π What’s happening in cybersecurity today?
AWS, Code Execution, Microsoft, Office Spoofing, Earth Baku, Europe, Middle East, Africa, Trend Micro, AMD, Sinkclose, Ewon Cosy+, Root Access, Trump, Campaign Hack, Iran, Phishing, Evolution Mining, Indonesia, National Civil Service Agency, Independence Day, Breach, Ohio, School Boards Association, Gramercy Surgery Center, Patient Information, US, Bipartisan Bill, Vulnerability Disclosure, Federal Contractors, UK, National Cyber Security Centre, National Cyber Deception Initiative, Russia, Messaging App, Signal, Liberia, Maritime Registry, Information Sharing, Compact Database, Sellafield Nuclear Site, Cybersecurity Failures
Listen to the full podcast
π¨Β Cyber Alerts
Cybersecurity researchers have discovered multiple severe vulnerabilities in Amazon Web Services (AWS) that could lead to remote code execution (RCE), data theft, and full-service takeovers. The flaws, identified by cloud security firm Aqua and disclosed in February 2024, exploit an attack vector called Bucket Monopoly. This vector takes advantage of the automatic creation of AWS S3 buckets in services like CloudFormation and SageMaker, allowing attackers to gain unauthorized access to sensitive data by preemptively creating buckets in unused regions.
Microsoft has revealed a significant spoofing vulnerability, CVE-2024-38200, affecting multiple versions of its Office suite, including Office 2016, 2019, LTSC 2021, and Microsoft 365 Apps for Enterprise. Rated 7.5 on the CVSS scale, this flaw could potentially allow attackers to steal sensitive information by tricking users into opening malicious files delivered via compromised or deceptive websites.
Earth Baku, an advanced persistent threat (APT) group previously focused on the Indo-Pacific region, has recently broadened its cyber attack operations to Europe, the Middle East, and Africa (MEA). The group’s new campaign targets nations such as Italy, Germany, the UAE, and Qatar, with suspected activity also noted in Georgia and Romania. Utilizing public-facing applications like IIS servers, Earth Baku deploys sophisticated malware tools including the Godzilla webshell, StealthVector, and the modular SneakCross backdoor.
AMD is currently dealing with a significant security issue due to the Sinkclose vulnerability, which affects a broad range of its processors. This flaw allows attackers to execute code within the processorβs System Management Mode (SMM), a highly secure area shielded from most software and the operating system. The vulnerability, discovered by IOActive and reported by Wired, impacts AMD chips dating back to 2006 and poses substantial risks, particularly for high-profile targets like government agencies and large corporations.
Researchers have discovered severe vulnerabilities in the Ewon Cosy+, a popular industrial remote access gateway tool developed by HMS Networks. Unveiled at DEF CON 32, these flaws include OS command injection, insecure permissions, and certificate request vulnerabilities. By exploiting these weaknesses, attackers could gain root access to the device, allowing them to execute arbitrary commands, decrypt firmware, and access sensitive data.
π₯ Cyber Incidents
Donald Trumpβs campaign has reported a significant breach of its internal communications, attributing the hack to Iranian phishers. According to campaign spokesperson Steven Cheung, the breach involved a spear phishing attack targeting a senior official in June. Microsoft corroborated the claim, revealing that Iranian hackers, linked to the Islamic Revolutionary Guard Corps, sent a phishing email to the campaign and unsuccessfully attempted to access an account belonging to a former presidential candidate.
Australian gold mining company Evolution Mining has recently been targeted in a cyber attack, becoming the latest victim in a series of high-profile breaches affecting Australian firms. The company reported the incident last week but assured that the security breach has been contained and is not expected to impact operations significantly. Evolution Mining has informed the Australian Cyber Security Centre (ACSC)
A significant data breach has hit Indonesia’s National Civil Service Agency (BKN) just ahead of the countryβs 79th Independence Day celebrations. The Cyber Security Research Institute (CISSReC) confirmed the breach, which was first reported by an anonymous hacker named TopiAx on Breachforums. The compromised data includes over 4.7 million records containing sensitive personal information such as names, dates of birth, civil servant identification numbers, and academic details.
The Ohio School Boards Association (OSBA) experienced a significant cyberattack on August 8, 2024, which led to disruptions in its operations and communication channels. The association’s website and email systems were rendered inoperative following the breach. While the OSBA has stated that it does not store sensitive personal or financial data, and there is no current evidence suggesting that member information has been compromised, the incident has nonetheless impacted their ability to effectively communicate with the 3,500 school board members they represent.
Gramercy Surgery Center, an ambulatory surgery center with locations in Manhattan and Queens, New York, has been targeted in a significant cyberattack. The Everest Team, a known threat actor, leaked approximately 460 GB of data, including sensitive patient information such as Social Security numbers, medical records, and health insurance details. The breach, which was discovered in mid-July 2024, saw Gramercyβs data posted on the dark web.
π’ Cyber News
U.S. Senators Mark R. Warner (D-VA) and James Lankford (R-OK) recently introduced the Federal Contractor Cybersecurity Vulnerability Reduction Act of 2024, a bipartisan bill aimed at tightening cybersecurity measures for federal contractors. The proposed legislation mandates that federal contractors adhere to the National Institute of Standards and Technology’s (NIST) vulnerability disclosure guidelines.
The UKβs National Cyber Security Centre (NCSC) has initiated a groundbreaking national effort to enhance cyber defense through cyber deception technologies. At a recent conference in London, the NCSC unveiled its plan to create a comprehensive evidence base by deploying a wide range of cyber deception tools, including digital tripwires, honeypots, and tokens. The aim is to deploy 5,000 low and high-interaction solutions across the UK, 20,000 instances within internal networks, 200,000 assets in cloud environments, and 2,000,000 tokens.
Russia has initiated a significant crackdown on the encrypted messaging app Signal, citing concerns that the platform is being used by extremists and terrorists for communication. The move, spearheaded by the Russian government regulator Roskomnadzor, has led to widespread reports of access issues, with many users experiencing glitches and errors when attempting to register or use the app.
Liberia has launched the Registry Information Sharing Compact (RISC) database, a new platform designed to enhance maritime compliance and security. Inaugurated by Alfonso Castillero, CEO of the Liberian International Ship & Corporate Registry (LISCR), the RISC database provides a free, online tool for flag registries to share and access vessel information.
Sellafield, a key nuclear waste management facility in Cumbria, England, has issued a formal apology following a series of cybersecurity failings that jeopardized national security. The Office for Nuclear Regulation (ONR) charged Sellafield with IT security lapses spanning from 2019 to 2023, revealing that 75% of the site’s servers were vulnerable due to outdated systems. An external report highlighted that these vulnerabilities could have allowed unauthorized access and potential malware insertion, raising fears of espionage and sabotage.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
