π What are the latest cybersecurity alerts, incidents, and news?
RansomHouse Gang, ESXi Attacks, MrAgent Tool, New Qakbot Variants, Windows, Fake Adobe Installers, Cloud Smishing Campaigns, AWS SNS Exploitation, TinyTurla-NG Backdoor, Polish NGOs, Ivanti Endpoints, State Gov Network Breached, Email Breach, U.S. Internet Corp, Health New Zealands, Data Breach, PSI Software SE, Canada’s Okanagan School District, Cyber Outage, Google, Global AI Framework for Cybersecurity, FBI, Russian Military’s Router Botnet, US State Dept, Bounty for ALPHV Ransomware Leaders, JabberZeus Cyber Crime Leader, U.S. Cyber Attack, Iranian Surveillance Vessel.
Listen to the full podcast
π¨Β Cyber Alerts
1. Face Scan Trojan Targets Banking
A new trojan dubbed ‘GoldPickaxe’ blends social engineering with advanced capabilities, prompting victims to submit facial scans and ID documents. Believed to be orchestrated by the Chinese group ‘GoldFactory,’ this malware operates across iOS and Android, posing a global threat. Group-IB warns of its ongoing campaign, primarily targeting the Asia-Pacific, highlighting the urgent need for vigilance and robust security measures.
2. DarkGate Gang Spreads Malware via CAPTCHA
Hewlett Packard’s threat insights disclose a troubling trend: the DarkGate gang is exploiting CAPTCHA to spread malware. According to HP Wolf Security, this cybercriminal consortium is using legal advertising tools to track victims and conceal their illicit activities. By ingeniously routing victims through legitimate ad networks and employing CAPTCHA tests, DarkGate evades detection and targets elite cybercriminals, posing a formidable challenge to cybersecurity efforts.
3. KeyTrap Threatens Internet Stability
Researchers unveil KeyTrap, a critical DNS flaw affecting the design of Domain Name System Security Extensions (DNSSEC), potentially disrupting large parts of the internet with a single crafted packet. Despite patches from major vendors like Google and Cloudflare, fully mitigating the threat necessitates a fundamental redesign of DNSSEC’s philosophy, marking a significant challenge in cybersecurity.
4. Ubuntu Faces Rogue Package Risk
Security researchers warn of an exploit in Ubuntu’s ‘command-not-found’ utility, allowing threat actors to recommend rogue packages via snap, potentially compromising system integrity. This loophole, identified by Aqua, poses a serious risk, with as many as 26% of APT package commands vulnerable to impersonation. Users are urged to exercise caution and verify package sources to mitigate the threat.
5.Β Unpatched Ivanti Endpoints at High Risk
A critical flaw in Zoom’s desktop and VDI clients, as well as the Meeting SDK for Windows, poses a significant security risk, potentially allowing unauthenticated attackers to conduct privilege escalation over the network.
π₯ Cyber Incidents
CISA discloses a state government network breach via a former employee’s admin account. Attackers exploited a VPN access point, gaining access to on-premises and Azure environments, highlighting the importance of privileged account security and least privilege principles in cybersecurity measures. This incident underscores the risk of leveraging valid but unsecured accounts, emphasizing the need for robust access control and monitoring protocols to prevent unauthorized access and data breaches.
U.S. Internet Corp.’s Securence unit inadvertently exposed over a decade’s worth of internal and client emails online, accessible to anyone with a web browser. KrebsOnSecurity was alerted by Hold Security, revealing that thousands of domains and individual inboxes, including those of state and local governments, were accessible, highlighting critical security oversights within the company’s infrastructure. Despite the breach being swiftly addressed, questions linger regarding the duration of exposure and the extent of potential repercussions for affected parties.
Health New Zealand Te Whatu Ora is notifying 12,000 individuals affected by an alleged unauthorized data release by a former staff member. Chief Executive Margie Apa states the incident, involving Covid-19 vaccinators’ personal information, prompted legal action and cooperation with authorities and cybersecurity experts to mitigate risks and enhance data security measures.
In response to a cyberattack discovered on February 15, 2024, PSI Software SE swiftly disconnected its IT systems from the internet to prevent data breaches and corruption. The company is currently assessing the extent of the impact and taking measures to restore affected systems while prioritizing data integrity. Collaborating with cybersecurity experts, PSI Software SE is committed to mitigating risks and strengthening its security posture against future threats.
In Okanagan’s School District No. 67 (Canada), a widespread network outage disrupts operations, affecting communication systems like phones and email. Despite the outage, schools continue to function, with support from local authorities, the Ministry of Education, and cybersecurity specialists. The district, encompassing Penticton, Summerland, Kaleden, and Naramata, faces uncertainties as efforts are underway to resolve the situation.
π’ Cyber News
Β Google advocates for an international framework to harness artificial intelligence in combating cyber threats, aiming to overturn the advantage long held by attackers. Through its AI Cyber Defense Initiative, the tech giant proposes leveraging AI’s capacity to analyze vast datasets and transition from assistive to autonomous defense mechanisms. Google emphasizes the importance of secure AI design principles and scientific research to enable the development of AI agents for cybersecurity.
The FBI dismantles a GRU-operated botnet comprising Ubiquiti Edge OS routers, repurposed into a cyber espionage tool targeting the U.S. and its allies. Leveraging Moobot malware, the Russian hackers exploited routers with default credentials, posing a significant threat to governments and corporate entities globally. As part of “Operation Dying Ember,” the FBI remotely neutralized the botnet’s capabilities, temporarily blocking GRU access while preserving standard router functionality.
Β The FBI dismantles a GRU-operated botnet comprising Ubiquiti Edge OS routers, repurposed into a cyber espionage tool targeting the U.S. and its allies. Leveraging Moobot malware, the Russian hackers exploited routers with default credentials, posing a significant threat to governments and corporate entities globally. As part of “Operation Dying Ember,” the FBI remotely neutralized the botnet’s capabilities, temporarily blocking GRU access while preserving standard router functionality.
Β Ukrainian national Vyacheslav Igorevich Penchukov, known as ‘tank’ and ‘father,’ admitted to charges involving his leadership in the Zeus and IcedID malware groups. Arrested in Switzerland in 2022, he was extradited to the US in 2023. Penchukov’s guilty plea follows years of evading justice, with allegations linking him to Maze and Egregor ransomware operations, showcasing his significant role in cybercrime.
The United States recently executed a cyberattack against an Iranian military vessel gathering intelligence in the Red Sea and the Gulf of Aden, retaliating for an Iranian-backed drone strike in Iraq. The operation aimed to disrupt the ship’s ability to share intelligence with Houthi rebels in Yemen, who target cargo ships. While Iran claims the ship combats piracy, U.S. officials suspect it aids Houthi forces, escalating tensions in the region.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
