π What’s the latest in the cyber world today?
Octopus Server Flaw, Privilege Escalation, Skyler Ferrante, Openwall, TA558, Phishing, Venom RAT, Werewolf Hackers, WinRAR, RingSpy, Bi.Zone, Linux Kernel Vulnerability, Cyber Advising, OWASP Foundation, Florida Memorial University, INC Ransom, Tallahassee City Hall, Ace Hardware, Data Breach, Carolina Foods, Ransomware Attack, Kaci Jones, US Federal Trade Commission, Impersonation Scams, US Department of Defense, Indian Government, Cyber Crime, Cambodia, Google, Incognito Privacy Settlement, Court Listener, Aston University, Record Internet Speed.
Listen to the full podcast
π¨Β Cyber Alerts
Octopus Server, a renowned automation tool for deployment and operations, has disclosed a critical security flaw, tracked as CVE-2024-2975, allowing privilege escalation due to a race condition. The vulnerability, discovered on February 20, 2024, has prompted Octopus Deploy to release patches for affected versions spanning several years, urging immediate upgrades to mitigate risks. Users are advised to heed the upgrade recommendations to ensure robust protection against potential exploitation.
Security researchers have unveiled a critical vulnerability dubbed βWallEscapeβ in the util-linux core utilities package for Linux systems, allowing attackers to leak user passwords and manipulate the clipboard. Tracked as CVE-2024-28085, the flaw resides in the βwallβ command, failing to filter escape sequences, enabling attackers to embed crafted messages to execute malicious actions under specific conditions, as highlighted by researcher Skyler Ferrante. Ferrante demonstrated that the flaw can be exploited to leak passwords on Ubuntu 22.04 and alter clipboard content on systems allowing wall messages, urging immediate patching to mitigate potential risks.
TA558 unleashes a widespread phishing campaign targeting multiple sectors in Latin America, aiming to distribute Venom RAT. The campaign singles out sectors like travel, finance, and government across various countries. With a history dating back to at least 2018, TA558 has consistently targeted entities in Latin America with various malware, now leveraging phishing emails to unleash Venom RAT, a potent remote access tool capable of data theft and system takeover.
Mysterious Werewolf, active since 2023, has shifted focus to the military-industrial complex, employing phishing emails with weaponized archives exploiting a WinRAR vulnerability (CVE-2023-38831). The malicious archive deploys the RingSpy backdoor via a CMD file disguised within a seemingly legitimate PDF document, effectively infiltrating compromised systems. Utilizing a Telegram bot as a command and control server, the attacker maintains control, executing remote commands and evading detection by leveraging legitimate services for malicious activities.
Security researchers unveil a critical flaw in Linux kernel’s io_uring, tracked as CVE-2024-0582, allowing attackers full root access. Despite being addressed in December 2023, delays in patching Ubuntu distributions render them particularly vulnerable. The exploit, stemming from a use-after-free condition, enables data-only strategies for escalating privileges, bypassing common exploit mitigations like Control-Flow Integrity.
π₯ Cyber Incidents
The OWASP Foundation disclosed a data breach revealing members’ resumes online due to a misconfiguration of its old Wiki web server. Tens of thousands of members, spanning from 2006 to 2014, had their personal information, including names and contact details, exposed. Despite taking corrective measures, OWASP urges affected individuals to remain vigilant against potential risks associated with the breach.
Florida Memorial University (FMU) reportedly suffers a cybersecurity breach by the ransomware group INC Ransom, raising concerns about data compromised. INC Ransom’s ‘proof pack’ on their website showcases sensitive documents purportedly sourced from FMU’s databases, highlighting the severity of the incident. Despite FMU’s reputation as a National Center of Academic Excellence in Cyber Defense, the attack underscores the pervasive risks of ransomware targeting educational institutions.
The Tallahassee Police Department in Florida, alongside the U.S. Secret Service, launches an inquiry into a cybercrime, resulting in the theft of over $1 million from City Hall. Florida city officials express determination to recover funds, collaborating closely with law enforcement for swift justice and resolution in the case. As investigations unfold, efforts intensify to mitigate financial losses and apprehend perpetrators behind the fraudulent activity.
Ace Hardware, the home improvement giant, discloses a data breach compromising clients’ private information, including names and Social Security numbers, following a cyberattack discovered on October 29th, 2023. Despite the breach, Ace assures customers that local systems at their stores remain unaffected and has implemented additional security measures to safeguard data. Affected individuals are offered free credit monitoring and identity theft protection for 12 months, as authorities estimate 7295 people impacted by the hack.
Charlotte-based Carolina Foods, known for creating one of Americaβs first honey buns, falls victim to a ransomware attack, joining the list of companies hit by cyber extortion. Ransomware attacks, increasingly common, involve hackers infiltrating systems, encrypting data, and demanding payment for its release, posing significant threats to businesses’ operations and data security.
π’ Cyber News
The Federal Trade Commission (FTC)unveils new rules targeting scammers, empowering the agency to pursue civil penalties and restitution in federal courts. With enhanced capabilities, the FTC aims to combat forged government seals, spoofed email addresses, and false affiliations used in impersonation scams, bolstering consumer protection measures. These regulations mark a proactive step towards curbing the rising trend of impersonation scams plaguing individuals and businesses nationwide.
The federal government, led by agencies including the General Services Administration, NASA, and the Department of Defense, is implementing a new rule to consolidate information security and supply chain security policies under FAR part 40, aimed at enhancing cyber defenses across federal systems. This initiative, driven by the Biden administration’s cybersecurity executive order, seeks to streamline procurement processes and bolster national security against emerging cyber threats and supply chain risks posed by foreign adversaries.
The Indian government has successfully repatriated 250 citizens from Cambodia, rescuing them from coerced involvement in cyber scams. These individuals were promised employment opportunities but were instead forced into illegal cyber activities, prompting joint efforts with Cambodian authorities to combat fraudulent schemes and ensure justice prevails against those responsible. The rescue comes amid reports of organized crime rackets exploiting thousands of Indians in Cambodia, underscoring the urgent need for international collaboration to address human trafficking-fueled cyber fraud.
Google has reached a settlement agreement to erase billions of browsing records to resolve a class action lawsuit alleging tracking without user consent in Chrome’s private mode. Pending court approval, the deal mandates the deletion of identifiable private browsing data and the blocking of third-party cookies in Incognito Mode for five years.
Researchers at Aston University, in collaboration with international partners, have achieved a groundbreaking data transfer speed of 301 terabits per second on an existing fiber network, opening new possibilities for future data demands. By leveraging new wavelength bands and innovative optical amplifiers, they managed to pack this impressive bandwidth into a single standard fiber optic cable, revolutionizing communication networks for faster and more reliable data transmission.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
