π What’s happening in cybersecurity today?
Apache, Code Execution, Panamorfi, Jupyter, Discord, DDoS, Rockwell Automation, CISA, DVRs, NetSecFish, Android, Trojan, BlankBot, Financial Data, Turkey, Intel471, Platinum Technology, Database, Illinois, vpnMentor, Google Ads, Disruptions, Mobile Guardian, Israel, WeRedEvils, Iran, First Commonwealth Credit Union, US, Germany, Cryptonator, Money Laundering, TikTok, Children’s Data, UK, AI, Funding, RailTel, Cylus, India, Railways, WeChat, Malaysia, E-Wallet Services
Listen to the full podcast
π¨Β Cyber Alerts
A critical vulnerability has been discovered in the Apache InLong project, specifically within its TubeMQ component, posing a severe threat to users worldwide. This flaw allows remote attackers to execute arbitrary code, potentially compromising the entire InLong infrastructure. Given the widespread use of Apache InLong across various sectors, including finance, healthcare, and e-commerce, the impact could be extensive, leading to data breaches and operational disruptions.
A new Distributed Denial of Service (DDoS) campaign named Panamorfi has emerged, leveraging misconfigured Jupyter notebooks and Discord to launch attacks. Operated by the threat actor yawixooo, the campaign begins with gaining access to exposed Jupyter notebooks, from which attackers deploy a Minecraft server DDoS tool through Discord. This tool, downloaded as a zip file containing two Jar files, facilitates a TCP flood attack aimed at overwhelming target servers.
A severe vulnerability has been uncovered in Rockwell Automationβs ControlLogix 1756 devices, identified as CVE-2024-6242, which allows unauthorized access and manipulation of device configurations. This flaw, with a CVSS v3.1 score of 8.4, enables attackers to bypass the Trusted Slot feature in ControlLogix controllers, potentially executing common industrial protocol (CIP) commands. Discovered by Claroty, the vulnerability permits attackers to send elevated commands and modify the PLC CPUβs logic, even from untrusted network cards.
A critical security vulnerability has been discovered in multiple digital video recorders (DVRs), exposing over 400,000 devices to potential cyber-attacks. The flaw, identified in models such as TVT DVR TD-2104TS-CL and Provision-ISR DVR SH-4050A5-5L(MM), results from insufficient access controls on the devices’ web servers. This vulnerability, categorized under CWE-200: Information Exposure, allows unauthorized access to sensitive device information, including hardware and software versions, serial numbers, and network configurations.
Cybersecurity researchers have identified a new Android banking trojan named BlankBot, which is specifically targeting Turkish users to steal their financial information. Discovered on July 24, 2024, BlankBot employs various malicious techniques, including keylogging, screen recording, and overlay injections, to access sensitive data such as bank account credentials and payment information. The trojan uses Android’s accessibility services to gain extensive control over infected devices, circumventing security measures introduced in Android 13.
π₯ Cyber Incidents
A significant data breach has exposed 4.6 million voter records and election documents, with sensitive information from Platinum Technology Resource in Illinois made publicly accessible online. Discovered by cybersecurity researcher Jeremiah Fowler, the breach involved 13 non-password-protected databases containing critical details such as voter registrations, Social Security Numbers, and driverβs license information.
A significant reporting glitch in Google Ads, which began on July 30, 2024, exposed sensitive competitor information and led to the unavailability of critical reporting tools. The issue, affecting a small fraction of advertisers, allowed some users to view unrelated item IDs, product titles, and Merchant Center information from other accounts.
On August 4, 2024, Mobile Guardian experienced a significant security breach that compromised iOS and ChromeOS devices enrolled in its platform. The unauthorized access led to the remote wiping of a small percentage of devices across North America, Europe, and Singapore. While the breach caused temporary disruptions and restricted access for users, there is no evidence suggesting that personal data was exposed. In response, Mobile Guardian halted its services to prevent further unauthorized access and is actively investigating the incident.
The Israeli hacker group WeRedEvils has claimed responsibility for recent internet disruptions in Iran, as reported by the Jerusalem Post. On August 2, 2024, the group announced their intention to target Iran’s internet systems via their Telegram channel, and subsequently reported a successful breach of Iranβs communications infrastructure. The outage affected several regions, including Tehran, Mashhad, and Kermanshah, with users experiencing significant disruptions.
On August 2, 2024, First Commonwealth Federal Credit Union, based in Lehigh Valley, Pennsylvania, announced a data security incident involving unauthorized access to personal information of some current and former members. Discovered on June 27, 2024, the breach revealed that sensitive data, including names, addresses, Social Security numbers, dates of birth, and account numbers, might have been compromised.
π’ Cyber News
US and German Authorities have seized the online cryptocurrency wallet Cryptonator as part of a joint operation and charged its founder, Roman Pikulev, following a significant international crackdown. The U.S. Department of Justice, IRS-Criminal Investigation, FBI, and German Federal Criminal Police Office led the operation against Cryptonator, which was accused of failing to implement anti-money laundering (AML) controls and facilitating illicit activities.
On August 5, 2024, the U.S. Justice Department, alongside the Federal Trade Commission, filed a lawsuit against TikTok, accusing the company of illegally collecting personal data from children under 13 and violating previous agreements related to online privacy. The lawsuit alleges that TikTok, operated by China-based ByteDance, failed to obtain parental consent before collecting data from young users, did not honor requests to delete such accounts, and continued to allow underage users to create accounts using third-party credentials.
The UK Labour government has announced it is shelving Β£1.3 billion in funding previously pledged by the Conservative administration for AI projects, including the development of the UKβs first exascale supercomputer at the University of Edinburgh. The decision, which includes withdrawing Β£800 million earmarked for the supercomputer and Β£500 million for the AI Research Resource, is justified by the Labour government as addressing βunfunded commitmentsβ not included in the previous budget plans.
RailTel, a prominent public sector enterprise, has teamed up with Cylus, a leading cybersecurity firm, to enhance cybersecurity across Indian Railways. Announced on August 2, 2024, this strategic partnership aims to fortify the protection of critical railway infrastructure, including signaling, trackside operations, and SCADA networks. RailTel will integrate Cylusβ advanced technology, CylusOne, into its existing systems to safeguard against emerging cyber threats.
Chinese tech giant Tencent has announced that WeChat Pay Malaysia will cease all payment services starting September 1, 2024. The move comes as part of a business strategy adjustment, and new e-wallet user registrations have already been halted as of August 1, 2024. Existing users will have until December 31, 2024, to withdraw their balances through the e-wallet portal, with special withdrawal arrangements in place from January 1, 2025.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.