π What’s trending in cybersecurity today?
Computer Emergency Response Team, Ukraine, Vermin, Phishing, Shanghai Fudan, RFID Cards, Backdoor, Instant Cloning, Apache, DolphinScheduler, Code Execution, UULoader Malware, Weaponized PDFs, Czechia, Mobile Users, Progressive Web Apps, CannonDesign, Avos Locker, Ransomware, Client, Data Exposure, Arizona, Microchip Technology, City of Bella Vista, DAI, Stolen, Maker Wallet, California, AI Catastrophe Bill, VIDA Fitness, Locker Room, Nigeria, IPv6 Transition, Cybersecurity, DDoS, Costs, Fabric Cryptography, Verifiable Processing Unit
Listen to the full podcast
π¨Β Cyber Alerts
The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning regarding a new phishing campaign linked to the Vermin threat group, tracked as UAC-0020. This campaign uses photos of alleged prisoners of war (PoWs) from the Kursk region as bait, luring victims into downloading a ZIP file. The archive contains a Microsoft Compiled HTML Help (CHM) file that executes an obfuscated PowerShell script.
Researchers from Quarkslab have discovered a critical hardware backdoor in millions of RFID cards produced by Shanghai Fudan Microelectronics, enabling the instant cloning of these contactless cards. The flaw affects the FM11RF08S variant, which was marketed as resistant to known attacks. The backdoor allows any entity with knowledge of it to bypass user-defined security keys and read all data on the cards within minutes.
A critical vulnerability identified as CVE-2024-43202 has been discovered in Apache DolphinScheduler, a popular open-source workflow orchestration platform. This security flaw, affecting all versions from 3.0.0 up to but not including 3.2.2, allows attackers to execute remote code, posing significant risks such as unauthorized system control, data breaches, and potential disruptions.
A new strain of malware known as UULoader is targeting users through weaponized PDF documents, primarily affecting Korean and Chinese speakers. This malware, which disguises itself as legitimate software through malicious .msi installers, employs advanced evasion techniques including DLL side-loading and file header stripping. By removing file headers and packaging components in a .cab archive, UULoader eludes static detection tools and masquerades as benign data.
Mobile users in the Czech Republic are being targeted by a sophisticated phishing scheme that exploits Progressive Web Applications (PWAs) to steal banking credentials. Cybersecurity firm ESET reports that attackers are mimicking legitimate banking apps, such as ΔeskoslovenskΓ‘ obchodnΓ banka (CSOB), OTP Bank, and TBC Bank, to trick users into installing fraudulent PWAs. These deceptive apps are distributed via automated calls, SMS, and social media ads, and appear as authentic updates for banking apps.
π₯ Cyber Incidents
CannonDesign, a prominent U.S. architectural and consulting firm, has confirmed a significant data breach linked to the Avos Locker ransomware attack that occurred between January 19-25, 2023. The breach, which involved unauthorized network access and data exfiltration, has compromised personal information of over 13,000 clients, including names, addresses, Social Security numbers, and driverβs license details.
Microchip Technology Incorporated, based in Chandler, Arizona, has revealed that a cyberattack significantly impacted its operations over the weekend, affecting multiple manufacturing facilities. The company, which serves a wide range of industries, including industrial and automotive sectors, detected suspicious activity on August 17, 2024. By August 19, the attack had disrupted the use of certain servers and business operations, leading to reduced operational capacity.
The City of Bella Vista, Arkansas, has been forced to close its offices through Wednesday, August 21, due to a potential cyberattack. The closure comes after the cityβs IT department detected suspicious activity on Sunday, leading to a precautionary shutdown of network systems, including internet and phone services. As the investigation into the incident continues, city operations are being conducted remotely via email and virtual channels.
On August 20, 2024, a major crypto phishing attack resulted in the theft of $55 million from a high-profile wallet in the decentralized finance (DeFi) protocol Maker. The attack was executed when the wallet owner unknowingly signed a malicious transaction, transferring ownership of 55.47 million DAI to a phishing address. Despite attempts to rectify the mistake by moving the funds to a new address, the transaction had already been completed. Blockchain analytics firm Lookonchain reported that the attackers have since converted the stolen stablecoins into 10,625 Ether and withdrawn them.
FlightAware, a popular flight tracking website, has disclosed a significant data breach that exposed sensitive customer information, including Social Security numbers and payment details, dating back to January 2021. The company, which filed a breach notice with California’s State Attorney General on August 13, 2024, revealed that a configuration error led to the inadvertent leakage of personal data for over three years.
π’ Cyber News
The California State Assembly Appropriations Committee has approved an amended version of the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act, initially proposed by State Senator Scott Wiener. This bill, aimed at preventing AI-related disasters, faced criticism from industry leaders and federal lawmakers who argued it might stifle innovation. The revised bill now removes the provision allowing the state attorney general to sue AI companies for negligence before a catastrophe occurs and softens the requirements for safety testing
VIDA Fitness in Washington, D.C., has announced a pause on its plans to install surveillance cameras in men’s locker rooms amid growing privacy concerns from members. The gym’s owner, David von Storch, stated that the decision to halt the installation is aimed at addressing members’ objections while emphasizing that the cameras were intended to combat theft, which has been a significant issue.
Nigeria is leading Africa’s digital transformation by transitioning from IPv4 to IPv6, a move set to enhance cybersecurity and internet services across the continent. Announced by Dr. Bosun Tijani, Nigeria’s Minister of Communications, Innovations, and Digital Economy, this initiative positions Nigeria as the first African nation to fully adopt IPv6. The upgrade, unveiled at the IPv6 Driven Digital Infrastructure Summit in Abuja, promises to improve network efficiency, security, and economic opportunities by providing a virtually limitless number of IP addresses.
In the first half of 2024, the cost of Distributed Denial of Service (DDoS) attacks has surged to $6,000 per minute, with an average attack now lasting 45 minutesβan 18% increase from the previous year, according to Zayo’s latest report. The frequency and duration of these attacks have risen significantly, with DDoS attacks up 106% from the latter half of 2023. Short-burst attacks, lasting less than 10 minutes, continue to dominate, representing 86% of all attacks in early 2024.
Fabric Cryptography has secured $33 million in Series A funding to advance its development of the Verifiable Processing Unit (VPU), a groundbreaking chip designed for cryptographic applications. Co-led by 1kx and Blockchain Capital, with support from Matter Labs, Offchain Labs, and Polygon, this investment will help the Santa Clara-based startup enhance its hardware and software offerings. The VPU aims to revolutionize cryptographic computations, offering performance improvements akin to those seen in AI hardware advancements.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
