Hello Cybersecuriters! 🍩

Before you scroll down and enjoy this week's newsletter, why not join our LinkedIn Group to keep in touch and see our updates. Click here to join.

This is what you missed this week

• 💻 Conti-based ransomware ‘MeowCorp’ gets free decryptor

• 💻 Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack

• 📈 Amazon's Ring Cameras Hacked, Maze Group Demands $10 Million Ransom!

• 📈 Hackers steal around $200 million from crypto lender Euler Finance

• 🚨 Microsoft Identifies Russian Group Behind Outlook Zero-Day Attacks, Releases Detection Script

• 🚨 Russian Building Alternative To GitHub

Enjoy this weekly newsletter.

💻 Malware and Vulnerabilities

Conti-based ransomware ‘MeowCorp’ gets free decryptor

• A critical vulnerability in Microsoft Outlook has been identified that could allow attackers to remotely access and control a victim's computer. A proof-of-concept (PoC) demonstration has shown how easy it is to exploit this vulnerability, by sending a specially crafted email to the victim's Outlook account.

• The email can contain a malicious payload that, when opened, triggers the vulnerability and allows the attacker to execute code on the victim's computer. Microsoft has released a security patch to fix this vulnerability, and users are strongly advised to apply the patch as soon as possible to protect against this and other threats [read more]

Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack

• Microsoft has released patches for 80 new vulnerabilities in its March 2023 Patch Tuesday update. The vulnerabilities affect a range of Microsoft products and services, including Windows, Exchange Server, Office, and Azure. Of the 80 vulnerabilities, 14 are rated as critical, 64 as important, and 2 as moderate. The critical vulnerabilities include a Windows Kernel Privilege Escalation flaw and an Exchange Server Remote Code Execution flaw. Microsoft has urged users to apply the patches as soon as possible to protect against these and other threats. [read more]

📈 Breaches and Incidents

Amazon's Ring Cameras Hacked, Maze Group Demands $10 Million Ransom!

• According to recent reports, Amazon's Ring security camera systems have been hacked by a notorious ransomware group called "Maze". This group is known for its use of sophisticated techniques and for targeting high-profile companies and organizations.

• The group claims to have stolen sensitive data, including video footage and customer information, from Ring's systems. They are now demanding a ransom of $10 million in exchange for not publicly releasing the stolen data.

• This incident highlights the ongoing threat posed by ransomware attacks, which can cause significant financial and reputational damage to organizations. It also underscores the importance of taking steps to protect against such attacks, including regular backups of data and robust cybersecurity measures. [read more]

US Marshals Service targeted in cyberattack, hacker claims to sell stolen data

• A hacker claims to have stolen data from the US Marshals Service and is now selling the data on a popular hacking forum. The data being offered for sale includes personal information of prisoners and employees of the agency. The hacker has reportedly put up a sample of the data to prove the authenticity of the breach.

• The hacker, who goes by the name "Berbomthum" online, is known for targeting government agencies and has previously claimed responsibility for hacking other high-profile organizations. In 2019, Berbomthum claimed responsibility for a hack of the city of Las Vegas, where sensitive data including Social Security numbers and driver's license details of employees and former employees were stolen. [read more]

Hackers steal around $200 million from crypto lender Euler Finance

• Euler Finance, a decentralized finance (DeFi) platform, has reportedly been hacked by cybercriminals, resulting in a loss of approximately $200 million. The hackers are said to have exploited a vulnerability in the platform's smart contract, allowing them to drain funds from the system. [read more]

🚨 Threat Intel & Info Sharing

Estonian official says parliamentary elections were targeted by cyberattacks

• Estonia's parliament and other government systems have been hit by a major cyberattack, just weeks before the country's parliamentary elections. The attack is said to have targeted the country's electronic voting system, as well as other government systems and networks.

• The attack reportedly involved a distributed denial-of-service (DDoS) attack, which floods a system with traffic in an attempt to overwhelm it and disrupt normal operations. It is not yet clear who is responsible for the attack or the full extent of the damage caused. Estonia is no stranger to cyberattacks, having suffered a major attack in 2007 that disrupted the country's internet infrastructure and government systems.

• The incident led to the establishment of NATO's Cooperative Cyber Defence Centre of Excellence in Tallinn, which focuses on researching and developing new approaches to cybersecurity. [read more]

Microsoft Identifies Russian Group Behind Outlook Zero-Day Attacks, Releases Detection Script

• Microsoft has identified a Russian state-sponsored hacking group as responsible for a series of zero-day attacks targeting its Outlook email service. The company has released a script that users can run to detect whether their systems have been compromised by the group, known as Nobelium. The attacks are said to have targeted government agencies, think tanks, NGOs, and other organizations. Microsoft has urged users to be vigilant and to update their systems to the latest security patches to protect against these and other threats.

• Nobelium has been linked to previous attacks targeting government agencies, think tanks, and NGOs in the United States, Europe, and other regions. The group is believed to have ties to Russia's Foreign Intelligence Service, and is known for its use of advanced techniques and tools to evade detection and carry out attacks [read here]

Russian Building Alternative To GitHub

According to a report from Vedomosti, Rosinfocominvest, a subsidiary of Russia's state-owned telecom operator Rostelecom, may allocate its frozen funds towards the development of a domestic alternative to GitHub. The report states that Rosinfocominvest's funds have been frozen due to US sanctions imposed on Rostelecom in response to alleged cyber attacks. The proposal for a Russian GitHub alternative comes amid ongoing concerns about the risks of dependence on foreign tech platforms and the need for greater domestic control over critical digital infrastructure. If approved, the project would aim to provide a secure and reliable platform for Russian developers to share and collaborate on code. [read more]

📊 Trends, Reports, Analysis ​

New Kill Chain Framework "Phase-based Tactical Analysis of Online Operations"

• Meta has proposed a revamped kill chain framework for online threats, with the aim of providing a more comprehensive and adaptable model for understanding and responding to cyber attacks. The proposed framework includes seven stages, from reconnaissance and weaponization to impact and post-incident activity. Each stage includes multiple sub-stages and activities, and can be customized to suit the needs of different organizations and threat actors. The framework also emphasizes the need for collaboration and information sharing between organizations and security professionals to better defend against and respond to cyber threats. [read the report here]

⚖️ Laws, Policy, Regulations

MI5 Announces New UK National Protective Security Authority

• UK intelligence agency MI5 has announced the creation of a new body to combat national security threats.

• The new body, called the Centre for National Security, will bring together experts from across government agencies to work together on intelligence gathering, analysis, and response to security threats.

• The Centre for National Security will have a broad mandate, covering issues such as terrorism, espionage, cyber security, and hostile state activity. The creation of the Centre for National Security comes in response to a changing security landscape, with new threats emerging from technological developments and changing geopolitical dynamics. [read more]

🎙 Podcast Recommendations

DtSR Episode 537 - Sergio Talks Threat Intelligence

• Sergio has been at an agency, at Microsoft, at Dragos - and he knows threat intelilgence from theory to applications. Listen in, learn a bit, and laugh along as the Chinese spy baloon (that's my story and I'm sticking to it) disrupts our communications with our pal, Sergio. [listen here]

😊 Picture of the week

We hope you enjoyed your weekly digest! ☕🥮

If you liked our content, be a part of our Cybersecurity journey, then you can join our communities below or go to The Cybersecurity Club for resources.

Signing off! Stay safe and we’ll see you soon.