π What are the latest cybersecurity alerts, incidents, and news?
Cthulhu Stealer, macOS, Velvet Ant, Cisco switches, Qilin Ransomware Group, Chrome credentials, Google Ads, fake Slack downloads, Amazon Services, MSC files, VeriSource Services, CRB Group, Shoshone-Bannock Tribes, Chinese General Hospital, DEDESEC, PEER Consultants, Karakurt Ransomware, extortion, money laundering, YouTube AI tool, account recovery, Lingo Telecom, fake Biden robocalls, AI, Cisco, UN Cybercrime Convention.
Listen to the full podcast
π¨Β Cyber Alerts
Cthulhu Stealer, a new macOS-targeting malware, is harvesting credentials and cryptocurrency wallets through disguised software. This information stealer, available as a malware-as-a-service, deceives users into bypassing security measures to gain access to sensitive data. Although not highly sophisticated, it highlights growing cyber threats against macOS, prompting users to exercise caution with software downloads.
Cybersecurity researchers have uncovered that the China-linked threat group Velvet Ant exploited a recently disclosed security flaw, CVE-2024-20399, in Cisco switches as a zero-day vulnerability. This breach allowed attackers to seize control of the devices and evade detection, using sophisticated tactics to maintain persistence and conduct espionage. The discovery highlights significant risks associated with third-party appliances and the need for vigilant security measures.
The Qilin ransomware group has adopted a new tactic, deploying a custom stealer to harvest account credentials stored in Google Chrome. Sophos researchers observed this alarming shift during incident response, marking a significant evolution in ransomware strategies. Qilin’s approach poses a heightened risk to organizations, making defense against such attacks increasingly complex.
Cybercriminals have recently exploited Google search ads to distribute malicious payloads via seemingly legitimate ads for Slack. This sophisticated attack underscores the evolving tactics of threat actors who now use βslow cookingβ strategies to avoid detection. The malvertising incident involved ads redirecting users to a fake Slack download page, ultimately delivering a remote access Trojan, highlighting the need for vigilant ad verification and enhanced security measures.
Hackers are increasingly targeting Amazon Services to exploit their extensive resources for malicious activities. Recent analysis by ASEC revealed that attackers use weaponized MSC files, leveraging vulnerabilities in XML structures to deliver malware. This sophisticated attack chain demonstrates the evolving tactics used to exploit cloud services for cybercrime.
π₯ Cyber Incidents
On August 21, 2024, VeriSource Services, Inc. (VSI) notified the Texas Attorney General of a data breach affecting employee and dependent information. The breach, discovered on February 28, 2024, exposed sensitive data including names, dates of birth, and Social Security numbers. VeriSource has since completed its investigation, notified affected individuals, and implemented additional security measures.
On August 16, the Shoshone-Bannock Tribes, in Idaho, discovered a potential cybersecurity incident and quickly engaged their IT department, cybersecurity consultants, and the FBI. Initial findings revealed a network security breach, leading to a public notification on August 19 and meetings with staff and tribal members on August 20. The Tribes are working with federal agencies to assess and resolve the issue, with affected systems expected to remain offline for several days while updates and security measures are implemented. The public is advised to monitor the Tribesβ website and Facebook page for further information and updates on service disruptions.
Sensitive patient information from the Chinese General Hospital and Medical Center was reportedly exposed in a data breach by the cybercriminal group DEDESEC. The breach was revealed on a dark web forum by a user named βmapadedsec,β who claimed the attack was for amusement rather than state sponsorship. Deep Web Konek advises the hospital to thoroughly investigate the breach and take steps to protect against further attacks.
PEER Consultants reported a data breach to the Attorney General of Vermont, revealing that sensitive personal identifiable information may have been accessed. The breach, discovered on February 7, 2024, involved suspicious activity on PEER’s network from January 18 to February 7, 2024. The investigation is ongoing to assess the impact and identify affected individuals.
CRB Group recently reported a data breach to the Attorney General of Massachusetts, revealing that sensitive personal information in their systems may have been accessed by unauthorized individuals. The breach, which was detected on January 3, 2024, followed a network disruption that began on December 25, 2023, prompting an immediate investigation into the scope of the incident. CRB has begun notifying affected individuals and is offering complimentary credit monitoring services while assessing the exact nature of the compromised data.
π’ Cyber News
Deniss Zolotarjovs, a Latvian national linked to the Russian Karakurt ransomware group, has been charged in the U.S. with money laundering, wire fraud, and extortion. Zolotarjovs, who was arrested in Georgia and extradited earlier this month, is accused of participating in extortion schemes that targeted American organizations. The FBI’s investigation revealed his involvement in negotiating ransoms and laundering proceeds, making him the first Karakurt member to face charges in the U.S.
YouTube has introduced an AI troubleshooting tool to help users recover hacked accounts. The new “support assistant” chatbot guides users through securing their login and undoing any unauthorized changes. While currently available only in English and to certain users, YouTube plans to expand this feature to all users in the future.
In the first half of 2024, the US saw a significant 46.15% increase in high and critical cyber alerts. According to Critical Startβs Cyber Research Unit, manufacturing and industrial sectors remain the top targets, with notable spikes in ransomware and data leaks. The report also highlights emerging threats such as deepfake fraud and business email compromise, emphasizing the need for enhanced security measures and resilience strategies.
Lingo Telecom has been fined $1 million for transmitting deceptive robocalls that used AI to imitate President Joe Biden’s voice, according to the FCC. The calls, made two days before the New Hampshire primary, violated federal caller ID rules. The FCC had initially sought a $2 million penalty and is still pursuing a $6 million fine against political consultant Steve Kramer, who arranged the calls and faces a criminal indictment.
Cisco has voiced concerns about the UN Convention Against Cybercrime, questioning its effectiveness in improving international cybersecurity law enforcement while preserving fundamental rights. The company is particularly worried that the conventionβs broad approach might conflict with free speech values in liberal democracies. Cisco suggests that the Convention should align more closely with the existing Budapest Convention to ensure a balance between fighting cybercrime and protecting human rights.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
