π What are the latest cybersecurity alerts, incidents, and news?
Bitdefender, GravityZone, SSRF, Facebook, Lumma Stealer, Photo Editor, Microsoft, Edge, Arbitrary Code Execution, BITSLOTH Backdoor, BITS, Cloudflare, Tunnels, RansomHub, McDowall Affleck, Jeonbuk National University, Student Data, Sable International, Convergence, DeFi, Peterson Holding, CISA Chief Artificial Intelligence Officer, Lisa Einstein, National Cyber Security Centre, ACD 2.0, UK, Reserve Bank of India, Payments, Tech Support, Fraud, Gaming, DDoS
Listen to the full podcast
π¨Β Cyber Alerts
A critical vulnerability in Bitdefenderβs GravityZone Update Server, identified as CVE-2024-6980, has been discovered, potentially exposing organizations to server-side request forgery (SSRF) attacks. This flaw, with a CVSS score of 9.2, originates from a verbose error-handling issue in the proxy service, impacting GravityZone Console versions before 6.38.1-5 running on-premises. Exploiting this vulnerability, attackers could access sensitive resources, bypass security controls, manipulate server operations, and gather confidential information.
Attackers are hijacking Facebook pages to distribute the Lumma stealer, a malicious software that steals user credentials. This campaign, discovered by Trend Micro researchers, involves phishing tactics to gain control of legitimate Facebook pages. Once hijacked, the pages promote a fake AI photo editor, luring users into downloading an endpoint management utility that ultimately delivers the Lumma stealer. This malware targets sensitive information such as system details, browser data, and extensions.
Microsoft has released a critical security update for its Edge browser, addressing three significant vulnerabilities, including one that allows attackers to execute arbitrary code. The update, issued on August 1, 2024, fixes flaws in versions prior to 127.0.2651.86, including CVE-2024-7256, a validation issue in the Dawn graphics component, and CVE-2024-6990, an uninitialized use vulnerability. Users are strongly advised to update their browsers immediately to mitigate these risks.
Cybersecurity researchers have identified a new Windows backdoor, BITSLOTH, which exploits the Background Intelligent Transfer Service (BITS) for stealthy command-and-control operations. Discovered by Elastic Security Labs on June 25, 2024, during an attack on a South American Foreign Ministry, BITSLOTH is notable for its use of BITS to blend in with regular network traffic, making detection difficult.
Threat actors have been exploiting Cloudflareβs TryCloudflare feature to create one-time tunnels for distributing various remote access trojans (RATs), including AsyncRAT, GuLoader, Remcos, VenomRAT, and Xworm. According to Proofpoint, these attacks have been ongoing since February 2024, using phishing messages that contain URLs or attachments leading to the creation of tunnels, which then facilitate a multi-stage infection chain. The attackers, who use multiple languages and varied lures, have impacted thousands of organizations globally
π₯ Cyber Incidents
McDowall Affleck, an Australian engineering firm, has confirmed a cyber incident following claims by the ransomware group RansomHub. On August 1, 2024, RansomHub alleged that it had accessed 470 GB of McDowall Affleckβs data, including critical documents, insurance records, and personal information. The firm has taken immediate steps to secure its systems and engaged forensic experts to investigate the breach. McDowall Affleck has reported the incident to the Australian Cyber Security Centre (ACSC) and is cooperating with law enforcement.
Jeonbuk National University (JBNU) has issued an apology following a significant data breach affecting over 320,000 individuals. On August 1, 2024, the university revealed that its online system, “Oasis,” was compromised during multiple hacking attempts on Sunday, with the breach discovered during the second attempt, which lasted six hours. The exposed data includes sensitive personal information such as names, national identification numbers, mobile numbers, email addresses, residential addresses, and academic details of 322,425 students, alumni, and Continuing Education Center participants.
Sable International, a global financial and immigration services firm, has experienced a significant cyber attack, prompting the company to shut down its server, website, and transactional portal as it manages the incident. The firm, which serves expatriates and high-net-worth individuals, has reported the breach to South African and UK authorities in compliance with data privacy regulations.
On August 1, 2024, the decentralized finance (DeFi) protocol Convergence suffered a significant breach, resulting in a $212,000 loss. The hack was triggered by the accidental removal of a critical line of code from the CvxRewardDistributor smart contract. This error, made during a gas optimization update, allowed the attacker to exploit the contract, minting and selling 58 million CVG tokens.
Peterson Holding based in Maine has reported a data breach that occurred between June 27 and 28, 2023, during which unauthorized access to its computer systems was detected. The breach potentially exposed personal information, including names and Social Security numbers. The company swiftly responded by isolating affected servers, changing passwords, and launching a comprehensive investigation, which concluded on May 8, 2024.
π’ Cyber News
The Cybersecurity and Infrastructure Security Agency (CISA) has appointed Lisa Einstein as its first Chief Artificial Intelligence Officer. Einstein, who previously served as the Senior Advisor for AI and Executive Director of the CISA Cybersecurity Advisory Committee, will lead the agencyβs efforts to integrate AI into cybersecurity strategies. Her new role emphasizes CISAβs commitment to responsible AI use and governance to enhance the security of critical infrastructure.
On August 2, 2024, the UK’s National Cyber Security Centre (NCSC) announced the launch of Advanced Cyber Defence (ACD) 2.0, an updated initiative designed to address the evolving cyber threat landscape. ACD 2.0 will introduce a new suite of cybersecurity tools and services to address gaps in the commercial market, while also reviewing and potentially transferring management of existing tools to the private sector. The update responds to advancements in cyber threats and aims to enhance protection for the majority of people in the UK.
On August 2, 2024, the Reserve Bank of India (RBI) introduced a new framework requiring additional factor authentication (AFA) for all digital payment transactions, with specific exemptions. This move aims to enhance digital payment security by incorporating alternative methods beyond traditional SMS-based one-time passwords (OTPs). Under the new rules, all transactions, except card-present ones, must use a dynamic, non-reusable authentication factor created after payment initiation.
On August 2, 2024, Vinoth Ponmaran, a key figure in a large-scale tech support fraud scheme, was sentenced to seven years in prison by the United States Attorney for the Southern District of New York. Ponmaranβs operation, which spanned from March 2015 to July 2018, targeted elderly victims across the U.S. and Canada, defrauding them of over $6 million. The scheme involved misleading pop-ups that falsely claimed malware infections, directing victims to pay for non-existent computer repairs.
The gaming industry has experienced a dramatic 94% increase in layer 7 distributed denial-of-service (DDoS) attacks over the past year, according to Akamai. The report, covering January 2023 to June 2024, highlights the sector’s growing vulnerability amidst its vast player base and high revenue. With over 25 billion attacks recorded in peak months and significant rises in bot activity, the industry faces new cybersecurity challenges.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
