π What’s happening in cybersecurity today?
Cox Modem, WordPress Plugin, Microsoft, OT Devices, Apache, Log4j2, Global Finance Sector, Andariel, South Korean Institutes, Dora RAT, DMM Bitcoin, Bitcoin Theft, Hugging Face, Germany, Christian Democratic Union, Russia, Polish News Agency, Velocore, $10 Million, Hack, US Health Department, Change Healthcare, Denver Police, Drones, Pirated TV Network, Spanish Police, Google, Manifest V2 Extensions, Kaspersky, Virus Removal Tool, Linux
Listen to the full podcast
π¨Β Cyber Alerts
Recently patched authorization bypass issues in Cox modems could have been exploited to run malicious commands and access customer data. Security researcher Sam Curry revealed that attackers could have used these vulnerabilities to gain the same permissions as ISP support teams, potentially compromising millions of devices. Fortunately, Cox quickly addressed the issue within 24 hours of disclosure, preventing any known exploitation in the wild.
A critical vulnerability in the wpDataTables plugin exposes websites to SQL injection attacks. This flaw, identified as CVE-2024-3820, affects versions up to 6.3.1, allowing attackers to manipulate SQL queries and access sensitive data. Administrators are urged to update the plugin immediately and implement additional security measures to safeguard their websites against potential breaches.
Microsoft has stressed the necessity of securing OT devices due to a surge in cyber attacks since late 2023. These attacks often exploit weak security measures, causing critical system malfunctions. The company advises organizations to enhance their OT security by reducing attack surfaces and implementing zero trust practices.
The CVE-2021-44832 vulnerability in Apache Log4j2 library poses a grave risk to global finance, with potential for remote code execution. Despite the patch release, the flaw remains a significant concern for industries reliant on secure logging configurations, according to cybersecurity expert Anis Haboubi. The recent breaches at Sisense and Snowflake underscore the urgency for enhanced security measures to safeguard sensitive financial data from exploitation.
The North Korea-linked threat actor known as Andariel has been observed employing a new Golang-based backdoor named Dora RAT in its cyber attacks targeting various sectors in South Korea, including educational institutes, manufacturing firms, and construction businesses. According to a report by the AhnLab Security Intelligence Center (ASEC), the attacks are characterized by the use of a vulnerable Apache Tomcat server to distribute the malware, with the targeted system running the 2013 version of Apache Tomcat, making it susceptible to multiple vulnerabilities.
π₯ Cyber Incidents
Japanese exchange DMM Bitcoin reports the theft of 4,502.9 BTC, the largest crypto heist of 2024. Restrictions imposed on platform services as investigation ensues; Elliptic tracks stolen Bitcoin split into multiple wallets. If confirmed, the heist ranks among the largest in history, evoking concerns over crypto security.
Artificial Intelligence (AI) company Hugging Face disclosed that it detected unauthorized access to its Spaces platform earlier this week. In an advisory, the company expressed suspicions that a subset of Spaces’ secrets may have been accessed without authorization. Spaces, a platform offered by Hugging Face, serves as a hub for users to create, host, and share AI and machine learning (ML) applications, as well as discover AI apps developed by others.
Germany’s Christian Democratic Union (CDU) experiences a significant cyberattack, leading to the temporary shutdown of parts of its IT systems. Law enforcement launches an investigation into the attack, describing the perpetrators as highly skilled and professional. The incident occurs amidst a surge in politically motivated cyber threats ahead of the upcoming EU election, with Russian state-sponsored actors suspected to be involved.
Prime Minister Donald Tusk denounces a false mobilization story as part of Russia’s EU destabilization efforts. The fabricated report coincided with NATO’s discussions on supporting Ukraine against Russian aggression, prompting swift action by Polish security services to counter disinformation campaigns. Tusk underscores the importance of European elections amid escalating cyber warfare tactics, emphasizing the need for vigilance against Russia’s destabilizing strategies.
Velocore, a decentralized exchange operating across Telos, zkSync Era, and Linea blockchains, encountered a significant security breach resulting in a loss of approximately $6.8 million in tokens. Exploiting a vulnerability within Velocore’s smart contracts governing liquidity pools, a hacker leveraged overflow logic to execute a sophisticated attack, draining volatile pools on zkSync Era and Linea.
π’ Cyber News
HHS permits Change Healthcare to notify breach for others, alleviating confusion among affected organizations. Change Healthcare, processing a significant portion of U.S. medical records, now authorized to handle HIPAA breach notifications. Healthcare industry associations commend HHS decision, highlighting practicality and clarity in government action.
Amid budget constraints, Denver Police Department is deploying drones for non-critical responses to 911 calls, emphasizing that they won’t replace human officers. Despite initial aversion, the department shifts course, with plans to integrate drones for live video feeds to assist officers in decision-making during emergencies. Concerns over privacy and surveillance persist as drones become more prevalent in law enforcement activities nationwide.
Spanish police dismantle a lucrative illegal TV streaming network, ‘TVMucho,’ after a complaint from ACE, exposing its $5.7M earnings. The operation offered illegal access to 130 international TV channels and films, resulting in the arrest of eight individuals and the seizure of $86,400 and server takedowns. Users now redirected to police notices, facing potential fines as subscriber data falls into law enforcement hands.
Google accelerates extension phase-out in Chrome, impacting ad blockers. Despite feedback, the transition to Manifest V3 proceeds, with warnings appearing from June 3. Developers face technical hurdles while users may experience changes in ad-blocker effectiveness.
Kaspersky releases KVRT, a new tool for Linux, allowing users to scan and remove malware. Despite common beliefs, Linux systems face threats, making KVRT essential for detection and cleaning. Available for popular distributions, it requires an internet connection for updates.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
