January 14 2025 – Cyber Briefing

👉 What’s the latest in the cyber world today?

Microsoft, System Integrity Protection, Bypass Vulnerability, Apple,  macOS, Codefinger Hackers, Amazon S3 Buckets, Ransomware Encryption Attacks, Aviatrix Controller Flaw, Mining, Backdoors, CISA, BeyondTrust, KEV Catalog, Kremlin, Kazakhstan, Espionage Campaign, Gravy Analytics, Location Data, Path of Exile 2, Account Compromise, West Haven Connecticut, IT Systems, Cullman City Schools, PowerSchool, Avery Products Corporation, Five Eyes, Critical Infrastructure, Secure By Design, OT Products, UK Government, Ransomware Payment Ban, Texas Sues Allstate, Unlawful Data Collection, Privacy Violations, HuiOne Guarantee, Illicit Marketplace, Mercedes-Benz, Partnership, Google, Car AI 

Listen to the full podcast

🚨 Cyber Alerts

1. Microsoft Finds SIP Bypass Flaw in macOS

Microsoft researchers recently discovered a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers. This flaw, tracked as CVE-2024-44243, was found in the Storage Kit daemon and could be exploited by local attackers with root privileges in low-complexity attacks requiring user interaction. The discovery highlights ongoing security risks in macOS systems, emphasizing the need for robust security measures to detect malicious behavior.

2. Codefinger Target AWS S3 Buckets for Ransom

Cybercriminals known as “Codefinger” have been encrypting data stored in Amazon Web Services’ S3 buckets, locking customers out using AWS’s own encryption tools. The attackers steal AWS credentials and obtain encryption keys before demanding ransom payments in exchange for access. Researchers warn this novel tactic represents an evolution in ransomware capabilities, leveraging AWS native services to create secure and unrecoverable encryptions.

3. Aviatrix Controller Flaw Used for Mining

A critical vulnerability in the Aviatrix Controller cloud networking platform (CVE-2024-50603) is being actively exploited to deploy cryptocurrency miners and backdoors. The flaw, which allows unauthenticated remote code execution due to insufficient input sanitization on API endpoints, has been weaponized in multiple cloud environments. Affected organizations are urged to apply security patches to mitigate the risk of privilege escalation and lateral movement in cloud environments.

4. CISA Adds BeyondTrust Vulnerability to KEV

CISA has added a second vulnerability impacting BeyondTrust Privileged Remote Access and Remote Support products to its Known Exploited Vulnerabilities catalog. The flaw, CVE-2024-12686, allows attackers with administrative privileges to inject OS commands, which can lead to unauthorized file uploads and remote command execution. This follows the addition of another critical flaw in BeyondTrust products, both linked to a recent cyber breach involving a compromised Remote Support API key.

5. Russian-Linked Hackers Target Kazakhstan

Hackers, likely linked to the Kremlin-backed APT28 group, have been conducting cyber-espionage against Kazakhstan’s diplomatic entities. The group, tracked as UAC-0063, used legitimate documents from Kazakhstan’s Ministry of Foreign Affairs to deliver malware strains like Cherryspy and Hatvibe. This ongoing campaign is believed to be part of a broader effort to gather strategic and economic intelligence on Kazakhstan’s foreign relations, aiming to preserve Russia’s influence in the region.

💥 Cyber Incidents

6. Gravy Analytics Confirms Data Breach

Gravy Analytics, a major player in the location data market, reported a data breach affecting its AWS cloud storage. Hackers reportedly stole location data, including historical data from millions of smartphones, which may have originated from popular apps like Candy Crush. The breach was caused by a misappropriated access key, and while the exact contents of the stolen files are under investigation, it’s possible they contain personal data related to third-party services.

7. Path of Exile 2 Faces Account Compromise

A significant bug in Path of Exile 2 allowed attackers to change account passwords without proper auditing. Instead of logging password changes as uneditable audit events, the system incorrectly treated them as editable notes, which could be deleted. This allowed hackers to compromise accounts by changing passwords and removing the evidence. Although the developers admitted the security flaw and introduced new measures, they have not offered compensation for affected players or restored stolen items.

8. West Haven IT System Hit by Cyber Incident

The City of West Haven, Connecticut, was recently alerted to a security breach in its IT systems, prompting an immediate shutdown of all systems as a precautionary measure. The city engaged external professionals to assist with the investigation, focusing on assessing potential data impact. Thanks to the city’s proactive security measures and system backups, operations were quickly restored, and the incident was reported to the appropriate authorities. Officials have assured residents that they are working diligently to strengthen security and will continue to provide updates as the investigation progresses.

9. Cullman City Schools Cybersecurity Breach

Cullman City Schools (CCS) in Alabama recently acknowledged a cybersecurity incident involving its PowerSchool software. The district was notified on January 7, 2025, that unauthorized access had been detected to certain customer information through PowerSchool’s PowerSource portal. Although the incident was identified on December 28, 2024, CCS assured that the threat is isolated and there is no evidence of ongoing unauthorized activity or operational disruptions.

10. Avery Products Reports Ransomware Attack

Avery Products Corporation has notified customers about a ransomware attack that compromised personal information between July and December 2024. The breach affected certain data such as names, billing information, and credit card details, though Social Security numbers or government IDs were not involved. The company has launched an investigation, working with forensic experts, and is offering complimentary credit monitoring for affected individuals.

📢 Cyber News

11. Five Eyes Urges Action on OT Product Security

Critical infrastructure organizations have been urged by government agencies to prioritize the security of their operational technology (OT) products. A joint advisory issued by the Five Eyes alliance and European partners stresses the importance of selecting products that follow secure-by-design principles, aiming to reduce the risk of cyberattacks. It calls on manufacturers to bear greater responsibility in improving product security, shifting the burden away from OT owners.

12. UK Government Moves to Ban Ransom Payments

The UK government has introduced proposals to ban public sector bodies, including schools, NHS trusts, and local councils, from making ransomware payments to criminal gangs. The aim is to reduce the appeal of these organizations as targets for cybercriminals by cutting off their financial pipeline. Additionally, private companies making ransomware payments will be required to report them, with the possibility of payments being blocked if made to sanctioned groups or foreign states.

13. Allstate Sued for Illegal Data Collection

Texas Attorney General is suing Allstate and its subsidiary Arity for allegedly violating data privacy rights of 45 million Americans. The suit claims the insurance giant collected and sold cell phone location and movement data without consumers’ consent. Arity’s software, embedded in mobile apps, tracked users’ driving behaviors, raising premiums without their knowledge. The lawsuit also alleges that Arity violated state data broker laws, failing to register with Texas authorities.

14. HuiOne Guarantee Becomes Top Illicit Market

HuiOne Guarantee, a Telegram-based marketplace, has surpassed $24 billion in cryptocurrency transactions, making it the largest illicit online platform ever. Established in 2021, the marketplace was originally intended to facilitate the sale of cars and real estate, but it became notorious for enabling scams, money laundering, and human trafficking. According to blockchain analytics firm Elliptic, its activities have led to an alarming 51% increase in monthly cryptocurrency inflows since July 2024.

15. Mercedes Benz Partners with Google for AI

Mercedes-Benz and Google are expanding their partnership to introduce advanced conversational capabilities in the MBUX Virtual Assistant. This collaboration utilizes Google’s Automotive AI Agent powered by Gemini on Vertex AI, offering detailed, personalized responses to navigation and point-of-interest queries. The new system will provide drivers with a more intuitive, natural interaction, allowing them to ask for recommendations or directions in a conversational manner while also retaining memory of past conversations for a seamless experience.

Copyright © 2025 CyberMaterial. All Rights Reserved.