London for the Security First 2022 conference. We'll be bringing together industry professionals and specialist experts to discuss the latest cyber security trends and offer actionable advice on preparing your business to put security first in 2022.