Tennessee State, Southeastern Louisiana Universities Hit with Cyberattacks

Two universities in Tennessee and Louisiana are struggling with cyberattacks that have crippled campus services and left students scrambling to find alternative tools. Tennessee State University — a public historically black land-grant university in Nashville — notified its more than 8,000 students on Wednesday that its IT systems were brought down by a ransomware attack. The attack on Tennessee State was preceded by another cyberattack on Monday affecting Southeastern Louisiana University, which initially reported network issues five days ago.

https://therecord.media/tennessee-state-southeastern-louisiana-universities-hit-with-cyberattacks/

New Cryptojacking Campaign Leverages Misconfigured Redis Database Servers

Misconfigured Redis database servers are the target of a novel cryptojacking campaign that leverages a legitimate and open source command-line file transfer service to implement its attack. "It's possible that it's an attempt at evading detections based on other common code hosting domains (such as pastebin[.]com)." It's worth noting that similar attack mechanisms have been employed by other threat actors like TeamTNT and WatchDog in their cryptojacking operations. The payload is a script that paves the way for an XMRig cryptocurrency miner, but not before taking preparatory steps to free up memory, terminate competing miners, and install a network scanner utility called pnscan to find vulnerable Redis servers and propagate the infection. The development makes it the latest threat to strike Redis servers after Redigo and HeadCrab in recent months.

https://thehackernews.com/2023/03/new-cryptojacking-campaign-leverages.html

White House Releases New U.S. National Cybersecurity Strategy

The Biden-Harris administration today released its national cybersecurity strategy that focuses on shifting the burden of defending the country's cyberspace towards software vendors and service providers. "Disruption campaigns must become so sustained and targeted that criminal cyber activity is rendered unprofitable and foreign government actors engaging in malicious cyber activity no longer see it as an effective means of achieving their goals," the administration said. Regarding the biggest threats to national cybersecurity, the administration says that China and Russia are the most active and aggressive states behind malicious activity targeting U.S. critical infrastructure and assets. The ones that will coordinate the efforts to implement this new cybersecurity strategy are the Office of National Cyber Director (ONCD) in coordination with the Office of Management and Budget (OMB), under the oversight of the National Security Council (NSC). They will also provide federal agencies with yearly guidance on cybersecurity budget priorities to ensure its goals are achieved.

https://www.bleepingcomputer.com/news/security/white-house-releases-new-us-national-cybersecurity- strategy/

Experts Warn of "SMS Pumping" Fraud Epidemic

Industry experts have warned of a growing risk to corporate profits from so- called SMS pumping scams, which abuse one-time password (OTP) generation to make money for cyber-criminals. “Small businesses and startups are particularly vulnerable to SMS pumping fraud. Also known as “artificially generated traffic” (AGT) or “SMS OTP fraud,” the scams account for as much as 6% of all SMS traffic and 10% of revenue, according to Lanck Telecom. Set rate limits on the number of SMS that can be sent to any range of mobile numbers, and detect and discourage bots. Also, identify and monitor spikes in SMS OTP traffic levels.”

Microsoft Releases Windows Security Updates for Intel CPU Flaws

Microsoft has released out-of-band security updates for 'Memory Mapped I/O Stale Data (MMIO)' information disclosure vulnerabilities in Intel CPUs. "An attacker who successfully exploited these vulnerabilities might be able to read privileged data across trust boundaries," explained Microsoft. However, according to Microsoft's advisory, no security updates were released except mitigations applied for Windows Server 2019 and Windows Server 2022. Microsoft has released a somewhat confusing set of security updates for Windows 10, Windows 11, and Windows Server that address these vulnerabilities. These updates are being released as manual updates in the Microsoft Update Catalog:KB5019180 - Windows 10, version 20H2, 21H2, and 22H2KB5019177 - Windows 11, version 21H2KB5019178 - Windows 11, version 22H2KB5019182 - Windows Server 2016KB5019181 - Windows Server 2019KB5019106 - Windows Server 2022. These are likely being released as optional, manual updates as the mitigations for these vulnerabilities can cause performance issues, and the flaws may not be fully resolved without disabling Intel Hyper-Threading Technology (Intel HT Technology) in some scenarios.

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-security-updates-for-intel-cpu- flaws/

Multi-Year Spearphishing Campaign Targets the Maritime Industry Likely for Financial Gain

EclecticIQ Intelligence and Research Team published a report (1) on phishing lures impersonating the maritime industry. The campaign uses consistent maritime-related social engineering lures in spearphishing emails almost certainly targeting the maritime industry. EclecticIO analysts assess it is almost certain the tracked cluster targeted the maritime industry. It is likely that the maritime industry will continue to be targeted with more convincing spearphishing emails in the long -term.

https://securityboulevard.com/2023/03/multi-year-spearphishing-campaign-targets-the-maritime-industry-likely- for-financial-gain/

APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia

The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow expansion of the hacking group's victimology footprint. Targeted entities include health, financial, law enforcement, immigration, and an agency in charge of peace negotiation in Colombia, the Canadian cybersecurity company said.

https://thehackernews.com/2023/02/apt-c-36-strikes-again-blind-eagle.html

U.S. Cybersecurity Agency Raises Alarm Over Royal Ransomware's Deadly Capabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory about Royal ransomware, which emerged in the threat landscape last year. "After gaining access to victims' networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems," CISA said. "Royal ransomware uses a unique partial encryption approach that allows the threat actor to choose a specific percentage of data in a file to encrypt," CISA noted. The cybersecurity agency said multiple command-and-control (C2) servers associated with Qakbot have been utilized in Royal ransomware intrusions, although it's currently undetermined if the malware exclusively relies on Qakbot infrastructure. As of February 2023, Royal ransomware is capable of targeting both Windows and Linux environments.