π What are the latest cybersecurity alerts, incidents, and news?
Lucifer Botnet’s New Variant, Apache Servers Vulnerabilities, Oil and Gas Industry, Advanced Phishing Campaign, Web3 Malware, Cryptocurrency, New Nigerian ‘Beyond the Border’ Scam, CISA, Industrial Control Systems Advisory, Delta Electronics, Malawi Immigration Service, German Consumer Advice Center Hesse, Pro-Russian Hackers, French Guadeloupe Region’s Website, Security Breach, South African Employees Pension Fund, Francis Howell Schools,Β Missouri, Google, Gemini AI Image Generation, OWASP, AI Security Checklist, FTC, Avast, Illicit Data Sales, Microsoft, Red Teaming Tool, AI Risk Identification, UK Telecom Regulatory, Online Safety Act Rollout
Listen to the full podcast
π¨Β Cyber Alerts
1. Lucifer Variant Targets Apache Servers
Β A new version of the Lucifer botnet targets Apache Hadoop and Apache Druid big data technologies, combining cryptojacking and DDoS capabilities. Researchers warn of over 3,000 unique attacks in the last month alone, signaling a concerning escalation in cyber threats against Apache servers. Enterprises are urged to review their configurations and patch vulnerabilities to mitigate the risk of potential attacks.
2. Oil and Gas Industry Hit by Phishing
Cofense Intelligence uncovers an advanced campaign in the Oil and Gas industry, deploying the sophisticated Rhadamanthys Stealer. This Malware-as-a-Service (MaaS) emerges shortly after the takedown of the LockBit ransomware group, indicating a swift adaptation in cybercriminal tactics. The campaign utilizes diverse phishing tactics, exploiting open redirects and interactive PDFs, to deliver the stealer, which boasts enhanced capabilities and customization options, posing a significant threat to sensitive information and credentials.
Since January 2024, a notable surge in attacks by a novel form of website malware targeting Web3 and cryptocurrency assets has emerged, demanding caution. This malware, employing crypto drainers, poses a significant risk to website owners and users, either by direct injection or phishing tactics. As cybercriminals increasingly target unsuspecting visitors, heightened caution is imperative to safeguard against asset theft and exploitation within the Web3 ecosystem.
Security researcher unveils a fresh iteration of Nigerian fraud dubbed ‘Beyond the Border Scam,’ exploiting a tragic narrative and online channels for illicit gains. Preying on compassion and curiosity, scammers employ a desperate plea for help from a supposed Ukrainian widow, enticing victims with promises of substantial rewards. The elaborate scheme involves soliciting financial assistance under false pretenses, underscoring the need for vigilance and skepticism in online interactions.
5. Delta Electronics ICS Advisory Released
On February 22, 2024, CISA released a critical Industrial Control Systems (ICS) advisory, ICSA-24-053-01, focusing on Delta Electronics CNCSoft-B DOPSoft. These advisories offer crucial insights into security issues, vulnerabilities, and mitigations concerning ICS, urging users and administrators to promptly review and implement recommended measures for enhanced protection.
π₯ Cyber Incidents
Malawi’s government suspends passport issuance after a cyber-attack on the immigration network, termed a “serious national security breach” by President Lazarus Chakwera. Despite hackers’ ransom demands, the government refuses to negotiate, prioritizing resolution efforts to restore normalcy for citizens seeking passports to pursue job opportunities abroad. The president mandates a three-week interim solution while plans for enhanced security measures and long-term solutions are underway to address the persistent delays and security concerns.
Β Hackers targeted the consumer advice center Hesse, rendering its email system inoperable, though consultations continue via phone and website. Authorities have been alerted, and investigations are ongoing to determine the source and extent of the breach, with data encryption complicating the situation. The center, prioritizing data protection, awaits further clarity before informing affected individuals, while exercising caution in handling hacker communications in collaboration with law enforcement and cybersecurity experts.
The French Guadeloupe Region’s website falls victim to a cyberattack orchestrated by pro-Russian hackers belonging to the group “NoName057.” This Russian-speaking collective specializes in conducting DDOS attacks, particularly targeting entities supporting Ukraine, including government websites, banks, and energy suppliers. Despite a 25-hour downtime, the website was successfully restored early Thursday morning, highlighting the ongoing cybersecurity threats faced by organizations worldwide.
The South African Government Employees Pension Fund (GEPF) faces a security breach as unauthorized access attempts prompt system shutdowns, though it assures no data compromise and unaffected pensioner payments. Despite conflicting reports, the GEPF emphasizes the shutdown as a security measure, working to restore systems while maintaining member data safety.
Francis Howell Schools in Missouri, near St. Louis, shifted to remote learning due to a cyber attack that disrupted the district’s network, rendering it without Internet access for the week. Superintendent Kenneth Roumpos confirms the attack involved malware encrypting certain systems, prompting engagement with federal law enforcement and third-party specialists for investigation. Despite the disruption, safety systems are being monitored, and the district ensures appropriate security measures are in place as students return to school without Internet access.
π’ Cyber News
Β Google announced the temporary halt of its Gemini AI image generation feature due to inaccuracies in historical depictions, addressing concerns raised by users on social media. Despite its aim to offer a wide range of images, the tool has faced criticism for generating historical figures inaccurately, prompting Google to prioritize improvements. While Google aims to cater to its diverse user base, it acknowledges the need for further tuning to ensure accurate historical representations.
Chief information security officers now have a new tool at their disposal to get started with AI securely. The Open Web Application Security Project (OWASP) released the LLM AI Cybersecurity & Governance Checklist, designed to help organizations create a strategy for implementing large language models (LLMs) and mitigate associated risks. Lead author Sandy Dunn emphasizes the importance of understanding different model types and considering business, risk management, legal, regulatory, and policy measures before deploying AI solutions.
The U.S. Federal Trade Commission (FTC) levies a $16.5 million penalty against Avast and prohibits the company from selling users’ web browsing data, alleging the firm deceived millions of consumers by collecting and selling their browsing data without consent. Avast, a UK-based company, has harvested consumers’ web browsing information through browser extensions and antivirus software since at least 2014, storing and selling it to over 100 third parties through its Jumpshot subsidiary. Avast must now obtain consent before selling or licensing any browsing data and notify affected users about the FTC’s actions.
Β Microsoft introduces PyRIT, an innovative red teaming tool aimed at enhancing the security assessment of generative AI, enabling professionals to automate tasks and pinpoint potential risks more efficiently. Unlike traditional systems, red teaming generative AI requires addressing both security and responsible AI risks due to its probabilistic nature and varied architectures, with PyRIT offering crucial support in this endeavor.
The UK’s telecom regulator, Ofcom, confronts significant hurdles in implementing the Online Safety Act to protect children online, with potential delays up to a year post-2025 enforcement deadline. The legislation mandates duty of care on online platforms to shield minors from harmful content, with Ofcom tasked to supervise thousands of service providers, risking public confidence if changes aren’t swiftly implemented. Despite amendments to ensure scanning tools meet accuracy standards, privacy concerns persist among tech firms and privacy advocates.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
