π What’s the latest in the cyber world today?
R Programming, Arbitrary Code Execution, Safari Flaw, iPhone, Europe, Linux Kernel, Netfilter, Android RAT, Malware, Social Media, SQL Injection, Grafana, Hedgey Finance, Firstmac, Ukrainian Intelligence, Russian Party, Cyber Partisans, Belarus KGB, IRS, Glendale Teachers, CISA, AI Security Threats, South Korea, Crypto Crime, Google, Play Store, SMEs, Security Alerts, Darktrace, Thoma Bravo.
Listen to the full podcast
π¨Β Cyber Alerts
A newly discovered security vulnerability in the R programming language, CVE-2024-27322, can be exploited to execute arbitrary code via malicious RDS files. The flaw stems from the language’s handling of serialization and lazy evaluation, making R packages prone to supply chain attacks. Users are advised to update to R version 4.4.0, released after the flaw’s responsible disclosure, to mitigate risks associated with untrusted RDS or rdx files.
Researchers have discovered a critical privacy flaw in Apple’s Safari browser that could allow for the tracking of iPhone users in the EU through a new feature implemented in iOS 17.4. This flaw utilizes the marketplace-kit URI scheme, designed for downloading apps from third-party stores, which transmits a unique, persistent client_id that can track user activities across various websites. Apple has been urged to rectify this significant oversight, which bypasses Safariβs cross-site tracking protections, potentially exposing users to widespread privacy risks.
The Linux kernel security team has successfully patched a critical vulnerability, CVE-2024-26925, within the netfilter’s nf_tables component, which plays a key role in network packet filtering. The flaw involved improper mutex handling during the garbage collection process that could lead to race conditions, thus posing risks to system stability and security. With this update, the mutex is now appropriately released only after the critical operations, securing systems against potential crashes and unauthorized access. Users are urged to update their systems to the latest kernel version to ensure robust protection.
A sophisticated RAT malware targeting Android devices has recently been discovered, capable of mimicking popular social media apps like Snapchat, Instagram, and WhatsApp to conduct phishing attacks. The malware deceives users into entering their credentials on fake login pages stored within its assets, which are then sent to a command-and-control (C2) server. It gains extensive permissions upon installation, allowing it to execute commands that include harvesting browser credentials, manipulating device settings, and even controlling the deviceβs flashlight.
A severe SQL injection vulnerability has been discovered in the popular open-source monitoring platform, Grafana, which could allow attackers with valid credentials to execute arbitrary SQL commands. This flaw, found in the Grafana SQL package within the SqlDatasource.ts file, permits attackers to send a malicious POST request with a specially crafted SQL parameter, affecting all versions of the platform. Given its potential to facilitate data leakage and other security breaches across numerous organizations, this vulnerability poses a substantial threat to those reliant on Grafana for data analytics and monitoring.
π₯ Cyber Incidents
Hedgey Finance, a key player in token infrastructure, has suffered a significant theft of approximately $44.5 million in cryptocurrencies across platforms like Ethereumβs Arbitrum and Binance Smart Chain. The attack exploited a vulnerability in the “createLockedCampaign ” function, utilizing flash loans to siphon funds which were quickly converted into stablecoins and moved off-site. This security breach not only affects Hedgeyβs operations but has also led to a market dip for the BONUS token, highlighting the need for stringent security measures and proactive communication in the cryptocurrency industry.
Firstmac, a Brisbane-based non-bank lender, has confirmed a cyberattack resulting in the theft of sensitive customer information including tax file numbers and dates of birth. In a notification email to customers, Firstmac disclosed that an unauthorized party had accessed parts of their IT system, potentially impacting files containing personal data. The company has engaged cyber support services and advised affected customers to remain vigilant for scams and to report any suspicious activity to authorities, highlighting ongoing concerns about cybersecurity in the financial sector.
Ukraine’s military intelligence, the GUR, reportedly orchestrated a cyberattack on the digital platforms of Russia’s ruling United Russia party, making them “partially inaccessible.” The attack included a massive distributed denial-of-service (DDoS) attack, overwhelming the party’s servers, websites, and domains. Despite the disruptions, United Russia maintained that its critical digital infrastructure remained operational, highlighting the tension and ongoing cyber warfare between the nations.
The Belarusian hacktivist group, Cyber Partisans, has claimed a significant breach against the Belarus KGB, disabling its official website for over two months and extracting data on more than 8600 agents. They also initiated a Telegram bot that can identify alleged KGB agents from user-uploaded photos, further leveraging the extensive data they extracted during the attack. This bold move was described by the group as a response to accusations from the KGB chief, who alleged that the Cyber Partisans were plotting attacks on Belarus’s critical infrastructure, marking a severe escalation in digital opposition to the Lukashenko regime.
Teachers and other faculty members at Glendale Unified School District have encountered significant difficulties with the IRS following a ransomware attack on their employer’s network. The cyberattack compromised sensitive personal data, including tax file numbers and dates of birth, leading to fraudulent tax filings under the victims’ identities. As a result, over 231 union members found they were unable to file their taxes as records showed they had already been filed. The IRS now requires these employees to undergo a cumbersome identity verification process, complicating their efforts to resolve the fraudulent claims and highlighting the ongoing challenges of protecting sensitive information in educational institutions.
π’ Cyber News
The US government’s cybersecurity agency, CISA, has introduced comprehensive guidelines to strengthen the protection of critical infrastructure against AI-related threats. These guidelines categorize AI risks into three main types: AI-enhanced attacks on infrastructure, targeted attacks on AI systems, and failures in AI design that could impact infrastructure operations. With a focus on fostering an organizational culture prioritizing AI risk management, transparency, and security, CISA’s four-part mitigation strategy encourages a proactive approach to understanding and managing AI risks with tailored evaluation and continuous monitoring measures.
South Korea is intensifying its efforts to combat cryptocurrency-related crimes by considering the transformation of a temporary investigative unit into a permanent body. The proposed Joint Virtual Asset Crime Investigation Unit, under discussion by the nationβs Justice Ministry and the Ministry of the Interior and Safety, would involve dedicated prosecutors and a designated budget to tackle the rising number of crypto crimes, which increased by 48.8% since 2022 according to the Financial Intelligence Unit. This move, coupled with the upcoming enforcement of the nationβs first crypto regulatory framework, signals South Koreaβs commitment to curbing illegal activities such as money laundering and market manipulation in the crypto sector.
Google has stepped up its efforts to secure the Android ecosystem, revealing that it prevented nearly 200,000 apps from accessing sensitive user data like location or SMS messages over the past year. The company also blocked 333,000 accounts attempting to distribute malware or repeatedly violating policies, enhancing its Play Store’s defenses significantly from the previous year. These measures are part of a broader strategy that includes strengthening developer verification processes and deploying advanced machine learning to review app submissions more rigorously.
A recent survey involving 500 U.S. cybersecurity decision-makers from SMEs and midmarket companies highlights the growing challenges they face in managing cyber threats due to limited resources and increasing attack complexities. An alarming 73% of security professionals admitted to overlooking critical security alerts due to understaffing and time constraints. The survey further revealed that respondents manage an average of 11.55 tools in their security stack, spending almost five hours daily on these tasks, and expressed a strong desire to consolidate their cybersecurity tools to enhance their security posture and reduce workload.
Darktrace, a leader in AI-driven cybersecurity, is poised to go private through an acquisition by Thoma Bravo that values the company at approximately $5 billion. The deal, involving an all-cash offer of Β£6.20 per share, represents a significant premium over recent trading prices, reflecting Darktrace’s robust position in the cybersecurity industry. With a history of rejecting lower bids, Darktrace’s acceptance of this offer marks a pivotal moment, promising access to strong financial backing and enhanced capacity to innovate and lead in cybersecurity solutions.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
