Security News > 2023 > April

Eurocontrol confirmed on Friday its website has been "Under attack" since April 19, and said "Pro-Russian hackers" had claimed responsibility for the disruption. "The attack is causing interruptions to the website and web availability," a spokesperson told The Register.

Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X TRADER application. The new findings, which come courtesy of Symantec's Threat Hunter Team, confirm earlier suspicions that the X TRADER application compromise affected more organizations than 3CX. The names of the organizations were not revealed.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday added three security flaws to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. "In a cluster deployment, MinIO returns all environment variables, including MINIO SECRET KEY and MINIO ROOT PASSWORD, resulting in information disclosure," MinIO maintainers said in an advisory published on March 21, 2023.

Google and The Center for Internet Security, Inc., launched the Google Cloud Alliance this week with the goal of advancing digital security in the public sector. Google Cloud said it will bring members and services from its Google Cybersecurity Action Team, including insights from its Threat Horizons reports and Mandiant web intelligence division to weigh in on on "Securing the broader technology ecosystem - especially as it relates to cloud posture and overall cybersecurity practices," according to a joint statement.

Finally, we learned about some ransomware attacks, with an NCR outage confirmed to be ransomware and Capita confirming that data was stolen in a cyberattack. The LockBit ransomware gang has created encryptors targeting Macs for the first time, likely becoming the first major ransomware operation to ever specifically target macOS. The LockBit ransomware comes for macOS A technical analysis of the LockBit macOS encryptor April 17th 2023 Ex-Conti members and FIN7 devs team up to push new Domino malware.

Microsoft has partnered with organizations around the globe to bring more women into infosec roles, though the devil is in the details. "We must create more inclusive and supportive learning environments, and we see greater success in building confidence and soft skills among women with cohorts that are majority women," Behncken said in a blog post announcing the new partnerships.

"The artificial intelligence gold rush is truly underway. After the release last November of ChatGPT - a game-changing content-generating platform - by research and development company OpenAI, several other tech giants, including Google and Alibaba have raced to release their own versions." Investors from Shanghai to Silicon Valley are now pouring tens of billions of dollars into startups specializing in so-called generative AI in what some analysts think could become a new dot-com bubble.

The Log4Shell hole was a security flaw in the logging process itself, and boiled down to the fact that many logfile systems allow you to write what almost amount to "Mini-programs" right in the middle of the text that you want to log, in order to make your logfiles "Smarter" and easier to read. For example, if you asked Log4J to log the text I AM DUCK, Log4J would do just that. This time round, the logging-related bug we're warning you about is CVE-2023-20864, a security hole in VMWare's Aria Operations for Logs product.

The X Trader software supply chain attack that led to last month's 3CX breach has also impacted at least several critical infrastructure organizations in the United States and Europe, according to Symantec's Threat Hunter Team. While the Trading Technologies supply chain compromise is the result of a financially motivated campaign, the breach of multiple critical infrastructure organizations is worrisome, seeing that North Korean-backed hacking groups are also known for cyber espionage.

Mani Sundaram, executive vice president and general manager of the security tech group at Akamai said, "Enterprises expose full business logic and process data via APIs, which, in a cloud-based economy, are vulnerable to cyberattacks. Neosec's platform and Akamai's application security portfolio will allow customers to gain visibility into all APIs, analyze their behavior and protect against API attacks." One example illustrates how effective a relatively simple API attack can be: the NCC Group, in its 2022 annual Threat Monitor, noted that Australian telecom Optus had the personal information of 10 million customers exposed in a data breach accessed through an exposed API. Roey Eliyahu, co-founder and CEO, Salt Security noted that while APIs are powering digital transformation delivering new business opportunities and competitive advantages, "The cost of API breaches, such as those experienced recently at T-Mobile, Toyota and Optus, put both new services and brand reputation, in addition to business operations, at risk."