This Week’s Top 5 News August 2023 | 04

With every passing day there are new cybersecurity events that have the potential to impact you or your company. We have rounded up five top cybersecurity news stories to help keep you up to date with cybersecurity issues around the world. From acts of espionage to simple code errors that could leak your private data.
Here are our top five new stories from the past week:

1. New Telegram Bot “Telekopye” Powering Large-scale Phishing Scams from Russia

A new cybercrime operation, Telekopye, is utilizing a malicious Telegram bot to assist threat actors in defrauding victims. The toolkit, suspected to originate from Russia, enables the creation of phishing web pages and sends URLs to potential targets. The attack involves building a rapport with victims, dubbed Mammoths, before sending a fraudulent link created with the Telekopye phishing kit. Once victims input their payment details on the fake gateway, funds are stolen and laundered through cryptocurrency. Telekopye’s centralized payout structure allows the core team to oversee each actor’s operations, enhancing its efficiency and effectiveness. For more about this story click here


2. Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw

A severe vulnerability (CVE-2023-32315, CVSS 7.5) in Openfire XMPP servers potentially exposes thousands to unauthorized access and exploitation. The flaw, a path traversal vulnerability, affects versions since April 2015 and could let attackers bypass authentication requirements for admin pages. Although developer Ignite Realtime released patches earlier this year, roughly half of over 6,300 online Openfire servers remain unpatched and vulnerable. This vulnerability is actively being exploited, including by the Kinsing crypto botnet malware. It’s crucial to apply the provided patches promptly to ensure cybersecurity.
For more about this story click here


3. Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

In the ever-evolving cybersecurity landscape, agile methodologies aren’t exclusive to developers. From June 15 to July 11, 2023, Permiso Security’s p0 Labs observed an attacker deploy eight iterations of credential harvesting malware, simultaneously preparing for a campaign targeting various cloud services. While Aqua Security recently reported on infected Docker images related to this campaign, Permiso p0 Labs and SentinelLabs now present joint research highlighting systematic updates to the malware. This knowledge-sharing initiative provides invaluable insights into the actor’s campaign and tools used to harvest more cloud credentials. Stay informed, stay secure. For more about this story click here


4. CISOs Tout SaaS Cybersecurity Confidence

The latest State of SaaS Security Posture Management Report from AppOmni reveals that leaders in IT, business, and cybersecurity view SaaS cybersecurity as an increasingly critical aspect of the cyber threat landscape. Surveying over 600 leaders from companies with 500-2,500+ employees, the report found a high level of confidence in their SaaS cybersecurity preparedness. Notably, 71% rated their organizations’ SaaS cybersecurity maturity as mid-high or higher, and 73% ranked their SaaS application security similarly. Furthermore, an impressive 85% expressed confidence in data security within sanctioned SaaS apps. Stay secure, stay ahead with AppOmni. For more about this story click here


5. HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack

The threat actors behind HiatusRAT are back from their break, launching a new wave of reconnaissance and targeting, primarily against Taiwan-based organizations and a U.S. military procurement system. The renewed activity includes recompiled malware samples hosted on new VPSs, according to a report by Lumen Black Lotus Labs. Targets include commercial firms like semiconductor and chemical manufacturers, a municipal government organization in Taiwan, and a U.S. DoD server linked to defense contracts. First disclosed in March 2023, HiatusRAT targeted business-grade routers to covertly spy on victims, transforming them into a proxy network of C2 infrastructure. For more about this story click here

There are many ways cyber criminals will look to exploit your integral IT systems to access data or create chaos within your business for their own personal gain.
Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please feel free to contact us!