π What’s going on in the cyber world today?
Hackers, Crypto, OpenMetadata Flaws, Kubernetes, Google Ads, Fake IP Scanner, Backdoor, Cisco, Root Escalation Vulnerability, Atlassian, Cerber Ransomware, Linux Variant, SoumniBot, Banking Malware, Android Vulnerabilities, New York, Bill Drafting Office, Ukraine, 1+1 Media Group, Ready or Not Studio, Game Data, Le Slip FranΓ§ais, Underwear Company, Simone Veil Hospital, US House, Data Broker, EU Data Regulator, Meta, ‘Pay or Okay’, CISA, FBI, ODNI, Election Infrastructure, Security Alliance, Crypto Threat Platform, Mandiant, Sandworm, APT44.
π¨Β Cyber Alerts
In an ongoing Kubernetes cryptomining campaign, attackers exploit critical vulnerabilities in OpenMetadata, targeting data assets. Security flaws CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, and CVE-2024-28254, patched in March, are actively exploited to compromise unpatched OpenMedata workloads, leading to remote code execution and cryptojacking. Admins urged to update, secure credentials, and monitor for unauthorized access.
A new Google malvertising campaign exploits look-alike domains to distribute a sophisticated Windows backdoor called MadMxShell. Threat actors register mimicking domains, using Google Ads to target specific search keywords and lure victims to download malicious files masquerading as legitimate IP scanner software. The backdoor, employing DNS tunneling for command-and-control communication, evades security solutions, demonstrating a complex and persistent threat landscape.
Cisco addresses a high-severity Integrated Management Controller (IMC) vulnerability, offering patches to prevent local attackers from escalating privileges to root. This flaw, tracked as CVE-2024-20295, stems from insufficient validation of user input in the IMC CLI, potentially impacting a wide range of Cisco devices. While exploit code exists, no active attacks exploiting this vulnerability have been reported yet, underscoring the importance of prompt patching and proactive security measures
Threat actors exploit unpatched Atlassian servers, deploying Cerber ransomware, compromising confidentiality, integrity, and availability. Financially motivated cybercrime groups abuse admin accounts to install Effluence web shell, facilitating arbitrary command execution. The use of pure C++ payloads highlights evolving ransomware tactics amid the emergence of new variants targeting Windows and VMware servers.
A novel Android banking malware dubbed ‘SoumniBot’ employs innovative obfuscation techniques to bypass standard security measures and steal sensitive information. Discovered and analyzed by Kaspersky researchers, SoumniBot utilizes manipulation of the Android manifest extraction process to deceive Android’s parser and avoid detection. Despite targeting Korean users, its distribution methods vary, possibly exploiting third-party app stores or injecting malicious code into legitimate apps, highlighting the evolving sophistication of mobile malware threats.
π₯ Cyber Incidents
The New York state Legislature’s bill drafting office faces an apparent cyberattack, impacting the bill drafting system’s functionality since early Wednesday. While the scope of the attack remains unclear, officials assure that efforts are underway to address the disruption, with Governor Kathy Hochul stating that the incident isn’t expected to significantly impede the state budget’s finalization process.
Ukraine’s prominent media group, 1+1 Media, reports a cyberattack impacting its satellite TV channels. The attack disrupted broadcasting on the Astra 4A 11766 H transponder, affecting 39 channels including those operated by 1+1 Media. European provider SES, responsible for Astra, confirms outages due to “external radio frequency interference” and assures ongoing investigations to mitigate the impact.
Millions of files, including Ready or Not’s source code and console builds, have been stolen from Void Interactive, the studio behind the popular Steam shooter. Insider Gaming reveals that over 2.1 million files, totaling 4TB of data, were taken in March, raising concerns about the security of the game’s technical assets. Despite the breach, no personal information of players or developers appears to have been compromised, offering a silver lining amid the security breach.
Le Slip Français faces a cyberattack as customer data is compromised, including names, addresses, and contact details, announced on April 16. Despite the breach, the company assures customers that account passwords and payment information remain secure, with measures taken to contain the attack and prevent potential fraud. While the extent of the breach is not fully disclosed, Le Slip Français advises affected users to update their account passwords as a precautionary measure.
Simone Veil Hospital in Cannes faces a cyberattack, affecting a third of operations and consultations. Despite the attack, no ransom demands or data thefts have been reported yet. The hospital activates crisis measures, prioritizing patient care safety amidst ongoing investigations.
π’ Cyber News
The House approves legislation restricting government transactions with data brokers without subpoenas or warrants, despite opposition from the Biden administration. The “Fourth Amendment is Not for Sale Act” passes with bipartisan support, aiming to protect Americans’ privacy rights. However, the administration argues that such restrictions would hinder national security efforts, highlighting the ongoing debate over the balance between privacy and security concerns.
Meta faces criticism for charging users to opt-out of personalized ads in Europe, deemed potentially violating privacy rights. European authorities challenge the “pay or okay” model, urging alternatives that don’t require fees and limit personal data processing. The debate intensifies as data protection agencies scrutinize Meta’s compliance with GDPR principles.
The CISA, FBI, and ODNI released guidance on safeguarding US election infrastructure against foreign influence tactics. The document outlines strategies to combat malign influence operations, emphasizing the importance of collaboration and awareness in defending democracy. With advances in AI, protecting the electoral process is crucial to preventing the erosion of confidence in democratic institutions.
The Security Alliance (SEAL) team, composed of white hat hackers, has announced the recovery of $50 million in assets since its establishment in 2023 and unveiled SEAL-ISAC, a free Information Sharing and Analysis Center (ISAC) tailored for the crypto sector. SEAL-ISAC offers a range of features including information sharing, threat analysis, incident coordination, and educational resources, aiming to bolster cybersecurity in the crypto space. Backed by major crypto organizations like the Ethereum Foundation and Polygon, the platform integrates with SEAL’s other initiatives, including a crypto security incident response channel called SEAL 911, to provide real-time assistance during hacks.
Mandiant has reclassified the notorious Sandworm group as APT44 due to its escalated threat level in the ongoing Russia-Ukraine conflict and its formidable capabilities in cyber operations. The upgrade underscores APT44’s significant role in espionage, attacks, and influence operations, particularly with its ties to the Russian Main Intelligence Directorate (GRU). Notably, APT44’s involvement in disruptive campaigns, such as targeting Ukraine’s energy grid and launching wiper malware attacks, poses a serious risk to global government and critical infrastructure entities.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
