π What are the latest cybersecurity alerts, incidents, and news?
Spyware Attack, Apple, India, Personal Data Theft, Palo Alto Networks, Exim, Malicious Attachments, Data Breach, AT&T, Snowflake, Legal Records, VpnMentor, mSpy, Iseto Corporation, Goshen Central School District, Ransomware Attack, NATO, Integrated Cyber Defense Center, Russian Disinformation Network, DoppelgΓ€nger, Media Outlets, Europe, Japan, Defense Personnel, Mishandling Classified Data,NuGet Malware, Google, Alphabet, Vulnerability Reward Program, Tracebit, Cloud-Based Threat Deception Technology
Listen to the full podcast
π¨Β Cyber Alerts
On July 11, 2024, Apple issued a spyware attack warning to iPhone users in 98 countries, following a similar alert in April. The latest warning highlights the risk posed by mercenary spyware attacks that can remotely compromise iPhones. These attacks, such as those involving Pegasus spyware, can give attackers complete access to the device, including encrypted messages and multimedia. Apple advises users to employ Lockdown Mode to stop spyware, although it may affect device functionality.
Resecurity has uncovered a new campaign by the Smishing Triad targeting India to steal personal and payment data at scale. The campaign, which began around July 8, 2024, focuses on India Post (Department of Posts, India) and leverages new infrastructure set up in the preceding days. With Indiaβs vast population and rapidly growing number of smartphone users, the country has become a prime target for cybercriminals.
Palo Alto Networks has identified a critical vulnerability in its Expedition migration tool, designated as CVE-2024-5910, which poses significant security risks. This flaw, with a CVSS score of 9.3, stems from a lack of authentication mechanisms within the tool, potentially allowing attackers with network access to gain full administrative control. The vulnerability affects all versions of Expedition prior to 1.2.92, prompting Palo Alto Networks to issue urgent security updates.
A critical vulnerability in the Exim mail transfer agent has left over 1.5 million servers vulnerable to malicious attacks via email attachments. Tracked as CVE-2024-39929 and rated 9.1 out of 10 in severity, the flaw allows threat actors to bypass typical security measures and deliver executable attachments that can install malware on end-user devices. While there have been no confirmed exploits yet, the widespread use of Exim servers makes them potential targets for cyber attacks.
Security researchers have identified a concerning trend in the NuGet package manager, where threat actors have unleashed a new wave of malicious packages employing advanced evasion tactics. This ongoing campaign, observed since August 2023 and characterized by over 60 malicious packages across 290 versions, marks a shift from previous methods using MSBuild integrations to utilizing IL weaving, a technique that modifies compiled code to insert obfuscated downloaders.
π₯ Cyber Incidents
In a significant breach linked to the Snowflake platform, AT&T has disclosed that call and text message records of tens of millions of its cellphone customers from mid-to-late 2022 were exposed. The telecom giant detected an “illegal download” of data from its workspace in April, coinciding with another unrelated data leak incident. While the breach compromised telephone numbers for nearly all AT&T cellular customers and users of its network partners between May 1, 2022, and October 31, 2022, it did not expose call or text content, nor personal information like Social Security numbers.
In a startling revelation, cybersecurity researcher Jeremiah Fowler uncovered a massive data breach involving Rapid Legal, a prominent legal services provider. The breach exposed a staggering 39 million records, including court documents, service agreements, and partial payment details, due to a non-password-protected database. The exposed data, spanning from 2009 to 2024, was discovered to include sensitive information like partial credit card numbers and personally identifiable information (PII).
In a significant data breach, phone surveillance app mSpy has exposed millions of customer records dating back to 2014, including personal information and emails. The breach, discovered in May 2024, compromised a vast trove of customer support tickets stored in mSpy’s Zendesk-powered system. These records, totaling over 100 gigabytes, reveal detailed correspondence, including requests for help in covertly monitoring phones, some from notable figures like U.S. military personnel and federal judges.
Iseto Corp., a Kyoto-based provider of printing and mailing services to government and private sectors, has suffered a significant ransomware attack, exposing personal information of over 900,000 individuals. The breach, attributed to cybercrime group 8Base, compromised data including names, addresses, tax details, and vehicle license plate numbers from prefectural and municipal sources across Japan. Criticism has mounted against Iseto for its delayed acknowledgment and opaque handling of the breach, prompting concerns and legal actions from affected prefectures like Tokushima.
The Goshen Central School District in Goshen, New York, has been struck by a ransomware attack, disabling computer services including phones and email. Superintendent Dr. Kurtis Kotes announced the discovery of the cyber incident, noting collaboration with law enforcement and cybersecurity experts to identify the attack’s origin and restore systems swiftly. Despite the disruption, in-person meetings will continue at schools and offices, with summer programs unaffected by the incident.
π’ Cyber News
NATO member states have finalized plans to establish the NATO Integrated Cyber Defense Center (NICC) during the recent summit in Washington, D.C. Set to be located in Mons, Belgium, alongside NATO’s military headquarters, the NICC aims to enhance alliance-wide defenses against sophisticated cyber threats. The center will facilitate information-sharing among member states, coordinate joint capability development, and strengthen resilience against cyber attacks that pose risks to military operations and national security.
A prolific Russian-language disinformation network known as DoppelgΓ€nger has expanded its operations across Europe, utilizing fake news sites that mimic reputable media outlets such as Der Spiegel and The Guardian to disseminate Kremlin-backed propaganda and sow discord among Western nations. Researchers from Qurium and EU DisinfoLab uncovered extensive infrastructure, including legal entities registered in the U.K. under the names of young Russian citizens, aimed at obscuring its origins.
Japan has taken disciplinary action against more than 200 defense personnel, including top military leaders and senior bureaucrats, following incidents of mishandling classified information. The move comes as Japan aims to strengthen cooperation with Western democracies, particularly in intelligence sharing amid geopolitical tensions, including Russia’s invasion of Ukraine and escalating disputes with China. Among those affected, the head of Japan’s Maritime Self Defense Force, Ryo Sakai, has resigned amidst reports that unauthorized personnel accessed sensitive vessel tracking data.
Google and Alphabet have announced a significant increase in their Vulnerability Reward Program (VRP) payouts, now offering up to $151,515 for discovering critical security vulnerabilities. This boost, effective immediately, reflects Google’s commitment to enhancing cybersecurity across its systems and applications. The updated program includes bonuses for exceptional report quality, aiming to incentivize researchers amidst increasingly robust security measures.
London-based startup Tracebit has successfully secured $5 million in seed funding to bolster its cloud-native threat detection and deception technology. Led by Accel and supported by Tapestry VC, 20SALES, and various angel investors, Tracebit aims to revolutionize cybersecurity with its innovative approach. The company specializes in deploying customized canaries and fake honeypots across cloud environments, enhancing detection capabilities and enabling rapid response to potential cyber threats.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
