π What are the latest cybersecurity alerts, incidents, and news?
Credit Card, Skimmer, Facebook, Iran, MuddyWater, Hackers, C2, Tool, DarkBeatC2, Lighttpd, Palo Alto Networks, PAN-OS, Node.js, Windows, Business Intelligence, Startup, Sisense, LastPass, Deepfake Calls, Slovenia, Public Sector, DDoS Attacks, New Mexico Highlands University, Las Vegas, Ransomware, Taxi, Passengers, UK, Ireland, CISA, Microsoft, Russian Hackers, FBI, India, High Commissioner, India, Innovation, 6G Network, Antenna, AI Defenses, Jailbreaking Attempts.
π¨Β Cyber Alerts
Cybersecurity researchers uncover a hidden credit card skimmer camouflaged within a counterfeit Meta Pixel tracker script, slipping through defenses. The malware, nestled within seemingly innocuous code, targets e-commerce sites through WordPress and Magento plugins, emphasizing the need for vigilant security measures. Vigilance, regular updates, and password management are vital shields against evolving cyber threats in the e-commerce landscape.
The Iranian threat actor, MuddyWater, introduces DarkBeatC2, a new command-and-control infrastructure, continuing its cyber assault with evolving tools. Despite occasional tool changes, MuddyWater’s strategies, linked to Iran’s MOIS, exhibit consistency since 2017, orchestrating spear-phishing attacks and leveraging compromised systems. DarkBeatC2’s deployment, observed in recent attacks, underscores MuddyWater’s persistence, utilizing varied methods like PowerShell code and DLL side-loading for C2 connections.
A nearly 6-year-old vulnerability in Lighttpd, a web server used in Baseboard Management Controllers (BMC), has been neglected by vendors like Intel and Lenovo. This oversight leaves devices susceptible to memory exfiltration, potentially bypassing security measures such as Address Space Layout Randomization (ASLR). Despite Lighttpd’s reputation for efficiency, its unnoticed flaw highlights systemic issues in firmware supply chains, exacerbating long-term security risks for affected devices.
Palo Alto Networks warns of a critical vulnerability in its GlobalProtect gateways, CVE-2024-3400, with a severity score of 10.0. Exploitation of this flaw, enabling execution of arbitrary code with root privileges, has been observed in the wild, prompting urgent attention and the forthcoming release of fixes on April 14, 2024. The discovery underscores the ongoing challenges in cybersecurity defense, particularly as threat actors increasingly target network infrastructure with sophisticated attacks.
A high-severity flaw in Node.js exposes Windows platforms to arbitrary code execution, flagged as CVE-2024-27980. The vulnerability, rooted in child_process.spawn functions, enables attackers to execute malicious commands, bypassing safety mechanisms even without shell option activation. Swift security updates for affected Node.js versions (18.x, 20.x, 21.x) are available, urging users to upgrade immediately to safeguard applications and infrastructure from potential exploitation.
π₯ Cyber Incidents
Business intelligence startup Sisense faces a cyber attack, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to advise customers to reset passwords and report suspicious activity. With details undisclosed, CISA collaborates with industry partners to address the incident, while Sisense navigates this setback amidst prior business challenges.
A LastPass employee deftly foils a deepfake phishing attempt after recognizing signs of social engineering and suspicious communication outside business hours. The incident underscores the rising threat of deepfakes in executive impersonation fraud campaigns, emphasizing the critical need for employee awareness and vigilance.
Slovenia faces another cyberattack as multiple government websites, including those of the central bank and the main government portal, remain inaccessible. Despite the disruption, authorities assure that the situation is under control, with measures in place to address the ongoing distributed denial-of-service (DDoS) attacks. Prime Minister Robert Golob has announced increased funding and staffing to bolster cybersecurity, aiming to fortify the country against future threats and maintain its status as a safe and stable nation amidst cyber incidents.
Most campus operations halted as classes are canceled due to a ransomware attack, disrupting access to essential data via the school’s portal. Vice President David Lepre confirms the incident, emphasizing its impact on online courses and campus networks in Las Vegas, with no definite timeline for resolution despite ongoing efforts. Assistance from state officials and past cybersecurity investments aim to mitigate the effects of the attack and restore university services swiftly.
A significant data breach involving the exposure of around 300,000 taxi passengers’ personal information, discovered by cybersecurity researcher Jeremiah Fowler, has sparked alarm in the UK and Ireland. Fowler identified the breach in Dublin-based taxi dispatch system provider iCabbi’s non-password-protected database, which contained sensitive details such as names, phone numbers, and email addresses.
π’ Cyber News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive following the compromise of Microsoft’s systems by a Russian nation-state group, Midnight Blizzard. This directive advises federal agencies to analyze exfiltrated emails, reset compromised credentials, and secure authentication tools for privileged Microsoft Azure accounts. In response to the incident, CISA has also released a new malware analysis system, encouraging organizations to submit suspicious artifacts for analysis.
FBI Director Christopher Wray briefed Congress on Thursday about the United States facing a wide range of “escalated” digital threats, emphasizing the need for $11.3 billion in funding to counter cyber threats from nation-states and cybercriminals. Wray highlighted the challenge of keeping pace with evolving technologies exploited by threat actors to infiltrate networks, attack critical infrastructure, and create chaos. Despite ongoing efforts and countermeasures, the FBI aims to bolster its cyber response capabilities to combat the growing threat landscape.
Lindy Cameron, former head of the UK’s NCSC, appointed British High Commissioner to India, a significant diplomatic role amid ongoing negotiations for a Free Trade Agreement and ahead of India’s general election. Cameron’s expertise in cybersecurity and her previous engagements with Indian officials underscore her suitability for navigating bilateral relations and addressing shared challenges, such as cybersecurity threats from nation-state actors. As tensions persist between China and India, Cameron’s appointment signals the UK’s commitment to strengthening ties and collaborating on strategic issues in the Indo-Pacific region.
A matchbook-sized antenna from the University of Glasgow promises advancements in holographic calls, autonomous driving, and healthcare. The digitally coded dynamic metasurface antenna (DMA) operates at 60 GHz millimeter-wave band, offering potential applications in communication, sensing, and imaging. Lead researcher Dr. Masood Ur Rahman highlights the antenna’s role in shaping the next generation of mmWave reconfigurable antennas, with implications for holographic imaging and wireless power transfer.
Microsoft introduces AI Spotlighting and AI Watchdog to combat malicious attempts at jailbreaking AI systems. These techniques aim to protect against prompt injection attacks and poisoned content, reducing the success rate of such attacks to below the threshold of detection while minimizing impact on AI performance. Through the PyRIT toolkit and enhanced prompt filtering, Microsoft reinforces defenses against adversarial behavior in AI systems, safeguarding against potential harm.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
