08 NOVEMBER 2022 WEEKLY NEWSLETTER

BOCRA website

     

NEWSLETTER

 

Microsoft accuses China of abusing vulnerability disclosure requirementserail GPT-3 bot with newly discovered “prompt injection” hack


                                                     LATEST CYBER HACKS 

 
 
icon

LockBit 3.0 gang claims to have stolen data from Kearney & Company

Kearney is the premier CPA firm that services across the financial management spectrum to government entities. The company provides audit, consulting and IT services to the United States government. It has helped the Federal Government improve its financial operations’ overall effectiveness and efficiency.

icon

Data hack at IT firm may include health records of Victorian school students

Sources with knowledge of the situation told The Sunday Age that data from the Victorian school entrance health questionnaire was included in the information stolen.The questionnaire is completed by all families who start at a Victorian primary school, including government, Catholic and independent schools.

icon

AstraZeneca password lapse exposed patient data

Pharmaceutical giant AstraZeneca has blamed “user error” for leaving a list of credentials online for more than a year that exposed access to sensitive patient data.


                                                      VULNERABILITIES

 
 
icon

Apple Rolls Out Xcode Update Patching Git                  Vulnerabilities

The first of the issues, CVE-2022-29187, is a variant of CVE-2022-24765, a bug impacting users on multi-user machines, where “a malicious actor could create a .git directory in a shared location above a victim’s current working directory.” An attacker could exploit the flaw to create configuration files in the malicious .git directory and, by using specific variables, could achieve arbitrary command execution on the shared machine.

icon

Splunk Patches 9 High-Severity Vulnerabilities in Enterprise Product

The most severe of these security defects have a CVSS score of 8.8 and are described as remote code execution (RCE), XML external entity (XXE) injection, and reflected cross-site scripting (XSS) bugs. Tracked as CVE-2022-43571 and CVE-2022-43567, the RCE vulnerabilities can be exploited by authenticated attackers to execute code via the dashboard PDF generation component or via crafted requests sent to the mobile alerts feature of the Splunk Secure Gateway app.


                                     MALWARES

 
 
icon

Kiss-a-Dog Campaign Targets Docker and Kubernetes for Cryptomining

A new cryptojacking campaign, dubbed Kiss-a-Dog, has been launched against vulnerable cloud infrastructure worldwide. The campaign is hunting for exposed or poorly secured Docker and Kubernetes servers. Most of the C&C servers used by the Kiss-a-dog campaign have been previously used by the TeamTNT group.

icon

Typosquatted PyPI Packages Drop W4SP Info-stealer

Researchers have discovered more than two dozen Python packages on the PyPI registry, which imitate popular libraries to distribute malware. While some of these packages drop malware created for educational purposes, some are dropping the W4SP info-stealer.


                              

icon

SandStrike Strikes Andoid Users With Malicious VPN App

An Android espionage campaign has been observed using a malicious VPN application along with a new spyware named SandStrike to target Android users. This VPN app is being distributed by social media accounts with materials having attractive themes based on the targeted religious community.


                              


                               GENERAL NEWS

 
 
icon

Outmaneuvering cybercriminals by recognizing mobile phishing threats’ telltale markers

Preventative medicine has long been recognized as a vital approach in safeguarding our physical health. We take a variety of tests and assessments so that doctors can uncover key biological markers that may indicate the potential development of certain diseases or illnesses as early as possible.

icon

Offense Gets the Glory, but Defense Wins the Game

When it comes to cybercriminals, defense evasion remains the top tactic globally. In fact, it was the most employed tactic by malware developers in the past six months – and they’re often using system binary proxy execution to do so. Hiding malicious intentions is one of the most important actions for adversaries. Therefore, they are attempting to evade defenses by masking malicious intention and attempting to hide commands using a legitimate certificate.