Western Digital Hit by Network Security Breach - Critical Services Disrupted

 Data storage devices maker Western Digital on Monday disclosed a "network security incident" that involved unauthorized access to its systems.

The breach is said to have occurred on March 26, 2023, enabling an unnamed third party to gain access to a "number of the company's systems."

Following the discovery of the hack, Western Digital said it has initiated incident response efforts and enlisted the help of cybersecurity and forensic experts to conduct an investigation.

It also said it's coordinating with law enforcement agencies on the matter, adding the probe is in its initial stages.

The company has taken several of its services offline, noting that the threat actor may have obtained "certain data from its systems" and that it's working on estimating the nature and scope of the data accessed.

Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor

 A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and Linux backdoor called KEYPLUG.

"RedGolf is a particularly prolific Chinese state-sponsored threat actor group that has likely been active for many years against a wide range of industries globally.

"The group has shown the ability to rapidly weaponize newly reported vulnerabilities (e.g. Log4Shell and ProxyLogon) and has a history of developing and using a large range of custom malware families."

The use of KEYPLUG by Chinese threat actors was first disclosed by Google-owned Manidant in March 2022 in attacks targeting multiple U.S. state government networks between May 2021 and February 2022.

Then in October 2022, Malwarebytes detailed a separate set of attacks targeting government entities in Sri Lanka in early August that leveraged a novel implant dubbed DBoxAgent to deploy KEYPLUG.

Both these campaigns were attributed to Winnti (aka APT41, Barium, Bronze Atlas, or Wicked Panda), which Recorded Future said "closely overlaps" with RedGolf.

"We have not observed specific victimology as part of the latest highlighted RedGolf activity," Recorded Future said. "However, we believe this activity is likely being conducted for intelligence purposes rather than financial gain due to the overlaps with previously reported cyber espionage campaigns."

The cybersecurity firm, in addition to detecting a cluster of KEYPLUG samples and operational infrastructure (codenamed GhostWolf) used by the hacking group from at least 2021 to 2023, noted its use of other tools like Cobalt Strike and PlugX.

The GhostWolf infrastructure, for its part, consists of 42 IP addresses that function as KEYPLUG command-and-control. The adversarial collective has also been observed utilizing a mixture of both traditionally registered domains and Dynamic DNS domains, often featuring a technology theme, to act as communication points for Cobalt Strike and PlugX.

"RedGolf will continue to demonstrate a high operational tempo and rapidly weaponize vulnerabilities in external-facing corporate appliances (VPNs, firewalls, mail servers, etc.) to gain initial access to target networks," the company said.

"Additionally, the group will likely continue to adopt new custom malware families to add to existing tooling such as KEYPLUG."

To defend against RedGolf attacks, organizations are recommended to apply patches regularly, monitor access to external facing network devices, track and block identified command-and-control infrastructure, and configure intrusion detection or prevention systems to monitor for malware detections.

The findings come as Trend Micro revealed that it discovered more than 200 victims of Mustang Panda (aka Earth Preta) attacks as part of a far-reaching cyber espionage effort orchestrated by various sub-groups associated with the threat actor since 2022.

A majority of the cyber strikes have been detected in Asia, followed by Africa, Europe, the Middle East, Oceania, North America, and South America.

"There are strong indications of intertwined traditional intelligence tradecraft and cyber collection efforts, indicative of a highly coordinated and sophisticated cyber espionage operation," Trend Micro said.

Hackers Exploiting WordPress Elementor Pro Vulnerability: Millions of Sites at Risk

 Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress.

The flaw, described as a case of broken access control, impacts versions 3.11.6 and earlier. It was addressed by the plugin maintainers in version 3.11.7 released on March 22.

"Improved code security enforcement in WooCommerce components," the Tel Aviv-based company said in its release notes. The premium plugin is estimated to be used on over 12 million sites.

Successful exploitation of the high-severity flaw allows an authenticated attacker to complete a takeover of a WordPress site that has WooCommerce enabled.

"This makes it possible for a malicious user to turn on the registration page (if disabled) and set the default user role to the administrator so they can create an account that instantly has the administrator privileges," Patchstack said in an alert of March 30, 2023.

"After this, they are likely to either redirect the site to another malicious domain or upload a malicious plugin or backdoor to further exploit the site."

Credited with discovering and reporting the vulnerability on March 18, 2023, is NinTechNet security researcher Jerome Bruandet.

Patchstack further noted that the flaw is currently being abused in the wild by several IP addresses intending to upload arbitrary PHP and ZIP archive files.

Users of the Elementor Pro plugin are recommended to update to 3.11.7 or 3.12.0, which is the latest version, as soon as possible to mitigate potential threats.

The advisory comes over a year after the Essential Addons for Elementor plugin was found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

Last week, WordPress issued auto-updates to remediate another critical bug in the WooCommerce Payments plugin that allowed unauthenticated attackers to gain administrator access to vulnerable sites.

Microsoft Fixes New Azure AD Vulnerability Impacting Bing Search and Major Apps

 Microsoft has patched a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed several "high-impact" applications to unauthorized access.

"One of these apps is a content management system (CMS) that powers Bing.com and allowed us to not only modify search results but also launch high-impact XSS attacks on Bing users," cloud security firm Wiz said in a report. "Those attacks could compromise users' personal data, including Outlook emails and SharePoint documents."

The issues were reported to Microsoft in January and February 2022, following which the tech giant applied fixes and awarded Wiz a $40,000 bug bounty. Redmond said it found no evidence that the misconfigurations were exploited in the wild.

The crux of the vulnerability stems from what's called "Shared Responsibility confusion," wherein an Azure app can be incorrectly configured to allow users from any Microsoft tenant, leading to a potential case of unintended access.

Interestingly, a number of Microsoft's own internal apps were found to exhibit this behavior, thereby permitting external parties to obtain read and write to the affected applications.

This includes the Bing Trivia app, which the cybersecurity firm exploited to alter search results in Bing and even manipulate content on the homepage as part of an attack chain dubbed BingBang.

To make matters worse, the exploit could be weaponized to trigger a cross-site scripting (XSS) attack on Bing.com and extract a victim's Outlook emails, calendars, Teams messages, SharePoint documents, and OneDrive files.

A malicious actor with the same access could've hijacked the most popular search results with the same payload and leak sensitive data from millions of users," Wiz researcher Hillai Ben-Sasson noted.

Other apps that were found susceptible to the misconfiguration issue include Mag News, Central Notification Service (CNS), Contact Center, PoliCheck, Power Automate Blog, and COSMOS.

The development comes as enterprise penetration testing firm NetSPI revealed details of a cross-tenant vulnerability in Power Platform connectors that could be abused to gain access to sensitive data.

Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam

 The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users.

Two of the apprehended affiliates are believed to be organizers, with 10 others detained in other territories across the European Union.

The suspects are alleged to have created more than 100 phishing portals aimed at users in France, Spain, Poland, Czechia, Portugal, and other nations in the region.

These websites masqueraded as online portals offering heavily discounted products below market prices to lure unsuspecting users into placing fake "orders."

In reality, the financial information entered on those websites to complete the payments was used to siphon money from the victims' accounts.

"For the fraudulent scheme, the participants also created two call centers, in Vinnytsia and in Lviv, and involved operators in their work," the Cyber Police said. "Their role was to convince customers to make purchases."

The nefarious scheme is estimated to have duped over 1,000 individuals, earning the operators approximately $4.33 million in illicit profits.

As part of the probe, law enforcement authorities carried out over 30 searches and confiscated mobile phones, SIM cards, and computer equipment used to carry out the activities.

Criminal proceedings have been initiated against the perpetrators, who may face a maximum sentence of up to 12 years in prison.

The Future of Network Security: Predictive Analytics and ML-Driven Solutions

 As the digital age evolves and continues to shape the business landscape, corporate networks have become increasingly complex and distributed. The amount of data a company collects to detect malicious behavior constantly increases, making it challenging to detect deceptive and unknown attack patterns and the so-called "needle in the haystack". With a growing number of cybersecurity threats, such as data breaches, ransomware attacks, and malicious insiders, organizations are facing significant challenges in successfully monitoring and securing their networks. Furthermore, the talent shortage in the field of cybersecurity makes manual threat hunting and log correlation a cumbersome and difficult task. To address these challenges, organizations are turning to predictive analytics and Machine Learning (ML) driven network security solutions as essential tools for securing their networks against cyber threats and the unknown bad.

The Role of ML-Driven Network Security Solutions#

ML-driven network security solutions in cybersecurity refer to the use of self-learning algorithms and other predictive technologies (statistics, time analysis, correlations etc.) to automate various aspects of threat detection. The use of ML algorithms is becoming increasingly popular for scalable technologies due to the limitations present in traditional rule-based security solutions. This results in the processing of data through advanced algorithms that can identify patterns, anomalies, and other subtle indicators of malicious activity, including new and evolving threats that may not have known bad indicators or existing signatures.

Detecting known threat indicators and blocking established attack patterns is still a crucial part of overall cyber hygiene. However, traditional approaches using threat feeds and static rules can become time-consuming when it comes to maintaining and covering all the different log sources. In addition, Indicators of Attack (IoA) or Indicators of Compromise (IoC) may not be available at the time of an attack or are quickly outdated. Consequently, companies require other approaches to fill this gap in their cybersecurity posture.

In summary, the mentioned drawbacks of rule-based security solutions highlight the significance of taking a more holistic approach to network security, which should nowadays include ML-powered Network Detection and Response (NDR) solutions to complement traditional detection capabilities and preventive security measures.

The Benefits of ML for Network Security#

So, how is Machine Learning (ML) shaping the future of network security? The truth is that ML-powered security solutions are bringing about a significant transformation in network security by providing security teams with numerous benefits and enhancing the overall threat detection capabilities of organizations:

• Big data analytics: With the ever-increasing amount of data and different log sources, organizations must be able to process vast amounts of information in real time, including network traffic logs, endpoints, and other sources of information related to cyber threats. In this regard, ML algorithms can aid in the detection of security threats by identifying patterns and anomalies that may otherwise go unnoticed. Consequently, the ability and flexibility of a solution to incorporate different log sources should be a key requirement for threat detection capabilities.
• Automated analysis of anomalous behavior: AI enables a much-required health monitoring of network activity by utilizing the analysis of normal network traffic as a baseline. With the help of automated correlation and clustering, outliers and unusual behavior can be detected, reducing the need for manual detection engineering and threat hunting. Key questions to be answered include "what is the activity of other clients in the network?" and "is a client's behavior in line with its own previous activities?" These approaches allow for the detection of unusual behaviors like domain-generated algorithms (DGA) domains, volume-based irregularities in network connections, and unusual communication patterns (e.g., lateral movement) in the network. Therefore, comparing a client's current behavior with that of their peers serves as a suitable baseline for identifying subtle anomalies.
• Detect unknown attacks in real-time: While it is relatively easy to directly detect known bad indicators (specific IP addresses, domains, etc.), many attacks can go undetected when these indicators are not present. If that is the case, statistics, time, and correlation-based detections are of enormous value to detect unknown attack patterns in an automated manner. By incorporating algorithmic approaches, traditional security solutions based on signatures and indicators of compromise (IoC) can be enhanced to become more self-sufficient and less reliant on known malware indicators.
• Self-learning detection capabilities: ML-driven solutions learn from past events in order to continuously improve their threat detection capabilities, threat scoring, clustering, and network visualizations. This may involve training the algorithms themselves or adjusting how information is presented based on feedback from analysts.
• Enhance Incident Response: By learning from an analyst's past incident response activities, ML can automate certain aspects of the incident response process, minimizing the time and resources required to address a security breach. This can involve using algorithms to analyze text and evidence, identifying root causes and attack patterns.

Example of an ML-driven Network Security Solution#

When it comes to ML-driven Network Detection & Response (NDR) solutions that incorporate the outlined benefits, ExeonTrace stands out as a leading network security solution in Europe. Based on award-winning ML algorithms, which incorporate a decade of academic research, ExeonTrace provides organizations with advanced ML threat detection capabilities, complete network visibility, flexible log source integration, and big data analytics. In addition, the algorithms rely on metadata analysis instead of actual payloads which makes them unaffected by encryption, completely hardware-free, and compatible with most cybersecurity infrastructures. As a result, ExeonTrace is able to process raw log data into powerful graph databases, which are then analyzed by supervised and unsupervised ML models. Through correlation and event fusion, the algorithms can accurately pinpoint high-fidelity anomalies and subtle cues of malicious behavior, even when dealing with novel or emerging cyber threats that may lack established signatures or known malicious indicators.

Conclusion#

As the threat of cyber-attacks becomes increasingly complex, organizations must go beyond traditional security measures to protect their networks. As a result, many companies are now turning to Machine Learning (ML) and predictive analytics to strengthen their security defenses. In this regard, ML-driven Network Detection & Response (NDR) solutions, such as ExeonTrace, are designed to help organizations stay ahead of the ever-evolving threat landscape. By utilizing advanced ML algorithms that analyze network traffic and application logs, ExeonTrace offers organizations quick detection and response to even the most sophisticated cyberattacks.

Web Development Services

 Full-cycle website design and development 

Creating a website from scratch, including requirements gathering, design, implementation, quality assurance as well as maintenance and support. 

Redesign

Porting your legacy website, including all the data, to a new, modern solution (it can be another content management system) with a slick and responsive user interface. 

Web application development and integration

Enriching your website with out-of-the-box and custom social networking apps, payment solutions, advanced analytics, and other tools to increase user engagement. 

Migration to the cloud 

Moving your existing website and applications to Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, and other cloud services to improve scalability and administration and lessen costs.

Maintenance and support

Creating new features and fixing bugs; 

Enhancing scalability and performance to welcome the growing number of visitors and data;

Improving the website structure to better address user demand; 

Increasing compliance with SEO standards for advanced content marketing strategies; 

Performing security audits and updates to protect data and users.

Mobile-driven development

Adapting your website for mobile phones and tablets of all platforms and screen sizes as well as using the portal as a back-end for a mobile app.

A Scripting Language

Scripting languages are interpreted by another program at runtime (no need for compilation). Scripting languages can either be interpreted server-side or client-side (in the browser).

Server-Side

PHP is a server-side scripting language, processed by a PHP interpreter on a web server; the result (the output) is sent to the web browser as plain HTML.

Open-Source

PHP is freely available to download and use. 

Object-Oriented

Object-Oriented Programming (OOP) leverages the concept of “objects” to contain data and functions to help build more complex, reusable web applications. OOP was added to PHP5. 

Fast 

PHP uses its own memory, minimizing server workload and increasing performance. PHP can be up to 382% faster than Python and 195% faster than Ruby. 

Simple 

The PHP syntax is easily understood and learned, whether you’re building from scratch or leveraging existing frameworks or add-ons. 

Well Supported

PHP supports all leading databases (MySQL, SQLite, ODBC), is compatible with most servers (Apache, IIS, etc), is portable across all platforms (Windows, Mac OS, Linux, etc), and can be further supported by PHP frameworks (Laravel, CodeIgniter, Symfony) and many well-stocked and vetted libraries. 

Why Choose PHP?

For more than a decade, we’ve seen articles that ask, “Is PHP Dead?,” with competitors such as JavaScript hoping to take its place. Over the years, PHP has held its dominant spot as the backbone to 80% of websites, give or take a few percentage points — a sign that PHP is here to stay. And there’s a very good reason why.

While PHP is an older programming language lacking some of the features of newer programming languages, it has continued to evolve. With that evolution comes a level of maturity: PHP is well-documented, well-supported, and easy to use.

PHP developers have access to rich frameworks, databases, and libraries to support their work, with the flexibility to set up on any Linux, Windows, or Unix OS. Most web hosting providers offer PHP, and, when it comes to cost, PHP often comes out ahead in both development time as well as overall cost to run and maintain. As an efficient language, PHP is able to deliver on the high-performance times demanded by today’s consumers. 

During your product development planning, PHP often comes out ahead because it is well documented in APIs. Your PHP-based website can easily be integrated with all CMS programs and add-ons to create dynamic, interactive, feature-rich experiences. 

You should choose PHP for your website, eCommerce marketplace, or application if you want a language that is:

Flexible 

Compatible 

Scalable 

Secure

High-Performing 

Affordable

Well-Supported

Easy to Maintain

Easy to Find Developers

Contact Us: 03342981124

Email: Info@5starcybersecurity.Com