π What’s the latest in the cyber world today?
WordPress Plugins Hacked, P2PInfect Botnet, Ransomware, Redis Servers, New SnailLoad Attack, Ollama AI Tool, Google Chrome Update, Memory Safety Bugs, CISA, CSAT Breach, Chemical Facilities, Levi Strauss, Neiman Marcus, CoinStats Wallet Breach, North Korean Hackers, Any.Run Phishing Incident, Julian Assange, Amazon,Β AI Chatbot Metis, ChatGPT, Microsoft, Underwater Data Centers, EU Sanctions, Non-EU Crypto Providers, Russia.
Listen to the full podcast
π¨Β Cyber Alerts
Hackers have backdoored multiple WordPress plugins to create rogue admin accounts and inject malicious JavaScript into websites. This malware sends the admin account details to an attacker-controlled server and adds SEO spam throughout the site. The compromised plugins include Social Warfare, Blaze Widget, Wrapper Link Element, Contact Form 7 Multi-Step Addon, and Simply Show Hooks. Users are urged to inspect their sites for any suspicious administrator accounts and promptly delete them, in addition to removing any injected malicious code to protect their sites from further exploitation.
P2PInfect, previously dormant, now deploys ransomware and a cryptominer on Redis servers. Cado Security’s ongoing analysis suggests it operates as a “botnet for hire,” showcasing new capabilities like cron-based persistence and a stealthy SSH lockout mechanism. This evolution marks P2PInfect as a significant threat, actively targeting vulnerable systems for financial gain and data destruction.
Researchers from Graz University unveil SnailLoad, a stealthy method to infer user activity without direct network access. By measuring latency from a malicious server, attackers can deduce websites and videos viewed by victims, exploiting internet bandwidth nuances. The method, demonstrated on YouTube and websites, highlights potential privacy risks despite its current limited impact and complexity in execution.
Researchers highlight CVE-2024-37032, dubbed Probllama, affecting Ollama AI infrastructure. This vulnerability, allowing remote code execution via path traversal, was responsibly disclosed and patched in version 0.1.34. Exploitation involves manipulating the “/api/pull” endpoint to overwrite critical server files, potentially compromising AI model security on exposed Docker installations. Ollama users are advised to update immediately and implement additional security measures to safeguard against future exploits.
Google’s latest Chrome security update resolves four high-severity use-after-free vulnerabilities affecting Dawn and Swiftshader components. These flaws, tracked as CVE-2024-6290 to CVE-2024-6293, were reported by external researchers, with significant bug bounties awarded for their discovery. Users are urged to update their browsers to version 126.0.6478.126 for Linux and 126.0.6478.126/127 for Windows, macOS, and Android to mitigate potential risks associated with these vulnerabilities.
π₯ Cyber Incidents
The US Cybersecurity Agency, CISA, discloses a breach in its Chemical Security Assessment Tool (CSAT) due to a zero-day vulnerability in Ivanti Connect Secure. Although data encryption and security controls were in place, individuals with PII submitted for vetting or CVI access may have been affected. CISA advises immediate password resets for CSAT users as a precaution against potential malicious activities.
Levi Strauss & Co. has reported a significant data breach affecting over 72,000 customers, exposing personal identifiers due to a cyber attack on June 13, 2024. The company promptly notified affected individuals, although no identity theft protection services were offered. Levi Strauss reaffirmed its commitment to data security, highlighting ongoing challenges in safeguarding consumer information from cyber threats.
In a recent disclosure, luxury retailer Neiman Marcus confirmed a data breach affecting a database platform storing customer information from April to May 2024. The compromised data includes names, contact details, dates of birth, and gift card numbers, impacting over 64,000 individuals. Following detection, Neiman Marcus swiftly contained the breach, disabled access to the affected platform, and initiated a thorough investigation with cybersecurity experts and law enforcement.
CoinStats reported a breach affecting 1,590 wallets, possibly by North Korean hackers. The incident, impacting only hosted wallets, has left the site and app offline as investigation continues. Users with impacted wallets should urgently transfer funds to external accounts to avoid theft by scammers exploiting the situation.
Any.Run, a malware analysis service, revealed a recent phishing attack targeting its staff on June 18. An employee fell victim after clicking a link in an email, leading to a compromised Microsoft phishing site that harvested login credentials and multi-factor authentication codes. The attacker maintained access for weeks, leveraging stolen information to send out further phishing emails from the employee’s account.
π’ Cyber News
WikiLeaks founder Julian Assange has been released in the UK after over five years in Belmarsh prison for disclosing classified U.S. documents. Assange, 52, faces a sentencing hearing in Saipan, having pleaded guilty to conspiring to obtain and release national defense information. His release follows a global campaign and negotiations with the U.S. Department of Justice, with Assange opting to depart for Australia amid ongoing legal challenges.
Amazon is developing Metis, a potent AI chatbot codenamed after the Greek goddess of wisdom. Powered by the Olympus AI model, it aims to outperform existing AI assistants by offering smarter, more interactive responses, including real-time updates and automated tasks like booking flights or creating itineraries. The initiative underscores Amazon’s ambitious plans to dominate the AI market, expecting significant revenue growth and sales impact in the coming years.
Microsoft has decided to discontinue its ambitious Project Natick, which involved deploying data centers deep underwater in the North Sea. The project, initiated in 2018, aimed to explore the feasibility of underwater data centers powered by renewable energy sources such as wind and solar. These submerged data centers were housed within large tubes measuring 14.3 meters in length and 12.7 meters in width, demonstrating promising performance metrics.
The European Council has intensified sanctions against Russia, extending measures to include crypto providers outside the EU aiding Russia’s defense-industrial base. This move is part of ongoing efforts to support Ukraine and counter Russian aggression, expanding the sanctions list to over 2,200 entities. The EU’s crackdown aims to thwart sanctions evasion tactics, underscoring stricter regulatory frameworks for the cryptocurrency sector to prevent illicit financial activities and uphold international security.
Universal Music Group, Sony Music, and Warner Records have filed lawsuits against AI music-synthesis companies Udio and Suno, accusing them of using copyrighted recordings to train their AI models without permission. These models can generate music based on text descriptions, potentially undermining the value of human artists’ work by recreating elements of famous songs and mimicking iconic vocal styles. The lawsuits seek significant damages for each song used in training, highlighting the growing legal challenges surrounding AI’s use of copyrighted material in creative industries.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
