π What’s going on in the cyber world today?
Darcula Phishing, Android and iPhone, Apple, Edge Browser, Microsoft, Malicious Extensions, Mispadu,Β Banking Trojan, Europe, Agenda Ransomware, VMware, NVIDIA ChatRTX, Windows, Indian Government Energy Sector, Cyber Espionage, NHS,Β Dumfries, Galloway, Scotland, vBulletin, VNDirect, Vietnam, Lindoβs Supermarket, Bermuda, CISA, Cyber Incidents, UnitedHealth, Spyware Vendors, Google, Mandiant, UK Police, Scams, Canada, QuadrigaCX, Cryptocurrencies
Listen to the full podcast
π¨Β Cyber Alerts
Darcula, a PhaaS, uses 20,000 domains for phishing across 100+ countries, posing a threat to Android and iPhone users. It utilizes modern tech and RCS/iMessage for phishing, making detection challenging. Users must remain vigilant against suspicious messages, employing caution and recognizing red flags to thwart phishing attempts.
2.Edge Extension Installation Flaw
A security flaw in Microsoft Edge could have allowed attackers to install extensions without user consent, posing significant risks to system security. Guardio Labs researcher Oleg Zaytsev identified the vulnerability, tracked as CVE-2024-21388, which Microsoft patched in a recent update. Exploiting the flaw required the attacker to run JavaScript on specific Microsoft-owned websites, highlighting the importance of maintaining a balance between user convenience and security in browser customization.
Mispadu, a banking trojan initially focused on Latin America, has now extended its reach to Europe, employing phishing emails and malicious URLs to steal credentials, posing a significant threat to users. Despite its expansion, Mexico remains its primary target, witnessing thousands of stolen credentials since April 2023.
Agenda ransomware, known for targeting critical sectors globally, has expanded its scope to include VMware vCenter and ESXi servers. Trend Micro reports a surge in attacks since December 2023, indicating the group’s growing sophistication and reach. Employing advanced techniques like BYOVD and leveraging RMM tools, Agenda poses a significant threat, necessitating robust cybersecurity measures to mitigate risks and protect against data breaches.
NVIDIA issued critical patches for vulnerabilities in its ChatRTX for Windows, warning of potential code execution and data tampering risks. These flaws, rated ‘high-risk,’ could be exploited via cross-site-scripting attacks, affecting versions 0.2 and earlier. The vulnerabilities, CVEβ2024β0082 and CVE-2024-0083, pose significant threats, potentially leading to local privilege escalation, denial of service, and information disclosure.
π₯ Cyber Incidents
Indian government agencies and the energy industry face a new cyber-espionage threat, as researchers discover a modified version of the HackBrowserData stealer. Dubbed “Operation FlightNight,” the campaign exfiltrated 8.81 GB of sensitive data, posing significant risks to India’s infrastructure. The attackers targeted victims through phishing PDFs disguised as Indian Air Force letters, demonstrating a sophisticated approach to infiltrate and gather critical information.
NHS Dumfries and Galloway confirms a patient data breach online, post-ransomware attack, with clinical documents compromised. The ransomware group Inc Ransom threatens to release 3TB of sensitive NHS Scotland data unless demands are met, escalating concerns over data security.
vBulletin, a popular forum software, faces a significant breach affecting versions 4.2.2 and 4.2.3, with the vulnerable Forumrunner add-on enabling SQL Injection attacks.This exploit could compromise user data, prompting swift action from the vBulletin team, who released security patches and advised immediate installation to safeguard forums.
Vietnam’s VNDirect, the third-largest securities broker, struggles to recover after a weekend cyberattack, with services gradually restored but access issues persisting. Despite efforts to restore functionality in stages, including customer accounts and financial products, challenges remain, with the company urging patience via social media. The attack has prompted temporary trading disruptions on stock exchanges, impacting investor confidence and transaction volumes, highlighting the broader implications of cybersecurity threats in financial markets.
10.Bermudaβs Supermarket Faces Cyber Incident
Lindoβs, a Bermuda supermarket chain, is currently managing an unspecified cybersecurity problem affecting its operations. While details are scarce, staff are working to minimize disruptions to customers, seeking community support during this time.
π’ Cyber News
11.CISA Seeks Input on Cybersecurity Act
The US Cybersecurity and Infrastructure Security Agency (CISA) invites public feedback on the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), expecting to impact over 316,000 entities. CIRCIA, signed into law by President Biden in March 2022, aims to bolster cybersecurity by facilitating incident reporting and information sharing across critical infrastructure sectors. With a proposed rulemaking open for comments, CISA emphasizes the importance of collaboration to enhance cyber risk reduction efforts and better protect national security.
In response to the Change Healthcare breach, UnitedHealth disburses $3.3B to support struggling providers, easing financial strain. The cyberattack disrupted healthcare operations, prompting widespread financial repercussions and calls for transparency from lawmakers and oversight committees. The Department of State’s reward for Blackcat information underscores the gravity of the incident, amplifying urgency for comprehensive cybersecurity measures.
Google’s Threat Analysis Group (TAG) and Mandiant have identified a significant uptick in zero-day vulnerabilities exploited in attacks throughout 2023, with 97 vulnerabilities exploited, marking a 50% increase from the previous year. These vulnerabilities, often associated with spyware vendors and their clients, targeted a range of end-user and enterprise-focused technologies, posing substantial risks to cybersecurity.
UK police, in their third Operation Henhouse, arrested hundreds of suspects and confiscated Β£19m ($15m) in fraud crackdown. Coordinated by the National Economic Crime Centre and City of London Police, the operation yielded 438 arrests, freezing orders of Β£5.1m, and seized assets including luxury vehicles and a Rolex watch. The initiative highlights collaborative efforts to combat rampant fraud, a significant challenge facing the UK.
Canadian authorities have taken action to seize assets allegedly tied to QuadrigaCX co-founder Michael Patryn, including cash, gold bars, and luxury items found in a safe deposit box. Through an unexplained wealth order, officials aim to compel Patryn to explain the origins of his assets, which are believed to be linked to criminal activities associated with QuadrigaCX. The move underscores the ongoing legal battle surrounding the defunct cryptocurrency exchange and its co-founders’ alleged involvement in financial misconduct.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.