👉 What’s happening in cybersecurity today?
Apple Shortcuts Vulnerability, Sensitive Data, Doppelgänger’s Global Disinformation Campaign,CISA, NCSC-UK, SVR Cyber Threats in Cloud, 8220 Gang, Cryptomining Assault, Dormant PyPI Package, Nova Sentinel Malware, U-Haul, Cyber Attack, Copenhagen Airport, Axie Infinity, Cyber Theft, Royal Canadian Mounted Police, Australian Finance Department Google Pay, Ukraine Signs Cyber Defense Deals with Western Allies.
Listen to the full podcast
🚨 Cyber Alerts
1. Apple Shortcuts Vulnerability Patched
A critical flaw in Apple’s Shortcuts app could allow attackers to access sensitive data without user consent. Bitdefender identifies the issue as CVE-2024-23204, affecting both iOS and macOS systems. Though patched in recent updates, users are urged to install the latest iOS and macOS versions promptly.
2. Doppelgänger Influence Operation Uncovered
A joint investigation by SentinelLabs and ClearSky Cyber Security has revealed a widespread propaganda and disinformation campaign attributed to the Russia-aligned network, Doppelgänger. Originating in late November 2023, the operation initially targeted Ukrainian affairs but has since expanded its reach to influence public opinion in the US, Israel, France, Germany, and beyond. In Germany, Doppelgänger has intensified efforts to sway public sentiment, particularly ahead of upcoming elections, utilizing a network of social media accounts and sophisticated infrastructure to disseminate propaganda and evade detection.
3. Joint Advisory Warns of SVR Targets Cloud
The Cybersecurity and Infrastructure Security Agency (CISA), along with UK’s NCSC and other global partners, issued a joint advisory outlining recent tactics employed by Russian SVR cyber actors to breach cloud environments. This advisory underscores the evolving threat landscape and emphasizes the importance of proactive measures to safeguard cloud infrastructure. SVR’s adaptation to cloud-based targets signals a critical shift in cyber warfare tactics, necessitating heightened vigilance and robust security protocols among organizations worldwide.
4. 8220 Gang’s Cloud Assault Raises Alarm
The 8220 Gang, based in China, has escalated its cyber threats, focusing on cloud-based infrastructure to mine cryptocurrency. This campaign, spanning from May 2023 to February 2024, showcases a worrying shift in tactics, posing a significant risk to cloud security globally. By exploiting vulnerabilities like CVE-2021-44228 and CVE-2022-26134, the group has demonstrated sophisticated techniques, emphasizing the urgent need for enhanced security measures.
5. PyPI Package Malware Spread
On February 22, 2024, CISA released a critical Industrial Control Systems (ICS) advisory, ICSA-24-053-01, focusing on Delta Electronics CNCSoft-B DOPSoft. These advisories offer crucial insights into security issues, vulnerabilities, and mitigations concerning ICS, urging users and administrators to promptly review and implement recommended measures for enhanced protection.
💥 Cyber Incidents
U-Haul disclosed a data breach impacting customers in the U.S. and Canada. The breach involved unauthorized access to a system used by U-Haul dealers, compromising driver’s license numbers and other ID data of approximately 67,000 individuals. Measures including password changes and enhanced security protocols are being implemented to prevent future incidents, with affected customers offered free credit-monitoring services.
Amidst the early hours of Sunday, Copenhagen airport faced a severe cyberattack, disrupting operations and plunging passengers into disarray. Identified as a denial of service attack, the assault targeted the airport’s digital infrastructure, rendering its website inaccessible and leaving travelers stranded.
Cybercriminals targeted Jeff “Jihoz” Zirlin, co-founder of Axie Infinity, stealing approximately $10 million from his wallet via the Ronin Bridge. Researchers from PeckShield raised the alarm on February 23, revealing the compromise of a “whale wallet” and the transfer of stolen funds to Tornado Cash, a cryptocurrency mixer favored by hackers for laundering. Zirlin confirmed the theft, asserting that it was isolated to his personal accounts and did not affect the Ronin chain’s operations.
The Royal Canadian Mounted Police (RCMP) faces a cybersecurity attack, prompting a criminal investigation and heightened vigilance among its staff. Chief Security Officer Paul L. Brown alerts RCMP personnel to the ongoing “cyber event,” emphasizing the need for heightened awareness. Despite the evolving nature of the attack, RCMP assures the public of no immediate impact on operations or safety concerns.
In a recurring incident, the Australian finance department inadvertently shared confidential data, further highlighting the prevalence of human error in government data breaches. The breach, involving 236 suppliers, comes amidst growing concerns about data security in procurement processes, with potential legal repercussions for the government. As investigations proceed, calls for enhanced protocols and reforms underscore the urgency of addressing systemic vulnerabilities to safeguard sensitive information.
📢 Cyber News
Google is sunsetting its standalone Pay app in the United States, prompting users to transfer their balances to bank accounts by June 4. With over a billion downloads worldwide, Google Pay serves users across 180 countries, allowing for various transactions and rewards. While the app will continue with regular features until the deadline, peer-to-peer payments within the U.S. will cease afterward, directing users to the more comprehensive Google Wallet app for future transactions.
Ukraine secures agreements with Western nations, fortifying its cyber defense against Russian threats. These pacts, centered on cybersecurity, promise assistance in countering disinformation and bolstering infrastructure resilience. The partnerships reflect a united front against Russian aggression, with a focus on defending Ukraine’s digital sovereignty.
LockBit ransomware operators have swiftly relocated their data leak portal to a fresh .onion address on the TOR network, showcasing a roster of 12 additional victims. In a revealing statement, the administrator attributed server breaches to a PHP vulnerability, hinting at potential FBI involvement and implicating a stash of significant documents, including those related to Donald Trump’s legal affairs. Additionally, the group pledged heightened security measures to thwart future attacks and discredited law enforcement actions aimed at undermining their operations..
Lt. Gen. Michelle McGuinness, formerly of the US Defense Intelligence Agency, steps into the role of Australia’s National Cyber Security Coordinator, succeeding her predecessor. With extensive experience in defense and intelligence, including pandemic response, she aims to lead Australia’s cybersecurity efforts effectively, safeguarding against major threats and managing incidents. Minister Clare O’Neil highlighted Lt. Gen. McGuinness’s prestigious career and emphasized her pivotal role in securing Australia against cyber threats, aiming to elevate the country’s cyber resilience by 2030.
Microsoft’s Windows Photos app introduces a new ‘Generative erase’ feature, leveraging AI to seamlessly remove unwanted objects from photos, offering enhanced realism compared to previous tools. This update empowers users to effortlessly retouch images by eliminating distractions with precision and ease. Available for Windows Insiders, this enhancement underscores Microsoft’s commitment to advancing AI-powered editing capabilities across its platforms.
Copyright © 2024 CyberMaterial. All Rights Reserved.
