π What are the latest cybersecurity alerts, incidents, and news?
WP-Automatic Plugin Flaw, WPScan, FBI Warns, Unlicensed Crypto Transfers, PlugX Malware, Sinkholing, Sekoia, Google Tackles, Chrome ANGLE, Google, Black Hat SEO, Boost, Malicious Sites, Zscaler, Reddit, Global Access Outage, Kaiser Permanente, Data Leak, Los Angeles County Department of Health Services, Patient Data Breach, Kansas City Scout System, Cyber Attack, Missouri Department of Transportation, Ransomware Warning Program, US Cybersecurity Infrastructure Security Agency, German Lawmakers, Russian Hack, Tagesspiegel Background, Digital Rights Groups, Togo, Internet, Elections, Access Now, ThreatLocker, Series D, FinSMEs, Microsoft Releases, MS-DOS 4.0, Source Code.
Listen to the full podcast
π¨Β Cyber Alerts
A critical SQL injection vulnerability in the WP-Automatic plugin, identified as CVE-2024-27956, is actively being exploited, posing a severe threat to WordPress sites by allowing attackers to take full control. The flaw, which affects all versions prior to 3.9.2.0, lets attackers manipulate the database to create admin accounts and upload malicious files, facilitating site takeovers. Observations indicate that attackers are also employing tactics like renaming critical plugin files to dodge detection and secure their foothold, complicating mitigation efforts for site owners and security professionals.
The FBI has issued a warning regarding the use of unlicensed cryptocurrency transfer services, highlighting the financial dangers associated with platforms not registered as Money Services Businesses (MSB). These unregistered services often fail to meet anti-money laundering standards, making them prime targets for law enforcement actions, which can result in users losing access to their funds. The warning comes in the wake of the takedown of Samourai, a crypto transfer service implicated in laundering over $100 million from criminal activities, stressing the importance of using compliant and registered services to avoid potential legal and financial pitfalls.
Researchers have taken control of a command and control server for a variant of the PlugX malware, revealing its vast reach with over 2.5 million connections from unique IP addresses globally in just six months. This operation, executed by cybersecurity firm Sekoia, involved setting up a fake server to mimic the malware’s command and control behavior, allowing them to intercept communications from infected hosts. The data shows that daily requests ranged from 90,000 to 100,000, coming from more than 170 countries, with a significant concentration in just 15 countries, underscoring the extensive and strategic deployment of this malware.
Google recently patched a series of vulnerabilities in its Chrome browser, including a critical flaw identified as CVE-2024-4058, which affects the ANGLE graphics layer engine. This Type Confusion vulnerability allows attackers to execute arbitrary code on the victim’s machine. Discovered by researchers Toan Pham and Bao Pham of Qrious Secure, the flaw garnered a $16,000 bounty for its reporting, highlighting its severity and potential risk to Chrome users.
Cybersecurity researchers from Zscaler have observed an increase in black hat SEO techniques used by hackers to promote fraudulent sites, thereby increasing their visibility in search results. These sites, often hosted on reputable platforms, deceive users into downloading malware under the guise of legitimate software, particularly cracked versions. This SEO poisoning not only elevates harmful content in search rankings but also cleverly evades detection by manipulating referral URLs and employing complex obfuscation methods to hide malicious activities.
π₯ Cyber Incidents
After a significant service disruption that left users worldwide unable to access its website and mobile apps, Reddit has successfully resolved the issue and restored full functionality. The social media platform faced various error messages, including “502 Bad Gateway” and “Unknown server error,” which affected numerous users attempting to connect. The outage was linked to potential DNS or web server configuration problems, but as of April 25, 13:26 EDT, Reddit announced that the issue had been identified and rectified, with servers now back online and under close monitoring.
Kaiser Permanente, a major U.S. healthcare service provider, has disclosed a data security incident impacting approximately 13.4 million current and former members and patients. The leak occurred via third-party trackers installed on its websites and mobile apps, unintentionally transmitting personal data to vendors like Google, Microsoft Bing, and X (Twitter). Although the data did not include sensitive information such as SSNs or credit card numbers, the breach involved details such as IP addresses, names, and interaction data, which were shared with an extensive network of marketers and advertisers.
BerryDunn faces a significant breach involving over 1 million individuals’ personal information, triggered by a third-party security compromise. After being notified of suspicious network activity from its vendor, BerryDunn promptly engaged cybersecurity experts to investigate the breach and assess the extent of data exposure. Measures have been taken to secure affected data and mitigate risks, including decommissioning systems under the vendor’s control and offering identity theft protection services to affected individuals through IDX, A Zero Fox Company.
The Los Angeles County Department of Health Services has announced a significant data breach involving the personal and health information of over 6,000 patients after a phishing attack compromised the email accounts of 23 employees. The breached data, contained within employee email inboxes, included sensitive patient details such as names, addresses, medical records, and health plan information, though it did not extend to Social Security Numbers or financial info. In response to the breach, the health system has reset affected credentials, re-imaged devices, and heightened email security protocols to prevent future incidents.
The Kansas City Scout traffic management system, encompassing traffic cameras, tracking systems, and highway message boards, is currently offline due to a cyber attack. Early this morning, officials announced that all components, including the KC SCOUT website, were affected and shut down as a precaution. The Missouri Department of Transportation is actively working to restore services, although there is no specified timeline for when the systems will be fully operational again.
π’ Cyber News
The Cybersecurity and Infrastructure Security Agency (CISA) is initiating a pilot program aimed at alerting organizations about potential ransomware threats, with full operational status expected by the end of 2024. Over 2,000 warnings have been issued since January 2023, using vulnerability scanning tools to identify and advise on critical security weaknesses that need addressing. As ransomware attacks continue to rise, with a significant 49 percent increase in reported incidents from 2022 to 2023, this program is a crucial step in bolstering the cyber defenses of participating organizations, particularly in high-risk sectors like manufacturing and high tech.
Microsoft officials reported to a German parliamentary committee that Russian state-sponsored hackers, identified as Midnight Blizzard, gained only read access to Microsoft’s source code repositories without the ability to alter the code. This disclosure came during a closed-door meeting following the public revelation of the breach in March, where it was emphasized that the security breach allowed access but prevented any modification or tampering with the source code. Amidst broader scrutiny of Microsoft’s security practices and recent high-profile security failures, this incident highlights ongoing cybersecurity challenges and the need for continuous vigilance and improvement in corporate and national security protocols.
As Togo approaches national elections, digital rights organizations are voicing concerns over potential internet shutdowns, a tactic previously employed by the government during politically sensitive times. Over two dozen groups, including Access Now, have publicly appealed to the Togolese government to maintain uninterrupted internet access, highlighting the importance of transparency, fairness, and credibility in the electoral process. These advocates argue that keeping digital communication channels open is essential not only for democratic participation but also for sustaining business operations during election periods.
ThreatLocker, a leader in zero trust endpoint security, has successfully raised $115 million in a Series D funding round, bringing its total funding to nearly $240 million. Led by General Atlantic and supported by StepStone Group and the D.E. Shaw group, this latest financial boost aims to enhance ThreatLocker’s capabilities in protecting organizations from ransomware and zero-day attacks. With a strong track record of revenue doubling in the past year and its security solutions currently safeguarding over 50,000 organizations, ThreatLocker plans to expand its market presence and continue innovating in the cybersecurity space.
In a landmark decision for technology and history enthusiasts, Microsoft has released the source code for MS-DOS 4.0, making it publicly accessible on its GitHub repository. This release allows developers, students, and tech aficionados to delve into the intricacies of one of the pivotal operating systems in the history of personal computing. Originally developed in collaboration with IBM, MS-DOS 4.0 features enhancements like a graphical user interface and improved memory management, serving as a valuable educational tool and preserving a key piece of technological history.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
