π What are the latest cybersecurity alerts, incidents, and news?
Cisco, VPN, Vulnerability, Mysk, X (former Twitter), Chinese State Hackers, Tibetans, Cyber Campaign, AnyCubic, 3D Printer, Zero Day, Firmware, QEMU Emulator, Threat Actors, Breach, Company Network, Cyber Incidents, Government Websites,Β State of the Union, Cyber Attack, North Macedonian Energy Supplier, Yakima Valley Radiology, Data Breach, HIPAA Journal, Bethany Church, Email Breach, Personal Records, U.S. Department of Veterans Affairs, Health News Florida, Cyber News, FBI, U.S. $12.5B Loss, Online Crime, CISA, Open Source Software, South Korea Police, Deepfake Detection Tool, US Lawmakers, Chinese Biotech, Data Concerns, Federal Reserve, CBDC, Surveillance Plans, U.S Senate Committee on Banking, Housing, and Urban Affairs.
Listen to the full podcast
π¨Β Cyber Alerts
Cisco releases patches for a high-severity flaw in Secure Client software, enabling an attacker to open a VPN session with a targeted user. Exploiting insufficient validation of user input, attackers could execute arbitrary script code, accessing sensitive information. Ensure protection by updating to the fixed versions promptly.
Researchers demonstrate a Man-in-the-Middle phishing attack targeting Tesla, exploiting version 4.30.6 of the Tesla app and software version 11.1 2024.2.7. Using a Flipper Zero, they simulate a Tesla Guest WiFi network to intercept credentials, ultimately gaining control over vehicles. Despite warnings to Tesla, the issue remains unresolved, highlighting potential vulnerabilities in Tesla’s security protocols.
ESET uncovered a series of cyber assaults by the China-linked threat actor Evasive Panda, targeting Tibetan users since September 2023. The attacks utilize watering hole and supply chain tactics, deploying malicious downloaders for Windows and macOS to deliver backdoors like MgBot and Nightdoor. Evasive Panda’s strategic web compromises include sites like Kagyu International Monlam Trust, exploiting events like the Kagyu Monlam Festival to target Tibetan communities globally.
AnyCubic addresses a zero-day vulnerability exploited to print warnings on Kobra 3D printers worldwide. The flaw, abused via insecure MQTT permissions, allowed attackers to issue print commands remotely. Despite releasing a fix and implementing security measures, questions remain about the company’s response to prior warnings.
Threat actors exploit the QEMU hardware emulator in a cyber attack on a major corporation, marking a concerning trend. Kaspersky researchers unveil the novel approach, utilizing QEMU’s network device creation to establish virtual connections between machines, enabling stealthy communication with remote servers.
π₯ Cyber Incidents
Multiple US government websites, including FEMA and DHS, experienced technical difficulties during President Biden’s State of the Union address. While officials cited no malicious intent, users speculated on social media about potential shady activities amidst the distraction. The incident adds to a series of recent outages, including LinkedIn and Facebook, raising concerns about the nation’s digital infrastructure stability.
Β The Electricity Transmission System Operator of North Macedonia, MEPSO, confirms its response to a cyberattack but reassures the public that critical energy infrastructure remains secure. Despite recent incidents, MEPSO is collaborating with cybersecurity experts to mitigate effects and ensure normal operations.
Yakima Valley Radiology faces a data breach affecting 235,000 people in Washington. Unauthorized access to patient data was detected, including names and Social Security numbers, leading to notifications and credit monitoring services for affected individuals.
In a security breach, cybercriminals accessed a New Hampshire’s Bethany Congregational Church employee’s email account from October to December 2023, compromising personal data of 134 email contacts. The exposed information includes names along with sensitive financial details such as bank account or credit/debit card numbers, and associated passwords or PIN numbers. Affected individuals were notified of the breach on March 5, 2024, to take necessary precautions against potential identity theft or fraud.
The Department of Veterans Affairs has informed over 9,000 veterans and their families about a data breach affecting most of Florida. Veterans receiving care in VISN 8 medical centers are urged to call the toll-free number provided for assistance and inquiries regarding the breach.
π’ Cyber News
Β The FBI’s Internet Crime Complaint Center (IC3) releases its 2023 report, indicating a $12.5 billion loss, a 22% increase from 2022. Predominantly affecting older adults, scams like BEC, investment fraud, and ransomware surged, with cryptocurrency platforms increasingly utilized by fraudsters. Despite recovery efforts, these figures likely represent only a fraction of the actual losses incurred by cybercrime annually in the U.S.
The Cybersecurity and Infrastructure Security Agency (CISA) spearheaded a two-day Open Source Software (OSS) Security Summit, aiming to fortify the open source ecosystem. CISA Director Jen Easterly highlighted the urgency, citing the Log4Shell vulnerability. The summit facilitated collaboration among OSS leaders and announced strategic actions to enhance security measures.
South Korea’s National Police Agency is deploying a cutting-edge deepfake detection tool to combat the surge in AI-generated misinformation ahead of the country’s legislative elections. Trained on over 5.2 million pieces of Korean-specific data, the software boasts an 80% detection accuracy within minutes, aiming to swiftly identify manipulated video content. With the elections approaching, authorities hope this tool will help curb the spread of deceptive media and ensure electoral integrity.
Β US lawmakers are pushing for restrictions on Chinese biotech firms due to fears of data misuse, especially with sensitive health information of Americans. The House Select Committee on the CCP and Senate Homeland Security Committee have advanced bills to prevent federal funds from supporting Chinese biotechs deemed security risks. Despite concerns about market instability and supply chain disruptions, the legislation aims to safeguard genetic data from potential misuse by adversarial governments like China.
Federal Reserve Chair Jerome Powell dismisses notions of a surveillance-oriented central bank digital currency (CBDC), asserting the Fed’s disinterest in such endeavors. Despite global CBDC developments, Powell emphasizes the Fed’s commitment to maintaining privacy and avoiding individual accounts directly managed by the central bank. Any potential CBDC launch remains a distant consideration, subject to congressional approval and unlikely to resemble China’s digital yuan model.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.