Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings . This review is for the week ending Saturday, March 11th, 2023.
A cyber-attack in HDFC Bank resulted in the data breach of almost 30 GB of customer data allegedly belonging to HDB Financial Services was leaked online on a hacker forum. The data is estimated to contain around 73 million entries and is from the period between May 2022 and February 2023.
The sample of the data contains consumer information pertaining to two categories of loans consumer durable loans and two-wheeler loans. The mobile number and the name of the customer are also available. There is also data on a consumer looking to purchase a Vivo V5 smartphone with the name of the customer, his location, the dealer’s name, and the purchase date all available in the data dump.
A writeup from September 2022 stands 2nd in most viewed article for this week, An orchestrated campaign by North Korea-linked Lazarus APT group has been tracked by the researchers, aimed at energy providers aimed at infiltrating organizations and maintain long-term access and exfiltrate data from the victims , including organizations in the US, Canada, and Japan.
The attack chain starts with the exploitation of Log4j vulnerabilities in VMWare products to achieve initial footholds into enterprise networks. Once obtained access to the network, threat actors deployed custom implants tracked as VSingle and YamaBot.
The US CISA added the three vulnerabilities to the exploited flaws to its Known Exploited Vulnerabilities Catalog
- Teclib GLPI Remote Code Execution Vulnerability tracked as CVE-2022-35914 with a CVSS score 9.8
- Apache Spark Command Injection Vulnerability tracked as CVE-2022-33891 with a CVSS score of 8.8
- Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability tracked as CVE-2022-28810 with a CVSS score of 6.8
A high-severity vulnerability in the Veeam Backup Service has been addressed, that provides unapproved access to the threat actors, which will in turn paves way for data theft. The security flaw tracked as CVE-2023-27532 with a CVSS score of 7.5, impacts all versions of Backup & Replication software versions.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day.
Researchers have discovered fake ChatGPT extension with Chrome browser seen as the latest security concern. The campaign starts with the malicious stealer extension, quick access to Chat GPT, showing up on Facebook-sponsored posts as a quick way to get started with ChatGPT directly from your browser.
The extension does connect with ChatGPT’s API, it also harvests information from users’ browsers, stealing cookies of authorized, active sessions to any service they have and employing tailored tactics to take over the user’s Facebook accounts
Trusted Platform Module (TPM) 2.0 has been affected with vulnerabilities that could lead to information disclosure or escalation of privilege. The bugs are being identified in the Revisions 1.59, 1.38 and 1.16 of the module’s reference implementation code.
The disclosed flaws occurred when handling malicious TPM 2.0 commands with encrypted parameters. Both are in the `CryptParameterDecryption` function, which is defined in the TCG document.
- The first of the vulnerabilities is tracked as CVE-2023-1018 is an out-of-bound read bug,
- The second is tracked as CVE-2023- 1017 is defined as an out-of-bounds write.
Aruba, the networking division of HPE, announced its intent to acquire Israel-based Axis Security, which is one of many providers of secure service edge, or SSE, on the market today. Axis debuted as zero-trust network access as a service but since then has added other core components of SSE, including cloud access security broker, or CASB, and secure web gateway, or SWG.
Security tools see all traffic that runs across the network and use it to find threats. The same traffic can be analyzed to understand how applications are performing without having to deploy agents. Earlier in 2020, Zscaler introduced its DEM solution, and since then others, such as Netskope and Axis have followed suit.
Acronis, a Switzerland based security firm has been hit by a data breach, with over 21 GB of data being leaked by a hacker known as Kernelware. The leaked data was posted on Breach Forums with no login credentials being leaked. The hacker, who was also behind the recent Indian HDFC bank and Acer breaches, claimed to have breached Acronis.
The leaked data includes various certificate files, command logs, system configurations, system information logs, archives of their filesystem, and python scripts for their maria.db database, backup configuration stuff, and loads of screenshots of their backup operations.