Cyber Security Headlines: Microsoft phishing warning, Amazon Ring hacked, CISA’s vulnerability program

Microsoft warns of large-scale use of phishing kits to send millions of emails daily

An open source adversary-in-the-middle (AiTM) phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. Microsoft Threat Intelligence is tracking the threat actor behind the development of the kit under its emerging moniker DEV-1101. An AiTM phishing attack typically involves a threat actor attempting to steal and intercept a target’s password and session cookies by deploying a proxy server between the user and the website. Such attacks are more effective owing to their ability to circumvent multi-factor authentication (MFA) protections. DEV-1101 is said to be the party behind several phishing kits that can be purchased or rented by other criminal actors, thereby reducing the effort and resources required to launch a phishing campaign.

(The Hacker News)

Ransomware group claims hack of Amazon’s Ring

The ransomware group ALPHV whose malware is known as BlackCat, is claiming responsibility for breaching the massively popular security camera company Ring, owned by Amazon. The ransomware gang is threatening to release Ring’s data. Ring told Motherboard it does not have evidence of a breach of its own systems, but said a third-party vendor has been hit with ransomware. Motherboard has verified that a listing naming Ring is currently on ALPHV’s data dump site.


CISA creates new ransomware vulnerability warning program

CISA has announced the creation of a new Ransomware Vulnerability Warning Pilot (RVWP) program. Stemming from the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) and coordinated by the Joint Ransomware Task Force (JRTF), the RVWP will see CISA assess flaws commonly associated with known ransomware exploitation. After finding these vulnerabilities, the Agency will warn critical infrastructure entities with the goal of enabling mitigation before a ransomware incident. To identify entities vulnerable to the bugs, CISA will rely on various existing services, data sources, technologies and authorities, including its Cyber Hygiene Vulnerability Scanning service.

(InfoSecurity Magazine)

Cybercriminals exploit SVB collapse to steal money and data

Threat actors are already registering suspicious domains, conducting phishing pages, and gearing up for business email compromise (BEC) attacks following the collapse of Silicon Valley Bank. Security researcher Johannes Ulrich warned that the scammers might attempt to contact former clients of SVB to offer them a support package, legal services, loans, or other fake services relating to the bank’s collapse. In addition to the domains, many with SVB in them, Ulrich describes an attack already seen in the wild from BEC threat actors impersonating SVB customers and telling customers that they need payments sent to a new bank account after the bank’s collapse. Other scams include informing SVB customers that the bank is distributing USDC a digital stable coin as part of a “payback” program.

(Bleeping Computer)

Medical device giant says cyberattack leaked sensitive data of 1 million people

Massachusetts based medical device maker ZOLL said a cyberattack in January exposed the sensitive information of more than 1 million people. In documents provided to Maine’s Attorney General, ZOLL said the incident started on January 28 when they “detected unusual activity” on their internal network. The company added that information was accessed on February 2. “Information that may have been disclosed includes your name, address, date of birth, and Social Security number. It may also be inferred that you used or were considered for use of a ZOLL product,” the company told victims. ZOLL produces a range of devices including defibrillation and monitoring tools as well as devices for circulation and CPR feedback, data management, therapeutic temperature management, and ventilation.

(The Record)

Meta to cut 10,000 jobs in second round of layoffs

This announcement makes Meta the first Big Tech company to announce a second round of mass layoffs as the industry braces for a deep economic downturn. The widely-anticipated job cuts are part of a restructuring that will see the company scrap hiring plans for 5,000 openings, kill off lower-priority projects and “flatten” layers of middle management. Meta will also ask many managers to become individual contributors, while eliminating non-engineering roles, automating more functions and at least partially reversing a commitment to “remote-first” work.


UK’s largest state boarding school announces “sophisticated cyberattack”

Wymondham College, the largest state boarding school in the United Kingdom, announced on Tuesday that it had been hit by a “sophisticated cyberattack”. The school, which has just over 1,200 students aged 11 to 18, did not explain the nature of the attack, but it is the latest educational establishment in the country to face disruption as a result of a cyber incident and follows repeated warnings from British cyber authorities about an increase in ransomware attacks against schools. A spokesperson stated, “We are not aware of any data breach. A number of the College’s systems have been impacted, including access to some files and resources.” No ransom demand has yet been made.

(The Record)

Patch Tuesday update

Yesterday Microsoft announced its March 2023 Patch Tuesday updates, which fix two actively exploited zero-day vulnerabilities and a total of 83 flaws. Nine vulnerabilities have been classified as ‘Critical’ for allowing remote code execution, denial of service, or elevation of privileges attacks. This count does not include twenty-one Microsoft Edge vulnerabilities fixed on Monday. The two actively exploited zero-day vulnerabilities fixed in yesterday’s updates are CVE-2023-23397 – Microsoft Outlook Elevation of Privilege Vulnerability, and CVE-2023-24880 – Windows SmartScreen Security Feature Bypass Vulnerability. Other vendors who released updates in March 2023 include: Apple for GarageBand, Cisco for multiple products, Google for Android, ChromeOS, and Google Chrome, Fortinet for the FortiOS vulnerability, SAP and Veeam.

(Bleeping Computer)