π What’s the latest in the cyber world today?
PINEAPPLE Group, FLUXROOT Group, Google Cloud Abuse, Credential Phishing Attacks, Braodo Stealer, Critical XSS Vulnerability, Okta Plugin, Malicious Video, Vigorish Viper, Illegal Gambling, City of Columbus, Aix-les-Bains Casinos, Ransomware, Greece Land Registry, Infosys McCamish, PHL Variable Insurance, UK, National Crime Agency, Digitalstress, DDoS, Rising Threats, Google Privacy Controls, Wiz, IPO Decision, Linx Security, Funding, Digital Identity Threats, Access Management Solutions
Listen to the full podcast
π¨Β Cyber Alerts
Hacker Groups PINEAPPLE and FLUXROOT have recently been exploiting Google Cloudβs serverless infrastructure to conduct sophisticated credential phishing attacks. FLUXROOT, a financially motivated actor from Latin America, has used Google Cloud container URLs to host phishing pages targeting Mercado Pago, a popular payment platform in LATAM. Meanwhile, PINEAPPLE has leveraged Google Cloud to distribute the Astaroth stealer malware, creating malicious landing pages on legitimate serverless domains.
The Braodo Stealer, a sophisticated malware originating from Vietnam, has recently come to light due to its ability to steal users’ login credentials with alarming efficiency. This malware employs Unicode-obfuscated batch files and PowerShell scripts to install itself and collect sensitive data from browsers like Chrome, Firefox, and Edge. Utilizing AES encryption to decrypt browser information, Braodo sends stolen data to Telegram bots, showcasing its advanced capabilities in evading detection.
The Okta Browser Plugin, used by over 5 million users across Chrome, Edge, Safari, and Firefox, has been identified with a significant Cross-Site Scripting (XSS) vulnerability. This flaw, assigned CVE-2024-0981 with a severity rating of 7.1 (High), allows threat actors to execute arbitrary JavaScript code through the plugin when users input and save new credentials with Okta Personal. Okta has swiftly addressed the issue by releasing an update to version 6.32.0, which fixes the vulnerability.
A newly discovered zero-day vulnerability in Telegram for Android, identified by ESET researchers and dubbed βEvilVideo,β has been exploited to distribute malicious payloads disguised as harmless video files. The flaw affects Telegram versions 10.14.4 and older, allowing attackers to trick users into installing malicious apps by masquerading them as video files. Upon attempting to play the disguised video, users are prompted to download and install the malicious app as an external player, potentially compromising their devices.
The “Vigorish Viper” syndicate, a Chinese cybercrime group, has been exploiting football sponsorships to promote its illegal gambling network, valued at a staggering $1.7 trillion. Managed by the notorious Yabo Group, Vigorish Viper is implicated in extensive money laundering and human trafficking across Southeast Asia. The syndicate’s strategy includes leveraging the prestige of European football clubs to advertise illicit betting sites, particularly targeting Greater China.
π₯ Cyber Incidents
The City of Columbus, Ohio is addressing a recent cybersecurity incident detected on July 18, which led to significant disruptions in some resident-facing IT services. The cityβs Department of Technology identified the anomaly as unrelated to the global IT outage and took immediate action by severing internet connectivity to limit potential exposure. Despite these disruptions, critical systems, including 9-1-1, 311 services, and employee payroll, remain operational.
On July 22, 2024, cybersecurity researcher Jeremiah Fowler reported a significant data breach involving ClickBalance, a leading ERP (Enterprise Resource Planning) software provider. The breach exposed over 769 million records, including sensitive information such as API keys, bank account numbers, and over 381,000 email addresses. The publicly accessible, non-password-protected database was promptly secured following Fowlerβs responsible disclosure.
Two casinos in Aix-les-Bains, France were hit by a ransomware attack on July 18, 2024, causing significant disruption to their operations. The Grand Cercle casino and Poker Bowl suffered encrypted server data, leading to their closure until July 22. While they have partially reopened, with slot machines now accessible, other services remain unavailable. The casinos have reported significant operational losses and are working with the Paris prosecutorβs anti-cybercrime unit to resolve the incident.
Greece’s Land Registry agency recently endured a wave of 400 cyberattacks, leading to a limited-scope data breach. Hackers accessed and stole 1.2 GB of data, mainly administrative documents, but no personal information was compromised. Despite attempts to infiltrate the central database and exfiltrate data, these efforts were thwarted. The agency, aided by the Cybersecurity Directorate, has taken immediate measures including resetting passwords and enforcing two-factor authentication.
On July 19, 2024, Infosys McCamish Systems, LLC (IMS) reported a data breach to the California Attorney General, revealing that a recent cyberattack compromised parts of its network, affecting PHL Variable Insurance Company customers. The breach, which occurred between October 29 and November 2, 2023, involved unauthorized access to sensitive customer data. Infosys McCamish has begun notifying affected individuals and is working with cybersecurity experts to address the breach.
π’ Cyber News
On July 22, 2024, the UK’s National Crime Agency (NCA) dismantled Digitalstress.su, a major underground marketplace for Distributed Denial of Service (DDoS) attacks, in a significant cybercrime crackdown. Operating under an outdated USSR domain, Digitalstress.su facilitated numerous global cyberattacks before being seized by the NCA and redirected to a warning page for users.
Ransomware groups are increasingly fragmenting due to intensified law enforcement actions, according to Europolβs 2024 Internet Organised Crime Threat Assessment (IOCTA). The latest report reveals that recent takedowns of dark web forums and marketplaces have forced these cybercriminal groups to rebrand and scatter, resulting in a more dispersed threat landscape. This fragmentation has escalated risks for millions across the EU, leading to a surge in attacks on small businesses, digital skimming, and online fraud.
Google has reversed its decision to phase out third-party cookies in Chrome, opting instead to implement a new browser experience that will allow users to manage their use. Originally set to be eliminated by early 2025, third-party cookies used for tracking user behavior across websites were intended to be replaced by Googleβs Privacy Sandbox. However, due to slow adoption by advertisers and ongoing impacts on the online advertising ecosystem, Google will now enable users to restrict third-party cookies rather than completely remove them.
Israeli cloud security giant Wiz has decided to pursue an initial public offering (IPO) rather than accepting a $23 billion acquisition offer from Googleβs parent company, Alphabet. This decision marks a significant shift from earlier reports that hinted at a major acquisition deal. According to a memo from Wizβs CEO Assaf Rappaport, the company will proceed with its IPO plans, aiming to achieve an annual recurring revenue of $1 billion.
Linx Security, a New York-based startup with Israeli origins, has successfully secured $33 million in early-stage funding to advance its technology for digital identity security. The funding round, led by Index Ventures and Cyberstarts, will enable Linx to enhance its solutions designed to address gaps in traditional identity management tools. The companyβs software aims to map and monitor user relationships, permissions, and access to reduce risk and improve compliance.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
