News – July 2023

  • Privacy activists slam EU-US pact on data sharing

    July 11, 2023

    The European Commission has announced a pact with the US to allow easier legal transfer of personal data across the Atlantic. Data privacy activists vowed to challenge the agreement in court. President Joe Biden and EU officials welcomed the deal, which overcame objections about US intelligence agencies’ access to European data. The deal ensures Meta, Google ...

  • Undocumented driver-based browser hijacker RedDriver targets Chinese speakers and internet cafes

    July 11, 2023

    Cisco Talos has identified multiple versions of an undocumented malicious driver named “RedDriver,” a driver-based browser hijacker that uses the Windows Filtering Platform (WFP) to intercept browser traffic. RedDriver has been active since at least 2021. RedDriver utilizes HookSignTool to forge its signature timestamp to bypass Windows driver-signing policies. Read more… Source: Talos  

  • FortiOS/FortiProxy – Proxy mode with deep inspection – Stack-based buffer overflow

    July 11, 2023

    A stack-based overflow vulnerability in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. Workaround: Disable deep inspection on proxy policies or firewall policies with proxy mode. Read more… Source: FortiGuard Labs/Fortinet  

  • Microsoft discloses more than 130 vulnerabilities as part of July’s Patch Tuesday, four exploited in the wild

    July 11, 2023

    Microsoft released its monthly security update Tuesday, disclosing the most vulnerabilities as part of Patch Tuesday in more than a year. The company released details of more than 130 vulnerabilities, the most in a month since April 2022, 10 of which are considered to be critical. The remaining vulnerabilities are “important.” Read more… Source: Talos  

  • 12,000 State Bank of India employees’ sensitive data leaked on Telegram channels

    July 11, 2023

    In a massive data breach incident, the data of more than 12,000 State Bank of India (SBI) employees was leaked on Telegram channels. The leaked data included the employees’ personal information, such as their SBI passbooks, names, addresses, contact numbers, and PAN numbers. The data breach was unearthed after a Telegram channel with the handle @sbi_data ...

  • Storm-0978 attacks reveal financial and espionage motives

    July 11, 2023

    Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a remote code execution vulnerability exploited before disclosure to Microsoft via Word documents, using lures related to the Ukrainian World Congress. Read more… Source: Microsoft  

  • Attackers Exploit Unpatched Windows Zero-Day Vulnerability

    July 11, 2023

    A zero-day vulnerability (CVE-2023-36884) affecting Microsoft Windows and Office products is being exploited by attackers in the wild. To date, the exploit has been used in highly targeted attacks against organizations in the government and defense sectors in Europe and North America. The vulnerability was disclosed yesterday (July 11) by Microsoft, which said that an attacker ...

  • Florida patients among 11 million affected by HCA Healthcare data breach

    July 10, 2023

    Data on roughly 11 million HCA Healthcare patients in 20 states including Florida, was stolen and recently posted on an online forum, the hospital chain reported on Sunday. According to the company, an unauthorized party gained access to 27 million rows of data stored at an external location that is used to to automate company email ...

  • Ventia takes systems offline to contain cyber attack

    July 10, 2023

    Ventia has taken an undisclosed number of “key systems” offline to contain a cyber security incident. The listed company, which provides long-term operation, maintenance, and management for critical public and private assets and infrastructure, disclosed the incident on Saturday. Read more… Source: IT  News  

  • The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region

    July 7, 2023

    This sophisticated campaign targeting LATAM region employs a trojan that follows a multi-staged infection chain, utilizing specially crafted modules throughout each stage. These modules are custom designed to carry out malicious activities, such as injecting harmful code into remote processes, circumventing User Account Control via COM Elevation Moniker, and evading detection by Sandboxes through clever ...