Cyber Security News of the Month - January 2023
Welcome to our monthly cybersecurity news round-up.
FiveGuys Data Breach
Five Guys, a US burger chain, has disclosed a data breach affecting job applicants, which has resulted in the potential for a lawsuit. On December 29, the company notified state authorities and began informing customers of the incident. A law firm specializing in data breaches, Turke & Strauss, revealed that the exposed information includes names, Social Security numbers, and driver’s license numbers. The company detected unauthorized access to its file server on September 17, 2022 and concluded its investigation on December 8, which showed that the exposed files contained information submitted in connection with the employment process. The exact cause of the breach is unknown, and the number of affected individuals is not clear, but authorities in Massachusetts have been informed of 93 residents being affected and Montana about 12. Five Guys is offering affected individuals free credit monitoring and identity protection services.
200M Twitter Profiles Exposed
Over 200 million Twitter profiles are reportedly at risk of being exposed, as email addresses linked to these profiles are circulating on underground hacker forums. This could lead to the real-life identities of anonymous Twitter users being revealed, making it easier for criminals to hijack their Twitter accounts or other online accounts. The leaked data includes names, account handles, follower numbers, and creation dates, which can be leveraged to create more sophisticated hacking, phishing, and disinformation campaigns. The data breach could impact verified Twitter users with large followings, or those who use the same credentials for other digital services, such as banks or cloud storage. Security experts warn that individuals can protect themselves from phishing attempts by using unique passwords for each online service, enabling multi-factor authentication, and exercising caution when opening unsolicited emails or links. Reports of this leak could also increase Twitter’s legal and regulatory risks, as they are already being investigated by the Irish Data Protection Commission for a possible violation of GDPR.
Rackspace Sunsets Email Service
Rackspace has completed its investigation into the Dec. 2 ransomware attack on its Hosted Exchange Email service and announced that it will transition to Microsoft 365. The company has decided not to rebuild the hosted Exchange server environment, which was down since the attack, and already had plans to migrate to Microsoft 365 before the incident. The attack was carried out by the Play ransomware group and they were able to bypass Microsoft's recommended mitigations with a new exploit. The group was able to steal the Personal Storage Tables (PSTs) of 27 out of the company's 30,000 Hosted Exchange customers, but there is no evidence of them ever viewing or distributing the information. Email data recovery efforts for Hosted Exchange customers are underway with more than half regaining access to some or all of their data. The company is proactively contacting customers for which it has recovered more than half of their mailboxes.
ChatGPT is being used to write malicious code
ChatGPT, an AI language model tool by OpenAI, has gained popularity among developers, writers and students, but has also attracted attention from hackers. OpenAI has set limitations on its use and geo-blocked it in Russia to prevent malicious activities. However, according to researchers from Check Point Software, hackers from Russia are already looking for ways to bypass these restrictions, as the tool's AI technology can make a hacker more cost-efficient. Underground hacking forums have tutorials in Russian that show ways to register for the tool and make it appear to be in a non-blocked location. The geo-blocking is not difficult to bypass, and the hackers are most likely trying to integrate ChatGPT into their criminal operations.
January Patch Tuesday
Microsoft's first Patch Tuesday of 2023 fixed 98 vulnerabilities, with 11 of them being classified as 'Critical' as they allow for remote code execution, bypass security features or elevate privileges. Among the critical vulnerabilities, 33 allow for remote code execution, 39 for elevation of privilege, and 4 for security feature bypass. The updates also fix one zero-day vulnerability, which was actively exploited and discovered by Avast, and could lead to an elevation of privileges for the attacker, granting them SYSTEM privileges.
Cisco SMB Router Flaw
Cisco has issued a warning about two vulnerabilities, CVE-2023-20025 and CVE-2023-20026, that affect its RV016, RV042, RV042G, and RV082 routers. The first vulnerability, a critical-rated authentication bypass, could allow an unauthenticated remote attacker to bypass authentication by sending a crafted HTTP request to the web-based management interface. The second vulnerability, a medium-severity remote command execution, can only be triggered by attackers with valid administrative credentials. Despite being aware of the vulnerabilities and proof-of-concept exploit code, Cisco has stated that it will not release software updates as the devices have reached end of life and the vulnerabilities can be prevented by disabling remote management and blocking access to ports 443 and 60443. However, small businesses, who often lack infosec capabilities, may not be aware of the vulnerabilities and may not know how to implement the workaround.
Paypal has recently sent out data breach notifications to thousands of its users who have had their accounts compromised due to credential stuffing attacks. The attack took place between December 6th and December 8th, 2022 and it is reported that nearly 35,000 accounts were impacted. PayPal has taken action to limit the intruders' access and reset the passwords of breached accounts, however, there is no information suggesting that any of the personal information was misused or that there were any unauthorized transactions. Security experts agree that users need to take their own security measures such as rotating passwords and enabling multi-factor authentication (2FA) in order to prevent future attacks. PayPal urges affected users to change the passwords for their other online accounts and enable 2FA on PayPal.
Malicious Google Ads being used to compromise Password Manager Logins
Bitwarden users have raised concerns about malicious Google ads being used to target them with malware-laden websites, which are attempting to impersonate the official Web Vault login feature for the password manager. This has resulted in users divulging their login details. The issue was first highlighted on the company’s official forum and subreddit, with users noting that the fake website is almost indistinguishable from the real one. This issue follows similar instances where threat actors are using malicious ads to target password manager customers. Just this week, security researchers discovered malicious ads targeting 1Password users, leading the company to issue a warning to its users. The issue of malvertising, where malicious software or links are disguised as legitimate ads, has been growing in both volume and sophistication, affecting popular applications such as Microsoft Teams and Adobe Creative Cloud.
How our experts can help
Identifying cybersecurity vulnerabilities without the input of an expert can be a difficult task.
At Secora Consulting, our experts provide a range of services that can help you to assess the security of your organisation. Our cybersecurity baseline assessment focuses on gaining an insight into weaknesses in your organisation's current security posture which may make you vulnerable to the most common cyber-attacks.
Our baseline assessments focus on quickly bringing your systems in line with best practices by identifying missing patches and known issues in your systems. If you are interested in a more in-depth assessment of your infrastructure, ask us about our penetration testing services, where we will identify and exploit vulnerabilities in your network, showing just how far an attacker could get.
Get in touch with us today to discuss your specific requirements.
All of Secora Consulting's assessments are tailored to our client's needs.
Using our experience, we can help you determine which services are right for you.