👉 What are the latest cybersecurity alerts, incidents, and news?

Gamaredon, Cloudflare Tunnels, DNS Fast-Fluxing, Malware, Mitel MiCollab, Andromeda, C2 Cluster, Asia, Pacific, Manufacturing, Logistics, Rockwell Automation, Remote Code Execution, Django, DoS, SQL Injection, Romania, Election Systems, Cyberattacks, Michigan White Lake Township, Civic Center, Marietta City Schools, RansomHub, Ransomware, Manitoba, Fine Collection Service, Anna Jaques Hospital, Breach, Personal Information, Canada, Cybersecurity Bill C-26, Australia, National Cybersecurity Policy, Europol, Manson Market, Fraud Crackdown, Japan, AI, Manga, Anime, Piracy, Elon Musk, xAI, $6 Billion, Funding

Listen to the full podcast

🚨 Cyber Alerts

1. Cloudflare Tunnels Misused to Spread Malware

The Gamaredon group, also known as BlueAlpha, has intensified its cyber operations by leveraging Cloudflare Tunnels and DNS fast-fluxing to deploy GammaDrop malware in an ongoing spear-phishing campaign targeting Ukraine and NATO-aligned countries. These attacks, active since early 2024, use phishing emails with HTML attachments employing HTML smuggling to initiate infection. GammaDrop, a Visual Basic Script malware, is delivered via malicious LNK files and further installs GammaLoad to maintain contact with command-and-control (C2) servers.

2. Mitel MiCollab Flaw Enables Admin Access

A critical vulnerability in Mitel MiCollab, identified as CVE-2024–41713 (CVSS score: 9.8), has been disclosed, allowing attackers to perform path traversal attacks to access sensitive files and unauthorized administrative functions. Discovered by WatchTowr Labs, this flaw exploits insufficient input validation in the NuPoint Unified Messaging (NPM) component of MiCollab, a platform integrating communication tools like chat, voice, video, and SMS. Attackers can chain this vulnerability with an unpatched arbitrary file read flaw to extract sensitive system information.

3. New Andromeda Cluster Targets Asia Pacific

A new cluster of Command and Control (C2) servers associated with the Andromeda/Gamarue malware family has been discovered, primarily targeting manufacturing and logistics companies in the Asia-Pacific (APAC) region. The malware, which has been active since at least 2011, is known for its modular backdoor capabilities and is typically spread through infected USB drives and malicious email attachments. The threat actor behind this campaign is suspected of engaging in industrial espionage, using the backdoor to steal sensitive information and maintain remote access.

4. Rockwell Automation Arena Flaws Allows RCE

Rockwell Automation has disclosed critical vulnerabilities in its Arena software, versions 16.20.03 and prior, that could allow attackers to execute remote code. The vulnerabilities, including use-after-free, out-of-bounds write, uninitialized variable, and out-of-bounds read, have been assigned high CVSS scores of 7.8 and 8.5. These flaws can be exploited by crafting malicious DOE files to manipulate memory allocation in Arena software. Although exploitation requires a legitimate user to execute the malicious code, the impact could be severe, including unauthorized access to sensitive information and potential disruption of industrial operations.

5. Django Patches DoS & SQL Injection Flaws

Django has released critical security updates for versions 5.1.4, 5.0.10, and 4.2.17 to address two significant vulnerabilities: a potential Denial-of-Service (DoS) attack in the strip_tags() method and a high-severity SQL injection risk in Oracle databases. The DoS vulnerability in django.utils.html.strip_tags() can degrade performance when handling inputs with nested, incomplete HTML entities. The SQL injection vulnerability, found in the HasKey lookup in the django.db.models.fields.json module, affects Oracle databases and can be exploited if untrusted data is passed.

💥 Cyber Incidents

6. Romanian Election Systems Hit by 85K Attacks

Romania’s election infrastructure faced over 85,000 cyberattacks, according to a declassified report from the Romanian Intelligence Service (SRI). The attacks, which originated from 33 countries, targeted systems such as the Permanent Electoral Authority’s (AEP) servers, including voter registration websites. In addition, attackers obtained and leaked election-related account credentials on a Russian cybercrime forum. The cybercriminals exploited vulnerabilities like SQL injection and cross-site scripting (XSS) to access and compromise election data.

7. Cyberattack Delays $50M Civic Center Project

White Lake Township, Michigan, has been impacted by a cybersecurity attack that has stalled parts of the $50 million Civic Center project. The attack, which compromised financial transactions, was described as a sophisticated breach by local officials. While federal investigators are currently looking into the incident, the township’s Police Chief reported that the attack likely involved a business email compromise. This type of cybercrime typically redirects funds to fraudulent accounts, making recovery difficult.

8. Marietta City Schools Hit With Ransomware

Marietta City Schools in Georgia fell victim to a ransomware attack on December 4, 2024, leading to a network outage. The notorious ransomware group, RansomHub, claimed responsibility for the breach, stating it stole 500 GB of data from the district. In exchange for not releasing or selling the stolen data, RansomHub demanded an undisclosed ransom amount, giving the district one week to comply. While the school district has yet to verify the claim, this incident highlights the growing risk of ransomware attacks on educational institutions.

9. Court Fine Collection Agency Suffers Breach

A recent cyberattack has targeted a third-party service provider responsible for collecting overdue court fines in Manitoba, though the province has stated there is no evidence that personal information was compromised. The attack, described as a “cyber incident,” has been reported to law enforcement agencies, the Canadian Centre for Cyber Security, and the Manitoba Ombudsman. The service provider is working with the province and cybersecurity experts to assess the situation and mitigate any further risks.

10. Anna Jaques Hospital Hit With Data Breach

Anna Jaques Hospital, located in Newburyport, Massachusetts, experienced a data security incident that affected certain systems within its network environment in late December 2023. The hospital took immediate action to secure its network and began a thorough investigation, engaging third-party cybersecurity experts to assess the scope of the breach. While the investigation revealed that unauthorized access occurred, the impacted information varies by individual and may include demographic details, medical records, health insurance information, Social Security numbers, and financial data.

📢 Cyber News

11. Senators Amend Cybersecurity Bill C-26 Error

On December 5, 2024, Canada’s Bill C-26, which aims to strengthen cybersecurity and protect critical infrastructure, faced a significant setback after a drafting error was discovered in the Senate. The bill, introduced in 2022, includes provisions to enhance cybersecurity measures for federally regulated industries and ban Canadian telecom companies from using products from high-risk suppliers like Huawei and ZTE. A Senate amendment corrected the error, which could have rendered the cybersecurity section of the bill null and void, and the legislation must now be sent back to the House of Commons for further approval.

12. Australia Seeks Public Input on Cyber Policy

The Australian Department of Home Affairs is inviting the public to contribute to shaping the nation’s cybersecurity policy, specifically focusing on the adoption of a zero-trust approach. Through a newly released consultation package, the government aims to gather feedback from various stakeholders, including cybersecurity experts, organizations, and Commonwealth providers. This initiative, part of the 2023–2030 Cyber Security Strategy, emphasizes the importance of collaboration to address evolving cyber threats.

13. Europol Shuts Down Manson Marketplace

Europol, in collaboration with German authorities, has successfully shut down the Manson Market, a prominent clearnet marketplace used for large-scale online fraud. The operation resulted in the seizure of over 50 servers and the arrest of two suspects. Manson Market, which launched in 2022, facilitated the sale of stolen data, including sensitive information obtained through phishing and vishing scams. More than 200 terabytes of digital evidence, along with over 80 devices, cell phones, computers, and €63,000 in cash and crypto assets, were confiscated.

14. Japan Combats Manga and Anime Piracy with AI

Japan’s Cultural Affairs Agency is taking action against the growing issue of manga and anime piracy by leveraging artificial intelligence (AI). With approximately 1,000 illegal websites offering free access to popular manga and anime content, the industry loses billions of dollars each year due to unauthorized distribution. To combat this, the agency is developing a program using AI to detect and track pirated material across the internet. The AI system will analyze text and images on websites to identify stolen content, helping to reduce the strain on human moderators.

15. Elon Musk Raises $6B to Boost AI Ambitions

Elon Musk’s AI company, xAI, has successfully raised $6 billion in new funding, bringing its total funding to $12 billion. Investors in the latest round include Valor Equity Partners, Sequoia Capital, Andreessen Horowitz, and Qatar Investment Authority. The capital will support xAI’s ambitious growth as it competes with rivals like OpenAI and Anthropic in the generative AI market. xAI has made significant strides with its Grok AI model, which powers features on X (formerly Twitter) and offers a unique, sometimes provocative response style.

Copyright © 2024 CyberMaterial. All Rights Reserved.