π What’s trending in cybersecurity today?
Linux Distributions, Shim Bootloader Flaw, Fortinet, FortiSIEM RCE Bugs, Kimsuky, Golang Stealer ‘Troll’, Cisco,Β Expressway Security Patch, VMware, Aria Operations for Networks, Ransomware, Funerals, Austria, University of Central Missouri, IT Systems Offline, Turk Hack Team, CrΓ©dit Agricole Group, Times of Malta, DDoS, HPE, IntelBroker, Biden Administration, Elizabeth Kelly, AI Safety Institute, Google, Pilot Blocking Risky APKs, Ransomware Payments,Β EU, Cyber Violence, Deepfake Spread, South Korea, Anti-Phishing Efforts, Police Division
Listen to the full podcast
π¨Β Cyber Alerts
1. Crucial Security Update for Shim 15.8Β
Shim version 15.8 has been released to tackle six security flaws, including a critical bug enabling remote code execution. Detected as CVE-2023-40547, the vulnerability permits a Secure Boot bypass, prompting advisories from major Linux distributions like Debian, Red Hat, SUSE, and Ubuntu.
2. Critical Flaw Bypass Alert for FortiSIEM
Fortinet issues a warning regarding two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, their SIEM solution. Despite earlier confusion about the nature of the vulnerabilities, they are revealed to be patch bypasses for the original flaw, emphasizing the urgency of upgrading to the fixed versions provided by Fortinet.
3. Kimsuky’s Troll Stealer Data Theft Campaign
Suspected North Korea-linked group Kimsuky employs a new Golang-based information stealer dubbed Troll Stealer, as revealed by South Korean cybersecurity company S2W. Known for its penchant for stealing sensitive data, Kimsuky’s latest tactics involve spear-phishing attacks and the use of backdoors like AppleSeed and AlphaSeed. Troll Stealer’s standout feature includes pilfering GPKI folders, potentially targeting administrative and public organizations, suggesting evolving tactics or collaboration with other threat actors.
4. Cisco’s Expressway Security Patch
Cisco addresses critical CSRF vulnerabilities in its Expressway Series collaboration gateways, enabling attackers to exploit unpatched devices remotely. These flaws allow for unauthorized actions like executing code and modifying system configurations, posing significant security risks to affected users. While Cisco has issued fixes for the vulnerabilities, devices running earlier than version 14.0 are advised to migrate to a fixed release to mitigate potential exploitation.
5. VMware Alerts of Aria Operations Flaws
VMware alerts users to five moderate-to-important severity vulnerabilities in Aria Operations for Networks, including local privilege escalation and cross-site scripting issues. To mitigate these risks, users are urged to upgrade to version 6.12.0 of VMware Aria Operations for Networks.
π₯ Cyber Incidents
The municipality of Korneuburg, Austria, faces disruptions as a ransomware attack forces funerals to be canceled and staff communication limited to telephone contact. With all data, including backups, affected, officials work to resolve the issue while rejecting extortion demands, leaving vital services paralyzed. Despite recent security certifications, the attack underscores the evolving threat landscape and the challenges faced by local governments in defending against cyber threats.
Β The Turk Hack Team launched a cyber onslaught on France’s CrΓ©dit Agricole Group, exposing vulnerabilities in the world’s largest cooperative financial institution. The hacking group disrupted critical infrastructure, rendering online and offline transactions inaccessible for customers and prompting severe complaints about poor service and delays. This incident underscores the pressing need for enhanced cybersecurity measures in the financial sector to counteract persistent and evolving threats from cybercriminals.
The University of Central Missouri is grappling with a cyberattack that has forced its information technology systems offline, disrupting operations for students and staff alike. Officials are diligently working to contain the breach and restore services, but caution that the outage may persist for up to 48 hours, urging individuals to continue their activities as best as possible. Despite the ongoing disruption, emergency communication channels remain operational, ensuring that the campus community can reach out for assistance if needed.
The Times of Malta experienced a disruptive Distributed Denial of Service (DDoS) cyberattack on Tuesday, inundating its servers with millions of requests and causing a 45-minute outage. The attack, unprecedented for Malta’s largest website, prompted additional protective measures, including continuous monitoring of website traffic and the introduction of tools like Cloudflare. Although no data breach is suspected, the organization has reported the incident to the police, highlighting the ongoing challenge of cybersecurity and the need for robust defenses against sophisticated cyber threats.
Hewlett Packard Enterprise (HPE) is investigating a potential data breach after a threat actor, known as IntelBroker, claimed to have stolen data and offered it for sale on a hacking forum. This comes after HPE revealed a prior intrusion by the Russia-linked cyberespionage group Midnight Blizzard, affecting their Microsoft Office 365 environment since May 2023. The ongoing investigation is examining the overlap between the recent claim of stolen data and the previously disclosed cyberattack by Midnight Blizzard, underscoring the persistent challenges of cybersecurity faced by major technology companies.
π’ Cyber News
Β The Biden administration has appointed Elizabeth Kelly, a top White House aide, to helm the newly established AI Safety Institute at the National Institute for Standards and Technology (NIST). Previously serving as an economic policy adviser to President Joe Biden, Kelly played a pivotal role in crafting the executive order that laid the groundwork for the institute’s formation, underscoring her expertise in the intersection of technology and policy. The AI Safety Institute, housed within the Commerce Department, aims to set rigorous safety standards for AI development, with Kelly’s leadership poised to guide the institute’s mission of ensuring the responsible advancement of artificial intelligence technologies.
Google launches a pilot program targeting financial fraud by restricting risky app installations outside of Google Play. With APK sideloading posing a significant threat due to lack of vetting, the move aims to protect users from malware and scams. The initiative follows alarming statistics of over $1 trillion in global scam losses, prompting Google to enhance protections and block apps requesting sensitive permissions like SMS access and device control.
Β In 2023, ransomware payments surged to over $1.1 billion, marking a significant increase and reversing the decline seen in 2022. This record-breaking figure, attributed to intensified attacks on major institutions and critical infrastructure, underscores the profitability of ransomware operations despite law enforcement efforts and geopolitical factors.
Β The EU is taking significant steps to combat the spread of AI-generated pornography, announcing plans to criminalize various forms of cyber violence, including the non-consensual sharing of deepfakes. A political agreement has been reached to criminalize cyber stalking, harassment, and misogynous hate speech, addressing the rising issue of digital violence against women. This directive aims to provide better protection for victims and ensure that offenders of cyber violence are held accountable, marking a pivotal shift in online safety measures within the EU.
South Korean authorities announce plans to establish a dedicated division targeting phishing crimes amid a surge in sophisticated attacks. Last year, the police apprehended over 22,000 phishing offenders, with financial losses totaling billions of won. The new division, with an increased budget, aims to enhance investigations and implement proactive measures, including a warning system for potential phishing attempts.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
