π What are the latest cybersecurity alerts, incidents, and news?
Linux, Rootkit, PUMAKIT, Stealth, Gamaredon, BoneSpy, PlainGnome, Spyware, Central Asia, DarkGate, Malware, Vishing, Microsoft Teams, Prometheus, Flaw, Leaks, Remcos RAT, Delivery, Evasion Techniques, Care1, Medical Records, Unsecured Database, DogeReaper, Bug, Dogecoin, Hay House, Payment Information, New Zealand, Compass Communications, RA World, Ransomware Attack, Royal Navy Museum, IT Systems, Disruption, Texas, Attorney General, Privacy Laws, El Salvador, Cybersecurity Laws, Privacy Rights, Vancouver City Council, Bitcoin-Friendly, FBI, Rydox Marketplace, Cryptocurrency Seizure, Sublime Security, Series B, Email Protection
Listen to the full podcast
π¨Β Cyber Alerts
1.Β New Linux Rootkit PUMAKIT Evades Detection
Cybersecurity researchers have uncovered a new Linux rootkit, PUMAKIT, designed to evade detection and manipulate system behavior using advanced stealth techniques. Described as a Loadable Kernel Module (LKM) rootkit, PUMAKIT employs a multi-stage architecture, including a dropper, memory-resident executables, and userland and kernel-level components. It hooks into 18 system calls and key kernel functions such as prepare_creds and commit_creds to escalate privileges and hide its activities. The malware activates only under specific conditions, such as kernel symbol availability or secure boot checks, ensuring a targeted and stealthy deployment.
2.Β Gamaredon Targets Android with New Spyware
Russian state-sponsored hacking group Gamaredon has been linked to the deployment of two new Android spyware tools, BoneSpy and PlainGnome, which target Russian-speaking individuals in former Soviet states such as Uzbekistan, Kazakhstan, Tajikistan, and Kyrgyzstan. These tools mark the first time Gamaredon has used mobile-only malware in its campaigns. Both spyware tools collect a wide range of sensitive information from infected devices, including SMS messages, call logs, photos, location data, contact lists, and audio recordings.
3.Β DarkGate Malware Spreads via Vishing Attack
A recent cybersecurity incident analyzed by Trend Microβs Managed Detection and Response (MDR) team reveals how a vishing attack via Microsoft Teams led to the deployment of DarkGate malware. The attacker impersonated a clientβs employee and convinced the victim to download AnyDesk, a remote access tool, after failing to install a Microsoft Remote Support application. Once installed, the malware enabled the attacker to remotely control the victimβs system, drop malicious files, and establish a connection to a command-and-control server.
4.Β Flaw Exposes Over 300K Prometheus Instances
Cybersecurity researchers have revealed that over 300,000 Prometheus monitoring and alerting instances are exposed to significant security risks, including the leakage of sensitive information such as credentials and API keys. Researchers from Aqua Security discovered that many Prometheus servers and exporters lack proper authentication, enabling attackers to easily access critical data. Additionally, the β/debug/pprofβ endpoints, which provide system performance data, can be exploited to launch denial-of-service (DoS) attacks, potentially crashing servers.
5.Β Remcos RAT Malware Adapts with New Tactics
A sharp increase in cyberattacks involving the Remcos remote access Trojan (RAT) has been observed in Q3 2024. Researchers from McAfee Labs identified two distinct variants of Remcos RAT, both leveraging advanced techniques for evasion and persistence. One variant utilizes an obfuscated PowerShell script triggered by a VBS file, which downloads malware and injects it into legitimate system processes to avoid detection. The second variant spreads through phishing emails containing malicious DOCX attachments that exploit CVE-2017β11882, a known remote code execution vulnerability.
π₯ Cyber Incidents
6.Β Care1 Exposes 5M Medical Records Online
Care1, a Canadian healthtech company specializing in AI-driven optometry solutions, has inadvertently exposed over 4.8 million medical records due to an unsecured, non-password-protected database. The database, which was publicly accessible for an unknown period, contained sensitive patient data, including eye exam reports, personal health numbers (PHNs), and other personal information. A cybersecurity researcher discovered the vulnerability and promptly notified Care1, which took immediate action to restrict access.
7.Β DogeReaper Bug Crashes 69% of Dogecoin Nodes
A critical vulnerability in the Dogecoin network, known as the βDogeReaperβ bug, was exploited by a hacker, causing 69% of Dogecoin nodes to crash. On December 12, Andreas Kohl, co-founder of Sequentia, revealed that he used a vulnerability discovered by Tobias Ruck to bring down the majority of active nodes. The flaw, which was publicly disclosed on December 4, allows anyone to remotely crash Dogecoin nodes by triggering a segmentation fault, essentially causing the node to βdieβ when its address is written.
8.Β Hay House Breach Exposes Payment Information
Hay House LLC discovered a data breach on December 5, 2024, where malicious code was injected into their websiteβs checkout page, potentially compromising sensitive payment card information for 6,011 customers. The breach occurred between August 3, 2024, and August 5, 2024, and exposed customer names, payment card numbers, CVVs, and expiration dates. Although no fraudulent activity has been linked to the breach, affected individuals are urged to monitor their financial accounts closely and take precautionary steps such as placing a fraud alert, reviewing bank statements, and reporting unauthorized transactions to their financial institutions.
9.Β Compass Communications Hit With Ransomware
Compass Communications, a telecommunications company based in Auckland, New Zealand, has confirmed a ransomware attack by the RA World group, which has stolen 250GB of sensitive data. The stolen information includes financial records, customer data, and human resources details. RA World posted a sample of the compromised data, including service agreements and customer banking details, on its darknet leak site. While no ransom amount has been specified, the gang has set a deadline of January 1, 2025, for payment.
10.Β Royal Navy Museum Struck by Ransomware
The National Museum of the Royal Navy in Portsmouth has confirmed it was hit by a ransomware cyberattack on December 9, 2024. While the museum, home to historic artifacts including Nelsonβs flagship HMS Victory, remains open, the attack has caused significant disruptions to its operations. In response, the museum is working closely with its IT providers, law enforcement, the Navy, and the National Cyber Security Centre to assess the damage, understand the origin of the attack, and mitigate its impact.
π’ Cyber News
11.Β Texas AG Probes Firms for Privacy Violations
Texas Attorney General Ken Paxton has initiated investigations into 14 tech companies, including major platforms like Reddit, Instagram, and Discord, for alleged violations of child privacy and safety laws. The companies are being scrutinized for breaches of the Securing Children Online through Parental Empowerment (SCOPE) Act and the Texas Data Privacy and Security Act (TDPSA). These laws mandate that digital service providers obtain parental consent before sharing minorsβ personal data and adhere to strict data privacy practices.
12.Β El Salvadorβs Cyber Laws Threaten Privacy
El Salvadorβs new cybersecurity and data protection laws, passed in November 2024, are drawing significant concern from human rights organizations like Human Rights Watch. The laws establish a state-run cybersecurity agency with broad powers, including the authority to remove online content under the guise of data protection. Experts warn that these powers could be used to censor critical media and limit transparency, particularly with the introduction of a controversial βright to be forgottenβ provision. This provision allows individuals to request the removal of certain online information, raising fears that it could be exploited to suppress information about government officials.
13.Β Vancouver Becomes Bitcoin-Friendly City
The Vancouver City Council has approved a motion to explore integrating Bitcoin into the cityβs financial framework, aiming to position Vancouver as a βBitcoin-friendly city.β The motion, introduced by Mayor Ken Sim, seeks to investigate options such as establishing a Bitcoin reserve and enabling Bitcoin-based payments, citing the need to address inflation and currency devaluation. Sim highlighted the cityβs financial challenges, noting significant devaluation in its fixed-income securities and surging real estate prices.
14.Β FBI Dismantles Rydox Cybercrime Marketplace
The FBI has successfully shut down Rydox, a notorious online marketplace that facilitated cybercrime by selling stolen personal information, access devices, and tools for conducting fraud. Since its inception in 2016, Rydox enabled over 7,600 transactions, generating approximately $230,000 in cryptocurrency revenue. The operation led to the arrest of three administrators, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, with extradition proceedings underway for two suspects and ongoing legal actions in Albania for the third.
15.Β Sublime Security Raises $60M in Series B
Sublime Security, a Washington, D.C.-based startup specializing in email security for Microsoft 365 and Google Workspace, has raised $60 million in Series B funding, bringing its total funding to $93.8 million. The investment, led by IVP, Citi Ventures, Index Ventures, Decibel Partners, and Slow Ventures, underscores the growing interest in email security solutions. Sublimeβs platform uses AI-driven detection combined with a programmable rules engine to safeguard against phishing, malware, and Business Email Compromise (BEC) threats.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
