Recap Of The Week: Exploring Key News And Events

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | May 27, 2023 12:50 am PST

Meta Faces Hefty €1.2bn Fine For GDPR Breach In EU-US Data Transfers

Meta was fined €1.2bn for transmitting consumer data to the US. Ireland’s Data Protection Commission (DPC) punished Facebook for EU data protection violations on Monday. It said Dublin-based Facebook violated EU-to-US data transfer rules. Meta Ireland’s revisions in response to a 2020 European Court of Justice judgement “did not address the consequences to the fundamental rights and freedoms” of transfers that were primarily dependent on European Commission-approved contractual provisions. In 2021, Luxembourg fined Amazon €746mn for privacy violations. Read more.

Micron: China Issues Ban On US Chipmaker

Due to cybersecurity concerns, China has banned Micron chips. After a March 2023 inquiry of Micron products sold in China, the Chinese Cyberspace Administration announced the decision on May 21, 2023. “Serious cybersecurity problems” with Micron devices “posed major risks to China’s critical information infrastructure supply chain and affected China’s national security,” the Chinese government said. “Operators of critical information infrastructure in China should stop purchasing Micron products.” The Cyberspace Administration of China cited China’s cyber and information security regulations but did not specify the cybersecurity issues. Read more.

An Exploding Pentagon In A Fake Photo Sends Twitter Into Frenzy

A verified Twitter account fabricated an explosion near the Pentagon on Monday morning and posted the image online, claiming it was made by AI. By using @BloombergFeed, the account impersonated Bloomberg. It also received Twitter’s $8 or $11 monthly verification mark. When it reported a “large explosion” near the Pentagon in Washington, D.C., this fooled some. It shared a photo of a smoke plume near the government building. and others posted the photo on Twitter, making it news. Only catch? No explosion was recorded. Local authorities confirmed no Pentagon blast(Opens in a new window). The explosion photo upset others. AI-generated photographs often lack background detail. The Pentagon and lamppost are included. Read more.

GoldenJackal: Threat Risk For Organizations In Middle East & South Asia

GoldenJackal, an advanced persistent threat (APT) outfit, has been spying on Asian governments and embassies since 2019. Threat actors choose their victims carefully and limit their strikes for stealth. Kaspersky has monitored GoldenJackal since 2020 and produced a report documenting the group’s considerable operations in Afghanistan, Azerbaijan, Iran, Iraq, Pakistan, and Turkey. Since 2019, “GoldenJackal” has been a sophisticated persistent threat (APT) group targeting government and diplomatic bodies. To our knowledge, this gang has never been named. APT virus transmission is unknown. Read more.

Iranian Hackers Set Sights On Israeli Shipping & Logistics Firms

Watering hole attacks attacked at least eight Israeli shipping, logistics, and financial services websites. ClearSky, a Tel Aviv cybersecurity firm, tracks Iranian threat actor Tortoiseshell, also known as Crimson Sandstorm (previously Curium), Imperial Kitten, and TA456. “The infected sites collect preliminary user information through a script,” ClearSky said in a Tuesday technical analysis. Most impacted websites have removed the malware. Tortoiseshell attacked Saudi IT service providers in July 2018. It also creates fake hiring webpages to trick U.S. military veterans into downloading remote access trojans. Iran has already targeted Israeli ports and industries. Read more.

Barracuda Alerts Of Breaches In Email Gateways From Zero-Day Flaws

Some Email Security Gateway (ESG) appliances were compromised, according to network security provider Barracuda Networks. Threat actors exploited fixed zero-day CVE-2023-2868. May 19 revealed the email attachment screening module vulnerability. Barracuda promptly provided security fixes on May 20 and 21. Barracuda discovered an ESG vulnerability on May 19, 2023. The vulnerability was patched in all ESG equipment worldwide on Saturday, May 20, 2023. “The vulnerability existed in a module which initially screens incoming email attachments,” the paper stated. This risk potentially affect hundreds of thousands of businesses, including high-profile ones, who employ ESG equipment. Barracuda’s other products and SaaS email security services are unaffected. Read more.

Buhti Ransomware Adopts Stolen Encryptors For Windows & Linux

Buhti, a new ransomware operation, targets Windows and Linux systems utilizing LockBit and Babuk code. Buhti (formerly “Blacktail”) threat actors developed a data exfiltration tool to double-extort victims. Buhti, a Linux-targeting Go-based ransomware, was discovered by Palo Alto Networks’ Unit 42 in February 2023. Symantec’s Threat Hunter team reported today that Buhti targets Windows with a variation of LockBit 3.0 called “LockBit Black.” A unhappy developer tweeted in September 2022 that Blacktail uses Windows LockBit 3.0. Successful attacks change the desktop wallpaper to instruct victims to open the ransom message and encrypt all “.buthi” files. Read more.

Invisible Chinese Hackers Penetrate American Bases And Guam

Microsoft and Western intelligence agencies suspect Chinese hackers used “invincible” malware to assault Guam military bases’ vital equipment. Experts call it one of the largest US cyberespionage initiatives. As a US military post, Guam’s ports and air bases are crucial to Western responses to Asian crises. Beijing called the Microsoft report “highly unprofessional” and “disinformation”. Microsoft and the Five Eyes spy agencies—US, Australia, Britain, New Zealand, and Canada—published malware data on Wednesday. Five Eyes intelligence sharing is decades old. Partners will teach critical infrastructure providers and corporate users malware identification and removal. It targeted communications, industry, utilities, and transportation. to preserve vital systems. Read more.

Data Breach At Apria Healthcare Affects 2 Million People Now Notified

Apria Healthcare LLC supplies over 2 million patients with medical devices for COPD, sleep apnea, and diabetes. On September 1, 2021, Apria Healthcare, a renowned home healthcare equipment provider, found illegal access to its computer network, compromising personal and confidential information for up to 1.8 million people. On May 22, 2023, Apria Healthcare informed the Maine Attorney General of a data breach in their infrastructure. Unauthorized parties accessed patient data files. Names, Social Security numbers, personal information, medical records, health insurance, and financial data were included. Read more.

CosmicEnergy, Russian New Strain Of Malware Attacking Electric Grids

On Thursday, Mandiant reported the discovery of a new malware, potentially linked to Russia, engineered to target industrial control systems (ICS) with the specific aim of disrupting electric grids. This newly found malware, named CosmicEnergy, targets operational technology (OT) and is configured to interface with IEC 60870-5-104 (IEC-104) devices. Its purpose is to send remote instructions that meddle with the operations of power line switches and circuit breakers, potentially causing electricity disruptions. Mandiant suggests that it “represents a credible risk to impacted electric grid assets”. IEC 60870-5-104 is a protocol responsible for telecommunication functions in electric power systems.

With regard to CosmicEnergy, it is capable of interacting with remote terminal units (RTUs), specifically those commonly employed in electricity transmission and distribution in areas like Europe, the Middle East, and other parts of Asia. Read more.

Augusta Cyberattack Claimed By BlackByte Ransomware Group

Augusta, Georgia, blamed illegal network access for their IT system failure. Augusta was victimized by the BlackByte ransomware gang, but the administration has not reported it. Augusta, Georgia’s second-largest city, follows Atlanta. The city’s internet portal reported “technical difficulties” on Sunday, May 21, that disrupted some computer operations. The notification states that last week’s IT system outage is unrelated. We’re investigating the cyberattack’s entire impact and restoring our systems as soon as feasible. Threat actors may have taken sensitive data.  Read more.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x