π What’s going on in the cyber world today?
ArcaneDoor, Cisco Zero-Days, Govt Networks, Brokewell, Banking Trojan, Androids, Fake Chrome Update, Public Exploit, Severe Flowmon Bug, SSLoad, Malware, Global Targets, Phishing, XSS Flaw, IBM Security Products, Anti-Trump, Lincoln Project, Email Hack Scam, YIEDL, AI Crypto Platform, Argentina, Cyber Theft, Leicester City, Street Lights, EU Sanctions, Russian Disinformation, Phishing Attacks, AI Tool, Qualcomm, New Chip, Apple, Intel, Google, Third-Party Cookie, IBM, Acquisition, HashiCorp.
Listen to the full podcast
π¨Β Cyber Alerts
Cisco recently disclosed that a state-backed hacker group exploited zero-day vulnerabilities in its firewall products, namely the ASA and FTD, to infiltrate government networks globally. The campaign, dubbed ArcaneDoor, leveraged two major flaws to install malware that manipulated device operations and exfiltrated sensitive data. Cisco urges customers to apply the latest security patches to mitigate risks and prevent future breaches, highlighting the ongoing challenge of defending against sophisticated cyber-espionage tactics.
Security experts at ThreatFabric have unveiled a new Android banking trojan named Brokewell, which can monitor and capture every user interaction on the device. Distributed through a deceptive Chrome update alert, Brokewell exhibits sophisticated data theft and device control features, allowing cybercriminals comprehensive remote access. To safeguard against such threats, users are advised to only download apps from the Google Play Store and to keep Play Protect active.
Progress Flowmon, a vital network monitoring tool used globally, faces a severe vulnerability, CVE-2024-2389, with a maximum severity score. Rhino Security Labs discovered the flaw, enabling remote access and arbitrary command execution. Progress Software swiftly released updates, urging immediate action to mitigate risks, as exploit code is already available.
Cybersecurity experts from Securonix have uncovered an ongoing malware distribution campaign named FROZEN#SHADOW, which employs phishing emails to deploy the SSLoad malware alongside tools like Cobalt Strike and ConnectWise ScreenConnect. This sophisticated attack chain begins with emails that direct victims to download a JavaScript file, initiating the malware infection. Once installed, SSLoad conducts system reconnaissance, establishes backdoors for persistence, and could lead to widespread network infiltration, posing significant remediation challenges for affected organizations.
Researchers have identified a medium-severity cross-site scripting (XSS) vulnerability, CVE-2023-47731, in IBM’s QRadar Suite Software and Cloud Pak for Security, allowing attackers to execute arbitrary JavaScript code. This flaw enables malicious scripts to be embedded within the web UI, potentially leading to unauthorized data access and credential disclosure during trusted sessions. IBM has urged users to immediately apply available patches or upgrades to mitigate this security risk effectively.
π₯ Cyber Incidents
The Lincoln Project, an anti-Trump super PAC, fell victim to a business email compromise (BEC) scam, losing $35,000 in February. A vendor’s email account was hacked, leading to the production and submission of fraudulent, yet convincing invoices that resulted in two disputed transactions. Despite the financial setback, spokesman Greg Minchak assured that the incident did not impact their operational efforts in political advocacy, highlighting the ongoing investigation led by their vendor and bankβs fraud department.
YIEDL, an AI-based crypto trading platform, falls victim to a security breach, resulting in hackers stealing $157,000 worth of various crypto assets. Exploiting a flaw in YIEDL’s “redeem function,” attackers targeted the Y-BULL vault on the BNB Smart Chain, withdrawing assets through a malicious contract. The incident occurs shortly after the platform’s launch of the Y-BULL spot vault on the BSC network, prompting cautionary warnings to users and ongoing investigations by the YIEDL team.
Solano County’s library systems, part of the San Francisco Bay Area, have been paralyzed for over two weeks following a cyberattack that disabled phone lines, computer services, and Wi-Fi across multiple branches. The attack specifically targeted the SPLASH network, prompting hackers to demand a $100,000 ransom and threaten the release of stolen data. While services like public Wi-Fi at Benicia and digital resources remain accessible, full functionality is yet to be restored, and the impact on user data is still under investigation in this significant disruption.
The community of San AgustΓn, located in Santa Fe, Argentina, suffered a significant financial setback due to a cyberattack that resulted in the theft of $56,000 from its central account. Discovered on a Monday after the theft occurred via four transactions the previous Friday, the cyber thieves nearly attempted additional withdrawals but were thwarted by insufficient funds. The local community president, Cristian Osta, expressed deep concern over the unprecedented incident, emphasizing the urgent need to recover funds critical for paying suppliers and salaries.
Leicester City Council’s IT systems were severely impacted by a ransomware attack seven weeks ago, causing unusual disruptions including streetlights remaining on day and night. The cyber incident not only compromised sensitive documents like rent statements and council house applications but has also disrupted the central management system controlling street lighting. As a result, residents like Roger Ewens have observed continuous lighting, raising concerns over safety and increased municipal costs as the council works toward resolving the issue.
π’ Cyber News
France is spearheading a campaign to impose new EU sanctions aimed at countering Russian disinformation, especially in light of the forthcoming European parliamentary elections. The proposed sanctions target individuals and entities involved in Russian-backed influence operations that threaten democracy, stability, and the rule of law across Europe. Supported by several EU countries vulnerable to Russian propaganda, the initiative seeks to strengthen Europe’s defense against the growing sophistication and reach of disinformation campaigns, as evident from recent misleading web activities falsely attributed to French government sites.
The rise of AI-powered generative tools has significantly enhanced the sophistication of phishing campaigns, making it easier for even novice attackers to launch highly targeted and deceptive attacks. According to Zscaler’s Phishing Report 2024, which analyzed over 2 billion incidents from 2023, there has been a 58.2% increase in phishing activities, with AI being utilized for advanced tactics like voice phishing and deepfake impersonation.
Qualcomm has introduced its latest chip, the Snapdragon X Plus, set to power the upcoming generation of Windows PCs, with the first models expected to debut in May. This new addition boasts a 10-core Qualcomm Oryon custom-integrated processor, delivering significantly faster CPU performance while consuming less power compared to competitors, making it a promising advancement in computing technology. However, amidst anticipation, some skepticism arises regarding Qualcomm’s benchmark claims, sparking debates about the accuracy of performance disclosures.
Google has postponed the removal of third-party cookies from its Chrome browser until the second half of 2024, marking its third delay since the initial announcement in 2020. This decision comes as Google works closely with the UK’s Competition and Markets Authority (CMA) to address competition concerns related to its Privacy Sandbox initiative, which aims to introduce privacy-preserving ad technologies. Despite the delay, Google continues to test these features with select Chrome users, while ensuring the new tools do not unfairly benefit its own advertising technology.
IBM has announced its plan to acquire HashiCorp for $6.4 billion, aiming to bolster its multi-cloud and hybrid cloud offerings. The purchase, priced at $35 per share, is set to enhance IBM’s capabilities in generative AI, data security, IT automation, and consulting, utilizing HashiCorp’s expertise in infrastructure and security lifecycle management. Although the deal has received board approval from both companies, it awaits regulatory green lights and is anticipated to finalize by the year’s end.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.