InfoSec Weekly
August 28, 2023
Table Of Contents
Kroll’s Security Compromised: Unveiling the Employee Data Breach of 2023
Description
In a recent cybersecurity incident, global risk management firm Kroll fell victim to a data breach, resulting in the exposure of sensitive employee information. The breach, discovered in August 2023, underscored the ongoing challenges that organizations face in safeguarding their digital assets and employee data. Hackers gained unauthorized access to Kroll’s internal systems, compromising a trove of personal and confidential data belonging to the company’s workforce. The breach exposed a significant amount of employee data, including names, addresses, contact details, social security numbers, and potentially even financial information. This incident not only jeopardizes the privacy and security of Kroll’s employees but also poses risks of identity theft and targeted phishing attacks. Moreover, the breach has the potential to damage Kroll’s reputation as a trusted risk management partner.
Infected Technology
Kroll’s Internal System
Source
https://thehackernews.com/2023/08/kroll-suffers-data-breach-employee.html
Recommendation
• Data Encryption: Ensure that sensitive employee information is encrypted both during storage and transmission, making it significantly harder for attackers to access usable data even if they breach the perimeter defenses.
Lazarus Group Capitalizes on Critical Zoho Exploit
Description
In a significant cybersecurity breach, the notorious Lazarus Group has exploited a critical vulnerability in the widely used Zoho software suite. This breach, uncovered in August 2023, sheds light on the increasing sophistication of cybercriminal tactics and their potential to compromise even well-established platforms. The Lazarus Group, known for its association with state-sponsored attacks, leveraged the vulnerability to gain unauthorized access to sensitive data, underlining the urgency for organizations to fortify their digital defenses.
Infected Technology
Zoho software suite
Source
https://thehackernews.com/2023/08/lazarus-group-exploits-critical-zoho.html
Recommendation
• Patch Management: Maintain a robust and proactive patch management process to promptly apply updates and security patches for all software and systems, especially for critical software like Zoho.
New Telegram Bot “Telekopye” Powering Large-scale Phishing Scams from Russias
Description
A malicious Telegram bot is being used by a new financially driven operation to assist threat actors in defrauding their targets. The toolkit, called Telekopye (a combination of Telegram and kopye, which means “spear” in Russian), works as an automated way to generate a phishing web page from a preset template and transmit the URL to possible victims, who the thieves have given the codename Mammoths.This toolkit is built as a Telegram bot that, when triggered, offers a number of straightforward menus in the form of clickable buttons that can accommodate multiple scammers at once.The earliest version of Telekopye that has been found dates all the way back to 2015, indicating that it has been actively used and maintained for a number of years.Once the payment information has been entered onto the fictitious credit/debit card gateway, it is utilized to steal money from the victim, which is then used to launder money using cryptocurrencies. Telekopye is completely functional; users may send phishing emails, construct websites, send SMS messages, make QR codes, and produce convincing screenshots and photos of checks and receipts. To make them more difficult to detect, the phishing domains used to host the pages are registered such that the final URL begins with the anticipated brand name (cdek.id7423[.]ru, olx.id7423[.]ru, and sbazar.id7423[.]ru).
Infected Technology
Telegram
Source
https://thehackernews.com/2023/08/new-telegram-bot-telekopye-powering.html?m=1
Recommendation
• When purchasing used items from internet marketplaces, whenever possible, insist for in-person money and good exchanges. • Sending money should only be done when you are assured of its destination. Check the website for grammatical problems and graphical inconsistencies before sending money elsewhere. • If a link appears to be coming from a reliable source, you should still exercise extreme caution when clicking on links in SMS messages or emails.
CVE-2023-40477: Arbitrary code execution found in WinRAR
Description
A high-severity arbitrary code execution vulnerability has been identified in WinRAR, a widely used archive manager on the Windows Platform. The vulnerability (CVE-2023-40477) allows attackers to execute malicious code by opening a specially crafted RAR file. The flaw arises from improper validation of user input, potentially leading to unauthorized memory access beyond allocated buffers. The vulnerability has been given a severity rating of 7.8 (high). To exploit this vulnerability, an attacker requires user interaction, meaning the user must visit a malicious webpage or open a specially crafted file. The flaw particularly affects the processing of recovery volumes in RAR archives. WinRAR addressed this issue in version 6.23 by patching the out-of-bounds write vulnerability in RAR4 recovery volumes processing code.
Infected Technology
WinRAR
Source
https://cybersecuritynews.com/winrar-flaw-attackers-remote-code/
Recommendation
• Update to the latest version of WinRAR (6.23) to mitigate this vulnerability’s risk. • WinRAR platform should implement implement user input sanitation and security measures.
CVE ID
CVE-2023-40477
Ready to get started?
Don’t let the attacker get the upper hand – protect your services with our expertise. Contact us now and stay ahead of the game.
Contact Us