π What’s the latest in the cyber world today?
UNC5537, Snowflake, Mandiant, ValleyRAT Malware, Zscaler, Arm, Actively Exploited, GPU Vulnerability, Netgear, Red Fox Security, Phishing Attack, More_eggs Malware, Recruitment Scam, eSentire, UwU Lend Exploit, $19.5M Loss, Cyvers, Cleveland City Hall, Cleveland 19 News, Lykke Exchange, QuoteWizard, TechCrunch, Hands Support Services, Canada, Google, Microsoft, Cyber Assistance, Rural Hospitals, US American Hospital Association, Apple, Apple Intelligence, US Cyber Defense Agency, Overhaul, US Cybersecurity Infrastructure Security Agency, Partnership Challenges, China, Google, Fortinet, Cloud Security, Lacework Acquisition.
Listen to the full podcast
π¨Β Cyber Alerts
Snowflake has indicated that up to 165 customers may have been impacted by a data theft campaign involving stolen credentials. The cybercriminal group UNC5537 is responsible, using malware to compromise accounts and extort victims. The campaign, active since April 2024, underscores the importance of advanced security measures like MFA.
Cybersecurity researchers have identified an updated version of the ValleyRAT malware, introducing new commands like capturing screenshots and process filtering. This malware, attributed to a China-based threat actor, is distributed through a sophisticated multi-stage process to evade detection. The update underscores the persistent and evolving nature of cyber threats.
Arm has raised concerns over a security vulnerability affecting the Mali GPU Kernel Driver, which it reports has been actively exploited in real-world attacks. Tracked as CVE-2024-4610, this vulnerability is classified as a use-after-free issue and impacts the Bifrost and Valhall GPU Kernel Drivers across various versions. According to Arm’s advisory, this flaw could be exploited by local non-privileged users to execute improper GPU memory processing operations, potentially gaining access to already freed memory.
Multiple vulnerabilities in Netgear N300 routers have been identified, including authentication bypass and password policy bypass issues. These weaknesses could potentially lead to unauthorized access and the exposure of sensitive data. Given the End-of-Service status of the router model, users must take proactive measures to secure their devices and mitigate the associated risks effectively.
Cybersecurity researchers uncover a phishing campaign distributing More_eggs malware disguised as resumes. Targeting recruiters through LinkedIn job postings, the attack aims to deceive victims into downloading malicious payloads. eSentire warns of ongoing More_eggs campaigns employing social engineering tactics, posing significant risks to targeted organizations.
π₯ Cyber Incidents
A significant exploit on DeFi protocol UwU Lend resulted in a $19.5 million loss, reported by blockchain security firm Cyvers Alert. The attacker utilized a sanctioned crypto mixer, Tornado Cash, to fund their wallet before executing three transactions, draining approximately $20 million from the UWU lending contract in just six minutes. Despite the incident, UwU Lend’s total value of assets locked surged by 135% in the last 24 hours, reaching over 82,000 ETH valued at $305 million.
Cleveland’s city hall shuts down amid a cyber incident, affecting unspecified systems. Essential services like police, fire, and utilities remain operational, but internal systems are offline until further notice. This incident adds to a growing trend of cyberattacks targeting American cities, underscoring the urgent need for robust cybersecurity measures.
Lykke cryptocurrency exchange is grappling with a security breach, prompting the halt of withdrawals as of June 4, as disclosed in a June 10 social media announcement. The exchange reassured users that their funds are secure and will be recovered, although both Lykke UK and Lykke Corp AG were impacted by the exploit. Following the incident, the exchange acknowledged the breach and initiated an investigation, aiming to identify the perpetrators and recover the stolen assets, estimated to be more than $22 million.
The list of organizations falling victim to Snowflake breaches grows, with LendingTree’s subsidiary QuoteWizard being the latest casualty. Snowflake’s attribution of blame to customers for not implementing multi-factor authentication has drawn criticism amid the mounting data theft incidents. From Ticketmaster to Advance Auto Parts, the breach underscores the vulnerability of high-profile clients using Snowflake’s services.
Hands, a North Bay organization offering developmental disability support services in Ontario, Canada, recently faced a cyber attack. Swift action was taken upon discovery, with systems isolated and third-party cybersecurity experts engaged for containment. Fortunately, with the help of IT professionals, operations resumed quickly, minimizing disruptions to client services.
π’ Cyber News
Google and Microsoft are partnering with the Biden administration to enhance cybersecurity for rural hospitals, recognizing their critical role in serving communities. This initiative offers free or discounted resources to approximately 1,800-2,100 rural hospitals across the nation, aiming to mitigate the rising cyber threats targeting the healthcare sector. Through collaboration and support, hospitals can bolster their defenses and safeguard patient data and vital services from malicious cyberattacks.
Apple introduces its groundbreaking Apple Intelligence at the 2024 Worldwide Developer Conference, revolutionizing personalized experiences on iOS, iPadOS, and macOS. The feature integrates generative AI models into Apple devices to analyze data and perform actions seamlessly. With a focus on privacy, Apple ensures that almost all processing occurs locally on the device, enhancing security for users’ sensitive information.
The Cybersecurity and Infrastructure Security Agency (CISA) is considering an overhaul of its key public-private collaboration amid concerns over unclear membership rules. Recommendations for the Joint Cyber Defense Collaborative (JCDC) suggest a deeper operational focus and clarification on participation criteria, aiming to enhance its effectiveness.
Google’s latest efforts have seen the removal of over 1,000 YouTube channels and Blogger blogs associated with coordinated influence operations tied to the People’s Republic of China. The company’s actions reflect its ongoing commitment to combatting disinformation and maintaining the integrity of its platforms. With a focus on transparency and security, Google continues to take decisive steps to protect its users from deceptive online activities.
Fortinet boosts its cybersecurity prowess with Lacework’s AI-driven cloud protection, enriching its suite of offerings. By integrating Lacework’s advanced capabilities into Fortinet’s SASE solution, customers can expect heightened threat detection and risk mitigation in their cloud environments. With this strategic acquisition, Fortinet underscores its commitment to delivering comprehensive security solutions across diverse IT landscapes.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
