π What’s happening in cybersecurity today?
SpyNote Android Spyware, Accessibility APIs, Crypto Theft, Charming Kitten, New Backdoor Threat BASICSTAR, SolarWinds, Critical Vulnerabilities, Access Rights Manager, Protect AI, Open Source Supply Chain Vulnerabilities, Europe, Anatsa Trojan Evading Google Play, Welch, EL AL Flights, Cyber Hijack Attempts, Spain’s Comisiones Obreras, Data Breach, EU Civil Rights Groups, Meta’s Pay-for-Privacy Plan, FTC, Impersonation Scams, Google, AI-Powered Tool for File Detection, Alpha Ransomware, Netwalker, North Korea, Lazarus, YoMix, Bitcoin Laundering.
Listen to the full podcast
π¨Β Cyber Alerts
1. Meta Warns of 8 Spyware Threats
Β Meta Platforms alerts on the activity of eight spyware firms operating across Italy, Spain, and the U.A.E., targeting iOS, Android, and Windows devices. These firms deploy various malware with capabilities ranging from data collection to device control, posing a serious threat to user privacy and security. Meta’s proactive measures include removing over 2,000 fake accounts and introducing new security features to mitigate the risk of exploitation and protect user data.
2. North Korea’s Cyber Espionage Threat
Germany’s BfV and South Korea’s NIS warn of a cyber-espionage operation by North Korea targeting the global defense sector. The attacks focus on stealing military technology to enhance North Korea’s military capabilities. Today’s advisory highlights specific tactics used by North Korean actors, including supply-chain attacks and social engineering techniques, emphasizing the need for heightened cybersecurity measures in defense organizations.
3. WordPress Bricks Builder Vulnerability
Hackers are actively exploiting a critical remote code execution (RCE) flaw in the Bricks Builder Theme, a popular WordPress site builder with over 25,000 active installations. Detected on February 14, the vulnerability (CVE-2024-25600) allows attackers to execute malicious PHP code, posing a significant threat to vulnerable websites. Immediate action is imperative to patch this security loophole and safeguard against potential breaches.
4. Microsoft Exchange Flaw Actively Exploited
Hackers are actively exploiting a critical flaw (CVE-2024-21410) in Microsoft Exchange servers, with up to 97,000 potentially vulnerable systems identified. The flaw, addressed by Microsoft on February 13, poses a severe risk of privilege escalation and NTLM relay attacks, affecting essential communication services widely used in business environments. System administrators are urged to apply the latest updates immediately to mitigate the threat and prevent unauthorized access to sensitive data.
5. ConnectWise Resolves ScreenConnect Issues
ConnectWise has addressed two vulnerabilities in ScreenConnect, mitigating potential remote code execution threats and safeguarding confidential data. While there’s no evidence of exploitation, immediate action is urged by on-premise partners to mitigate identified security risks. ScreenConnect, popular among managed service providers and businesses, offers remote desktop solutions but has been targeted by cybercriminals, prompting proactive security measures and updates.
π₯ Cyber Incidents
FixedFloat, a decentralized crypto exchange, experienced a significant breach resulting in the loss of at least $26 million worth of Bitcoin and Ether, as confirmed by on-chain data. Following reports on social media, the exchange team acknowledged the attack, initially attributing it to minor technical issues and transitioning to maintenance mode. Amidst frozen transactions and missing funds reported by users, the exchange is under investigation, aiming to address vulnerabilities and improve security before resuming services.
Β The University of Cambridge experienced a distributed denial-of-service (DDoS) attack on Monday, disrupting internet access and vital services such as the education platform Moodle and student information system CamSIS. While the attacker’s motive remains unclear, the University’s IT services, alongside Joint Information Systems Committee (Jisc), are actively working to restore normalcy, with the disruption appearing to subside as of Tuesday morning. The hacking group Anonymous Sudan has claimed responsibility for the attacks, citing the UK’s support for Israel as motivation, although security analysts suspect its origins to be Russian.
The IT infrastructure of the Regional Church of Hanover, Germany, has been under cyber attack since Sunday, prompting the shutdown of computer systems in central institutions as a precaution against malware. While the responsible party remains unidentified and no demands have been issued, investigations by the State Office of Criminal Investigation are underway. Affected entities include the State Church Office, the House of Church Services, and the Bishop’s Chancellery, with disruptions to communication channels such as phone and email reported.
Over the weekend, Russian hackers launched attacks on several prominent Ukrainian media outlets, spreading fabricated news about the war. Targets included Ukrainska Pravda, Liga.net, Apostrophe, and Telegraf, all manipulated to disseminate false information regarding the alleged destruction of Ukrainian special forces by Russia in Avdiivka. The attacks underscore ongoing cyber warfare tactics aimed at destabilizing Ukraine and sowing misinformation through its media channels.
UAE’s Etisalat, the 18th largest mobile network operator globally and a state-owned telecom giant, falls prey to Lockbit ransomware, demanding $100,000 for stolen data security. Lockbit executed their attack on February 16, 2024, uploading sensitive files belonging to Etisalat on their website. Despite the looming deadline set by the ransomware group for April 16, 2024, Etisalat has yet to confirm or respond to the cyberattack threat, leaving millions of subscribers in uncertainty.
π’ Cyber News
Β Law enforcement agencies worldwide have taken down several operations of LockBit, a notorious ransomware gang, as part of “Operation Cronos.” Dark web domains owned by LockBit now display messages indicating control by authorities, disrupting key operations including access to LockBit’s affiliate panel. This takedown comes after LockBit’s rapid rise in prominence as one of the leading ransomware-as-a-service groups, posing significant disruptions to cybercriminal operations.
The National Institute of Standards and Technology (NIST) has released guidance that offers actionable measures for enhancing software supply chain security, according to experts. NIST’s final guidelines, known as SP 800-204D, advise software providers to integrate security into every stage of the development life cycle. These measures include establishing security requirements for open-source software integration and expanding oversight of provenance data.
Β Vietnam is set to implement biometric data collection for citizen identification purposes starting July, with iris scans, voice samples, and DNA being recorded as per amendments to the Law on Citizen Identification. This initiative will affect individuals aged 14 and above, with those between 6 and 14 having the option to participate, as reported by the government. The integration of biometric data into national identification cards marks a significant shift in identification protocols, posing challenges and opportunities in managing such vast amounts of sensitive information.
Β A recent report reveals alarming statistics regarding security debt, with nearly half of organizations harboring persistent, high-severity flaws. Despite improvements, the prevalence of flaws in both first-party and third-party code underscores the urgent need for comprehensive testing throughout the software development lifecycle. While AI offers efficiency, it does not guarantee security, emphasizing the importance of prioritizing flaw remediation and adopting robust development practices to mitigate risk.
Ukrainian national Mark Sokolovsky, accused of running the Raccoon Infostealer malware-as-a-service, faces US trial after extradition from the Netherlands. Arrested in March 2022, Sokolovsky was indicted for distributing the malware globally, stealing sensitive information, and leasing access to it for $200 monthly in cryptocurrency. The FBI continues its investigation into the extensive data breach, urging potential victims to check a dedicated website for compromised credentials.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
