News – July 2023

  • Capita boss quits as fine looms for huge hack of confidential data

    July 31, 2023

    The chief executive of outsourcing firm Capita is to step down as the company reels from a cyber-attack that could result in a hefty fine from the UK’s information and privacy regulator. Capita said Jon Lewis would step down by the end of the year, making way for Adolfo Hernandez, the vice-president of telecommunications at Amazon ...

  • Out of the Sandbox: WikiLoader Digs Sophisticated Evasion

    July 31, 2023

    Proofpoint researchers identified a new malware we call WikiLoader. It was first identified in December 2022 being delivered by TA544, an actor that typically uses Ursnif malware to target Italian organizations. Proofpoint observed multiple subsequent campaigns, the majority of which targeted Italian organizations. WikiLoader is a sophisticated downloader with the objective of installing a second malware ...

  • Malawi: Macra Warns Public to Be On High Alert Against Heightened Cyber Attacks in Comesa Region

    July 30, 2023

    Malawi Computer Response Team (mwCERT) of the Malawi Communications Regulatory Authority (MACRA) announces of recent cyber-attacks that have targeted several countries in the COMESA region, resulting in severe disruptions to critical information infrastructure, across various sectors. In a statement, MACRA Director General, Daud Suleman says “these online attacks have the potential to affect anyone due to ...

  • US officials search for hidden Chinese malware that could affect military operations

    July 29, 2023

    US officials are searching for Chinese malware hidden in various defense systems that could disrupt military communications and resupply operations, The New York Times reported Saturday. The administration believes malicious computer code has been hidden inside “networks controlling power grids, communications systems and water supplies that feed military bases,” officials told the Times. Read more… Source: CNN News  

  • CISA Releases Malware Analysis Reports on Barracuda Backdoors

    July 28, 2023

    CISA has published three malware analysis reports on malware variants associated with exploitation of CVE-2023-2868. CVE-2023-2868 is a remote command injection vulnerability affecting Barracuda Email Security Gateway (ESG) Appliance, versions It was exploited as a zero day as early as October 2022 to gain access to ESG appliances. According to industry reporting, the actors exploited ...

  • Kenya reports cyber attacks causing government system outages

    July 28, 2023

    Cyber attackers targeted a digital platform used by Kenya’s government to deliver services, the country’s technology minister said, highlighting the vulnerabilities of the system. The attack on the e-Citizen platform in recent days caused system outages that left users unable to access a broad range of government services, ranging from passport applications to electricity payments. Some ...

  • Anomaly detection in certificate-based TGT requests

    July 28, 2023

    One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center (KDC) into granting access to the target company’s network. An example of such an attack is the Shadow Credentials technique, which lets an attacker ...

  • California: City of Hayward says computer network restored 2 weeks after cyberattack discovered

    July 27, 2023

    Officials in the city of Hayward announced that the city’s internal computer network has been restored following a ransomware attack that took systems down earlier this month. In a statement Thursday, city officials said the network was brought back on Tuesday, more than two weeks after the cyberattack was first discovered. “The restored network ties together ...

  • CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse

    July 27, 2023

    The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing a joint Cybersecurity Advisory (CSA), Preventing Web Application Access Control Abuse, to warn vendors, designers, developers, and end-user organizations of web applications about insecure direct object reference (IDOR) vulnerabilities. These vulnerabilities are ...

  • A Tale of Two Cities’ water attacks

    July 27, 2023

    There have been more than 130 control system cyber incidents in water/wastewater utilities. Like Oldsmar and Discovery Bay, most of these incidents have occurred in small water utilities. Many of these incidents were not publicly disclosed, nor were the utilities required to disclose these incidents. Additionally, some of the real cases that were made public were ...