π What’s the latest in the cyber world today?
JetBrains TeamCity On-Premises, Kimsuky Exploits ScreenConnect, New ToddleShark Malware, CHAVECLOAK Trojan, Brazilians, Malicious PDFs, TA577 Hacking Group Phish, Windows NTLM Hashes, Web-based PLC Malware, American Express, Third-Party Data Breach, Ukraine, Breach of Russian Ministry of Defense Servers, Cybersecurity Incident, Canada’s Federal Anti-Money Laundering Agency, Mr. Green Gaming, Data Breach, LDLC Group, Customer Data Leak, U.S. Air National Guard Member Guilty of Major Data Leak, EU Commission, Apple, Abusive App Store Rules, Linux Foundation, Tazama, Open-Source Financial Monitoring Platform,Β CISA Unites Election Forces, Super Tuesday Security, Axonius.
Listen to the full podcast
π¨Β Cyber Alerts
1. TeamCity Security Risks Revealed
Two critical vulnerabilities, CVE-2024-27198 (CVSS 9.8) and CVE-2024-27199 (CVSS 7.3), found in JetBrains TeamCity On-Premises software can grant unauthorized access to servers. Attackers can exploit these flaws to gain administrative control, posing severe risks to affected systems. Immediate updates to version 2023.11.4 are crucial to mitigate these threats and safeguard server integrity.
2. Kimsuky Deploys ToddleShark Malware
North Korean APT group, Kimsuky, utilizes ScreenConnect vulnerabilities CVE-2024-1708 and CVE-2024-1709 to deploy the new ToddleShark malware. Known for cyber espionage, Kimsuky targets organizations globally, leveraging authentication bypass and remote code execution flaws disclosed by ConnectWise. ToddleShark, a polymorphic variant, facilitates long-term espionage with evasion tactics, including the use of legitimate Microsoft binaries and dynamic URL generation for C2 communication.
3. CHAVECLOAK Targets Brazilians with PDFs
FortiGuard Labs uncovers CHAVECLOAK, a severe banking Trojan targeting Brazilian users through SMS phishing, phishing emails, and compromised sites. Employing Portuguese language settings and DLL sideloading, it stealthily infiltrates Windows devices to steal banking credentials and financial data. CHAVECLOAK’s sophisticated tactics include deceptive pop-ups and monitoring of victim interactions with financial portals, posing a significant threat to online banking security.
4. Hackers Phish for Windows NTLM Hashes
The notorious TA577 hacking group has shifted to phishing tactics, targeting NTLM authentication hashes for account hijacks, as reported by Proofpoint. Recent campaigns, observed on February 26 and 27, 2024, have seen thousands of emails distributed globally, exploiting recipients’ NTLM hashes to potentially escalate privileges and access sensitive data within compromised networks. Proofpoint’s analysis reveals intricate methods, including thread hijacking and the use of unique ZIP archives, highlighting the evolving sophistication of TA577’s cyberattacks.
5. Web-Based PLC Malware Threat
Georgia Tech researchers unveil a sophisticated web-based PLC malware targeting modern industrial control systems (ICS), showcased in a published paper. Leveraging legitimate web APIs, this malware can disrupt industrial processes and cause machinery damage, posing significant risks to organizations. With capabilities for remote deployment and persistence through service workers, this malware represents a new breed of stealthy threats to critical infrastructure.
π₯ Cyber Incidents
American Express notifies customers of a third-party data breach, emphasizing that their systems were not compromised. However, account information, including card numbers and names, may have been accessed by hackers through a breached merchant processor. The company urges affected customers to monitor their accounts closely, enable instant notifications, and consider requesting new card numbers to mitigate potential fraud risks.
Β Ukraine’s Ministry of Defense declares a successful breach of Russia’s Ministry of Defense servers, unveiling sensitive documents in a press release attributed to GUR’s cyber-specialists. The obtained documents reportedly include software details, secret service information, and organizational structures, shedding light on the inner workings of the Russian military apparatus. While specific details of the operation remain undisclosed, screenshots provided as evidence hint at the magnitude of the alleged breach.
Canada’s federal anti-money laundering agency, FINTRAC, grapples with a cybersecurity incident, prompting the shutdown of its corporate systems as a precautionary measure to safeguard data integrity. Responsible for monitoring financial transactions across various Canadian entities, FINTRAC assures the public that the incident does not affect its intelligence or classified systems, and it is collaborating with federal partners to restore and fortify its systems’ security.
Mr. Green Gaming, a popular online games community, confirms a data breach affecting approximately 27,000 users. Threat actors compromised an inactive administrator account, gaining access to sensitive user information, including email addresses and birthdates. Despite security measures, users are advised to change passwords as a precautionary measure to mitigate risks.
LDLC Group confirms a customer data leak affecting physical store customers, with web customers unaffected. The company reassures customers that no financial or sensitive data is compromised and advises vigilance against phishing attempts. Investigations are ongoing, with experts and security partners working to reinforce protective measures and minimize potential consequences.
π’ Cyber News
Jack Teixeira, an Air National Guard member, pleaded guilty to leaking highly classified military documents, exposing national security secrets, and faces a minimum of 11 years in prison. The breach, which involved sharing sensitive information on Discord, raised serious concerns about America’s ability to safeguard classified data and prompted tightened security measures within the Pentagon. Despite remorse from Teixeira and efforts to secure a reduced sentence, the gravity of the breach underscores the critical importance of protecting national security secrets.
The European Commission imposes a hefty fine on Apple for alleged anti-competitive practices in music streaming app distribution, particularly focusing on the company’s restrictions preventing developers from promoting cheaper services outside the App Store. This decision follows complaints from Spotify and other content distributors, prompting a thorough investigation into Apple’s App Store policies. Despite Apple’s assertion that the Commission found no evidence of consumer harm, they plan to appeal the fine, emphasizing their commitment to fair competition in the digital marketplace.
The Linux Foundation has introduced Tazama, an open-source digital financial transaction monitoring platform designed to enhance financial security and enable fraud detection and AML compliance. Tazama evaluates transactions in real-time, providing clear assessments of transaction behaviors and supporting user customization. Backed by the Bill & Melinda Gates Foundation and hosted by Linux Foundation Charities, Tazama emphasizes data sovereignty, privacy, and transparency to meet global governmental requirements.
As Super Tuesday unfolds, CISA orchestrates a unified defense for nationwide elections. With a dedicated Election Operations Center, federal, state, and local entities collaborate in real-time to safeguard the democratic process. CISA’s steadfast support ensures the American people can trust in the integrity of the 2024 elections.
15. Axonius Secures $200M for Expansion
Axonius, led by an Israeli military intelligence veteran, secures $200M to expand its security offerings. CEO Dean Sysman plans to utilize funds for acquisitions to enhance asset protection, catering to diverse customer environments and safeguarding SaaS applications and installed software. Sysman underscores the value of potential acquisitions in augmenting the company’s capabilities and providing enhanced value to its clientele.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
