π What’s going on in the cyber world today?
DragonRank, Search Engine Optimization, IIS Servers, TrickMo, Android, Banking Malware, Lazarus Group, Fake, Coding Tests, Developers, GitLab, Vulnerabilities, Adobe, Acrobat Reader, Zero-Day Exploit, Fortinet, Data Breach, Asia, Pacific, US, China, Tensions, Cyber Attack, Pacific Islands Forum, Kobe Steel, Health Insurance, Ransomware, Yamato Holdings, Unauthorized Access, Singapore, Servers, Spain, Pontifical University of Salamanca, Student Data, TD Bank, Credit Data, Credit Bureaus, Pacific Nations, Cybersecurity, Regional Threats, Beijing, Data Security, Regulations, Singapore Police Force, Cybercrime Syndicate, Meta, Australia, User Data, AI, Opt-Out Option
Listen to the full podcast
π¨Β Cyber Alerts
The DragonRank Black Hat Search Engine Optimization campaign, discovered by Cisco Talos, targets Internet Information Services (IIS) servers across Asia and Europe to manipulate search engine rankings. Exploiting vulnerabilities in web applications like phpMyAdmin and WordPress, the attackers deploy the ASPXspy web shell and install BadIIS malware, turning compromised servers into relay points for SEO fraud. The malware alters search engine results to boost the visibility of attacker-specified websites, often involving illicit content.
A new Android banking malware named TrickMo has emerged, targeting users to steal their login credentials through sophisticated techniques. Discovered by Cleafyβs Threat Intelligence team, TrickMo, derived from TrickBot, uses advanced anti-analysis methods, including broken zip files and dropper apps disguised as βGoogle Chrome.β After installation, the malware leverages Android Accessibility Services to capture one-time passwords, record screens, and log keystrokes.
The Lazarus Group, a North Korean cybercriminal organization, is employing fake coding tests to distribute malware among software developers. This sophisticated campaign involves creating deceptive job assessments that lure developers into downloading malicious Python packages. These packages, disguised as legitimate coding challenges, contain hidden malware embedded in modified versions of popular libraries. Once installed, the malware establishes a connection with a command-and-control server to execute further commands, compromising the developerβs system.
GitLab has issued critical patch updates across its Community and Enterprise Editions, with the releases of versions 17.3.2, 17.2.5, and 17.1.7 addressing several severe vulnerabilities. These updates fix high-severity issues including potential code injection and server-side request forgery vulnerabilities, which could compromise GitLab instances’ security and functionality. Users are strongly urged to upgrade immediately to protect against these vulnerabilities, which range from critical to medium severity.
Adobe has released a critical security update for Acrobat Reader and Adobe Acrobat to address a severe zero-day vulnerability, tracked as CVE-2024-41869. This “use after free” flaw, discovered in June, could allow remote code execution when a specially crafted PDF document is opened. The issue, initially identified by cybersecurity researcher Haifei Li through the EXPMON platform, was exploited in the wild and could lead to significant security risks. Although an initial update in August did not fully resolve the problem, Adobe’s latest release effectively fixes the vulnerability.
π₯ Cyber Incidents
Fortinet, a leading cybersecurity firm, has reported a data breach involving a third-party service that affected its Asia-Pacific customers. The breach, which occurred through unauthorized access to a cloud-based shared file drive, exposed a limited amount of customer data. Fortinet has stated that there is no evidence of malicious activity impacting customer operations and that its core services remain unaffected. The company has communicated with the affected customers and is working closely with cybersecurity authorities to address the incident.
The Pacific Islands Forum recently faced a significant cyber attack, as revealed by the New Zealand government on September 12, 2024. The breach, which occurred before a major summit in Tonga, underscores escalating cybersecurity concerns in the region amidst intensifying US-China rivalries. Forum staff in Fiji detected the intrusion months earlier, leading to an urgent response by Australian cybersecurity experts. While the attackers’ identity and targeted information remain undisclosed, the incident highlights the growing cyber threat landscape affecting regional organizations.
On August 22, 2024, the Kobe Steel Health Insurance Association disclosed a significant data breach resulting from unauthorized access to the Hirokei Co., Ltd. server, a contractor for the Kansai Information Center. The breach, caused by ransomware, compromised personal information including names, addresses, and health insurance card numbers of 86,936 individuals. While sensitive data such as medical histories and My Number information was not affected, the association is actively working with authorities to manage the fallout and prevent future incidents.
Yamato Holdings Co., Ltd. has reported a data breach involving its subsidiary, Yamato Transport Singapore Pte. Ltd. On September 4th, 2024, unauthorized access was detected on YTS’s server. In response, YTS swiftly implemented measures to restrict external access and informed relevant authorities. Collaborating with a security specialist agency, the company is investigating the breach’s cause and impact, while enhancing its information security protocols. Fortunately, this incident appears to be isolated to YTS, with no impact on other Yamato Group networks.
The Pontifical University of Salamanca in Spain experienced a cyber attack on September 9, 2024, resulting in a breach that may have compromised student data. The university has reported that while information within its repositories could have been accessed illegitimately, there is no evidence of data exfiltration or publication on the dark web. Personal details potentially affected include names, email addresses, phone numbers, and academic information.
π’ Cyber News
TD Bank has been hit with a substantial $28 million fine by the Consumer Financial Protection Bureau (CFPB) for allegedly providing incorrect credit data to major credit bureaus such as Equifax, Experian, and TransUnion. The CFPB’s investigation revealed that TD Bank shared inaccurate information regarding customer credit card delinquencies and bankruptcies, potentially impacting consumers’ creditworthiness and access to financial services. The bank has been ordered to pay $7.76 million in restitution to affected customers and a $20 million civil penalty.
At the 2024 Pacific Cyber Security Operational Network (PaCSON) Annual General Meeting, held at The Edgewater Resort, over 60 participants from 19 countries gathered to address increasing cyber threats in the Pacific region. The conference, featuring keynote speakers such as Minister Vaine Mokoroa and cybersecurity experts from Australia and New Zealand, emphasized the importance of regional collaboration to combat online threats. Discussions highlighted the dual impact of rising internet connectivity, which enhances opportunities but also exposes vulnerabilities.
On September 10, 2024, the Peopleβs Republic of China unveiled new Network Data Security Management Regulations, significantly enhancing the nationβs data security framework. These regulations, approved by the State Council, aim to strengthen the implementation of existing laws such as the Cybersecurity Law, Data Security Law, and Personal Information Security Law. The new rules mandate rigorous audits and controls over “important data,” which includes sensitive national and economic information.
Singapore’s police have made headlines with a significant crackdown on a global cybercrime syndicate. On September 10, 2024, authorities arrested six individuals, including five Chinese nationals and one Singaporean, in a series of coordinated raids across the city-state. The suspects, alleged to be involved in hacking, personal data theft, and cryptocurrency crimes, were apprehended in high-end residences. During the operation, police seized a substantial cache of electronic devices, cash, and cryptocurrency assets, valued in the hundreds of thousands of dollars.
Meta is facing backlash for scraping data from Australian users to develop its AI technology without offering an opt-out option. Despite initially denying the practice, Meta’s global privacy director, Melinda Claybaugh, admitted that all public Facebook and Instagram posts from 2007 onwards are used to train the company’s AI, unless manually set to private. While users in Europe have the ability to opt out due to regulatory uncertainties, Australian users do not have this option. This controversy comes as Australia moves toward stronger AI regulations, including new voluntary safety standards and proposed mandatory guardrails to ensure responsible AI use.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
