π What’s going on in the cyber world today?
Adobe, Premiere Pro, InDesign, Bridge, VMware, SQL-Injection Vulnerability, Aria Automation Platform, Poco RAT, Citrix, NetScaler, PHP, Remote Code Execution Vulnerability, Akamai, Sibanye Stillwater, Ransomware Attack, Advance Auto Parts, Snowflake, Bosque Animal Rescue Kennels, Macau Government Websites, Bangladesh Meteorological Department, Federal Trade Commission, BitMEX, Anti-Money Laundering, Microsoft, Apple, OpenAI Board, Nationwide Vision, Cytactic, Crisis Readiness, Management Platform
Listen to the full podcast
π¨Β Cyber Alerts
Adobe has urgently released critical patches for several of its flagship products, including Adobe Premiere Pro, Adobe InDesign, and Adobe Bridge, addressing vulnerabilities that could potentially allow attackers to execute arbitrary code on both Windows and macOS systems. The vulnerabilities, documented under CVE identifiers, range from untrusted search paths in Premiere Pro to memory safety issues in InDesign, and integer overflow vulnerabilities in Adobe Bridge.
VMware has urgently patched a critical SQL-Injection vulnerability, identified as CVE-2024-22280, affecting its Aria Automation platform (formerly vRealize Automation). This flaw, with a CVSSv3 score of 8.5, enables authenticated malicious users to execute unauthorized database operations by injecting malicious SQL queries. VMware Aria Automation versions 8.x and VMware Cloud Foundation versions 5.x and 4.x are impacted.
A new malware campaign dubbed Poco RAT has surfaced, specifically targeting Spanish-speaking victims with a focus on sectors like mining. Identified by cybersecurity experts at Cofense, Poco RAT operates as a Remote Access Trojan (RAT), leveraging email-based delivery tactics involving finance-themed content in Spanish. It spreads via 7zip archives hosted on Google Drive, with variations in delivery methods including embedded URLs and attachments like PDF files.
Citrix has swiftly addressed critical vulnerabilities in its NetScaler product line with comprehensive security updates, aiming to protect users from potential cyber threats. The fixes include mitigations for an improper authorization flaw (CVE-2024-6235) and a memory buffer restriction issue (CVE-2024-6236), which could lead to unauthorized access and denial of service conditions, respectively. Updates cover various versions of NetScaler Console, NetScaler Agent, and NetScaler SVM, ensuring broad protection across their product ecosystem.
A critical vulnerability in PHP allowing remote code execution, identified as CVE-2024-4577, has rapidly become a target for exploitation shortly after its disclosure. Threat actors are actively leveraging this flaw, particularly in malware campaigns observed by Akamai Security Intelligence Response Team (SIRT). These campaigns include the deployment of Gh0st RAT for remote access, RedTail Cryptominer for cryptocurrency mining, and variants of Muhstik and XMRig for further malicious activities.
π₯ Cyber Incidents
Sibanye Stillwater, a prominent mining company based in South Africa with operations in Montana, experienced a significant disruption following a ransomware attack. The incident, which occurred recently, resulted in temporary shutdowns of computer systems at their Montana facilities, including the Columbus smelter. This disruption affected automated processes crucial for processing recycled mine material. Despite the operational challenges posed by the cyberattack, employees at the Columbus facility, numbering in the hundreds, continued their work.
In a significant data breach, Advance Auto Parts reported that sensitive information belonging to millions of job applicants was exposed due to an attack on their Snowflake cloud account. The breach, discovered in late May 2024, resulted in unauthorized access to data collected during the job application process, including Social Security numbers, driverβs license numbers, and dates of birth. Attackers claimed to have stolen terabytes of company data, prompting Advance Auto Parts to offer affected individuals credit monitoring and identity restoration services for 12 months.
Bosque Animal Rescue Kennels (BARK) is urgently warning the public after falling victim to a hacking incident that compromised their website. Scammers exploited the breach by posting fraudulent ads featuring pictures of purebred puppies supposedly available for adoption. Despite efforts to mitigate the issue, BARK’s director, Jenny Luper, expressed deep concern over the potential for misinformation and financial exploitation of well-meaning individuals.
Several Macau government websites, including those of the secretary for security, public security police, fire services department, and security forces services bureau, were hacked, according to Chinese state media. The cyberattack, suspected to have originated from overseas, prompted a criminal investigation and immediate emergency response. Authorities collaborated with telecommunication operators to restore affected services quickly.
On July 9, the Bangladesh Meteorological Department (BMD) website was hacked, causing it to be inaccessible for over two hours. The breach, attributed to a group identifying as “ODIYAN911” from India, left a message on the site before authorities restored access. BMD officials, including meteorologist Monowar Hossain, confirmed the recovery but expressed ongoing concern over potential server damage. Investigations are underway to identify those responsible for the cyberattack.
π’ Cyber News
In a recent audit by the Federal Trade Commission (FTC) and international consumer protection networks, it was found that 75% of websites and mobile apps employing subscription services utilize dark patterns like manipulative digital design techniques. These tactics coerce consumers into unintended purchases or divulging personal information. The audit, conducted globally with participation from 27 authorities across 26 countries, highlights widespread use of these patterns like hidden disclosures and misleading interface designs.
BitMEX, operated by HDR Global Trading Limited, has pleaded guilty to violating the Bank Secrecy Act by failing to establish a sufficient anti-money laundering (AML) program in the United States. This plea, announced by U.S. Attorney Damian Williams and FBI Acting Assistant Director Christie M. Curtis, highlights BitMEX’s significant oversight in implementing required KYC (know your customer) procedures. The cryptocurrency derivatives platform allowed U.S. traders access without adequate AML safeguards, facilitating potential money laundering and sanctions evasion activities.
Microsoft and Apple have decided to relinquish their observer seats on OpenAI’s board amidst increasing antitrust scrutiny over Big Tech’s investments in AI startups. Microsoft, which has heavily invested in OpenAI, cited significant progress and confidence in the company’s direction, leading to the withdrawal of its board role. Apple, originally slated to take a similar position, opted out without comment. OpenAI plans to engage key partners through regular meetings instead, under the leadership of Sarah Friar, its new CFO.
Nationwide Vision has reached a $3.45 million settlement to resolve a class action lawsuit stemming from a 2021 data breach. The breach, which occurred between April 20, 2021, and May 17, 2021, allegedly resulted from inadequate cybersecurity measures by Nationwide and Sightcare, compromising sensitive information of patients, customers, employees, and covered dependents. The settlement offers affected individuals the choice between pro rata cash payments averaging $50 per claimant or reimbursement for documented losses, capped at $5,400.
Israeli startup Cytactic has successfully raised $16 million in seed funding to advance its development of a comprehensive “cyber crisis readiness and management” platform. Led by Evolution Equity Partners, the investment aims to bolster Cytactic’s efforts in creating automated and data-driven solutions designed to enhance organizations’ ability to prepare for, respond to, and recover from cyber crises such as breaches, ransomware attacks, and supply chain vulnerabilities.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
