Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, April 15th, 2023.
The US CISA has published seven advisories last week covering vulnerabilities in ICS and SCADA software from multiple vendors. Some of the flaws are rated critical and two of them already have public exploits.
The impacted products are as below
- Scadaflex II controllers made by Industrial Control Links
- Screen Creator Advance 2 and Kostac PLC programming software from JTEKT Electronics
- Korenix JetWave industrial wireless access points and communications gateways
- Hitachi Energy’s MicroSCADA System Data Manager SDM600
- mySCADA myPRO software
- Rockwell Automation’s FactoryTalk Diagnostics
Hyundai has disclosed a data breach that impacted Italian and French car owners and test-drive customers where their PII and car details was stolen.
Hyundai sent letters to the impacted individuals and informed them that an unauthorized third party had access to the database of customers. Hyundai Italy has notified the privacy watchdog and hired external cybersecurity experts to determine the scope of the incident. No financial data were exposed. The number of impacted individuals is still unclear. Hyundai has taken the impacted systems offline
An affiliate of the BlackCat ransomware, dubbed UNC4466, is exploiting vulnerabilities in the Veritas Backup Exec software to gain initial access to the targeted network.
Researchers observed that the UNC4466 group has been exploiting the Veritas vulnerabilities in the wild since October 2022 based on the release of the Metasploit module that exploits the vulnerabilities. More than 8,500 IP addresses are still running Symantec/Veritas Backup Exec ndmp service on ports 9000, 10001, and the default port 10000, many of which could be exposed to the attack.
SUBSCRIBE TO OUR BLOG TODAY !
We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day
Researchers have spotted a new emerging threat group dubbed Money Ransomware. It has adopted the increasingly popular tactic of encrypting and exfiltrating sensitive data from organizations and threatening to leak it if the victim refuses to pay.
Based on the analysis of the sample from one of its victims, researchers detailed out the tactics used by the threat actor in phases
Researchers have demonstrated abusing Microsoft Azure Shared Key authorization to gain full access to storage accounts and potentially critical business assets. Further it can be used to move laterally in the environment and even execute remote code.
Though Microsoft already recommends disabling shared key access and using Azure Active Directory authentication instead, it is still enabled by default when creating storage accounts. Azure storage accounts can host different data objects, such as blobs and file shares. By default, Azure Storage account requests can be authorized with either Azure AD credentials or by using the account access key for Shared Key authorization.
Google has released an emergency patch to address on the first Chrome zero-day vulnerability tracked as CVE-2023-2033