Last Updated on September 6th, 2023, By
 In AppSec Bulletin

As new Year Begins for Schools, NCSC has Warned Regarding Cyber Attacks

School leaders have been cautioned by the National Cyber Security Centre to prepare for potential cyberattacks at the start of the new academic year. While there is no specific indication of an increased threat, the impact of an attack during this time could be significant.

Cybersecurity experts highlight that the start of the school year, with the creation of new accounts and policies on portable devices, may create vulnerabilities. Limited budgets and priorities often result in weaker cyber defenses for schools, making them opportunistic targets. It is crucial for staff and students to understand cybersecurity threats, practice basic digital hygiene, and be vigilant against phishing attempts. The National Cyber Security Centre has previously warned about ransomware attacks in the education sector, emphasizing the need for cybersecurity measures and data backups.

Cybersecurity experts suggest that schools prioritize cybersecurity as they increasingly rely on internet-based tools in the classroom. The Department for Education states that education providers are responsible for addressing cybersecurity risks and implementing necessary measures.

Source – Sky News

UK Electoral Commission failed basic security assessment just before being hacked

The Electoral Commission has admitted failing a basic cyber-security test around the same time it suffered a cyberattack, where “hostile actors” accessed its emails and potentially the data of 40 million voters. A whistleblower revealed that the Commission received an automatic fail during a Cyber Essentials audit, a government-backed scheme aimed at ensuring minimum best practice in cyber-security. The Commission’s failure in the audit included running outdated software on staff laptops and using unsupported iPhones. Although it’s unclear whether these vulnerabilities directly enabled the cyberattack, experts suggest that they paint a picture of weak cybersecurity posture and governance. The Information Commissioner’s Office is investigating the cyberattack, which compromised data belonging to millions of people who had opted out of the public register. The Electoral Commission has stated it is continuously working to improve its cybersecurity.

Source – BBC News

Data breach at golf equipment company, Callaway, has exposed information belonging to 1.1 million individuals

Topgolf Callaway (Callaway), a prominent American sports equipment manufacturer specializing in golf gear, experienced a data breach in early August, impacting over a million customers. The breach exposed sensitive personal and account information, including names, addresses, emails, phone numbers, order histories, account passwords, and security question answers. This breach affected customers of Callaway and its sub-brands.

Fortunately, no payment card data, government IDs, or Social Security Numbers were exposed. Callaway promptly detected and contained the breach, requiring all customers to reset their passwords. It’s essential for affected users to change their passwords, employ strong password practices, and be vigilant against potential phishing attempts.

Source – The Bleeping Computer

The data breach at Forever 21 has exposed the personal information of more than 539,000 individuals.

On August 29, 2023, Forever 21, the fashion retailer, reported a data breach to the Attorney General of Maine. This breach affected over 539,000 individuals and resulted from an external system breach that allowed unauthorized access to sensitive information, including names and Social Security numbers. Forever 21 initiated an investigation and began notifying affected individuals about the breach.

The breach occurred between January 5, 2023, and March 21, 2023, when unauthorized access to confidential data took place. Data breach notification letters were sent to affected individuals, detailing the specific information that may have been compromised for each person.

Forever 21, headquartered in Los Angeles, California, is a well-known fashion retailer with over 540 locations globally, along with an e-commerce platform. The company employs more than 32,800 individuals and generates approximately $6.9 billion in annual revenue. The breach serves as a reminder of the risks associated with the exposure of sensitive information, particularly Social Security numbers, and the potential for identity theft and fraud.

Source – JDSUPRA

The MMRat Android malware is focusing its attacks on users in Southeast Asia who use banking services.

A new Android malware called MMRat has been targeting mobile users in Southeast Asia since June. This malware, named after its package ‘com.mm.user,’ employs a customized C2 protocol based on Protobuf to efficiently transfer large amounts of data. It is typically distributed through phishing websites disguised as official app stores, often masquerading as government or dating apps to commit bank fraud. Once installed, MMRat requests permissions on the victim’s phone, communicates with a remote server to send personal data, and then uninstalls itself to erase any traces of infection.

MMRat relies on Android Accessibility service and MediaProjection API to execute various malicious activities, including bank fraud, screen recording, and remote control of infected devices. It employs anti-evasion tactics to evade detection during the infection process, similar to other malware like GigabudRAT and Vultur.

App stores, both official and third-party, remain attractive targets for malware distribution. Some malicious apps have even managed to infiltrate the Google Play Store. To safeguard against such threats, Android users are advised to carefully check app ratings and user reviews, download apps only from trusted publishers, and exercise caution when granting access permissions during installation.

Source – Cyware Social

Chae$ 4: A Fresh Iteration of Chaes Malware Focusing on Clients in the Financial and Logistics Sectors

Morphisec, a cybersecurity company, has detected a concerning trend in cyber threats. In January 2023, they identified an advanced variant of the Chaes malware affecting clients primarily in the logistics and financial sectors. This variant, known as “Chae$ 4,” has undergone significant enhancements, including a shift to Python, improved modularity, encryption layers, and an expanded set of targeted services for credential theft.

The Chaes malware specifically targets customers of prominent platforms and banks like Mercado Libre, Mercado Pago, WhatsApp Web, Itau Bank, Caixa Bank, and CMS services like WordPress, Joomla, Drupal, and Magento. This variant is the fourth major iteration of Chaes, with previous versions having targeted e-commerce users in Latin America.

The infection process involves deceptive MSI installers and persistent deployment of the malware’s core module, ChaesCore, which communicates with a remote server and loads various modules for malicious activities. These modules include data theft, credential stealing, and file uploads, with a particular focus on cryptocurrency-related activities.

Morphisec’s Automatic Moving Target Defense (AMTD) technology has been instrumental in thwarting these attacks. It provides proactive protection against evolving threats like Chae$ 4. Businesses are encouraged to learn more about this technology to safeguard their systems against such advanced malware.

Source – Morphisec

AppSealing
AppSealing
AppSealing is the only cloud-based pay-as-you-go solution to protect mobile apps without writing a single line of code. Our solution is easy to use and allows you to protect mobile apps from hackers and illegal application modification, thus making it secure in run-time with RASP Security Features.
Top 10 Mobile App Threats And How It Affects Both End Customer & BusinessesAppSealing Blog
News Date – 7th to 13th September 2023AppSec Bulletin