π What’s trending in cybersecurity today?
Cryptojacking Campaign, Vulnerable Drivers, CLOUD#REVERSER Attack, Google Drive, Dropbox, Bitbucket Artifacts, US Environmental Protection Agency, Alert, Water Systems, Veeam, Critical Vulnerability, Massive Database Leak, Criminal Records, North Korean Hackers, South Korean Military Officials, CentroMed, Second Cyber Attack, KSAT, New Jersey, Shore Regional High School, Data Breach, German ESO Network, Restored, Cyber Incident, US DNA Collection, Immigrants, OpenSSF, Siren List, Open Source Security, Lazarus Group, Frozen Assets, Trump Campaign, Cryptocurrency, 2024, Zoom, Post-Quantum Encryption.
Listen to the full podcast
π¨Β Cyber Alerts
Cybersecurity researchers have uncovered a cryptojacking campaign that uses vulnerable drivers to disable security solutions, known as a BYOVD attack. Tracked by Elastic Security Labs as REF4578, this campaign deploys the GHOSTENGINE payload to terminate EDR agents and install the XMRig miner. This complex attack starts with a PowerShell script masquerading as a PNG image, fetching additional payloads from a C2 server. The campaignβs sophistication and impact highlight the urgent need for enhanced cybersecurity measures.
A new attack campaign, CLOUD#REVERSER, uses Google Drive and Dropbox to stage malicious payloads. The attack starts with a phishing email that tricks victims into downloading an executable disguised as an Excel file. This executable deploys scripts to establish persistence and download further malware from cloud storage, making detection difficult.
Threat actors exploit plaintext AWS secrets found in Bitbucket artifact objects, revealing security vulnerabilities. Mandiant’s investigation into AWS secret exposure highlights the risk of sensitive data being leaked in plaintext to public repositories. This breach underscores the importance of robust security measures to safeguard confidential information from unauthorized access.
The US Environmental Protection Agency (EPA) has issued an enforcement alert to address cyber threats to drinking water systems. Inspections have revealed critical vulnerabilities, prompting the agency to outline security measures, including reducing internet exposure and changing default passwords. The EPA warns of increased inspections and enforcement actions to ensure compliance with cybersecurity measures.
Veeam warns of a critical security flaw in Veeam Backup Enterprise Manager, enabling unauthorized access. The vulnerability, rated with a CVSS base score of 9.8/10, poses a significant risk to affected systems. Immediate patching or mitigation steps are crucial to prevent potential unauthorized access to Veeam Backup Enterprise Manager.
π₯ Cyber Incidents
A cybercriminal known as USDoD has dumped a vast database containing the criminal records of millions of Americans. The data includes full names, birth dates, aliases, addresses, and more, covering records from 2020 to 2024. The leak’s source remains unknown, but it could significantly impact both individuals and the justice system.
A joint probe investigates personal email breaches affecting high-ranking military figures. Measures implemented to mitigate damage and enhance security, amid concerns over state-sponsored hacking groups. Ongoing efforts seek to ascertain the extent of the breach and bolster cyber defenses against future threats.
CentroMed, a San Antonio healthcare provider, has experienced another cyberattack, marking the second breach in a year. This incident, announced recently, involved unauthorized access to patient data, including sensitive health information. While CentroMed has initiated measures to secure its systems and inform affected individuals, the extent of the breach and its impact remain unclear.
The Shore Regional High School District in New Jersey disclosed a cyber attack potentially exposing students’ sensitive information, including names, social security numbers, and medical details. The breach, occurring around April 13, 2023, prompted a thorough forensic investigation and notification to potentially affected individuals. While the district is offering identity monitoring services, the incident underscores the rising threat of cyber attacks faced by educational institutions and other organizations nationwide.
Following a cyber incident, ESO’s network and communication services underwent shutdown for crucial software upgrades. Email services have been reinstated, and the website is now operational, with other services expected to follow suit. ESO’s IT team, along with cybersecurity experts, are diligently addressing the threat and its repercussions, ensuring stakeholders are promptly informed if affected.
The Department of Homeland Security’s collection of DNA data from 1.5 million immigrants in four years has raised significant privacy concerns, as researchers urge the Biden administration to reverse the policy. Concerns are amplified by immigrants’ lack of understanding regarding the use of their genetic information and the indefinite storage of DNA samples by the government. Additionally, the broad scope of the DNA collection program, affecting immigrants detained in various settings, raises questions about its impact on communities of color and the potential for intensified policing in these groups.
The OpenSSF introduces Siren, a new email list for sharing threat intelligence among open source projects. Concerns over open source security have escalated post-Log4j, prompting a need for enhanced information dissemination within the community. Siren aims to fill this gap by facilitating public discussions and providing real-time updates on emerging threats to bolster cybersecurity defenses.
Blockchain sleuth ZachXBT has uncovered ties between seven Bitcoin wallets containing 891.13 Bitcoin and the notorious North Korean hacking group, Lazarus. The investigator’s findings, shared on May 21, spotlight the group’s laundering of $200 million from over 25 hacks since 2020, leading to $3.8 million in assets being frozen. Despite efforts, the wallets flagged by ZachXBT still hold the identified amounts, highlighting the ongoing challenge of combating cybercrime in the crypto space.
Facing legal challenges, Trump’s 2024 campaign announces acceptance of cryptocurrency donations, citing Senator Warren’s critiques of digital assets. Despite his previous skepticism toward Bitcoin, Trump’s move aligns with other candidates exploring crypto fundraising amid looming criminal trials. With debates against President Biden scheduled, Trump’s campaign shifts focus to digital asset acceptance, potentially reshaping political financing dynamics.
Zoom enhances its security measures with post-quantum end-to-end encryption (E2EE), utilizing Kyber-768. This advanced encryption ensures protection against future quantum computing threats, aligning with industry standards set by organizations like NIST.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
