Feed de Noticias de Ciberseguridad [13/01/2023]

Este reporte corresponde a una selección de las últimas noticias, alertas de seguridad, vulnerabilidades, ataques y casos de estudio observados durante las últimas horas. Esta información ha sido recopilada para entregar un panorama general de las amenazas más importantes del momento. El objetivo principal es dar visibilidad rápida sobre los cambios en la tendencia y la evolución del cibercrimen para generar conciencia y estrategias de protección en base a estos riesgos emergentes.

Noticias y Casos de Estudio

• Cloudflare Expands Relationship With Microsoft (darkreading.com)
• $20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims (darkreading.com)
• Crypto Fraud Victims Receive Over $17 Million in Restitution from BitConnect Scheme | OPA | Department of Justice
• Meta sues ‘surveillance service’ for creating fake accounts and scraping user data – The Record from Recorded Future News
• SailPoint Acquires SecZetta to Provide Identity Security for Non-Employee Identities (darkreading.com)
• Buggy Microsoft Defender ASR rule deletes Windows app shortcuts (bleepingcomputer.com)
• Europol takes down call centers that scammed Germans out of €2 million – The Record from Recorded Future News
• Cloudflare Wins CISA Contract for Registry and Authoritative Domain Name System (DNS) Services (darkreading.com)

Ciberataques e Incidentes

• Vice Society ransomware claims attack on Australian firefighting service (bleepingcomputer.com)
• Millions of Aflac, Zurich insurance customers in Japan have data leaked after breach – The Record from Recorded Future News
• Cyber attack against Royal Mail linked to Russia (cshub.com)
• Canada’s Okanagan College warns of potential privacy breach after cyber attack (databreaches.net)
• Pro-Russia group NoName057(16) targets Ukraine and NATO countriesSecurity Affairs
• NortonLifeLock warns that hackers breached Password Manager accounts (bleepingcomputer.com)
• Fortinet Confirma Que Un Actor De Amenazas Estaba Explotando Una Vulnerabilidad ZERO-DAY De FortiOS SSL-VPN Contra Redes Gubernamentales | CronUp Ciberseguridad

Vulnerabilidades

• Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw (bleepingcomputer.com)
• Hackers exploit Control Web Panel flaw to open reverse shells (bleepingcomputer.com)
• Cisco warns of two vulnerabilities affecting end-of-life routers – The Record from Recorded Future News
• SymStealer Vulnerability Let Attacker Steal Login Credentials (gbhackers.com)

Malware

• Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar (thehackernews.com)
• EyeSpy – Iranian Spyware Delivered in VPN Installers – Bitdefender Antivirus Software

Ransomware (nuevas víctimas publicadas)

Camilo Mix

Ingeniero en Ciberseguridad por la Universidad Tecnológica de Chile, Speaker, Analista de Ciberinteligencia, Investigador y Redactor para CronUp Ciberseguridad.