π What’s trending in cybersecurity today?
NoaBot Mirai Variant, Crypto Mining Campaign, Ivanti, Zero-Days, Gateways, WordPress AI Engine Plugin Vulnerability, Cisco, Unity Connection, India, ISP Hathway, Saudi Foreign Affairs, Finland, NoName, HMG Healthcare, Indigo Sky Casino, Outpost Casino, EU, UK Government, Volkswagen, ChatGPT, UMass Amherst,Β Baldur AI, NCSC.
π¨Β Cyber Alerts
A recently discovered Mirai-based botnet called NoaBot has been identified in a crypto mining campaign since the start of 2023. NoaBot exhibits advanced features, including a self-spreader and an SSH key backdoor, allowing threat actors to download and execute additional binaries or propagate itself further. Unlike other Mirai variants, NoaBot is compiled with uClibc, altering how antivirus engines detect the malware, and its deployment of a modified XMRig coin miner stands out by concealing information about the mining pool and wallet address, making it challenging to assess profitability.
Ivanti has disclosed two zero-days in Connect Secure and Policy Secure gateways, exploited in the wild, allowing remote attackers to execute arbitrary commands. The first flaw is an authentication bypass, while the second is a command injection vulnerability, enabling attackers to run arbitrary commands on impacted products. Patches will be released on a staggered schedule, but until then, mitigation steps are provided, emphasizing the urgency for customers to take immediate action.
A critical flaw in the free version of the WordPress AI Engine plugin, with over 50,000 installations, allows unauthenticated users to upload arbitrary files, leading to potential remote code execution. The vulnerability is found in the plugin’s rest_upload function, enabling attackers to upload malicious PHP files. Users are strongly advised to update the plugin to version 1.9.99, which includes a patch for the security issue.
Threat actors are increasingly using deceptive HR communications, such as 401(k) updates and salary reports, to trick employees into divulging credentials. Email security company Cofense reports a surge in phishing emails related to pension accounts, with attackers embedding QR codes to direct victims to fake login pages. Despite organizations with robust email security facing these threats, Cofense recommends HR departments schedule and communicate such updates, and cautions against the use of QR codes in legitimate business communication.
Cisco has addressed a critical security flaw in its Unity Connection software that could enable unauthenticated attackers to remotely acquire root privileges on unpatched devices. Unity Connection serves as a virtualized messaging and voicemail solution for various platforms, including email inboxes, web browsers, Cisco Jabber, Unified IP Phones, smartphones, and tablets. The vulnerability (CVE-2024-20272) exists in the software’s web-based management interface, allowing attackers to execute commands on the underlying operating system by uploading arbitrary files. Cisco has no evidence of public proof-of-concept exploits or active exploitation in the wild, and users are urged to apply the provided patches to mitigate potential risks.
π₯ Cyber Incidents
A hacker has reportedly accessed the Know Your Customer (KYC) data of 4 million users from the Indian Internet Service provider Hathway. Exploiting a security flaw in Hathway’s content management system (CMS), built on the Laravel framework application, the hacker claims to have exposed a 12GB file containing personal details of over 41 million Hathway customers, including names, email addresses, phone numbers, residential addresses, Aadhaar card copies, and other KYC data. After an unsuccessful attempt to sell the data for $10,000, the hacker publicly leaked the information, sharing two links with a total of 226GB of data.
The Ministry of Foreign Affairs for Saudi Arabia reportedly experienced a major data breach, exposing personal details of over 1.4 million affiliated employees. The breach was disclosed on the dark web by a threat actor named “zelda,” who claimed to be an “Advanced User.” The leaked data, in an uncompressed 600MB file, includes IDs, GUIDs, Arabic names, display names, contact details, and employment information. The breach was shared on a dark web forum in December 2023, raising concerns about the compromised security of sensitive employee information.
The NoName ransomware group, suspected of having Russian affiliations, has intensified its cyberattack on Finland, targeting critical sectors such as the Energy Industry Association, Technical Academic TEK, Oikeus.fi (legal information portal), the Association of Municipalities, and the Consumer Disputes Board. The DDoS attacks, part of a broader campaign, follow a message from the hacker group warning against locating a NATO base near Russia. The escalating cyber operations reflect geopolitical tensions and resemble previous attacks on Finnish government organizations, posing a significant threat to the nation’s critical infrastructure and services.
In November 2023, healthcare services provider HMG Healthcare revealed a data breach impacting 40 affiliated nursing facilities. Following the discovery, an investigation was launched, revealing that threat actors had gained unauthorized access to a server in August, compromising unencrypted files containing residents’ and employees’ personal health information. HMG Healthcare took immediate steps to mitigate the incident, but the organization recommends affected individuals monitor their accounts and credit reports.
Indigo Sky Casino and Resort, along with Outpost Casino, are alerting individuals about a recent data security incident after discovering unusual activity on their computer network. An unknown third party accessed some documents containing employees’ personal information, including names, driver’s license numbers, Social Security numbers, and medical details. While no banking or financial information was compromised, the casinos are taking precautionary measures, notifying affected individuals, and providing complimentary credit monitoring and identity theft protection services.
π’ Cyber News
The European Union has implemented a Cybersecurity Regulation, effective since Sunday, aimed at enhancing cybersecurity practices within EU government agencies. Proposed in 2022, the regulation sets standardized cybersecurity compliance requirements, with a deadline for agencies to conform by September 2024. The Cybersecurity Regulation strengthens CERT-EU’s role as a hub for cybersecurity support and information exchange, requiring EU agencies to share nonclassified incident-related information. This move comes in response to rising cyber threats against European critical infrastructure and concerns about agencies’ insufficient cybersecurity preparedness.
The British government faces accusations of downplaying the impact of the Investigatory Powers (Amendment) Bill, which grants officials power to intervene if tech firms introduce end-to-end encryption. The bill allows officials to issue global notices to tech companies, compelling them to notify the government before making product changes impacting their ability to comply with a warrant. TechUK, representing over 1,000 UK tech businesses, asserts the legislation “in effect grants a de facto power to the British government to indefinitely veto companies from making changes to their products and services offered in the UK.
Β
Get ready for a new era of car interactions as Volkswagen introduces ChatGPT to its voice assistant system, IDA. Unveiled at CES 2024, this groundbreaking move transforms vehicles into engaging conversational partners, offering more than just basic information. ChatGPT steps in to provide nuanced responses, entertain with jokes, and serve as a helpful companion for drivers, promising a revolutionary shift in in-car technology. Privacy concerns are addressed by Volkswagen, ensuring anonymized queries and a safe distance from critical car systems, marking a significant leap forward in the evolution of the driving experience.
Β
A team led by the University of Massachusetts Amherst introduces Baldur, an AI method leveraging large language models (LLMs) like ChatGPT to automatically generate proofs for software correctness. Collaborating with Google, Baldur, combined with the tool Thor, achieves a remarkable 65.7% efficacy in generating proofs. While software bugs impact society profoundly, Baldur emerges as a promising solution, offering an efficient way to verify software correctness and potentially revolutionizing the process of building bug-free software.
Β
The National Cyber Security Centre (NCSC) unveils a comprehensive guide to empower small and medium-sized businesses (SMBs) in enhancing online security. Tailored for organizations without dedicated IT support, the guide covers essential topics like data backup, domain name security, and malware protection. With the growing reliance on online services, particularly in the era of remote work, the NCSC aims to provide SMBs with practical insights to secure their operations and reduce the vulnerability to cyber-attacks, aligning with reports indicating an increase in security breaches among UK businesses.
Β
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
