π What’s the latest in the cyber world today?
Google, August, Security Update, Zero-Day, Apache, OFBiz, Code Execution, SharpRhino RAT, Backdoor, North Korea, South Korea, Construction, Supply Chain Attack, Russia, Car Ad, Malware, France, Museum, Ransomware, Calibrated Healthcare, Bengaluru, Sobha Limited, Texas, 911, System Disruption,Robocall Flooding, Microsoft, Azure, Outage, Japan, Critical Infrastructure,Β Reporting, Search Monopoly, Interpol, $42M, Recovery, Cohesity, Veritas, AI, Turkey, VPN, Ban
Listen to the full podcast
π¨Β Cyber Alerts
Google has patched CVE-2024-36971, a high-severity zero-day kernel vulnerability in Android, which has been exploited in targeted attacks. The vulnerability, discovered by Googleβs ClΓ©ment Lecigne, allows for remote code execution with system execution privileges due to a use-after-free condition. The August 2024 security update addresses this zero-day alongside over 40 other vulnerabilities, including critical issues in the framework, system, Qualcomm, Arm, Imagination Technologies, and MediaTek components.
A critical zero-day vulnerability in Apache OFBiz, tracked as CVE-2024-38856, has been discovered, allowing unauthenticated attackers to execute arbitrary code remotely. The flaw, with a CVSS score of 9.8, affects all versions of Apache OFBiz up to and including 18.12.14. It was identified by SonicWallβs Capture Labs threat research team, stemming from a flaw in the override view functionality that exposes critical endpoints to specially crafted requests.
Hunters International, a ransomware group, has introduced a new C# remote access trojan (RAT) named SharpRhino, targeting IT professionals to breach corporate networks. Discovered by Quorum Cyber, SharpRhino is distributed via a typosquatting site that impersonates the legitimate Angry IP Scanner website. The malware, disguised as a digitally signed installer, facilitates initial infection, privilege escalation, and ransomware deployment by executing PowerShell commands and modifying the Windows registry.
North Korean hackers have intensified their cyber operations, targeting South Koreaβs construction and machinery sectors through sophisticated watering hole and supply chain attacks. Exploiting VPN software updates, these attackers have embedded malware to infiltrate networks and steal sensitive intellectual property and trade secrets. The primary actors, Kimsuky and Andariel, are linked to North Korea’s Reconnaissance General Bureau and are believed to be supporting Pyongyangβs industrial expansion initiatives.
A recent cyber attack has seen Russian APT group Fighting Ursa using a deceptive “car for sale” advertisement to distribute HeadLace backdoor malware, targeting Windows systems since March 2024. The attackers exploited Webhook.site, a legitimate URL service, to deliver a multi-stage infection chain. Victims clicking on the ad were directed to a malicious HTML page that offered a ZIP file disguised as an image. The ZIP file contained a disguised executable that, when run, deployed the HeadLace backdoor via a DLL.
π₯ Cyber Incidents
On August 5, Le Parisien reported a ransomware attack that targeted IT systems used by approximately 40 French museums, including the Grand Palais. Detected on the night of August 3-4, the attack was discovered by the Grand Palaisβ IT director who found unusual activity linked to the ransomware. The malware encrypted parts of the museums’ systems and demanded a cryptocurrency ransom, threatening to leak data if the ransom was not paid within 48 hours.
Calibrated Healthcare, LLC, based in California, recently reported a data breach that has exposed sensitive patient information, including names, Social Security numbers, medical diagnoses, and health insurance details. Discovered on February 26, 2024, the breach involved unauthorized access to the companyβs network between February 25 and February 26, 2024. Calibrated has since notified affected individuals and is offering 12 to 24 months of free credit monitoring and identity protection services.
On August 4, 2024, Bengaluru-based real estate firm Sobha Limited experienced a ransomware attack that targeted its IT infrastructure. Despite the incident, the company reported no significant impact on its operations. In a regulatory filing, Sobha Limited stated that its management team responded swiftly, implementing measures to mitigate the attack’s effects and ensuring that all systems were promptly restored.
On August 4, 2024, the Central Texas 911 call system experienced significant disruptions due to a cyberattack involving a denial-of-service (DoS) attack. The Capital Area Council of Governments (CAPCOG) confirmed that the attack, which began around 1 p.m., flooded call centers in Austin, Cedar Park, Hays County, and Lakeway with robocalls, causing intermittent outages. CAPCOG worked with AT&T to identify and disconnect the malicious calls, restoring normal operations by 8 p.m.
On August 5, 2024, Microsoft Azure experienced a significant outage that disrupted services across North and Latin America. The issue, which began around 18:22 UTC, primarily affected Azure Front Door (AFD) and its cloud Content Delivery Network (CDN). Microsoft attributed the outage to a “configuration change,” and while the company rolled back the change and began restoring services by 19:25 UTC, customers reported widespread issues, including errors connecting to Azure services and problems with the Azure DevOps status page
π’ Cyber News
On August 5, 2024, a US Federal District judge found Google guilty of violating antitrust laws, declaring the tech giant a monopolist in the search engine market. Judge Amit Mehtaβs ruling reveals that Google maintained its dominant position by spending billions on exclusive agreements to stifle competition, securing its search engine as the default on a vast majority of devices and browsers.
Japan is considering a new measure to mandate cybersecurity incident reporting for private-sector operators of critical infrastructure. This proposed initiative aims to address businesses’ reluctance to report cyberattacks due to concerns about negative impacts on stock prices. By making reporting mandatory, the Japanese government seeks to enhance transparency and information-sharing, which would help in containing and mitigating cyber threats.
A Singaporean commodity firm narrowly avoided a major financial loss after police, using Interpolβs Global Rapid Intervention of Payments (I-GRIP) mechanism, recovered nearly all of the $42.3 million lost in a business email compromise (BEC) scam. The firm transferred the funds to a new bank account in Timor Leste on July 15, after receiving a fraudulent email appearing to come from a legitimate supplier. It was only when the real supplier reported non-receipt of payment that the scam was discovered.
Cohesity’s acquisition of Veritas’ data protection business is poised to transform data management by integrating advanced AI capabilities with robust security measures. Sanjay Poonen, Cohesity’s CEO, emphasized that this move will expand their reach to 90% of Fortune 100 companies and provide a seamless transition for Veritas customers. The partnership with Nvidia aims to enhance data analysis and protection, helping clients stay ahead of cyber threats.
Turkey has intensified its crackdown on digital freedom by blocking major VPN providers, including Nord and Surfshark, amid an ongoing ban on Instagram. The Instagram ban, which began on August 2, 2024, followed the killing of Palestinian militant leader Ismail Haniyeh and alleged censorship of condolence posts by the platform. Turkish officials, including President Recep Tayyip Erdogan, have condemned Instagramβs actions as “digital fascism.”
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
