top of page
  • Kathleen Maxted

Cyber Weekly Digest - 2023 Week #27


Stay up to date with the biggest cyber security news from the week in our latest Cyber Weekly Digest. This week we take a look at the hacktivist claiming to have stolen 30 million Microsoft accounts, emails and passwords in a recent breach as well as the ransomware attack which halted operations at Japan's largest port. Keep up to date with the latest news from across the globe.


Last month, Microsoft suffered a series of service disruptions and outages that impacted many services, including Azure, Outlook and One Drive. It was later revealed that the hacktivist group “Anonymous Sudan” was responsible for these disruptions. This week, the group claimed they had “successfully hacked Microsoft” by compromising a database containing over 30 million Microsoft accounts, emails and passwords. Anonymous Sudan has offered to sell the database for $50,000 through their Telegram bot, including data samples as proof. However, the sample credential pairs could not be verified, meaning that it could be old data. Microsoft has denied these claims and noted that this was not legitimate.

Cyber security researchers have discovered a new Windows-based information stealer called Meduza Stealer that’s actively being developed by its author to evade detection by software solutions. Meduza Stealer is currently being sold on underground forums as a subscription for $199 a month or $1,199 for a lifetime license. Meduza Steal has been found pilfering various browser-related data, including crypto wallet extensions, password managers and 2FA extensions. The info stealer has a design that means it will promptly terminate execution on compromised hosts if the connection to the attacker’s server fails so that it can evade detection.


A new tool called TeamsPhiser has been published on GitHub by a US Navy red team member in the hopes of highlighting a security issue within Microsoft Teams. The tool can bypass and exploit Teams, allowing unsolicited external files to be sent. This means threat actors could send messages to anyone, despite not being part of the victim’s organisation. Although Microsoft Teams has client-side protection to deny incoming files from external accounts, it is possible to avoid these restrictions by changing the internal and external recipient ID in the post request of a message. This means the system is tricked into thinking the sender is an internal user. TeamsPhisher is a Python-based tool that can conduct a fully automated attack that sends any desired attachment, subject, and message to the target user. Once addressed to Microsoft, the company acknowledged the existence of the vulnerability but declined to work on fixing it, according to the researchers, saying the issue “does not meet the bar for immediate servicing.”

Japan’s Port of Nagoya, the largest and busiest in Japan, was targeted in a ransomware attack that impacted its container terminals’ operation. On the 5th of July, the administrative authority noticed a malfunction in the central system controlling all container terminals in the port. The malfunction was believed to be caused by a ransomware attack the day before. The threat actor behind the attack is unknown, and it has not been publicly claimed. Following the attack, all container loading and unloading operations were cancelled, causing massive financial loss and disrupting the distribution of goods to and from Japan.


This week, Google released its monthly security updates for Android, which fixes 46 new vulnerabilities. Three of the vulnerabilities were found to be actively exploited in targeted attacks. One of these is a memory leak flaw affecting the Arm Mali GPU driver for Bifront, Avalon, and Valhall chips. This vulnerability had been seen in previous attacks that enabled spyware infiltrations on Samsung devices in December. The second is a high-severity issue that affects specific versions of the Bifrost and Midgard Arm Mali GPU kernel drivers. This flaw permits an unprivileged user to gain unauthorised access to sensitive data and escalate privileges to the root level. The third is a critical severity flaw in Skia, Google’s open-source multi-platform 2D graphics library.


10 views0 comments

Comments


bottom of page