👉 What’s trending in cybersecurity today?
AI-Generated Malware, Cyberattacks, Lumma Stealer, NetSupport Malware, North Korea, IT, Workers, Zero-Day, Automatic Tank Gauge, Apache, Tomcat, Vulnerability, Denial of Service, US Capitol, Personal Data, Ricoh, Japan, Ransomware, Shezmu, Crypto, Vault, Compromise, Lancaster, Royal Grammar School, Attack, Elitecare Emergency Hospital, Texas, Breach, NIST, Cybersecurity, Workforce, Development, Monetary Authority of Singapore, E-Commerce, Fraud, CrowdStrike, Outage, Apple, VPN, Removal, Government, Censorship
Listen to the full podcast
🚨 Cyber Alerts
1. Cybercriminals Use AI to Craft New Malware
Cybercriminals are increasingly using generative AI tools to develop sophisticated malware, making it easier for less skilled attackers to launch targeted cyberattacks. A recent campaign discovered by HP Wolf Security targeted French users with malicious code believed to be AI-generated, marked by detailed comments that explained each line of the script — an uncommon feature in human-written malware. The attack used HTML smuggling to deliver a password-protected ZIP archive containing VBScript and JavaScript.
2. Transport Companies Hit by Cyberattacks
Transportation and logistics companies in North America are under attack from a new phishing campaign that delivers various information stealers and remote access trojans (RATs), including Lumma Stealer and NetSupport. Proofpoint reports that the campaign leverages compromised legitimate email accounts to inject malicious content into ongoing conversations, with at least 15 breached accounts identified. The attacks primarily occurred between May and July 2024 but evolved in August to include new payloads like DanaBot and Arechclient2.
3. Google Warns of IT Workforce Infiltration
Google has issued a critical warning about North Korean IT operatives infiltrating the U.S. workforce under the alias “UNC5267.” These operatives employ sophisticated identity theft techniques to create fake personas using stolen identities, AI-generated images, and fabricated resumes hosted on platforms like Netlify and Google Docs. Utilizing Virtual Private Networks (VPNs) to mask their activities, they install various Remote Access Tools (RATs) on corporate devices to maintain control over compromised networks.
4. BitSight Uncovers Zero-Days in ATG Systems
BitSight Technologies has identified critical zero-day vulnerabilities in Automatic Tank Gauge (ATG) systems from multiple vendors, posing significant risks to critical infrastructure. The investigation, conducted by BitSight’s TRACE researchers, uncovered several vulnerabilities that could be exploited by malicious actors to inflict physical damage, cause environmental hazards, and lead to substantial economic losses. Despite prior warnings, thousands of ATG systems remain accessible online, heightening the threat of cyberattacks.
5. Apache Tomcat Flaw Allows DoS Attacks
A newly discovered vulnerability in Apache Tomcat, identified as CVE-2024–38286, poses a significant risk by enabling attackers to initiate Denial of Service (DoS) attacks through the TLS handshake process. This flaw, classified as “Important” in severity, affects multiple versions of Apache Tomcat, including versions 11.0.0-M1 to 11.0.0-M20, 10.1.0-M1 to 10.1.24, and 9.0.13 to 9.0.89. The Apache Software Foundation confirmed that the vulnerability can lead to an OutOfMemoryError under specific configurations, severely affecting the performance and availability of applications reliant on the affected Tomcat versions.
💥 Cyber Incidents
6. Cyberattack Exposes Congressional Staff Data
A significant cybersecurity breach has resulted in the personal information of over 3,000 congressional staffers being leaked on the dark web, following a massive cyberattack on the U.S. Capitol. Internet security firm Proton discovered that more than 1,800 passwords used by congressional staffers were available for sale online, indicating that nearly one in five staffers had their personal data compromised. The leaks stemmed from various sources, including social media and adult websites, often due to staffers using their official email addresses for registrations on high-risk platforms.
7. Ricoh Japan Suffers Ransomware Attack
Ricoh Japan Co., Ltd. has disclosed a ransomware attack on its subcontractor, Kuragyo Service Co., Ltd., which occurred on September 12, 2024, and was reported to Ricoh Japan a week later on September 20, 2024. The breach has potentially exposed sensitive customer and employee information, including delivery details for 3,841 cases that encompass company names, department names, addresses, phone numbers, and contact persons. Additionally, personal information belonging to 2,603 employees may also be at risk.
8. Shezmu Loses $5M to Hacker in Cyberattack
Shezmu, a prominent crypto lender, experienced a significant security breach when hackers compromised one of its ShezmuUSD (ShezUSD) stablecoin vaults, resulting in the theft of approximately $4.9 million in cryptocurrencies. The incident was first flagged on September 21 by Chaofan Shou, co-founder of blockchain analytics firm Fuzzland, who reported suspicious activity within Shezmu’s storage vault. In response to the attack, Shezmu proactively reached out to the hacker, offering a reward for the return of the stolen funds without legal repercussions.
9. Lancaster School Fights Ransomware Attack
Lancaster Royal Grammar School in the UK faced a significant cybersecurity incident on July 16, when its IT department detected unusual activity on its systems, prompting an immediate shutdown. While the school managed to secure its most sensitive databases, including pupil information, safeguarding data, and financial records, the attack caused considerable disruption, particularly as it coincided with the start of the summer holidays. Headmaster Dr. Christopher Pyle reported that the incident appeared to be a deliberate act by a professional group demanding ransom, although the school chose not to engage with the attackers.
10. Elitecare Hospital in Texas Hit With Breach
Elitecare Emergency Hospital in League City, Texas, has confirmed a significant data breach affecting 24,754 patients after suspicious activity was detected in its network on July 10, 2024. Following immediate action to shut down systems and engage third-party cybersecurity experts, it was confirmed that an unauthorized individual accessed sensitive patient information, including names, addresses, dates of birth, health insurance details, and Social Security numbers.
📢 Cyber News
11. NIST Grants $3M for Cybersecurity Workforce
The National Institute of Standards and Technology (NIST) has awarded nearly $3 million in cooperative agreements to enhance the cybersecurity workforce across the United States. The funding, which is distributed among 15 educational and community organizations in 11 states, aims to address the significant shortage of skilled cybersecurity professionals. Each organization will receive approximately $200,000 to develop Regional Alliances and Multistakeholder Partnerships to Stimulate (RAMPS) cybersecurity education and workforce development.
12. MAS Launches New Cyber Resilience Panel
The Monetary Authority of Singapore (MAS) has announced the formation of the Cyber and Technology Resilience Experts (CTREX) Panel, which replaces its previous Cyber Security Advisory Panel with a broader mandate. The new panel will focus on both cybersecurity and technology resilience, crucial for the operational stability of Singapore’s financial sector. Comprising 13 global industry leaders and experts, the CTREX Panel will provide guidance on emerging technology risks and recommend strategies to enhance the resilience of financial institutions.
13. E-Commerce Fraud Booming Globally
A recent report from the International Coalition Against Illicit Economies (ICAIE) reveals that e-commerce fraud has reached alarming levels, accounting for approximately 20% of global online sales each year and netting criminals trillions of dollars. In 2023 alone, pirated goods generated around $4.5 trillion of the $20 trillion total in e-commerce transactions. The report highlights that the lucrative nature of online counterfeit sales often surpasses profits from drug and human trafficking, making it a more attractive option for criminals.
14. CrowdStrike Cites Factors for Global Outage
CrowdStrike’s senior vice president, Adam Meyers, testified before the House Homeland Security cybersecurity subcommittee, attributing the company’s historic global outage in July to a “confluence of factors.” This outage impacted approximately 8.5 million Microsoft Windows devices worldwide and was triggered by a faulty update resulting from long-established validation processes that failed to catch a significant discrepancy in threat detection configurations.
15. Apple Quietly Removes VPN Apps in Russia
Apple has quietly removed nearly 100 VPN apps from its App Store in Russia, according to a report by online freedom advocate GreatFire. This action follows Russia’s intensified censorship efforts, particularly since the invasion of Ukraine, during which the government has outlawed non-state-approved VPNs. While Roskomnadzor, the Russian communications regulator, has officially reported the removal of only 25 VPN apps, GreatFire’s findings indicate that 60 of these apps were removed between July and September 2024 alone, highlighting a significant discrepancy.
Copyright © 2024 CyberMaterial. All Rights Reserved.
