π What’s the latest in the cyber world today?
DeceptionAds, Fake CAPTCHA, Infostealer, CoinLurker, Malware, WebView2, Cryptocurrencies, HiatusRAT, Web Cameras, DVRs, Authentication Bypass, Hitachi, NoviSpy, Spyware, Qualcomm, Zero-Day Flaws, Texas Tech University Health, Breach, Patient Data, LastPass Hackers, Cryptocurrencies, Theft, ConnectOnCall, Health Information, Regional Care, Ott Cone & Redpath, Personal Data, CISA, National Cyber Incident Response Plan, European Union, Sanctions, Russia, Hybrid Threats, University of New South Wales, OpenAI, Campus Integration, Romance Scammers, Arrest, Nigeria, Arctic Wolf, Cylance, Acquisition
Listen to the full podcast
π¨Β Cyber Alerts
The DeceptionAds campaign, uncovered by cybersecurity researchers, exploits ad networks to deliver information stealers like Lumma malware through fake CAPTCHA verification pages. Targeting visitors of pirated and clickbait websites, the attack tricks users into copying and executing Base64-encoded PowerShell commands, leading to malware deployment. Leveraging platforms like Monetag and BeMob for traffic redirection and cloaking, attackers generate over 1 million daily ad impressions across 3,000+ sites.
CoinLurker, a new stealer malware, is being deployed through fake software update prompts that exploit Microsoft Edge WebView2. The malware, written in Go, uses advanced obfuscation techniques and stolen Extended Validation (EV) certificates to bypass security defenses. Attackers deliver the payload via various deceptive methods, including compromised WordPress sites, phishing emails, and malvertising redirects. Once executed, CoinLurker targets cryptocurrency wallets like Bitcoin and Ethereum, along with Telegram, Discord, and FileZilla credentials, to harvest sensitive data.
The FBI has issued a warning about a new wave of HiatusRAT malware attacks targeting vulnerable web cameras and DVRs, particularly those exposed online. The attackers focus on devices from Chinese brands, such as Hikvision and Xiongmai, that have either outdated security patches or are no longer supported. Using open-source tools like Ingram and Medusa, the threat actors scan for known vulnerabilities in web cameras and DVRs, including CVE-2017-7921 and CVE-2020-25078, and exploit weak passwords.
A critical authentication bypass vulnerability, identified as CVE-2024-10205, has been discovered in Hitachiβs Infrastructure Analytics Advisor and Ops Center Analyzer, posing a severe security risk to users. The vulnerability, with a CVSS score of 9.4, allows unauthorized users to bypass authentication and gain remote access to the affected systems without prior authentication. This can lead to data exposure, system compromise, and potential service disruptions.
NoviSpy, a new Android spyware, has been linked to a series of attacks exploiting Qualcomm zero-day vulnerabilities, particularly CVE-2024-43047. Deployed by the Serbian government, NoviSpy targets journalists, activists, and dissidents by bypassing Android security mechanisms and infecting devices. Amnesty International discovered the spyware on a journalist’s phone after a police encounter, leading to further investigation by Googleβs Threat Analysis Group. The spyware communicates with servers tied to the Serbian Security Information Agency (BIA) and uses a zero-click exploit to gain access to devices.
π₯ Cyber Incidents
In September 2024, the Texas Tech University Health Sciences Center (TTUHSC) and its El Paso counterpart were victims of a cyberattack that disrupted computer systems and applications. The breach potentially exposed the personal and medical data of 1.4 million patients. The attack, which took place between September 17 and 29, led to unauthorized access to sensitive files, including personal identification details, health information, and financial data.
Hackers have stolen $5.4 million in cryptocurrency from LastPass users just days before Christmas, exploiting the breach that occurred in December 2022. The attackers gained access to encrypted customer vault data, and the stolen funds were converted to Ether and moved across various instant exchanges. Blockchain investigator ZachXBT reported the findings, urging LastPass users to act quickly.
A data breach at ConnectOnCall, a telehealth platform owned by Phreesia, has exposed the personal and health information of over 910,000 patients. The breach, which occurred between February 16 and May 12, 2024, allowed unauthorized access to provider-patient communications, including names, phone numbers, medical records, treatment details, and in some cases, Social Security numbers. After discovering the breach, Phreesia took immediate action to secure the platform, notified law enforcement, and hired cybersecurity experts to investigate.
Regional Care, Inc. (RCI) recently notified individuals of a data security incident that occurred in September 2024. The breach was discovered after unusual activity was detected on the companyβs network, revealing that an unauthorized party may have accessed sensitive personal and health data. After an investigation, RCI confirmed that files containing personal information, including names, dates of birth, Social Security numbers, medical information, and health insurance details, were potentially compromised.
Ott Cone & Redpath, P.A., a legal firm based in North Carolina, providing services to healthcare entities, experienced a cyberattack that compromised sensitive personal and health information. The breach, which was discovered on October 31, 2024, involved the unauthorized access of an email account containing protected health information (PHI) and personally identifiable information (PII). The affected data may include names, social security numbers, medical treatment details, health insurance information, and, for some individuals, financial account information.
π’ Cyber News
The Cybersecurity and Infrastructure Security Agency (CISA) is calling for public feedback on an updated version of the National Cyber Incident Response Plan (NCIRP), urging improved coordination across federal, private, and public sectors in handling cyberattacks. The draft plan, which was developed with input from over 150 experts from 66 organizations, offers a flexible framework for response to cyber incidents and emphasizes clear roles for key federal cyber agencies.
The European Union (EU) has imposed its first-ever sanctions targeting Russian hybrid threats, sanctioning 16 individuals and three entities linked to Russiaβs destabilizing actions abroad. The sanctions, issued on December 16, 2024, focus on a range of actors, including members of the GRU (Russian military intelligence) Unit 29155, accused of cyberattacks and assassinations, as well as individuals spreading Russian propaganda in Europe and Africa. The sanctioned individuals, such as Sofia Zakharova and Nikolai Tupikin, have been involved in the DoppelgΓ€nger influence campaign, while others are linked to intelligence operations against Germanyβs Federal Intelligence Service.
The University of New South Wales (UNSW) has signed a landmark partnership agreement with OpenAI to integrate AI technology across its campus. This collaboration aims to provide students and staff with access to ChatGPT Edu, a secure AI tool tailored for educational purposes, while enabling UNSW to create custom AI bots for various needs. Dr. Chrissy Burns, UNSWβs Chief Information Officer, emphasized the importance of this partnership in driving innovation and preparing the university community for a future shaped by AI.
Nearly 800 individuals have been arrested in Nigeria for their involvement in a large-scale romance scam targeting Americans and Europeans. The Economic and Financial Crimes Commission (EFCC) raided a luxury office building in Lagos, uncovering a sophisticated operation that used social media platforms like Instagram, WhatsApp, and Telegram to lure victims into fake romantic relationships. Once engaged, the scammers convinced victims to invest in non-existent cryptocurrency schemes, such as a fraudulent platform called Yooto-dot-com.
Arctic Wolf has signed a definitive agreement to acquire BlackBerry’s Cylance endpoint security assets for $160 million. The deal, expected to close in BlackBerryβs fourth fiscal quarter, includes $80 million in cash at closing and an additional $40 million a year later, along with 5.5 million common shares of Arctic Wolf. This acquisition will integrate Cylance’s advanced AI-driven endpoint security capabilities into Arctic Wolf’s open-XDR security platform, Aurora, enhancing its endpoint-to-edge coverage.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
