π Whatβs the latest in the cyber world today?
US, IRS, Holiday Scams, Tax Security, SmokeLoader Malware, Manufacturing, IT Sector, Taiwan, Weaponized Resumes, Employee Attacks, Server Access, Salesforce, Flaw, Account Takeover, Data Theft, Windows, Driver, Use-After-Free Vulnerability, ENGlobal Corporation, Ransomware Attack, IT Systems, Disruption, Marin Housing Authority, Scam, Signzy, ID Verification, Customer Data, Atrium Health, Data Exposure, Patient Portal, Pi Kappa Phi Fraternity, Breach, China, Lidar Technology, Espionage, Threat, Security, Malaysia, Minister of Communications, Cyber Laws, UK, Cybersecurity Risks, Criminal Threats, AI Guardrails, Medicare Programs, Upwind, Cloud Security, AI Tools
Listen to the full podcast
π¨Β Cyber Alerts
1. IRS Issues Major Holiday Scam Warning
The US Internal Revenue Service (IRS) has issued a warning about holiday scams as the ninth annual National Tax Security Awareness Week begins. Partnering with state agencies, tax professionals, and the private sector, the IRS aims to help taxpayers protect their personal and financial information during the holiday shopping season and the upcoming tax season. Scammers often use sophisticated phishing techniques, such as fake delivery notifications or emails claiming to be from the IRS about refunds or tax bills, to steal sensitive data.
2. SmokeLoader Malware Campaign Targets Taiwan
SmokeLoader malware has resurfaced in a campaign targeting manufacturing, healthcare, and IT sectors in Taiwan. Known for its modular design and advanced evasion techniques, SmokeLoader now directly conducts attacks using plugins downloaded from its command-and-control (C2) server. Initially designed to deploy secondary payloads, the malware also supports plugins for data theft, DDoS attacks, and cryptocurrency mining.
3. Weaponized Resume Attack Gains Server Access
In March 2024, a sophisticated cyber attack was detected, beginning with a weaponized resume used to target an employee and ultimately compromising multiple servers. The attack, attributed to the threat group TA4557, involved a malicious job application containing a fake resume with a Windows Shortcut (.lnk) file disguised as a harmless zip archive. Once executed, the malware exploited legitimate system processes, such as the ie4uinit.exe utility, to deploy backdoors like more_eggs and establish a persistent connection with the command-and-control server.
4. Salesforce Flaw Allows Full Account Takeover
A critical vulnerability has been discovered in Salesforce applications, posing a significant risk of full account takeovers. The flaw, identified through a penetration test, stems from misconfigurations within Salesforce Communities, particularly impacting the Salesforce Lightning component framework. Attackers can exploit this vulnerability by targeting unauthenticated βGuest Usersβ who, under certain conditions, may gain unauthorized access to sensitive data. The vulnerability enables attackers to extract personal identifiable information (PII), manipulate data, and reset passwords without proper validation.
5. Windows Flaw Enables Privilege Escalation
A critical use-after-free vulnerability, identified as CVE-2024β38193, has been discovered in the Windows driver afd.sys, specifically affecting the Registered I/O (RIO) extension for Windows sockets. This flaw arises due to a race condition between two functionsβββAfdRioGetAndCacheBuffer() and AfdRioDereferenceBuffer()βββwhich can be exploited by attackers to access freed memory, leading to privilege escalation. Malicious actors can manipulate buffer registration and deregistration, allowing them to overwrite critical kernel memory and gain NT AUTHORITY\SYSTEM privileges.
π₯ Cyber Incidents
6. ENGlobal Corporation Hit by Ransomware
ENGlobal Corporation, a major contractor in the energy sector, confirmed a ransomware attack that disrupted its operations. The attack, discovered on November 25, resulted in unauthorized access to the companyβs IT system and the encryption of certain data files. In response, ENGlobal restricted employee access to its IT system, focusing only on essential operations. The company has launched an internal investigation and hired external cybersecurity experts to address the issue.
7. Hackers Steal Nearly $1M from Marin County
Hackers have stolen nearly $1 million from Californiaβs Marin County Housing Authority in one of the largest public fund thefts in the area. The cybercriminals intercepted emails for months, using phishing tactics to trick staff into wiring funds to a fraudulent account. The theft was discovered in September after the Housing Authority had transferred a $3 million loan intended for renovating public housing. The attackers had posed as a trusted vendor, misleading both the Housing Authority and the vendor.
8. Signzy Suffers Cyberattack on KYC Services
Signzy, a prominent Indian online ID verification firm serving top financial institutions, confirmed a recent cyberattack that compromised its security. The Bengaluru-based startup, which facilitates customer onboarding and KYC services for over 600 financial institutions globally, including major Indian banks, was targeted by an βinformation stealer malware.β While the firm did not specify the extent of the breach, reports suggest that some customer data briefly appeared on a cybercrime forum. Notably, several of Signzyβs clients, including PayU and ICICI Bank, have confirmed that they were not affected by the incident.
9. Atrium Health Apologizes for Data Exposure
Atrium Health has issued a public apology after discovering that patient data from its MyAtriumHealth and MyCarolinas portals may have been inadvertently shared with third-party vendors such as Google and Facebook between January 2015 and July 2019. The exposure occurred through internet tracking technologies used on the portal, which have since been disabled. While sensitive information like Social Security numbers and financial details were not involved, personal data such as names, contact information, and medical treatment details may have been exposed.
10. Pi Kappa Phi Fraternity Hit With Data Breach
Pi Kappa Phi Fraternity has confirmed a data security incident that occurred around February 3, 2024, where unauthorized access to its network led to the potential removal of personal information from their system. Following an extensive investigation, the fraternity revealed that certain sensitive data, including Social Security numbers, financial details, and medical information, may have been compromised. The incident was discovered on November 21, 2024, and Pi Kappa Phi has since sent notification letters to impacted individuals.
π’ Cyber News
11. Chinese Lidar Tech Threatens US Security
A recent report from the Foundation for Defense of Democracies raises significant concerns about Chinaβs growing dominance in the global lidar technology market and its potential national security risks. Lidar, which uses laser pulses to create detailed 3D maps of environments, is now widely used in both civilian and military applications. The report warns that Chinese-made lidar sensors, increasingly found in U.S. infrastructure such as transportation and utility systems, could enable espionage or sabotage by allowing China to access sensitive data or disrupt critical operations.
12. Malaysian Minister Proposes Cyber Law Update
Malaysian Minister Fahmi Fadzil has introduced two critical pieces of legislation aimed at addressing the increasing threats of online harassment and cybercrimes. The proposed amendments to the Communications and Multimedia (Amendments) Bill 2024 and the Malaysian Communications and Multimedia Commission (MCMC) (Amendment) Bill 2024 were presented in the Dewan Rakyat as part of the MADANI Governmentβs commitment to enhancing cybersecurity and online safety. The amendments focus on updating laws to tackle issues like cyberbullying, online fraud, unsolicited commercial messages, and improving network security.
13. UK Underestimating Growing Cyber Threats
The UKβs cybersecurity risks are being widely underestimated, according to Richard Horne, the head of the National Cyber Security Centre (NCSC). In his recent address, Horne highlighted the growing gap between the increasing sophistication of cyber threats and the current defenses in place to protect the UKβs infrastructure. He pointed out significant threats from state-backed actors, particularly Russia and China, whose cyber activities are becoming more aggressive and reckless. Horne also stressed that cybercriminals are adapting rapidly, aided by new technologies like AI, increasing both the scale and impact of attacks.
14. Feds Propose AI Rules for Medicare Plans
The Centers for Medicare and Medicaid Services (CMS) have proposed new guidelines to ensure that artificial intelligence (AI) tools used in Medicare Advantage plans promote equitable healthcare access. These βguardrailsβ emphasize existing regulations requiring insurers to prevent discrimination or unnecessary barriers to care, particularly from automated systems like AI-driven prior authorization tools. The proposal aligns with a 2023 executive order from the Biden administration aimed at advancing equity in AI usage across sectors, including healthcare.
15. Upwind Raises $100M for Cloud Security
Upwind Security, a San Francisco-based cloud security startup, has raised $100 million in Series A funding to advance its innovative approach to addressing cloud vulnerabilities. Led by CEO Amiram Shachar, the company leverages runtime context and AI to streamline threat detection, prioritize critical alerts, and enhance API security within an integrated cloud security stack. The funding will be used to double Upwindβs workforce to 300, with investments in engineering and global customer engagement.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
