August 27 2024 – Cyber Briefing

👉 What’s the latest in the cyber world today?

Microsoft, ASCII Smuggling, 365 Copilot, Greasy Opal, CAPTCHA, Hackers, Apache, Portable Runtime, Unix Systems, WordPress, Multilingual Plugin, Code Execution, FreeDurov, Hacktivist Campaign, Telegram, CEO, Arrest, Park’N Fly, Personal Info, Canadian Users, Georgia, Young Consulting, Meli, Qilin Ransomware, Swisscom, DDoS, E-Banking, Mount Carmel Care Center, Sensitive Data, NASA, Independent Verification and Validation, Cybersecurity, Elon Musk, California, AI Safety Bill, Texas, Police, AI Tool, Tracking Phones, South Korea, Deepfake, New Legislation, Cisco, Robust Intelligence, AI, Application Security

Listen to the full podcast

🚨 Cyber Alerts

1. Microsoft Fixes Copilot ASCII Smuggling Flaw

Microsoft has addressed a critical vulnerability in its 365 Copilot system that could have been exploited to steal sensitive user data through a technique called ASCII smuggling. Discovered by security researcher Johann Rehberger, the flaw involved using special Unicode characters that mimic ASCII but remain invisible in the user interface, allowing attackers to embed hidden data within clickable links. The exploit chain included prompt injection, instructing Copilot to search for emails and documents, and enticing users to click on a malicious link, resulting in the exfiltration of valuable data, including multi-factor authentication (MFA) codes.

2. New Group Offers CAPTCHA Solving Services

A newly discovered cyber group, Greasy Opal, has been identified offering CAPTCHA-solving services to cybercriminals. Based in the Czech Republic and active since 2009, Greasy Opal provides a range of tools including advanced CAPTCHA-bypassing software that is ten times faster than standard solutions. Their services, which also encompass SEO and browser automation, have reportedly generated $1.7 million in revenue for 2023.

3. Apache Vulnerability Allows Data Theft

A newly disclosed vulnerability in the Apache Portable Runtime (APR) library, identified as CVE-2023-49582, poses a significant risk to Unix-based systems by allowing unauthorized local users to access sensitive application data. The flaw arises from lax permissions on shared memory segments, which can expose information to users with local access.

4. WPML Plugin Flaw Exposes 1M Sites to RCE

A critical vulnerability in the WPML (WordPress Multilingual) plugin has exposed over 1 million WordPress sites to remote code execution (RCE) attacks. The flaw, identified as CVE-2024-6386, affects all versions up to and including 4.6.12. It allows authenticated users with contributor-level access or higher to execute arbitrary code on the server, potentially leading to full site takeover. Discovered by a security researcher and reported through the Wordfence Bug Bounty Program, the issue arises from insufficient input validation in the plugin’s use of Twig templates.

5. FreeDurov Campaign Sparks Hacktivist Uproar

Following the arrest of Pavel Durov, CEO of Telegram, several cyber hacktivist groups have mobilized under the “FreeDurov” banner, protesting what they see as a threat to digital freedom. The arrest, carried out by French authorities, has sparked outrage among privacy advocates and has led groups like UserSec and the Russian Cyber Army Team to launch coordinated cyber campaigns in support of Durov.

💥 Cyber Incidents

6. Park’N Fly Breached Exposing Personal Info

Park’N Fly, a leading Canadian airport parking service, has reported a major data breach affecting approximately 1 million customers. The breach, which occurred between July 11 and July 13, 2024, involved unauthorized access through a remote VPN, exposing names, email addresses, and other personal details, but no financial information was compromised. The company detected the breach on August 1 and has since restored its systems, enhanced cybersecurity measures, and begun working with external experts.

7. Young Consulting LLC Hit With Data Breach

Young Consulting, LLC, based in Atlanta, Georgia, has disclosed a significant data breach that could impact the personal information of certain individuals, including clients of Blue Shield of California. The breach, which occurred between April 10 and April 13, 2024, involved unauthorized access to Young Consulting’s network and the downloading of sensitive files. Although there is no evidence of misuse at this time, the compromised information may include names, Social Security numbers, dates of birth, and insurance details.

8. Meli Confirms Attack by Qilin Ransomware

Meli, a Victorian-based not-for-profit community support service, has confirmed a cyber attack following a listing on the Qilin ransomware group’s darknet leak site. The attack, which occurred on August 21, 2024, resulted in the theft of 419,617 files totaling 215 gigabytes, including sensitive documents such as financial statements, passports, and Medicare cards. Although Meli reported no disruption to client services, some internal processes have been affected.

9. Swisscom Operations Disrupted by DDoS Attack

Swisscom, one of Switzerland’s major telecommunications providers, experienced a significant cyber attack on August 23, 2024, which disrupted its payment services, including Twint and e-banking. The DDoS attack began around 11:30 a.m., causing temporary outages for these services. Despite the overload, Swisscom’s other services, such as Internet, TV, and telephone, remained unaffected. By 4 p.m., Swisscom had successfully repelled the attack and restored full functionality to its payment platforms.

10. Mount Carmel Care Center Suffers Breach

Mount Carmel Care Center (Mt. Carmel), located in Massachusetts, has announced a significant data security incident involving unauthorized access to its network between August 17, 2023, and October 15, 2023. The breach, discovered through suspicious activity, led to the copying of files containing sensitive information, including personal details, medical records, and financial data.Following the detection, Mt. Carmel undertook a thorough investigation, enhanced network security, and notified affected individuals.

📢 Cyber News

11. NASA’s New Facility Boosts Cybersecurity

NASA’s Katherine Johnson Independent Verification and Validation (IV&V) Facility is broadening its cybersecurity efforts and educational outreach to bolster mission security. Traditionally focused on software assurance, the IV&V Facility is now integrating cybersecurity assessments into its services to address growing concerns about digital threats. Over the past decade, the facility has been analyzing ground system cybersecurity and has expanded its role to include broader risk management across various NASA missions.

12. Elon Musk Backs California’s AI Safety Bill

Elon Musk has unexpectedly expressed support for California’s SB 1047, a bill mandating that creators of large AI models establish and document safeguards to prevent potential harm. Musk, known for his advocacy for AI regulation, tweeted his backing for the bill, emphasizing the importance of regulating technologies that pose significant risks. His support comes despite his company, xAI, being directly affected by the bill’s requirements.

13. Texas Police Acquire AI Surveillance Tool

The Texas Department of Public Safety has signed a five-year, $5.3 million contract to use an advanced AI-powered surveillance tool developed by Cobwebs Technologies, now part of PenLink. The tool, known as Tangles, allows for comprehensive online investigations and tracking of mobile devices, including an add-on feature called WebLoc that can monitor phone movements without a warrant. This capability has sparked significant privacy concerns, as critics argue it bypasses legal protections against warrantless searches and infringes on privacy rights.

14. South Korea Cracks Down on Deepfake Crimes

South Korea is ramping up its fight against deepfake sex crimes with the introduction of new legislation aimed at curbing the creation and distribution of malicious deepfake content. The new law, passed on August 26, 2024, targets individuals and groups involved in generating and sharing fabricated explicit materials using AI technologies. This legislative move comes in response to the growing prevalence of deepfake videos used for harassment and exploitation, reflecting South Korea’s commitment to enhancing digital privacy and protecting victims from increasingly sophisticated forms of cybercrime.

15. Cisco to Acquire Robust Intelligence

Cisco has announced its intention to acquire Robust Intelligence, a California-based firm specializing in AI application security. The financial terms of the deal were not disclosed, but Cisco’s investment in Robust Intelligence reflects its commitment to enhancing its AI security capabilities. Robust Intelligence has developed a platform that automates the testing of AI models for vulnerabilities and helps protect applications from potential attacks. Major clients such as JPMorgan Chase, IBM, and Expedia currently use its solutions.

Copyright © 2024 CyberMaterial. All Rights Reserved.