Threat Intelligence Report - June 9, 2023.
The NetFire Threat Intelligence Report contains a weekly collection of key developments to be aware of along with action tips from NetFire.
NetFire Threat Intelligence Team
Threat Intelligence Report - Week Ending June 9, 2023
Google Fixes New Chrome Zero-Day Flaw, 3rd This Year
Google has addressed a high-severity zero-day vulnerability (CVE-2023-3079) in its Chrome browser that was being actively exploited, the third such flaw it has tackled this year. The company will gradually roll out a security update to all users and advises manual updating to the new stable channel release version (114.0.5735.110 for Windows and 114.0.5735.106 for Mac and Linux) to address this and other issues found during internal audits and code fuzzing analysis.
DDoS Attacks Using IoT Bots Increased 5x in 12 months
A new Threat Intelligence Report reveals that distributed denial of service (DDoS) attacks using insecure Internet of Things (IoT) devices have seen a five-fold increase in the past year, growing from around 200,000 to one million compromised devices. These IoT bots, often stemming from consumer devices with lax security protections, now generate over 40% of all DDoS traffic, posing a significant threat to networks and critical infrastructure, necessitating the development of more robust security measures across service providers, vendors, and regulators.
Read more: https://netfire.link/ddos-bots-5x
BBC, British Airways, Boots, Aer Lingus Tangled in MOVEit debacle
Prominent UK firms, including British Airways, BBC, Boots, and Aer Lingus, have suffered a cyber security breach exposing employee personal data, including bank and contact details, due to a vulnerability in the MOVEit Transfer software, which was exploited by the Clop ransomware group. The incident, affecting thousands of global companies, exploited a new and previously unknown flaw in the widely used software and highlights the urgent need for robust cyber security measures and timely response to such breaches.
Free VPN Data Breach Exposes 360 Million Records
Cybersecurity researcher Jeremiah Fowler discovered a significant breach with the free VPN service SuperVPN, resulting in the leak of over 360 million user records containing personal information such as email addresses, original IP addresses, and user online activity details. This incident emphasizes the risks associated with free VPN services, which often offer insufficient encryption, may sell user data, and have higher malware risk, underscoring the need for users to choose reputable, paid VPNs for secure and private browsing.
Read more: https://netfire.link/vpn-360m-records
Outlook Hit; Hacktivists Claim DDoS Attacks
Outlook.com has experienced repeated outages, severely affecting global user access, with the hacktivist group Anonymous Sudan claiming responsibility for launching DDoS attacks on the service. These claims, still unverified, represent a significant cybersecurity risk if true, as they underscore the potential vulnerability of large-scale online services to disruptive attacks.
Follow NetFire and stay tuned for more insights.