π Whatβs going on in the cyber world today?
Godot Engine, Cross-Platform Malware, APT-C-60, SpyGlace Backdoor, Japan, Netflix Credential Stealing Scam, PixPirate Malware, WhatsApp, Smishing Campaigns, Kemp LoadMaster, Hoboken City Hall, Ransomware Attack, Ainsworth Game Technology, Pump Science, Private Key Leak, Fraudulent Tokens, AC Laser, INC Ransomware Gang, Keesal Young & Logan, US Bipartisan Bill, Healthcare Sector, European Union, Tech Commissioner, Tech Sovereignty, Innovation, Australia, Data Risk Assessment, Federal Trade Commission, Antitrust Investigation, Microsoft, Europo, lIllegal Streaming, IPTV Network.
Listen to the full podcast
π¨Β Cyber Alerts
1.Β Criminals Use Godot Engine to Spread Malware
Cybercriminals have weaponized the popular open-source game development platform Godot Engine to distribute cross-platform malware in a campaign known as GodLoader. Active since at least June 2024, the campaign has infected over 17,000 systems, targeting Windows, macOS, and Linux devices. Threat actors use crafted GDScript code within Godot to execute commands and deliver malware, leveraging GitHub repositories and fake accounts under the Stargazers Ghost Network for distribution.
2.Β APT-C-60 Targets Japan with SpyGlace Malware
The South Korea-aligned threat actor APT-C-60 has launched a sophisticated cyber espionage campaign targeting an organization in Japan, using the SpyGlace backdoor to infiltrate systems. Discovered by JPCERT/CC in August 2024, the attack began with a phishing email disguised as a job application, which linked to a malicious VHDX file hosted on Google Drive. Once mounted, the file contained a Windows shortcut that executed a downloader to transmit unique identifiers via StatCounter and retrieve additional payloads from Bitbucket.
3.Β Netflix Scam Targets Users in 23 Countries
A large-scale phishing campaign targeting Netflix users has been detected in 23 countries, including the United States, Germany, Spain, and Australia. Cybercriminals are sending SMS messages claiming account suspension or payment issues, prompting users to click on links that lead to fraudulent websites designed to steal login credentials, personal information, and credit card details. These phishing sites mimic Netflixβs official login page, and Bitdefender has warned that Netflix never contacts users via SMS or asks them to authenticate through such links.
4.Β PixPirate Malware Targets Users via WhatsApp
A new malware campaign called PixPirate has been targeting users, particularly in Brazil, India, Italy, and Mexico, via WhatsApp and smishing attacks. This sophisticated malware masquerades as a legitimate authentication app, convincing victims it will secure their bank accounts. Instead, it installs a Remote Access Tool (RAT) capable of stealing user data, facilitating financial fraud, and exploiting WhatsApp to spread further. Once installed, PixPirate prompts users to install a malicious update that grants it full permissions on the device. It can send phishing messages, modify the contact list, and even delete messages to cover its tracks.
5.Β Kemp LoadMaster Flaw Allows Full Compromise
A critical security vulnerability (CVE-2024β7591) has been discovered in Kempβs LoadMaster Load Balancer, potentially allowing attackers to fully compromise systems through command injection. Affecting all versions up to and including 7.2.60.0, the flaw exists in the Web User Interface (WUI) during the login process, requiring no authentication for remote exploitation. The vulnerability stems from inadequate input sanitization in the login functionality, allowing attackers to inject arbitrary commands.
π₯ Cyber Incidents
6. Ransomware Shuts Down Hoboken City Hall
The city of Hoboken, New Jersey, was forced to shut down its government offices and services on Wednesday following a ransomware attack. The incident caused widespread disruptions ahead of the Thanksgiving holiday, with City Hall closed and all online city services suspended. In addition to the closure of municipal courts and the cancellation of street sweeping, waste collection and recreational programs continued as scheduled. Local officials, including the Hoboken Police Department and IT department, are investigating the attack and working to restore services safely.
7. Attack Disrupts Ainsworth Game Technology
Ainsworth Game Technology (AGT), an Australia-based gaming machine supplier, is investigating a cybersecurity incident that has caused disruptions to its internal operations. The company assured that despite these issues, the incident is not expected to have a significant impact on its financial outlook for the second half of 2024. AGT confirmed it has implemented precautionary measures to mitigate further risk, though it did not disclose specific details about the incident.
8. Pump Science Leaks Private Key on GitHub
Pump Science, a decentralized science platform, has issued an apology after a serious security breach involving the leak of its private key on GitHub. The exposed key allowed a hacker to create fraudulent tokens under the platformβs Pump.fun profile, including tokens like Urolithin B and Cocaine. Pump Science acknowledged the issue, calling it a βhuge screw-up,β and assured users that such an incident will not occur again. To mitigate further damage, the platform has changed its profile name to βdont_trustβ and is working with blockchain security firm Blockaid to flag any new fraudulent tokens from the compromised address.
9. AC Laser Falls Victim to Ransomware Attack
AC Laser, a Melbourne-based laser-cutting firm, confirmed it was the victim of a ransomware attack carried out by the INC ransomware gang. The breach was first detected nearly two months ago when unauthorized activity was noticed on the companyβs network. As a precaution, AC Laser immediately disconnected its systems to halt the attack. With the help of IT specialists and a robust backup procedure, the company successfully recovered its data.
10. Keesal, Young & Logan Hit With Data Breach
Keesal, Young & Logan (KYL), a law firm based in Long Beach, California, recently disclosed a data breach that may have compromised sensitive personal information of certain individuals. The breach, which was detected on June 13, 2024, resulted from unauthorized access to the firmβs network between June 7 and June 13, 2024. The exposed information may include names, Social Security numbers, financial data, and medical details, among others.
π’ Cyber News
11. Bipartisan Bill Targets Healthcare Security
U.S. Senators Bill Cassidy, Mark Warner, John Cornyn, and Maggie Hassan have introduced a bipartisan bill, the Health Care Cybersecurity and Resiliency Act of 2024, to bolster cybersecurity within the healthcare sector. The bill proposes updates to HIPAA regulations, aiming to improve the protection of health data and provide financial support to low-resourced healthcare entities to enhance their cybersecurity measures.
12. EU Tech Commissioner Prioritizes Sovereignty
Henna Virkkunen, the newly appointed European Union Tech Commissioner, has outlined a vision for strengthening Europeβs tech sovereignty and boosting innovation. With a focus on reducing regulations and enhancing investments in frontier technologies, Virkkunen aims to position Europe as a leader in critical sectors such as artificial intelligence (AI), quantum computing, semiconductors, and cloud technologies. Her proposal includes doubling research and investment in microchips and creating a level playing field for security and digital safety.
13. Australia Launches Risk Assessment Framework
The Australian Cyber Collaboration Centre (Aus3C), in partnership with the Department of Home Affairs and CSIROβs Data61, has initiated the development of the Voluntary Data Classification Framework (VDCF). This framework aims to establish a standardized approach to data risk assessment across various industries, addressing the challenge organizations face in identifying and protecting sensitive data. The VDCF, a key component of Australiaβs National Cybersecurity Strategy, will provide tools to help businesses assess data value and sensitivity, improving data security measures and reducing enterprise risk.
14. FTC Opens Antitrust Probe into Microsoft
The Federal Trade Commission (FTC) has reportedly launched an antitrust investigation into Microsoft, examining potential violations across several of its business segments, including its public cloud, artificial intelligence (AI), and cybersecurity offerings. According to multiple reports, the investigation is focused on how Microsoft bundles its cloud services with other products, such as its office and security tools. This move follows ongoing scrutiny of big tech companies by the FTC under the leadership of Lina Khan, and it arrives at a critical juncture with the potential change in leadership once Donald Trump assumes office.
15. Authorities Dismantle Illegal IPTV Network
European authorities have successfully dismantled one of the largest illegal IPTV networks, which was distributing pirated content, including over 2,500 TV channels, to 22 million users worldwide. The operation, involving Europol and Eurojust, led to the arrest of 11 suspects after 112 house searches and the seizure of 29 servers, 100 domains, and β¬1.6 million in cryptocurrency and cash. This crackdown highlights the ongoing effort by European law enforcement to combat illegal streaming services and protect intellectual property rights, marking a significant victory in the fight against piracy.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
