π What are the latest cybersecurity alerts, incidents, and news?
Remote Code Execution, Telerik Server, PKfail, Secure Boot Bypass, China, Smishing Triad, iPhone Users, India, North Korea, Andariel Group, Critical Infrastructure, Selenium Grid, Crypto Mining, BMW Personal Information, Hong Kong, Compex, Brookfield Zoo Chicago, Employee Information, Ezynetic, Singapore, Hope PSBank, French Police, Europol, PlugX Malware, Self-Destruct Payload, US Department of Justice, North Korea, Hacker, Hong Kong, Cybersecurity Legislation, Greenely, β¬8 Million, Funding, Energy Platform, Nordic Markets
Listen to the full podcast
π¨Β Cyber Alerts
A critical remote code execution (RCE) vulnerability has been discovered in Telerik Report Server, tracked as CVE-2024-6327 with a CVSS score of 9.9. The flaw affects versions prior to 2024 Q2 (10.1.24.709) and arises from insecure deserialization, which can be exploited by attackers to execute unauthorized commands. Progress Software has released a fix in version 10.1.24.709 and strongly advises users to update immediately.
The PKfail vulnerability, discovered by security firm Binarly, affects hundreds of computer models and allows attackers to bypass Secure Boot by exploiting an exposed American Megatrends International (AMI) Platform Key (PK). This key, intended only for non-production use, was mistakenly used by major manufacturers, including Dell, HP, Lenovo, Fujitsu, and Supermicro, in their devices. The vulnerability enables the execution of malicious code during the boot process, potentially leading to the deployment of UEFI bootkits like BlackLotus.
The Chinese Smishing Triad gang has launched a new phishing campaign targeting iPhone users in India, exploiting iMessage and the government-operated India Post. According to FortiGuard Labs, the scam involves deceptive iMessages claiming that a package is awaiting pickup at an India Post warehouse. Victims are directed to a counterfeit website mimicking the official India Post site, where they are asked to provide sensitive personal information and, in some cases, credit card details for a fake redelivery fee.
The FBI, NSA, and CISA have issued a stark warning about the North Korean cyber-espionage group Andariel, which is intensifying its attacks on critical infrastructure sectors in the U.S., including defense, aerospace, nuclear, and engineering. Known also as Silent Chollima, Onyx Sleet, and Stonefly, Andariel is using ransomware attacks on healthcare organizations to finance its operations, aimed at stealing valuable technical information and intellectual property.
Cybersecurity researchers have identified an ongoing attack campaign exploiting exposed Selenium Grid services for cryptocurrency mining. The campaign, named SeleniumGreed, targets older versions of Selenium Grid (3.141.59 and prior) that lack authentication, allowing attackers to leverage the WebDriver API for malicious purposes. Since at least April 2023, attackers have been using these vulnerabilities to deploy an XMRig miner.
π₯ Cyber Incidents
BMW Concessionaires Hong Kong has confirmed a data breach affecting 14,000 customers, with exposed information including names, mobile numbers, and SMS opt-out preferences. The breach, linked to a third-party agency, was reported to the Hong Kong Police Force and the Office of the Privacy Commissioner for Personal Data (PCPD). BMW is collaborating with an external cybersecurity expert to investigate the incident and has heightened its security measures.
Compex Legal Services Inc. has revealed a significant data breach that exposed sensitive client information, including Social Security numbers and medical records. Discovered on April 17, 2024, the breach involved unauthorized access starting from April 9, 2024, leading to the compromise of personal data. The firm, headquartered in Torrance, California, is currently conducting a thorough review to identify affected individuals and will notify them directly with resources to protect their information.
Brookfield Zoo Chicago has confirmed a data breach that occurred earlier this year, potentially exposing personal information of current and former employees, as well as beneficiaries. While the breach did not disrupt zoo operations, the organization has taken steps to address the issue, including engaging third-party specialists for investigation and notifying local and federal authorities.
In a significant data breach, the personal information of approximately 128,000 customers of licensed moneylenders in Singapore has been stolen after a third-party IT vendor, Ezynetic, was compromised. The Ministry of Law (MinLaw) confirmed that the breach affected borrower data from 12 moneylenders using Ezynetic’s services. The stolen data, which includes names, NRIC numbers, and loan details, has been observed on various websites.
Hope Payment Service Bank (Hope PSBank), a prominent digital bank in Nigeria, recently thwarted a significant cyberattack aimed at its banking platform, successfully safeguarding billions of Naira from potential theft. The bankβs swift response and robust technology allowed it to detect and neutralize the attack before any customer funds were affected. While the incident caused a temporary downtime, which was promptly communicated to customers and partners, normal operations have resumed smoothly.
π’ Cyber News
In a coordinated effort to combat the widespread PlugX malware, French police and Europol have launched a significant operation to remove the malicious software from infected devices. Spearheaded by the Center for the Fight Against Digital Crime (C3N) of the National Gendarmerie and supported by cybersecurity firm Sekoia, the initiative deploys a custom PlugX plugin that triggers a self-destruct command on affected systems. This action follows Sekoiaβs earlier success in sinkholing a command and control server for the malware.
On July 26, 2024, the U.S. Department of Justice unsealed an indictment against Rim Jong Hyok, a North Korean military intelligence operative, for his alleged involvement in ransomware attacks targeting U.S. hospitals. Hyok, a member of the hacking group Andariel, used ransomware to extort healthcare facilities and laundered the proceeds to support further cyber operations against defense, technology, and government entities worldwide.
In the second quarter of 2024, ransomware and business email compromise (BEC) attacks constituted a staggering 60% of all reported cyber incidents, according to a Cisco Talos report. The technology sector emerged as the most targeted, accounting for 24% of these incidents, reflecting attackers’ focus on exploiting technology firms as gateways to broader industries. The report highlights a significant rise in attacks facilitated by compromised credentials, with 60% of breaches attributed to this method, up 25% from the previous quarter.
Hong Kong is set to introduce its first comprehensive cybersecurity legislation in response to rising cyber threats. The proposed framework, unveiled by the government, focuses on regulating Critical Infrastructure Operators (CIOs) and Critical Computer Systems (CCS) across key sectors such as energy, banking, and healthcare. The new legislation will establish a Commissionerβs Office under the Security Bureau to oversee the implementation, including conducting inspections and enforcing compliance.
Swedish energy-tech startup Greenely has raised β¬8 million in Series A funding to expand its innovative energy management platform into Nordic countries. Serving approximately 200,000 households in Sweden, Greenely offers energy consumption analytics and optimization services, including smarter electric vehicle charging and energy storage solutions. The new funding will enable Greenely to broaden its reach and enhance its βresidential virtual power plantβ (VPP) technology.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
