👉 What’s going on in the cyber world today?

ArcaneDoor, Cisco Zero-Days, Govt Networks, Brokewell, Banking Trojan, Androids, Fake Chrome Update, Public Exploit, Severe Flowmon Bug, SSLoad, Malware, Global Targets, Phishing, XSS Flaw, IBM Security Products, Anti-Trump, Lincoln Project, Email Hack Scam, YIEDL, AI Crypto Platform, Argentina, Cyber Theft, Leicester City, Street Lights, EU Sanctions, Russian Disinformation, Phishing Attacks, AI Tool, Qualcomm, New Chip, Apple, Intel, Google, Third-Party Cookie, IBM, Acquisition, HashiCorp.

Listen to the full podcast

🚨 Cyber Alerts

1. ArcaneDoor Breaches Govt via Cisco Flaws

Cisco recently disclosed that a state-backed hacker group exploited zero-day vulnerabilities in its firewall products, namely the ASA and FTD, to infiltrate government networks globally. The campaign, dubbed ArcaneDoor, leveraged two major flaws to install malware that manipulated device operations and exfiltrated sensitive data. Cisco urges customers to apply the latest security patches to mitigate risks and prevent future breaches, highlighting the ongoing challenge of defending against sophisticated cyber-espionage tactics.

2. Brokewell Trojan Strikes Via Chrome Update

Security experts at ThreatFabric have unveiled a new Android banking trojan named Brokewell, which can monitor and capture every user interaction on the device. Distributed through a deceptive Chrome update alert, Brokewell exhibits sophisticated data theft and device control features, allowing cybercriminals comprehensive remote access. To safeguard against such threats, users are advised to only download apps from the Google Play Store and to keep Play Protect active.

3. Severe Flowmon Flaw Allows Remote Access

Progress Flowmon, a vital network monitoring tool used globally, faces a severe vulnerability, CVE-2024-2389, with a maximum severity score. Rhino Security Labs discovered the flaw, enabling remote access and arbitrary command execution. Progress Software swiftly released updates, urging immediate action to mitigate risks, as exploit code is already available.

4. SSLoad Malware Strikes via Global Phishing

Cybersecurity experts from Securonix have uncovered an ongoing malware distribution campaign named FROZEN#SHADOW, which employs phishing emails to deploy the SSLoad malware alongside tools like Cobalt Strike and ConnectWise ScreenConnect. This sophisticated attack chain begins with emails that direct victims to download a JavaScript file, initiating the malware infection. Once installed, SSLoad conducts system reconnaissance, establishes backdoors for persistence, and could lead to widespread network infiltration, posing significant remediation challenges for affected organizations.

5. IBM Security Tools Hit by XSS Vulnerability

Researchers have identified a medium-severity cross-site scripting (XSS) vulnerability, CVE-2023-47731, in IBM’s QRadar Suite Software and Cloud Pak for Security, allowing attackers to execute arbitrary JavaScript code. This flaw enables malicious scripts to be embedded within the web UI, potentially leading to unauthorized data access and credential disclosure during trusted sessions. IBM has urged users to immediately apply available patches or upgrades to mitigate this security risk effectively.

💥 Cyber Incidents

6.  Lincoln Project Scammed for $35K via Email

The Lincoln Project, an anti-Trump super PAC, fell victim to a business email compromise (BEC) scam, losing $35,000 in February. A vendor’s email account was hacked, leading to the production and submission of fraudulent, yet convincing invoices that resulted in two disputed transactions. Despite the financial setback, spokesman Greg Minchak assured that the incident did not impact their operational efforts in political advocacy, highlighting the ongoing investigation led by their vendor and bank’s fraud department.

7. YIEDL Crypto Platform Hit by $157K Hack

YIEDL, an AI-based crypto trading platform, falls victim to a security breach, resulting in hackers stealing $157,000 worth of various crypto assets. Exploiting a flaw in YIEDL’s “redeem function,” attackers targeted the Y-BULL vault on the BNB Smart Chain, withdrawing assets through a malicious contract. The incident occurs shortly after the platform’s launch of the Y-BULL spot vault on the BSC network, prompting cautionary warnings to users and ongoing investigations by the YIEDL team.

8. San Francisco Library Network Hit by Hack

Solano County’s library systems, part of the San Francisco Bay Area, have been paralyzed for over two weeks following a cyberattack that disabled phone lines, computer services, and Wi-Fi across multiple branches. The attack specifically targeted the SPLASH network, prompting hackers to demand a $100,000 ransom and threaten the release of stolen data. While services like public Wi-Fi at Benicia and digital resources remain accessible, full functionality is yet to be restored, and the impact on user data is still under investigation in this significant disruption.

9. Santa Fe Comuna Hit by $56K Cyber Theft

The community of San Agustín, located in Santa Fe, Argentina, suffered a significant financial setback due to a cyberattack that resulted in the theft of $56,000 from its central account. Discovered on a Monday after the theft occurred via four transactions the previous Friday, the cyber thieves nearly attempted additional withdrawals but were thwarted by insufficient funds. The local community president, Cristian Osta, expressed deep concern over the unprecedented incident, emphasizing the urgent need to recover funds critical for paying suppliers and salaries.

10. Leicester Street Lights On Nonstop After Hack

Leicester City Council’s IT systems were severely impacted by a ransomware attack seven weeks ago, causing unusual disruptions including streetlights remaining on day and night. The cyber incident not only compromised sensitive documents like rent statements and council house applications but has also disrupted the central management system controlling street lighting. As a result, residents like Roger Ewens have observed continuous lighting, raising concerns over safety and increased municipal costs as the council works toward resolving the issue.

📢 Cyber News

11. France Pushes EU Sanctions on Russia

France is spearheading a campaign to impose new EU sanctions aimed at countering Russian disinformation, especially in light of the forthcoming European parliamentary elections. The proposed sanctions target individuals and entities involved in Russian-backed influence operations that threaten democracy, stability, and the rule of law across Europe. Supported by several EU countries vulnerable to Russian propaganda, the initiative seeks to strengthen Europe’s defense against the growing sophistication and reach of disinformation campaigns, as evident from recent misleading web activities falsely attributed to French government sites.

12. AI Boosts Phishing Attacks by 58% Globally

The rise of AI-powered generative tools has significantly enhanced the sophistication of phishing campaigns, making it easier for even novice attackers to launch highly targeted and deceptive attacks. According to Zscaler’s Phishing Report 2024, which analyzed over 2 billion incidents from 2023, there has been a 58.2% increase in phishing activities, with AI being utilized for advanced tactics like voice phishing and deepfake impersonation.

13. Qualcomm’s New Chip Challenges Apple, Intel

Qualcomm has introduced its latest chip, the Snapdragon X Plus, set to power the upcoming generation of Windows PCs, with the first models expected to debut in May. This new addition boasts a 10-core Qualcomm Oryon custom-integrated processor, delivering significantly faster CPU performance while consuming less power compared to competitors, making it a promising advancement in computing technology. However, amidst anticipation, some skepticism arises regarding Qualcomm’s benchmark claims, sparking debates about the accuracy of performance disclosures.

14. Google Postpones Cookie Removal to 2024

Google has postponed the removal of third-party cookies from its Chrome browser until the second half of 2024, marking its third delay since the initial announcement in 2020. This decision comes as Google works closely with the UK’s Competition and Markets Authority (CMA) to address competition concerns related to its Privacy Sandbox initiative, which aims to introduce privacy-preserving ad technologies. Despite the delay, Google continues to test these features with select Chrome users, while ensuring the new tools do not unfairly benefit its own advertising technology.

15. IBM to Acquire HashiCorp for $6.4 Billion

IBM has announced its plan to acquire HashiCorp for $6.4 billion, aiming to bolster its multi-cloud and hybrid cloud offerings. The purchase, priced at $35 per share, is set to enhance IBM’s capabilities in generative AI, data security, IT automation, and consulting, utilizing HashiCorp’s expertise in infrastructure and security lifecycle management. Although the deal has received board approval from both companies, it awaits regulatory green lights and is anticipated to finalize by the year’s end.

Copyright © 2024 CyberMaterial. All Rights Reserved.