π What’s trending in cybersecurity today?
Apache, OFBiz, Exploitation, BlackByte, Ransomware Gang, Encryptor, Advanced Tactics, QR Code, Phishing, Microsoft Sway, Credentials Theft, Unencrypted Transmission, Sensitive User Data, Fortra, FileCatalyst, SQL Injection, AMD, Stolen Data, Online, ServiceBridge, Data Leak, Business Exposure, Legacy Capital Advisors, Employee Email, Banham, Poultry Factory, Staff Data, California, Cucamonga Valley Water District, Payments Disruption, Biden Administration, Meta, Censorship, COVID-19, Australia, Cybersecurity Advisory Board, Uplift Plan, Malta,Β Nationalist Party, Ethical Hackers, Investigation, Check Point, Acquisition, Cyberint, Threat Intelligence, Notion, Exit, Russia
Listen to the full podcast
π¨Β Cyber Alerts
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the Apache OFBiz open-source enterprise resource planning (ERP) system, identified as CVE-2024-38856, to its Known Exploited Vulnerabilities (KEV) catalog due to reports of active exploitation. This flaw, with a CVSS score of 9.8, allows remote code execution through an incorrect authorization mechanism that can be exploited by unauthenticated attackers using a crafted Groovy payload.
The BlackByte ransomware gang, known for its association with Conti splinter groups, has introduced a new encryptor alongside advanced tactics, techniques, and procedures (TTPs). The updated encryptor features a distinctive file extension, βblackbytent_h,β and employs a Bring Your Own Vulnerable Driver (BYOVD) technique with an increased number of vulnerable drivers compared to previous iterations. In recent attacks, BlackByte affiliates have shifted their approach by exploiting CVE-2024-37085, an authentication bypass vulnerability in VMware ESXi, to simultaneously encrypt multiple virtual machines.
A new QR code phishing campaign is exploiting Microsoft Sway to steal Microsoft 365 credentials. Cybersecurity researchers have identified that attackers are using Sway, a legitimate cloud-based application for creating presentations and documents, to host fake pages that serve malicious QR codes. When scanned, these codes redirect users to phishing sites designed to capture login credentials.
Research has uncovered that eight mobile apps for Android and iOS are exposing sensitive user data due to inadequate security measures. These apps, including Klara Weather, Military Dating App MD Date, Sina Finance, CP Plus Intelli Serve, Latvijas Pasts, HaloVPN, i-Boating, and Texas Storm Chasers, transmit user information such as device details, geolocation, and credentials over unencrypted HTTP connections instead of HTTPS.
Fortra has urgently released patches to address two critical SQL injection vulnerabilities, CVE-2024-6632 and CVE-2024-6633, in its FileCatalyst Workflow software. Disclosed on August 27, 2024, these flaws could severely compromise system confidentiality, integrity, and availability. The vulnerabilities affect versions up to 5.1.6 Build 139, allowing unauthorized database modifications and information disclosure.
π₯ Cyber Incidents
Advanced Micro Devices (AMD) has recently fallen victim to a second significant cyberattack in 2024, with the threat group IntelBroker claiming responsibility for the breach. This attack follows a similar incident that occurred earlier in the year, underscoring a troubling pattern of targeted cyber intrusions. AMD has announced that it is actively investigating the incident to understand its full scope and implications. The compromised data, which includes sensitive user credentials, internal resolutions, and other critical information, is now reportedly being sold on dark web marketplaces.
Security researcher Jeremiah Fowler has uncovered a massive data breach involving ServiceBridge, a cloud-based field service management platform. The exposed database, which contained over 32 million documents totaling 2.68TB, included sensitive business records such as contracts, invoices, and HIPAA consent forms dating back to 2012. The leaked data spanned various industries and countries, revealing private information like names, addresses, partial credit card numbers, and site audit reports
Georgia’s Legacy Capital Advisors LLC has announced a data breach involving employee email accounts. Discovered on September 25, 2023, the breach was caused by unauthorized access to multiple employee email accounts, beginning in late July 2023. Following an extensive investigation, completed on March 20, 2024, Legacy confirmed that sensitive information, including names and Social Security numbers, was exposed.
A cyber attack on Banham Poultry, a major poultry factory in Norfolk, England, has compromised sensitive staff information. On August 18, 2024, unauthorized access to the factoryβs systems resulted in the theft of personal details, including National Insurance numbers, passport copies, and bank information. The company promptly shut down its systems and engaged external forensic experts to assess the breach.
The Cucamonga Valley Water District (CVWD) in Inland Empire, California, is investigating a ransomware attack that occurred on August 15, 2024. The incident disrupted the district’s phone payment system, preventing customers from making payments via phone. While the attack affected the phone system, CVWDβs water distribution operations and customer database were not impacted.
π’ Cyber News
Australia is set to appoint a new cybersecurity industry advisory board in the coming months, aimed at supporting the Commonwealth Cyber Uplift Plan, according to National Cybersecurity Coordinator Lieutenant General Michelle McGuiness. The board will include major industry providers and experts to enhance public-private partnerships and improve government cyber maturity. This initiative, part of the 2023-2030 Australian Cyber Security Strategy, seeks to bolster the protection of government IT systems against cyberattacks.
The Nationalist Party (PN) of Malta has called for an end to the ongoing investigation into four young ethical hackers, who have been caught in a legal limbo since 2023. The students, Giorgio Grigolo, Michael Debono, Luke Bjorn Scerri, and Luke Collins, discovered a vulnerability in the FreeHour app and reported it to the owner, seeking a bug bounty in return. Instead, they faced arrest, strip searches, and equipment seizures. The PN argues that this prolonged investigation is stifling their enthusiasm and talent in cybersecurity, and emphasizes the need for a national cybersecurity policy to support and nurture young digital innovators.
Check Point has announced plans to acquire Israeli external risk management vendor Cyberint Technologies to bolster its security operations and managed threat intelligence capabilities. The acquisition, expected to close by the end of 2024 for approximately $200 million, aims to enhance Check Point’s ability to defend against both internal and external cyber threats. Cyberint’s expertise in threat intelligence, digital risk protection, and attack surface management will integrate with Check Point’s existing security operations, enabling more effective risk detection and mitigation.
Notion has announced its decision to exit the Russian market due to U.S. government restrictions on software services. Effective September 9, 2024, Notion will terminate all accounts and workspaces associated with users in Russia. Users have until September 8 to export their data, with options including PDF, HTML, and CSV formats available. Following the deadline, Russian-based accounts and workspaces will be deleted, and access will be permanently revoked. Notion will also cancel subscriptions for affected users on the same date, ensuring no additional charges.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
