π What’s trending in cybersecurity today?
Blast-RADIUS, OpenSSH, Linux ,Microsoft, Houthi, GuardZoo, Android Spyware, ViperSoftX, General Motors, Credential Stuffing,Clay County Courthouse, Southwest Tennessee Community College, Data Breach, Bhuvan Bam, Deepfake Video, US Justice Department, Twitter Bot-Farm, Microsoft China, Elliptic, $11 Billion Scam, Huione Guarantee Marketplace, Spanish Court, AI, AI SPERA, Devcons, UAE, Cyber Threat Intelligence.
Listen to the full podcast
π¨Β Cyber Alerts
The newly identified Blast-RADIUS vulnerability exposes a critical flaw in the RADIUS protocol, which is essential for authentication, authorization, and accounting (AAA) in enterprise and telecommunication networks. This vulnerability enables a man-in-the-middle attacker to forge a valid protocol accept message in response to a failed authentication request, granting unauthorized access to network devices and services without guessing passwords or shared secrets.
Critical vulnerabilities have been unearthed in OpenSSH, affecting Linux systems and posing severe security risks. These flaws, assigned CVE-2024-5678 and CVE-2024-5679, enable remote code execution, allowing malicious actors to gain unauthorized access. Security experts urge immediate updates to mitigate potential exploitation. The vulnerabilities impact a wide range of Linux distributions, emphasizing the urgency for administrators to patch affected systems promptly to prevent potential breaches and safeguard sensitive data.
Microsoft’s July 2024 security patch responded decisively to cybersecurity threats by addressing 139 vulnerabilities across Windows, Office, .NET, Azure, SQL Server, and more. Critical updates were issued for zero-day vulnerabilities actively exploited in Hyper-V, MSHTML, and .NET, crucial for preventing unauthorized code execution and system compromise. Urging immediate deployment, especially for vulnerabilities affecting remote desktop services, SharePoint, and SQL Server, these measures aim to thwart ransomware attacks and data breaches.
A sophisticated Advanced Persistent Threat (APT) group aligned with Houthi rebels in Yemen has been identified deploying a custom Android spyware known as “GuardZoo” to target military entities across the Middle East. According to cybersecurity researchers, the campaign, spanning over five years, uses deceptive tactics via WhatsApp to distribute malicious links leading to fake military-themed apps outside of Google Play. GuardZoo, derived from the “Dendroid RAT,” is adept at exfiltrating sensitive military intelligence, including GPS data and tactical information crucial for military operations.
ViperSoftX, a sophisticated malware, has adopted a novel strategy by disguising itself as eBooks distributed through torrent networks. Researchers from Trellix highlight its advanced use of the Common Language Runtime (CLR) to execute PowerShell commands within AutoIt, enabling stealthy malicious activities that evade traditional detection methods. Recent incidents also link ViperSoftX to distributing Quasar RAT and TesseractStealer, exploiting cracked software and now eBooks to compromise unsuspecting victims.
π₯ Cyber Incidents
General Motors has reported a credential stuffing attack where unauthorized parties attempted to access 65 customer accounts on its accessories website. The incident, discovered on May 24, 2024, with the breach occurring around May 18, involved the use of login credentials obtained from a separate data leak. Although personal information such as names, phone numbers, addresses, and partial credit card details were potentially accessible, sensitive data like social security numbers and driver’s license information remained secure.
A ransomware attack has wreaked havoc at the Clay County Courthouse in Indiana, disrupting daily operations and causing significant challenges for the staff. Clay County Emergency Management Director Rob Gambill reported that while the Clay County Sheriff’s Department, 911 Dispatch, and Highway Department remain unaffected and fully operational, courthouse offices, especially the courts, are experiencing severe disruptions. Gambill emphasized the difficulty in rescheduling court proceedings due to the reliance on affected computer systems.
Southwest Tennessee Community College has reported a cyber incident affecting its network systems, leading to disruptions in server operations. The college is collaborating with cybersecurity experts to investigate the attack’s scope and mitigate its impact. As a result, Summer II Term classes and registration have been delayed, with remote work and learning continuing. Campus services such as childcare remain operational, but the Follett Bookstore is temporarily closed
A significant data breach has exposed the personal and professional details of 2,073 Microsoft employees online, originating from a third-party vendor breach. The leak, attributed to a threat actor known as @888 active in underground forums, was confirmed by the Cyber Press Research Team, verifying the accuracy and sensitivity of the compromised information. Exposed data includes names, job titles, contact details, and LinkedIn profiles of high-ranking personnel spanning various departments within Microsoft.
Bhuvan Bam has alerted his fans about a deepfake video falsely depicting him endorsing tennis betting predictions. The misleading video, which has been circulating on social media, led his team to file a complaint at the Oshiwara police station in Mumbai. Bhuvan emphasized the importance of not falling for such scams and urged his followers to stay vigilant and avoid making any investments suggested in the video.
π’ Cyber News
The U.S. Justice Department, in collaboration with international intelligence agencies, has exposed a sophisticated Russian-operated bot farm leveraging artificial intelligence on Twitter to propagate disinformation. Dubbed Meliorator, the AI-powered tool creates diverse bot personas ranging from fully fleshed-out profiles to minimalistic identities.The Justice Department’s seizure of associated domains and social media accounts marks a significant crackdown on AI-driven disinformation campaigns aimed at manipulating public opinion and sowing discord on social platforms.
In a strategic move to bolster cybersecurity, Microsoft China has announced a mandate for its employees to switch from Android smartphones to iPhones. Citing heightened concerns over security vulnerabilities associated with Android’s open-source platform, the tech giant aims to enhance data protection and thwart potential cyber threats. By leveraging Apple’s renowned security features and closed ecosystem, Microsoft seeks to fortify its operational resilience.
Elliptic, a leading blockchain analytics firm, has unveiled a startling $11 billion scam network operated through the Huione Guarantee marketplace, affiliated with Cambodia’s Huione Group. The platform, primarily utilizing Tether (USDT) transactions for its operations, facilitated extensive money laundering and cyber scams across Southeast Asia. Elliptic’s investigation identified numerous crypto addresses associated with Huione Guarantee and its merchants linked to illicit activities.
In a landmark ruling in southwest Spain, a youth court has sentenced 15 schoolboys to probation for creating and sharing AI-generated deepfake images of their female classmates on WhatsApp. The court found the boys guilty of creating child abuse material and infringing upon the moral integrity of their peers by digitally altering images obtained from social media.
AI SPERA has announced a significant partnership with UAE-based distributor Devcons to introduce its advanced Cyber Threat Intelligence (CTI) search engine, ‘Criminal IP’, throughout the Middle East. Devcons, renowned for its extensive distribution network, will market and distribute the product across key markets such as Egypt, Libya, and Iraq, with plans to expand into Saudi Arabia and the UAE. This collaboration aims to strengthen AI SPERA’s presence in the region’s cybersecurity sector.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.