π Whatβs happening in cybersecurity today?
Chinese Hackers, GeoServer, EAGLEDOOR,Β FreeBSDΒ , Hypervisor,Β AppleΒ , macOS Sequoia,Β MediaTekΒ 0-Click, Go Injector Campaign, Lumma Stealer,Β HertzΒ , Car Rental,Β Harvey NicholsΒ ,Β Supreme Court of IndiaΒ ,Β YouTubeΒ , Crypto Scam, Hong Kong,Β The ChaserΒ News , New York,Β Keuka CollegeΒ ,Β U.S. Cyberspace Solarium CommissionΒ , Cyber Policy,Β LinkedInΒ , AI Data Processing, UK, Ukraine,Β Telegram MessengerΒ , Government Ban, South Korea National Assembly Deepfake,Β Microsoft , Hotpatching, Windows Server 2025.
Listen to the full podcast
π¨Β Cyber Alerts
1.Β Hackers Exploit GeoServer to Spread Malware
Chinese hackers, identified as the Earth Baxia group, have exploited a critical vulnerability in OSGeo GeoServer (CVE-2024β36401) to launch targeted attacks across multiple Asia-Pacific (APAC) nations, including Taiwan, the Philippines, South Korea, Vietnam, and Thailand. The group used spear-phishing emails and decoy documents to deliver the EAGLEDOOR backdoor and Cobalt Strike malware, enabling them to infiltrate government and energy sectors.
2.Β Critical FreeBSD Hypervisor Flaw Allows RCE
A high-severity vulnerability (CVE-2024β41721) has been identified in the FreeBSD hypervisor, bhyve, which could allow malicious software running in a guest virtual machine (VM) to execute arbitrary code on the host system. This critical flaw affects all supported versions of FreeBSD and stems from insufficient boundary validation in the USB code, potentially leading to out-of-bounds reads and remote code execution. While bhyve operates within a Capsicum sandbox to limit potential damage, the risk remains significant.
3.Β macOS Sequoia Update Breaks EDRβs and VPNβs
Users of macOS 15 βSequoiaβ are facing significant networking issues with virtual private networks (VPNs) and antivirus software following the recent update. Reports indicate that certain endpoint detection and response (EDR) tools, such as CrowdStrike Falcon and ESET Endpoint Security, are causing connection errors, which are resolved when these applications are disabled. This incompatibility stems from changes in the macOS network stack introduced in Sequoia. Security firms have advised users against upgrading until compatibility issues are addressed.
4.Β MediaTek Wi-Fi Chipset Vulnerability Exposed
A critical 0-click remote code execution (RCE) vulnerability, identified as CVE-2024β20017, has been discovered in MediaTek Wi-Fi chipsets, widely used in devices from manufacturers like Ubiquiti, Xiaomi, and Netgear. This vulnerability exists within the wappd network daemon, which is responsible for managing wireless interfaces. Attackers can exploit this flaw without any user interaction, using a buffer overflow to execute arbitrary commands by manipulating packet data. Researchers have developed multiple exploit strategies to bypass various security measures.
5.Β New Malicious Campaign Spreads Lumma Stealer
Researchers have uncovered a new cyber campaign utilizing Go Injector to deploy Lumma Stealer, a malware specifically designed to steal sensitive information. The attack initiates when users unknowingly visit a malicious website that displays a fake captcha, tricking them into copying and executing a command. This command downloads a zip file containing seemingly legitimate files alongside the Go Injector, which subsequently installs Lumma Stealer. Once installed, Lumma Stealer decrypts and exfiltrates sensitive data to the attackers.
π₯ Cyber Incidents
6.Β Hertz Exposes 60,000 Insurance Claim Reports
Hertz, the prominent car rental company, has exposed over 60,000 insurance claim reports, raising serious concerns about its data security practices. The breach was discovered when a customer received a seemingly legitimate email from Hertz regarding a damaged vehicle, which contained a suspicious link to a phishing site designed to collect sensitive information. An access control vulnerability known as Indirect Object Reference allowed unauthorized users to access other customersβ accident reports by simply altering the URL.
7.Β Harvey Nichols Breach Exposes Customer Data
Harvey Nichols, the high-end British department store, has confirmed a recent cyberattack that exposed customer data, including names, contact details, and company information. Although sensitive information like passwords and financial data appears to be unaffected, the breach has raised significant concerns about the retailerβs data security practices. Customers have begun receiving notifications about the incident, which was identified on September 16, but many have expressed frustration over the lack of transparency regarding the attackβs timeline and potential vulnerabilities.
8.Β Indiaβs Supreme Court YouTube Channel Hacked
The official YouTube channel of Indiaβs Supreme Court was hacked on September 20, 2024, in a significant cybersecurity breach that lasted several hours. During this incident, the channel displayed videos promoting XRP, a cryptocurrency linked to Ripple Labs, amidst a backdrop of legal turmoil with the U.S. Securities and Exchange Commission. Users attempting to access the channel encountered a 404 error message, while previously uploaded videos of Supreme Court hearings appeared to have been made private. The Supreme Court later confirmed the channel was taken down and assured the public that services would resume shortly.
9.Β Hong Kong Media Suffers Cyberattacks
The Chaser, a news outlet run by Hong Kong journalists in Britain, has reported being targeted by government-backed cyberattacks, presumed to be orchestrated by China, which the Chinese government denies. Google notified The Chaser of the high-severity attacks, warning that such incidents affect only 0.1% of users worldwide. The outletβs team has since implemented enhanced security measures in response to the threats, which involve attempts to steal passwords and personal information through malicious emails. The situation underscores the escalating challenges faced by Hong Kong journalists, who have fled to the UK seeking press freedom but now find themselves under attack even in exile.
10.Β New Yorkβs Keuka College Hit With Breach
Keuka College in New York has reported a data security incident that may have compromised personal information. The college detected suspicious activity within its network on April 25, 2024, prompting immediate action to secure its systems and launch an investigation with the help of cybersecurity specialists. Despite a comprehensive investigation concluding on August 21, 2024, the college could not definitively determine whether sensitive information related to current and former students and employees was affected
π’ Cyber News
11.Β US CSC Unveils New Cyber Policy Priorities
The US Cyberspace Solarium Commission 2.0 (CSC 2.0) has released its fourth annual report, outlining ten new cyber policy recommendations for the incoming administration and Congress. Following its 2020 report, which saw 80% of its original recommendations implemented, the CSC 2.0 emphasizes the need for continued progress in securing the nation against escalating cyber threats from both state actors and cybercriminals. Among the key priorities are establishing a Bureau of Cyber Statistics, enhancing cloud security certification, and fostering a collaborative environment for threat information sharing.
12.Β LinkedIn Suspends AI Training in UK
LinkedIn has suspended its processing of user data in the UK for training its artificial intelligence models, responding to privacy concerns raised by the Information Commissionerβs Office (ICO). The move follows the companyβs admission that it was using UK usersβ data without explicit consent, which became apparent in an updated privacy policy that took effect on September 18, 2024. LinkedIn has committed to minimizing personal data in its training datasets and will not enable AI training for users in the UK, European Economic Area, or Switzerland until further notice.
13.Β Ukraine Bans Telegram for Govt Officials
Ukraine has enacted a ban on the use of the Telegram messaging app among government officials, military personnel, and critical infrastructure workers, citing significant national security concerns. The decision, announced by the National Coordination Centre for Cybersecurity (NCCC), highlights the appβs misuse by adversaries to conduct cyber attacks, spread phishing messages, and gather intelligence on Ukrainian operations. Kyrylo Budanov, head of Ukraineβs military intelligence agency, emphasized that this measure prioritizes national security over freedom of speech.
14.Β South Korea Proposes Tougher Deepfake Laws
The National Assembly of South Korea is poised to vote on a bill aimed at strengthening penalties for deepfake sex crimes, following approval from the Gender Equality and Family Committee. The proposed amendments to the Juvenile Protection Act and the Sexual Violence Prevention and Victims Protection Act seek to impose harsher punishments for individuals using sexually exploitative material to blackmail or coerce minors, increasing prison sentences significantly. Additionally, the bill empowers police to conduct urgent undercover investigations into digital sex crimes without prior authorization, while also mandating government action to remove illegal content and support victims.
15.Β Microsoft Introduces Hotpatching for Windows
Microsoft has introduced Hotpatching in public preview for Windows Server 2025, enabling users to install security updates without requiring system restarts. This innovative feature allows for the in-memory patching of running processes, significantly reducing the need for reboots and thus minimizing operational disruptions. Windows Server Director of Product, Hari Pulapaka, highlighted that this advancement could transform patch management, cutting down mandatory reboots from 12 to just quarterly schedules, allowing IT professionals to focus more on their work-life balance.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
