π What’s trending in cybersecurity today?
FBI, Cryptocurrency Firms, Social Engineering, MacroPack, Red-Teaming, Malware, Android, September Update, Local Privilege Flaw, D-Link, Critical, RCE, DIR-846W Routers, End of Support, Zyxel, OS Command Injection, Tennessee, Specialty Networks, Data Exposure, Pro-Russian, Cyberattack, French Companies, Regional Councils, Penpie, Protocol Hack, University of Reims, Elyria Foundry, Breach, US,Β National Cyber Director, Border Gateway Protocol, Security, Roadmap, NTIA, Data Center, Security Risks, AI, Integration, Challenges, Australia, Taiwan, Cybersecurity, Sydney Dialogue Summit, OpenBAS,Β Security Drills, Sweden, Screen Time, Limits, Health Risks
Listen to the full podcast
π¨Β Cyber Alerts
The FBI has issued a warning to cryptocurrency firms about an uptick in aggressive social engineering attacks orchestrated by North Korean hacking groups. These sophisticated attacks involve hackers targeting employees of cryptocurrency businesses, particularly those linked to exchange-traded funds (ETFs) and other financial products. The attackers utilize extensive research to impersonate known contacts or industry figures, using fluent English and detailed technical knowledge to gain trust. The goal is to deploy malware and steal crypto assets, with the FBI highlighting the advanced nature of these tactics, making them challenging to detect even by seasoned cybersecurity professionals.
Cybercriminals have reportedly exploited MacroPack, a legitimate red-teaming framework, to distribute various malicious payloads, including the Brute Ratel and Havoc tools, as well as a new variant of the PhantomCore remote access trojan (RAT). Cisco Talos analysis revealed that these attacks involved obfuscating techniques, such as function renaming and string encoding, to evade detection. The MacroPack-generated documents, which included both generic and military-themed lures, targeted victims across China, Pakistan, Russia, and the U.S.
Google has released its September 2024 Android security updates, addressing 35 vulnerabilities, including a critical local privilege escalation flaw tracked as CVE-2024-32896. This high-severity bug, affecting the Android Framework component, was initially disclosed in June 2024 and exploited as a zero-day vulnerability targeting Pixel devices. The September update, which includes the 2024-09-01 and 2024-09-05 security patch levels, fixes this and other severe issues across various components, such as Kernel and Qualcomm.
D-Link has announced that it will not be addressing four critical remote code execution (RCE) vulnerabilities in its DIR-846W routers, as the devices have reached end-of-life (EOL) status. Discovered by security researcher yali-1002, the flaws include CVE-2024-41622, CVE-2024-44340, CVE-2024-44341, and CVE-2024-44342, with some rated as critical with a CVSS v3 score of 9.8. Despite the severity, D-Link’s policy precludes any further firmware updates or fixes for these vulnerabilities.
Zyxel has issued an urgent security advisory regarding a critical vulnerability, tracked as CVE-2024-7261, affecting multiple models of its business routers and access points. This flaw, assigned a CVSS v3 score of 9.8, allows unauthenticated attackers to perform OS command injection through improper input validation in the router’s CGI program. Zyxel advises users to upgrade to the latest firmware versions to mitigate the risk, as the flaw could potentially allow remote attackers to execute arbitrary commands on the host operating system, posing severe security threats.
π₯ Cyber Incidents
Specialty Networks, a Tennessee-based IT vendor for radiology practices, has reported a major data breach affecting 411,037 individuals. Discovered in December 2023, the breach exposed sensitive personal and health information, including names, Social Security numbers, and medical records. Specialty Networks, which serves clients like Prime Imaging and Diagnostic Radiology Consultants, detected unusual network activity on December 18, 2023, and confirmed the data breach after a thorough investigation.
On September 3, 2024, pro-Russian hacker group NoName057 launched a significant cyberattack that targeted several French websites, including those of Montpellier, and various regional councils and companies. The attack, which employed Distributed Denial of Service (DDoS) tactics, overwhelmed the targeted sites with traffic, rendering them inaccessible. The incident also affected notable entities such as the aerospace company Daher, the Franco-Italian aircraft manufacturer ATR, and the French insurer AXA.
On September 3, 2024, the Penpie protocol, a decentralized finance platform built on Pendle, suffered a significant security breach, resulting in a loss of $27 million in client funds. The exploit, traced to an address ending in βbb7β among several used by the attacker, led to the suspension of all deposits and withdrawals by Penpie as a precaution. In response, Pendle has assured users that their funds remain secure and has paused all contracts until the issue is fully resolved.
On September 2, 2024, the University of Reims Champagne-Ardenne reported a severe cyberattack targeting its website, which has caused significant disruptions. The attack, described as massive and orchestrated by bots, aims to overwhelm the universityβs systems, resulting in slow performance and frequent error messages such as 404 (page not found) and 504 (gateway timeout). The university’s IT team is working diligently to restore stability and protect user experience during this critical period, especially as the academic year begins and students are in the process of re-registering.
Elyria Foundry Holdings LLC has announced a data privacy incident affecting its Elyria and Hodge Foundry locations. On June 25, 2024, suspicious activity was detected in its network, leading to unauthorized access of certain files. While there is no evidence of fraudulent misuse, the compromised data includes names and Social Security numbers of current and former employees, along with their spouses and dependents. Elyria Foundry has since enhanced its security measures and urges individuals to monitor their accounts and consider placing fraud alerts or credit freezes.
π’ Cyber News
The Office of the National Cyber Director (ONCD) has unveiled a new “Roadmap to Enhancing Internet Routing Security” aimed at addressing critical vulnerabilities in the Border Gateway Protocol (BGP), which underpins global internet traffic routing. Announced by U.S. National Cyber Director Harry Coker, the guidance seeks to promote the adoption of technologies and best practices that can mitigate BGP risks and improve network security. The roadmap highlights barriers to adoption, offers alternative mitigation strategies, and underscores the need for robust cybersecurity risk management plans.
The US National Telecommunications and Information Administration (NTIA) has initiated a probe into the security risks associated with data centers amid their rapid growth driven by artificial intelligence. In a recent notice, the NTIA sought input on how to enhance data center security, improve market development, and bolster supply chain resilience. Key concerns include the potential for equipment supply chain shortages, the risk of counterfeit IT and OT components, and the challenges posed by integrating AI into data center infrastructure.
During the Sydney Dialogue on September 2, 2024, Australian Ambassador for Cyber Affairs and Critical Technology, Brendan Dowling, lauded Taiwan as a key ally in cybersecurity. The summit, hosted by the Australian Strategic Policy Institute, brought together experts from 30 countries, including Taiwan, to discuss pressing issues like AI, hybrid threat management, and digital resilience. Dowling praised Taiwan’s strong democratic values and its view of cybersecurity as a matter of national security.
OpenBAS is a cutting-edge open-source platform designed to enhance organizational preparedness through advanced breach and attack simulations. Compliant with ISO 22398 standards, OpenBAS offers a modern web application with a user-friendly interface and RESTful API. It provides a comprehensive suite of modules, including scenarios, team management, simulations, communication verification, and encryption. The platform excels in simulating both technical and contextual aspects of incidents, allowing organizations to test responses to diverse situations, from journalist inquiries to CEO demands.
Swedenβs public health authority, FolkhΓ€lsomyndigheten, has issued new guidelines advocating for no screen time for children under two years old and restricting usage for teens to less than three hours a day. This initiative, aligned with the start of the new school year, aims to combat the negative effects of excessive screen time, such as reduced physical activity and exposure to inappropriate content. The recommendations also emphasize basic digital hygiene, including avoiding screens before bedtime and setting a positive example for children.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
