π What’s trending in cybersecurity today?
XLoader Android Malware, HijackLoader, Fortinet, FortiOS SSL VPN, Ivanti, Gateway Vulnerability, LastPass, Phishing, CU Solutions Group Breach, Hyundai Europe, Black Basta Ransomware, California State Worker Union, LockBit Ransomware, Advania, Class Charts App, U.S. State Department, Hive Ransomware, Internet Shutdown, Pakistan’s General Election, Liability Regimes Shift for Software Security, Cohesity, Veritas Data Protection Business, NinjaOne.
Listen to the full podcast
π¨Β Cyber Alerts
1. XLoader’s Auto-Execution Evolution
A new strain of XLoader Android malware operates silently, launching automatically upon infection without user intervention. It spreads via SMS texts with shortened URLs, distributing malicious APKs for installation, posing a significant threat by stealthily siphoning sensitive user data. McAfee highlights the urgency of addressing this evolving threat, recommending robust security measures to detect and remove such malware effectively.
2. HijackLoader Upgrades Defense Evasion
The creators of HijackLoader have enhanced defense evasion tactics, amplifying its use as a conduit for advanced threat delivery. This loader malware, employed by cybercrime groups like TA544, employs sophisticated techniques like process hollowing and transacted hollowing to enhance its stealth capabilities, posing significant challenges for traditional security solutions.
3. Fortinet FortiOS SSL VPN Vulnerability
Fortinet reveals a critical flaw in FortiOS SSL VPN, potentially exploited in the wild, allowing execution of arbitrary code. Versions impacted are listed for users to upgrade, highlighting the urgency of patching to mitigate the risk posed by this vulnerability. The disclosure coincides with Fortinet’s issuance of patches for other vulnerabilities and follows recent incidents of state-sponsored cyber intrusions leveraging similar exploits, underlining the escalating threat landscape faced by organizations worldwide.
4. Ivanti Warns of Authentication Bypass
Ivanti warns of a high-severity flaw (CVE-2024-22024) in Connect Secure, Policy Secure, and ZTA gateways, enabling attackers to bypass authentication. Rated 8.3 on CVSS, the vulnerability affects multiple versions, prompting the urgent application of available patches to mitigate potential exploitation risks. While no active exploits have been detected, users are urged to act swiftly in applying the latest fixes due to previous instances of broad abuse.
LastPass warns users about a fake app named ‘LassPass’ circulating on the Apple App Store, posing as a phishing tool. Designed to mimic the genuine LastPass app, ‘LassPass’ aims to steal users’ sensitive credentials, highlighting the critical importance of vigilance and verifying app authenticity before downloading. Despite Apple’s stringent review process, the fake app remained available, underscoring the ongoing challenges in combating fraudulent clones and ensuring user security.
π₯ Cyber Incidents
The Service Employees International Union (SEIU) Local 1000, representing nearly 100,000 state employees, confirmed a ransomware attack following LockBit’s claims of stealing sensitive data. Despite disruptions, the union remains resilient, addressing the incident with transparency and engaging law enforcement for assistance. Amid ongoing cyber threats in California, institutions like SEIU 1000 persist in defending workers’ rights while fortifying network security against evolving attacks.
Β Hyundai Motor Europe faces a severe double extortion ransomware attack by the Black Basta gang, resulting in the theft of three terabytes of corporate data. The attack, initiated in early January, prompts extensive investigations and collaboration with cybersecurity experts and legal authorities to mitigate its impact. With a history of double extortion tactics, Black Basta’s involvement raises concerns about the exposure of sensitive information across various departments within Hyundai Motor Europe.
A 13 GB misconfigured cloud database, resembling a CRM system linked to CU Solutions Group, exposed over 3 million records without any security protection. Jeremiah Fowler’s disclosure led to the server’s quick securing, but concerns linger about potential prior access by malicious actors, raising fears of cyber threats like ransomware and identity theft.
Advania, a Nordic IT provider, faces a cybersecurity incident affecting 60 customers, notably impacting healthcare centers in Sweden. Despite isolating affected environments and swift action, healthcare operations are disrupted, leaving centers struggling with limited IT access and patient care challenges. While Advania’s security systems detected the breach in time, efforts are underway to restore normal operations, with a police report filed to address the incident’s implications.
An apparent hack of the Class Charts app at Northfield School and Sports College in Billingham, UK, resulted in explicit comments being sent to parents, adding to concerns over the app’s security. While the incident was swiftly dealt with by the school, questions remain about data security and the vetting of third-party platforms used by educational institutions. The breach underscores the importance of robust data security measures, especially in platforms used by schools to manage student information. Parents and experts are calling for greater transparency and accountability from both schools and app developers to ensure the privacy and security of student data.
π’ Cyber News
The U.S. State Department is offering rewards of up to $10 million for information leading to the capture of Hive ransomware gang members, who have extorted over $100 million from global companies. This initiative aims to dismantle the Hive ransomware variant transnational organized crime group, which has targeted numerous organizations worldwide. Through international law enforcement efforts and financial incentives, authorities are intensifying their crackdown on cybercriminal operations like Hive, striving to safeguard businesses and critical infrastructure from ransomware attacks.
Authorities in Pakistan enacted a nationwide internet blackout during the general election as voters went to cast their ballots. With no exit polling permitted, early results aren’t expected until late Thursday, leaving the election outcome uncertain. The move drew criticism from opposition groups and international observers, who argue that access to information is crucial for ensuring a fair and transparent electoral process.
Β The federal government, under the Biden administration, is intensifying efforts to explore liability regimes for software developers, aiming to promote safer coding practices. National Cyber Director Harry Coker disclosed plans to engage with industry and legal experts to establish higher standards of care and prevent disclaimers of liability in the software sector. This initiative, part of the administration’s cybersecurity strategy, seeks to address vulnerabilities like memory safety bugs, with a focus on securing web management interfaces and enhancing cybersecurity measures industry-wide.
Β Data security firm Cohesity announced its acquisition of Veritas’ data protection business in a deal valued at $7 billion, positioning CEO Sanjay Poonen to lead the combined entity. The merger, subject to regulatory approval, aims to create a comprehensive data protection solution catering to modern workloads and cloud environments. With combined annual recurring revenue projected at $1.3 billion, the move signals Cohesity’s intent to strengthen its foothold in the competitive data protection market.
NinjaOne, based in Austin, TX, secures substantial backing led by ICONIQ Growth, with support from industry leaders Frank Slootman and Amit Agarwal. This latest funding round, totaling $231.5M, values the IT platform provider at $1.9 Billion, marking a significant milestone in its journey.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.