π What’s going on in the cyber world today?
GitHub Tokens, Artifacts, Repositories, Gafgyt Botnet, Weak SSH Passwords, Crypto Mining, SolarWinds, Black Basta, Social Engineering Campaign, AnyDesk, Credential Theft, Malware Dropper, Iranian Hackers, Election Campaign, Phishing Attacks, IntelFetch Bot Service, Democratic National Convention, AutoCanada, Iranian Banking System, Oceanair, Enterprise Financial Group, US Crypto Legislation, AI, Cybersecurity, X, Passkey Support, Android Users, Maryland Air National Guard, NATO Cyber Defense, Texas AG, GM, Misuse, Driver Data
Listen to the full podcast
π¨Β Cyber Alerts
A newly discovered attack vector in GitHub Actions artifacts, dubbed ArtiPACKED, could lead to repository takeovers and unauthorized access to cloud environments. Misconfigurations and security flaws in artifacts may expose sensitive tokens, making them vulnerable to malicious actors with read access. GitHub categorized this issue as informational, urging users to secure their uploaded artifacts to prevent potential compromises.
Researchers have uncovered a new variant of the Gafgyt botnet exploiting weak SSH passwords to mine cryptocurrency using GPU power on compromised servers. This variant, which focuses on cloud-native environments with strong computational capabilities, marks a shift from the botnet’s usual DDoS attacks. With over 30 million publicly accessible SSH servers, the risk of exploitation is significant, highlighting the need for robust security measures.
ββSolarWinds has issued an urgent call for customers to patch a critical Java deserialization remote code execution vulnerability in its Web Help Desk platform. Known as CVE-2024-28986, the flaw could allow attackers to execute commands on the host machine, posing severe security risks. Despite extensive testing showing the issue might require authentication, SolarWinds advises all users to upgrade to WHD 12.8.3 and apply the available hotfix.
An ongoing social engineering campaign, allegedly linked to the Black Basta ransomware group, is targeting users through email bombs and fake support calls via Microsoft Teams. The attack chain involves convincing users to install AnyDesk remote access software, which facilitates the deployment of malware like SystemBC and credential theft via an executable named AntiSpam.exe. To counter these threats, it is recommended to block unauthorized remote desktop solutions and be cautious of suspicious communications posing as IT support.
Hackers linked to Iran’s Islamic Revolutionary Guard Corps have intensified their phishing campaigns targeting U.S. and Israeli officials, including the Trump and Biden presidential campaigns. Googleβs Threat Analysis Group reported a rise in attempts to steal credentials from campaign staff and high-profile individuals, particularly focusing on Israel and the U.S. As tensions escalate, experts anticipate further phishing operations and hack-and-leak tactics as the election approaches.
π₯ Cyber Incidents
As the US Democratic National Convention (DNC) approaches, a Telegram bot service called IntelFetch has exposed compromised credentials linked to the DNC and Democratic Party. ZeroFox researchers identified stolen login information from DNC state branches and sensitive data from party members. This breach, while not a targeted attack, poses a significant risk to DNC security and operations.
AutoCanada, a major Canadian car dealership, recently disclosed a cyberattack impacting its internal IT systems. The breach was discovered on August 11 and has led to disruptions in some of the companyβs operations. While the full scope and nature of the incident remain under investigation, AutoCanada has engaged cybersecurity experts to help with containment and remediation efforts.
Iran’s Central Bank and other financial institutions were hit by a significant cyber attack on August 14, marking one of the largest breaches in the country’s history. The attack caused major disruptions to the banking system and reportedly exposed millions of bank and credit card details. Despite the severity of the incident, the Iranian government has yet to issue an official response, with expectations of a potential denial from the regime.
OceanAir discovered a cyber attack on May 27, 2024, which led to unauthorized access to files. The company has since completed a review and notified affected individuals, offering complimentary identity monitoring services. OceanAir is also taking steps to enhance its security protocols to prevent similar incidents in the future.
On February 18, 2024, Enterprise Financial Group Inc. (EFG) experienced a significant security incident affecting its internal systems. Unauthorized access occurred through a third-party VPN appliance, leading to the copying of personal information such as Social Security numbers and bank details. The company has since patched the vulnerabilities, replaced the VPN appliance, and is offering free credit monitoring to affected individuals.
π’ Cyber News
Senate Majority Leader Chuck Schumer has set a goal to pass comprehensive cryptocurrency legislation by the end of 2024. Speaking at a Crypto4Harris virtual town hall, Schumer emphasized the need for a balanced approach that fosters innovation while implementing necessary safeguards. He highlighted the risk of the U.S. falling behind in digital asset regulation and compared the proposed crypto framework to the regulatory approach for artificial intelligence.
Cisco Systems is planning to lay off 7% of its employees, or around 5,900 positions, as part of a strategic realignment towards rapidly growing areas like artificial intelligence and cybersecurity. This move marks the company’s second round of job cuts in 2024, following a previous reduction of about 4,000 jobs announced in February. Cisco, based in San Jose, California, aims to refocus its efforts on emerging technology sectors by investing $1 billion in tech startups and partnering with Nvidia to develop AI infrastructure.
X has expanded its support for passkeys to its Android app, following its earlier introduction for iOS users. Passkeys, a digital authentication method, offer a more secure alternative to traditional passwords, reducing the risk of theft or guesswork. Android users will need to set up a passkey through the Security tab under “Additional password protection” after creating an account.
Maryland Air National Guard Airmen from the 175th Cyberspace Operations Group participated in the Locked Shields 2024 exercise, the largest live-fire cyber defense drill globally. Held at the NATO Cooperative Cyber Defence Centre of Excellence, the exercise involved international teams from Estonia and France, focusing on enhancing collaborative cyber defense capabilities. This event allowed participants to sharpen their skills, strengthen international partnerships, and develop strategies to counter evolving cyber threats.
Texas Attorney General Ken Paxton has initiated a lawsuit against General Motors, accusing the company of mishandling drivers’ data in violation of state privacy laws. The suit claims GM misled consumers into enrolling in data-collecting products and subsequently sold this data to various firms, including those creating driving scores for insurers. Paxton seeks substantial penalties and a court order to destroy the collected data, marking this action as part of a broader privacy enforcement initiative.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
