π What’s the latest in the cyber world today?
Microsoft, MacOS, Iran, Threat Actor, TA453, Jewish Leader, AnvilEcho, Malware, TLS, Bootstrap Attack, Azure, Kubernetes, PHP, Msupedge, Backdoor, Critical, Code Execution, GiveWP, WordPress, Plugin, Toyota, Customer Information, Singapore, Beng Kuang Marine, Ransomware, Oregon Zoo, Credit Card, New York, Tri State Area Federal Credit Union, Piedmont Cancer Institute, Atlanta, Patients, Singapore, Operational Technology, Masterplan, 2024, Holograph, Crypto Heist, Italy, US, South Korea, North Korea, Cyber Threats, UK, National Cyber Security Centre, Cyber Resilience, Audit Scheme, Central Electricity Authority, India, Cybersecurity, Regulations
Listen to the full podcast
π¨Β Cyber Alerts
A newly discovered vulnerability in multiple Microsoft applications for macOS could allow hackers to spy on users by exploiting the permissions granted to these apps, potentially gaining unauthorized access to cameras, microphones, and sensitive data. Researchers from Cisco Talos found that the flaw allows malicious software to inject libraries into Microsoft apps like Outlook, Teams, Word, Excel, PowerPoint, and OneNote, bypassing macOS’s Transparency, Consent, and Control (TCC) framework.
Iranian state-sponsored cyber group TA453, also known as APT42 or Charming Kitten, has launched a targeted spear-phishing campaign against a prominent Jewish leader. Beginning in late July 2024, the attackers attempted to deliver a new malware toolkit named BlackSmith, featuring a PowerShell trojan called AnvilEcho. The group used social engineering tactics, posing as a Research Director from the Institute for the Study of War (ISW) to gain the target’s trust.
Researchers have identified a critical security vulnerability in Microsoft Azure Kubernetes Services (AKS) that allows attackers to perform a TLS bootstrap attack. This flaw, affecting clusters configured with Azure CNI and Azure Network Policy, enables an attacker with command execution in a pod to download provisioning configurations and extract sensitive TLS tokens. These tokens can then be used to access all secrets within the cluster, including TLS keys, certificates, and authentication tokens.
Hackers have exploited a critical PHP vulnerability (CVE-2024-4577) to deploy a previously undocumented backdoor named Msupedge, targeting a university in Taiwan. This sophisticated backdoor communicates with its command-and-control server through DNS traffic, utilizing a technique based on the open-source dnscat2 tool. Msupedge operates by sending commands through DNS name resolution and using resolved IP addresses to trigger various actions.
The GiveWP plugin for WordPress has recently received a crucial update to address a severe remote code execution (RCE) vulnerability. Discovered by security researcher villu164, this flaw, identified as CVE-2024-5932, involves a PHP Object Injection issue that allows unauthorized users to execute arbitrary code and delete files on affected sites. The vulnerability affects all GiveWP versions up to 3.14.1 and is critical, with a CVSS score of 10.0.
π₯ Cyber Incidents
Toyota has confirmed a significant data breach after threat actor ZeroSevenGroup leaked 240GB of stolen data on a hacking forum. The compromised information reportedly includes sensitive details about Toyota employees, customers, financial records, and network infrastructure. Toyota stated that the breach is “limited in scope” and is providing support to affected individuals. The stolen data, which appears to have been gathered on December 25, 2022, was extracted using the open-source tool ADRecon.
Singapore’s Beng Kuang Marine has reported a cybersecurity incident following a ransomware attack on an external IT service provider. According to an August 19 filing, the infrastructure engineering and corrosion prevention firm revealed that the attack primarily impacted backend working files stored on the provider’s servers. The provider detected the breach and promptly disabled network connections. While the ransomware encrypted data, initial investigations suggest there is no evidence of data theft or exposure.
The Oregon Zoo has reported a significant data breach affecting over 100,000 customers, following a cyberattack that compromised its online ticketing platform. Discovered in late June 2024, the breach involved unauthorized access to payment transactions from December 20, 2023, to June 26, 2024. Cybercriminals managed to redirect customer transactions from the zooβs third-party payment vendor, potentially exposing sensitive information including names, credit card numbers, CVVs, and expiration dates.
New York’s Tri State Area Federal Credit Union (TSAFCU) has recently alerted its members about a data breach involving potential exposure of personal information. The breach, which occurred between May 9 and May 10, 2024, was linked to unauthorized access to a TSAFCU employee’s email account. While the investigation, completed by July 19, 2024, revealed that the compromised documents contained members’ names and other sensitive data.
Piedmont Cancer Institute (PCI) in Atlanta has reported a data security breach affecting personal information of at least one Maine resident. Discovered on March 25, 2024, unauthorized access was detected in an employee’s email account, prompting PCI to engage cybersecurity experts and secure the account. A thorough investigation confirmed that the compromised data included personal information such as names and Social Security numbers.
π’ Cyber News
On August 20, 2024, Singapore unveiled its updated Operational Technology Cybersecurity Masterplan, known as OT Masterplan 2024, during the Singapore Operational Technology Cybersecurity Expert Panel (OTCEP) Forum. This strategic update aims to bolster the cybersecurity framework for both Critical and non-critical Information Infrastructure (CII), addressing emerging threats in an increasingly digital landscape.
In a dramatic turn of events, Italian authorities have arrested four individuals linked to the $14 million cryptocurrency heist targeting blockchain tech firm Holograph. The suspects, who were living in luxury villas across Italy’s Sardinia, Elba Island, and the Amalfi Coast, were apprehended following a coordinated effort by Italy’s Polizia di Stato and the French National Police. The criminals exploited a smart contract flaw on June 13, 2024, allowing them to mint and steal 1 billion HLG tokens, which subsequently saw their value drop by over 80%.
South Korea and the United States have commenced their annual Ulchi Freedom Shield military exercises, aimed at enhancing their joint readiness against North Korean threats. Running from August 19 to 29, the drills will address a range of potential dangers, including North Korea’s missile capabilities, GPS jamming, and cyberattacks. The exercises come as North Korea accelerates its nuclear and missile programs and attempts to deploy reconnaissance satellites.
The UK’s National Cyber Security Centre (NCSC) has officially launched its Cyber Resilience Audit (CRA) scheme, designed to certify auditors for evaluating cyber resilience in critical sectors. Announced at the CYBERUK conference in May, the scheme focuses on ensuring auditors can conduct independent assessments based on the Cyber Assessment Framework (CAF). Initially targeting key sectors, the CRA scheme will eventually expand to include a variety of industries.
The Central Electricity Authority (CEA) of India has announced the draft Cyber Security Regulations for the power sector, 2024. These regulations extend across all relevant entities within the sector, including regional power committees, commissions, governments, training institutes, and vendors. They mandate the establishment of a Computer Security Incident Response Team (CSIRT)-Power, tasked with creating a comprehensive cybersecurity framework, managing incidents, and collaborating with cybersecurity bodies like CERT-In and NCIIPC.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
