π What’s going on in the cyber world today?
Microsoft Entra ID, Privilege Escalation, Google Drawings, WhatsApp Links, Phishing Scam, Browser Security Controls, Jenkins Vulnerabilities, Remote Code Execution, WhatsUp Gold, Nexera Crypto Hack, Noritsu America Corporation Data Breach, Ronin Bridge, Ransomware Attack, Sumter County Sheriffβs Office, Adstra LLC Data Breach, Iranian Hacker Group CyberAv3ngers, US Department of Justice, Amazon Investment, AI Startup Anthropic, Abu Dhabi Airport Facial Recognition, Irish Data Protection Commission, GDPR Violations, Data Harvesting, Anduril, Defense Firms
Listen to the full podcast
π¨Β Cyber Alerts
A critical vulnerability in Microsoft Entra ID has been exposed, allowing privileged users to escalate their access to global administrator status, potentially taking full control of an organization’s cloud environment. The flaw, revealed by Senior Cloud Security Architect Eric Woodruff at the Black Hat conference, involves a design issue where users with admin-level roles can assign credentials to service principals, exploiting OAuth 2.0 mechanisms to gain unauthorized access.
A new phishing scam has been discovered, utilizing Google Drawings and shortened links from WhatsApp to deceive users into revealing sensitive information. The attack starts with a phishing email that directs victims to a Google Drawings-hosted graphic, designed to look like an Amazon account verification link. The fraudulent page collects login credentials, personal data, and credit card details before redirecting users to the genuine Amazon site.
Researchers at Oligo Security have revealed an 18-year-old vulnerability, known as β0.0.0.0 Day,β that allows attackers to bypass security mechanisms in all major web browsers, including Chromium, Firefox, and Safari. This critical flaw enables malicious websites to interact with and exploit services running on an organizationβs local network, potentially leading to unauthorized access and remote code execution.
Security researchers have uncovered two critical vulnerabilities in Jenkins, a widely-used open-source automation server. The first, identified as CVE-2024-43044, allows attackers to read arbitrary files from the Jenkins controller file system due to inadequate path restrictions in the Remoting library. This flaw can potentially lead to remote code execution (RCE), posing severe risks to affected systems.
A critical security vulnerability in Progress Softwareβs WhatsUp Gold is currently under active exploitation, making immediate patching essential for users. Identified as CVE-2024-4885 with a CVSS score of 9.8, the flaw allows unauthenticated remote code execution on versions released before 2023.1.3. The vulnerability resides in the GetFileWithoutZip method, which inadequately validates user-supplied paths, enabling attackers to execute commands with elevated privileges.
π₯ Cyber Incidents
Nexera, a blockchain platform previously known as AllianceBlock, has experienced a significant security breach, initially reported as a $1.5 million hack. However, the company later clarified that the actual loss was $440,000 worth of NXRA tokens. The breach, detected on August 7, 2024, involved an attacker gaining control of Nexeraβs proxy contract and withdrawing 47 million NXRA tokens, which were then converted to Ethereum (ETH) and transferred to Binance Smart Chain (BNB Chain).
Noritsu America Corporation has notified individuals about a data security incident that may have compromised their personal information. On April 29, 2024, Noritsu detected unusual network activity, prompting an immediate response and engagement with a cybersecurity firm. The investigation revealed that certain data, including names and Social Security numbers of Noritsu employees, may have been accessed without authorization.
The Ronin Network, known for its blockchain-based gambling platform, experienced a significant security breach when white-hat hackers exploited a vulnerability in the Ronin bridge. The attackers withdrew $12 million worth of assets, including 4,000 ETH and 2 million USDC, exploiting a flaw introduced in a recent bridge update. The Ronin Network responded by pausing the bridge for 40 minutes and is now working on a thorough fix. The white-hat hackers have since returned the stolen funds and will receive a $500,000 bounty for their role in exposing the security flaw.
The Sumter County Sheriffβs Office, in Florida, has reported a ransomware attack that occurred on August 6, 2024. The office acted swiftly to sever access from the attackers, ensuring that the incident did not disrupt law enforcement services. However, access to certain records may be temporarily restricted as the office collaborates with the Florida Department of Law Enforcement and IT professionals to investigate the breach.
In June 2023, Adstra LLC headquartered in Princeton, Maine, detected unauthorized access to its human resources files, which included sensitive data such as names and Social Security numbers. The company immediately initiated an investigation with third-party forensic experts to assess the breach’s impact. By June 14, 2024, Adstra confirmed that the exposed data pertained to a Maine resident. In response, Adstra has notified the affected individual, informed federal law enforcement, and is enhancing security measures.
π’ Cyber News
The US government has announced a significant $10 million bounty for information leading to the identification or location of members of the Iranian hacking group CyberAv3ngers. Affiliated with Iranβs Islamic Revolutionary Guard Corps (IRGC), this group has been involved in cyberattacks targeting critical infrastructure, including water, energy, and healthcare sectors.
The U.K.’s Competition and Markets Authority (CMA) has initiated a formal antitrust investigation into Amazonβs recent $4 billion investment in the AI startup Anthropic. This probe follows a similar scrutiny of Googleβs investment in the same company. Founded in 2021, Anthropic develops large language models and has attracted significant funding, including a total of $10 billion to date.
Abu Dhabiβs Zayed International Airport is set to become the first major global airport to implement comprehensive facial recognition technology across all security checkpoints, duty-free shops, lounges, and boarding gates by 2025. The Smart Travel project aims to replace traditional travel document checks with automatic biometric identification, significantly speeding up the passenger experience.
The Irish Data Protection Commission (DPC) has initiated legal action against X, formerly known as Twitter, accusing the social media platform of unlawfully harvesting user data for its Grok AI bot. The lawsuit, filed with the High Court of Ireland, alleges that X violated GDPR regulations by using personal data to train Grok without proper consent. The DPC claims that despite user options to opt out, X failed to ensure comprehensive compliance with data protection standards.
Defense technology startup Anduril Industries has secured $1.5 billion in funding, elevating its valuation to $14 billion. The substantial investment highlights Anduril’s ambitions to rival major defense contractors like Lockheed Martin and Boeing. Founded by Palmer Luckey, Anduril aims to disrupt the defense industry with its innovative approach and rapid production capabilities. The new funding will support the development of its “Arsenal” manufacturing platform, designed to produce autonomous military systems at unprecedented scales.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
