Hacktivist attacks abound in the Middle East
According to The Register, at least 15 known ransomware groups “have announced their active participation in disruptive attacks targeting institutions in Israel and Palestine, as well as their supporters.” These include Anonymous Sudan, and Killnet, both of whom will be focusing on targets in Israel, with Killnet stating such on its Telegram channel. A handful of groups from India have announced similar intentions, with at least one claiming a successful attack on the Palestinian government website, according to its own post on Twitter/X.
According to Security Week, quoting cybersecurity consultant and OSINT enthusiast Julian Botham, “the first hacktivist attacks were launched against Israel by Anonymous Sudan less than one hour after the first rockets were fired by Hamas. The group targeted emergency warning systems, claiming to have taken down alerting applications in Israel. The Jerusalem Post, the largest English-language daily newspaper in Israel, was also targeted by Anonymous Sudan.”
The power grid named Israel Independent System Operator apparently had its network compromised and its website shut down its website by a group that also targeted the Israel Electric Corporation. A pro-Israel group called ThreatSec claims to have compromised the infrastructure of Gaza-based ISP AlfaNet.
Journalists caution that claims on social media are often exaggerated to further the cause of the groups.
(The Register Security Affairs and Twitter/X)
Network protocol open-source tool Curl faces worst security flaw in a long time
Curl, the open-source tool that supports network protocols including SSL, TLS, HTTP, FTP, SMTP with tasks such as interfacing with APIs and downloading files is facing two significant vulnerabilities. An advisory from GitHub published Wednesday announced fixes for a high-severity vulnerability tracked as CVE-2023-38545, that will be released tomorrow, October 11. A GitHub maintainer described the vulnerability as “probably the worst curl security flaw in a long time,” but refused to disclose further details. Melissa Bischoping, director of endpoint security research at Tanium, said, “organizations should take advantage of the advance heads-up to begin scoping their environment.” She continued, “given the advanced notice from the lead developer himself and the widespread impact it could have, it would be prudent to plan for a significant event even if the actual impact ends up being less severe.”
HelloKitty ransomware source code leaked on hacking forum
The full source code for the first version of the HelloKitty ransomware encryptor has been leaked on a Russian speaking hacking forum by a developer who claims to be building a better, stronger one. The threat actor, who is known by the names Gookee and kapuchin0 is believed to be the developer of the HelloKitty ransomware, and is now quoted as saying, “we are preparing a new product and much more interesting than LockBit. The HelloKitty ransomware gang behind the malware is known for a range of ransomware and encryption attacks including the 2021 Linux variant that targeted the VMware ESXi virtual machine platform.
Thanks to this week’s episode sponsor, Hyperproof
Citrix NetScaler login pages hacked; credentials stolen
Power and data transmission manufacturer Volex downplays cyber incident
The UK-based company registered a cyber incident on Monday October 2, that resulted in “unauthorized access to certain IT systems and data.” The company is a manufacturer of critical power and data transmission products. The company said in a statement, that “actions taken to date have ensured that all sites remain operational…and any financial impact resulting from the incident is not expected to be material.”
Android devices shipped with BadBox firmware
BadBox refers to a global network of consumer products that have firmware backdoors installed and which are sold through a compromised hardware supply chain. To be specific this is at least 74,000 Android-based mobile phones, tablets, and Connected TV boxes, some of which have been found on public school networks throughout the US. This firmware backdoor is based on Triada malware which was found on modified versions of WhatsApp for Android in August, and which has been around since 2016. According to a report published by the security firm Human Security, “BadBox-infected devices are deemed unsalvageable by an average user.”
(Security Affairs and Human Security)
Social media is the golden goose for scammers – FTC
According to research from , social media is a “a golden goose for scammers.” That’s the title of a spotlight report published last Friday by the Federal Trade Commission that says that between January 2021 and June 2023, losses reported from scams that started on social media is at least $2.7 billion, but that number excludes reports that did not specify a contact method. The report shows that social media exceeds costs of scams from websites, phone calls, emails pop-up add and postal mail, and that the amounts lost are higher for younger users. Fraudulent shopping scams from Facebook or Instagram ads tops the list of techniques, followed by investment scans and romance scams.(Federal Trade Commission)