π What are the latest cybersecurity alerts, incidents, and news?
RansomHub, EDR-Killing Tool, Banshee Stealer, macOS, Browsers, Crypto Wallets, Microsoft, Entra ID, Hybrid Identity Authentication, Russia, Eastern Europe, NGOs, Phishing, Google, Pixel, Vulnerable App, National Public Data, 2.9 Billion Records, United Urology Group, Breach, UConn Health, TD Bank, Data Misuse, CSC ServiceWorks, Federal Trade Commission, Fake Reviews, Social Media Manipulation, TP-Link, Routers, Kim Dotcom, Deportation, Meta, CrowdTangle Shutdown, Ransomware Gangs.
Listen to the full podcast
π¨Β Cyber Alerts
A new tool designed to disable endpoint detection and response (EDR) software has been linked to the RansomHub ransomware group, a suspected rebrand of the Knight ransomware. Discovered by Sophos and dubbed “EDRKillShifter,” the tool was identified during a failed ransomware attack in May 2024. EDRKillShifter functions as a “bring your own vulnerable driver” (BYOVD) utility, leveraging legitimate but vulnerable drivers to gain elevated privileges and disarm EDR protections.
A new stealer malware named Banshee Stealer has been discovered targeting Apple macOS systems, offering a significant threat to both x86_64 and ARM64 architectures. Priced at $3,000 per month on the dark web, Banshee Stealer is designed to compromise a broad range of web browsers, cryptocurrency wallets, and approximately 100 browser extensions.
A newly discovered vulnerability in Microsoft Entra ID (formerly Azure Active Directory) poses a significant risk to hybrid identity environments. Researchers from Cymulate have revealed that attackers with admin access to a Pass-Through Authentication (PTA) server can exploit this flaw to bypass authentication and gain unauthorized access to synced Active Directory accounts across multiple on-premises domains.
Russian and Belarusian non-profit organizations, independent media in Russia, and international NGOs in Eastern Europe are facing a new wave of spear-phishing attacks linked to Russian state interests. These attacks are carried out by two threat groups: COLDRIVER, associated with Russia’s Federal Security Service (FSB), and a newly identified group called COLDWASTREL. The campaigns, known as River of Phish, involve sophisticated social engineering tactics, including emails from compromised or spoofed accounts and deceptive PDF attachments that lead victims to credential-harvesting sites.
Google Pixel devices shipped globally since September 2017 have been found to include a pre-installed Android app, “Showcase.apk,” that poses significant security risks. According to a joint analysis by iVerify, Palantir Technologies, and Trail of Bits, the app has excessive system privileges, allowing it to execute code remotely and install arbitrary packages. The app retrieves configuration files over an unencrypted HTTP connection, making it vulnerable to man-in-the-middle attacks.
π₯ Cyber Incidents
On August 6, 2024, a significant data breach exposed approximately 2.9 billion records containing sensitive personal information, including Social Security numbers, addresses, and potential aliases. The breach, attributed to the threat actor “Fenice,” was sourced from National Public Data, a company specializing in compiling and selling personal data. The leaked data, available for free on a hacking forum, reveals information scraped from public sources and highlights the vulnerabilities in data protection practices.
United Urology Group has disclosed a data breach affecting personal information following unauthorized network access between April 27 and May 6, 2024. The breach, which was discovered and investigated by cybersecurity experts, resulted in the removal of personal data, including names, Social Security numbers, dates of birth, driverβs license numbers, financial account information, and health records.
UConn Health, based in Farmington, Connecticut, recently reported a data incident involving unauthorized access to a UConn Health email account on June 14, 2024. The breach potentially exposed personal information including names, Social Security numbers, driver’s license numbers, financial details, medical treatment records, and health insurance information. Following the incident, UConn Health took immediate action to secure the account and engaged forensic experts to assess the breach.
TD Bank has disclosed a data breach involving an employee at its New Jersey headquarters who improperly accessed the personal information of 41 customers from September 2023 to March 2024. The compromised data includes names, addresses, Social Security numbers, and debit card details. The bank has reimbursed affected accounts where applicable and is enhancing security protocols to prevent future incidents.
CSC ServiceWorks has confirmed a significant data breach that occurred in 2023, impacting approximately 35,000 individuals. The breach was detected in February 2024 after suspicious activity on the company’s network prompted an investigation. The unauthorized access, which occurred between September 23, 2023, and February 4, 2024, exposed a range of personal information, including names, dates of birth, contact details, government IDs, financial and health insurance data, and in some cases, details of affected individuals’ children.
π’ Cyber News
The US Federal Trade Commission (FTC) has announced a landmark rule banning the creation of fake online reviews and testimonials. The new regulation, effective 60 days after publication, aims to curb deceptive practices by prohibiting both AI-generated and fraudulent reviews from individuals who have no genuine experience with the product or service being reviewed. Additionally, the rule outlaws the purchase of social media influence through fake followers or bots.
U.S. lawmakers are calling for a formal investigation into TP-Link Technologies, a major Chinese-owned manufacturer of WiFi routers, citing national security risks. In a letter to Commerce Secretary Gina Raimondo, Representatives John Moolenaar and Raja Krishnamoorthi expressed concerns that TP-Link routers, made in China and sold globally, could be exploited for state-sponsored cyberattacks.They highlighted recent findings of vulnerabilities in TP-Link products and fears that the Chinese government might compel the company to facilitate espionage.
Kim Dotcom, the founder of the file-sharing website Megaupload, has lost a 12-year legal battle to prevent his deportation from New Zealand to the United States. The New Zealand Justice Minister, Paul Goldsmith, has decided to proceed with Dotcom’s extradition to face charges of copyright infringement, money laundering, and racketeering. The case, which began with Dotcom’s arrest in 2012, saw Megaupload shut down by the FBI over allegations that it facilitated massive copyright violations.
Meta has shut down CrowdTangle, its widely used tool for tracking misinformation on Facebook and Instagram, despite significant backlash from researchers and journalists. The decision replaces CrowdTangle with the Meta Content Library, a tool critics argue has only a fraction of the features and usability. Many in the community are dismayed, questioning the timing and effectiveness of the replacement, especially ahead of a contentious U.S. election.
Ransomware gangs have amassed over $459 million in the first half of 2024, reflecting a severe escalation in cyber extortion. According to a recent Chainalysis report, the amount of money extorted this year represents a $10 million increase from last year’s figures, setting a troubling pace for what could be the worst year on record for ransomware attacks. The report highlights a record ransom payment of $75 million and an increase in the median ransom from $198,939 in early 2023 to $1.5 million by mid-2024.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
