π What’s trending in cybersecurity today?
GitHub, Patches, Authentication Bypass, Unfading Sea Haze, Threat Group, South China Sea, Apple, Wi-Fi Positioning System, Exposes, Wi-Fi Locations, Ikaruz, Red Team, Hacktivists, Ransomware, WinRAR, Screen Spoofing, Microsoft, Outage, Bing, Copilot, DuckDuckGo, ChatGPT, British Columbia, First Nations Health Authority, Cyberattack, Tele Top, Encryption Trojan, New Caledonia, Macron Visit, Hamburg Airport, Hacker Attack, US House of Representatives, FIT21, Crypto Bill, Apple, Antitrust Allegations, Japan, Cyber Defense, Microsoft, VBScript, Intercontinental Exchange, Fined, VPN Breach.
Listen to the full podcast
π¨Β Cyber Alerts
GitHub has released security fixes for a critical vulnerability in GitHub Enterprise Server (GHES) that allowed attackers to bypass authentication. The issue, tracked as CVE-2024-4985, could enable attackers to forge SAML responses and gain site administrator privileges. This vulnerability affected all GHES versions before 3.13.0 and has now been resolved with updates.
Cybersecurity researchers have uncovered a new threat group, Unfading Sea Haze, active since 2018. This group targets high-level organizations in South China Sea countries, focusing on military and government entities. Their attacks leverage poor credential hygiene and inadequate patching, utilizing sophisticated tools like Gh0st RAT and Ps2dllLoader. The group’s techniques include spear-phishing and advanced persistence methods, indicating a targeted espionage campaign aligned with Chinese interests.
Security researchers unveil a critical privacy flaw in Apple’s Wi-Fi Positioning System (WPS), enabling hackers to track access points worldwide. Exploiting crowdsourced location data, attackers can compile a vast database of Wi-Fi locations, posing profound privacy risks. The vulnerability highlights the need for robust privacy measures in geolocation services and internet-connected devices to safeguard user data.
Sentinel One researchers uncover a disturbing trend where hacktivist groups like Ikaruz Red Team weaponize ransomware, shifting from mere disruption to pushing political agendas. Using leaked builders, these groups target Philippine entities, hijacking government branding to draw attention to regional tensions. This evolution highlights a concerning blend of cybercrime and geopolitical activism.
A critical vulnerability in WinRAR versions prior to 7.00 enables attackers to manipulate displayed file names, potentially tricking users into running malicious scripts. Identified by Siddharth Dushantha, the flaw arises from inadequate validation of file names within ZIP archives, allowing attackers to craft specially designed files containing ANSI escape sequences to deceive users. To mitigate the risk, users should update WinRAR to version 7.00 or later and exercise caution when opening archives from untrusted sources.
π₯ Cyber Incidents
Ongoing outage since 3 AM EDT affects Bing.com, Copilot for web and mobile, and Copilot in Windows. Primarily impacting users in Asia and Europe, Bing.com shows blank pages or 429 HTTP errors; Bing search still accessible via direct URL. Copilot services remain offline across platforms, including website, app, and Windows integration. Additionally, DuckDuckGo search functionality disrupted due to reliance on Bing API.
British Columbiaβs First Nations Health Authority has fallen victim to a cyberattack, detected on May 13. Countermeasures were deployed in time to prevent network encryption, but certain employee and limited personal information may have been impacted. The health authority has engaged cybersecurity experts and law enforcement, emphasizing that the attack is distinct from recent high-profile incidents in the province.
A widespread encryption Trojan disrupts Radio and Tele Top’s operations in Switzerland. Despite challenges, the team manages to maintain nearly normal programming, with experts working to resolve the issue. Top media outlets face blackmail amid efforts to restore data and programs.
Authorities report a significant cyber assault targeting the archipelago’s internet infrastructure. The attack, allegedly of Russian origin, coincided with President Macron’s visit. Despite containment efforts, details remain unclear, prompting ongoing investigation and speculation.
Despite a hacker attack, Hamburg Airport was able to maintain operations on Whit Sunday. The pro-Russian hacker group Just Evil/Kill Milk claims to have gained access to certain parts of the secured airport area during a cyberattack on Whit Sunday at Hamburg Airport. As proof, the group posted numerous pictures of their “loot” on their Telegram channel, among other things. These included screenshots of a kind of control panel as well as images from surveillance cameras at the airport. In a list, the hackers also gave the results of their attack in cryptic form.
The US House of Representatives has approved the Financial Innovation and Technology for the 21st Century Act, a bipartisan effort to provide regulatory clarity to digital assets. With 279 votes in favor and 136 against, the bill seeks to define the roles of the SEC and CFTC in overseeing cryptocurrencies and related innovations. The legislation faces further scrutiny in the Senate, amid ongoing debates over the future of digital finance and the potential impact on traditional markets.
Apple refutes US claims of monopoly power and argues for competitive dynamics in tech sector. The firm defends its curated platform experience and challenges allegations of anticompetitive behavior. Despite facing an antitrust lawsuit, Apple asserts its position amidst fierce competition in the smartphone market.
Japan government is set to form a consultative body to introduce an active cyber defense system. Modeled after the JCDC in the US, it aims to enhance collaboration between public and private sectors to counter hybrid warfare threats. The body will gather and analyze cyber risk information, customize countermeasures, and expedite efforts in key policy areas.
Microsoft Program Manager Naveen Shankar announced plans to phase out Visual Basic Script (VBScript) in favor of more advanced alternatives like JavaScript and PowerShell. The move reflects advancements in technology and aims to promote modern web development and automation tasks.
The Intercontinental Exchange (ICE) faces a $10 million penalty for delayed reporting of a 2021 VPN breach to the SEC. ICE, a Fortune 500 company operating global financial exchanges, failed to promptly notify the SEC about the intrusion, violating Regulation SCI requirements. The breach, linked to suspected state hackers, compromised VPN devices and potentially exposed employee information, leading to the penalty settlement.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
