π What’s trending in cybersecurity today?
MacOS, Info-Stealers, XProtect, FBI, CISA, Androxgh0st, Google Chrome, Zero-Day Flaw, GitHub, Vulnerability, Remcos RAT, South Korea, Majorca’s CalviΓ City Council, Attack, Crypto Bridge Bug , Clearview Resources , Republic Shipping, BianLian Ransomware, Academy Mortgage, Ford, Car Repossession Patent, UK, AI Training Data, Mimecast, Apple, Samsung, Genesis Global.
π¨Β Cyber Alerts
Persistent MacOS malware, such as KeySteal, Atomic Stealer, and CherryPie, adeptly evades XProtect, posing an ongoing challenge for security measures. The evolution of threats underscores the need for a dynamic cybersecurity strategy, urging a shift from static detection to advanced antivirus solutions. Vigilant network monitoring and regular security updates are crucial components in the face of continually evolving information stealers.
In a joint warning, CISA and the FBI revealed that Androxgh0st malware is orchestrating a menacing cloud-focused botnet for credential theft and deploying additional malicious payloads. Lacework Labs initially identified this threat in 2022, with over 40,000 devices under its control almost a year ago, marking a significant security concern. Targeting vulnerabilities in frameworks like PHPUnit, Apache, and Laravel, Androxgh0st’s Python-scripted capabilities aim at compromising .env files, exposing confidential data, and supporting various functions, including abuse of SMTP, leading to spam campaigns using stolen credentials from platforms like AWS, Microsoft Office 365, SendGrid, and Twilio.
Google has released critical updates for its Chrome browser, tackling four security issues, including an actively exploited zero-day vulnerability. Tracked as CVE-2024-0519, the flaw involves an out-of-bounds memory access in the V8 JavaScript and WebAssembly engine, potentially enabling threat actors to crash the system or gain access to secret values. While details about the attacks and threat actors remain undisclosed to prevent further exploitation, users are urged to promptly upgrade to the latest Chrome versions for Windows, macOS, and Linux to safeguard against potential threats.
GitHub has swiftly responded to a security vulnerability discovered on December 26, 2023, rotating keys to prevent potential exploitation that could compromise credentials within a production container. The rotated keys encompass critical aspects like the GitHub commit signing key, GitHub Actions, GitHub Codespaces, and Dependabot customer encryption keys. While the high-severity vulnerability (CVE-2024-0200) has not shown evidence of exploitation in the wild, GitHub emphasizes the importance of importing the new keys for users relying on the affected services to maintain robust security measures.
The notorious remote access trojan (RAT) Remcos has been discovered using a deceptive tactic in South Korea, disguising itself as adult-themed games and spreading via webhards. Webhard, a prevalent online file storage system in the country, becomes the vehicle for distributing Remcos RAT as users unknowingly open booby-trapped files, launching malicious Visual Basic scripts that execute an intermediate binary named “ffmpeg.exe.” This cunning approach allows threat actors to retrieve Remcos RAT from a server under their control, showcasing the evolution of Remcos from a marketed remote administration tool to a potent weapon for compromising systems and gaining unauthorized remote control and surveillance capabilities.
π₯ Cyber Incidents
CalviΓ City Council in Majorca, a major tourism hotspot in Spain, fell victim to a ransomware attack, disrupting municipal services over the weekend. The council formed a crisis committee to assess the damage and develop plans to mitigate the impact. Despite the cybercriminals demanding a ransom of β¬10,000,000 (approximately $11M), Mayor Juan Antonio Amengual affirmed that the municipality would not yield to the extortion, emphasizing the commitment to resolving the situation efficiently and maintaining communication through phone and face-to-face channels for citizen services.
Users of the crypto bridge aggregator Bungee faced a combined loss of $3.3 million due to a bug in the underlying technology. Over 200 wallets using Bungee’s Socket route on Ethereum experienced funds being drained, with over $2.9 million converted into Ether. The incident highlights the ongoing security challenges in the decentralized finance (DeFi) space, as hackers exploit vulnerabilities in bridge technologies, prompting calls for users to adopt new security habits such as revoking approvals after transactions.
Canadian energy producer Clearview Resources Ltd has revealed the financial toll of a recent cyberattack, resulting in a setback of US$1.5 million for the company. The attack, initially acknowledged in a press statement on December 6, 2023, unfolded through the compromise of an internal email address, allowing malicious actors to redirect funds to a third-party account. Clearview’s swift response involved engaging independent security experts, restricting functions, and restoring essential business systems to minimize operational impact, although recovering the lost funds remains a challenging task.
Logistics giant Republic Shipping Consolidators faces a cyberattack orchestrated by the notorious BianLian ransomware group, exposing a vast 117 GB of sensitive information on its dark web channel. The compromised data encompasses accounting records, financial details, emails, employee PC files, and more, raising concerns for both the company and individuals associated with the breached data. Despite the reported cyberattack, the company’s website remains operational, suggesting potential backend targeting by hackers who gained unauthorized access to databases.
Academy Mortgage, a US mortgage lender based in Utah, discloses a cyberattack in March 2023 that may have exposed personal details, including Social Security numbers of customers and employees. The breach notification letter indicates potential access to names and SSNs, posing identity theft risks for impacted individuals. With over 200 branches in the US and a revenue of $1.6 billion in 2022, Academy Mortgage is taking measures to address the breach, offering credit monitoring services to affected parties.
π’ Cyber News
Ford has abandoned its patent application for a controversial system that would take over vehicles whose owners are delinquent in making payments and, in the case of self-driving cars, allow them to repossess themselves by driving to repo lots. The automaker quietly dropped its pursuit of the patent late last year after filing for it in February, without explaining the decision. The patent application described technology that would allow a lender to remotely control various systems within a car, such as permanently locking the car, disabling steering wheels, brakes, and air conditioning, and even playing annoying sounds inside.
The UK Information Commissioners’ Office is seeking feedback from AI developers and legal experts on the privacy implications of using scrapped data for training generative AI algorithms. The concern arises from the potential violation of privacy laws when AI systems process data scraped from the public internet, containing personally identifiable information. The ICO’s consultation aims to assess compliance with the UK GDPR’s “lawfulness” clause and will shape future guidance on AI data processing.
Mimecast, a Microsoft Exchange security specialist, has announced a change in leadership as co-founder Peter Bauer steps down after 21 years, passing the reins to Marc van Zadelhoff. Van Zadelhoff, former CEO of Devo, expressed confidence in Mimecast’s ability to protect against evolving cybersecurity threats in today’s collaborative and high-risk environment. The leadership transition comes less than two years after Mimecast went private following a $5.8 billion acquisition by Permira.
Apple surpassed Samsung to become the leading global smartphone seller in 2023, marking the first time since 2010. Apple’s impressive growth, reaching an all-time high, has played a pivotal role in lifting the overall smartphone industry, which faced a downturn in recent years. The surge in premium devices, accounting for over 20% of the market, fueled Apple’s success, driven by enticing trade-in offers and interest-free financing plans. The intensified competition, driven by lower prices for high-end devices, innovative designs like foldable phones, and AI integration, contributed to the industry’s upward trajectory, according to data from the Worldwide Quarterly Mobile Phone Tracker by IDC.
A cryptocurrency trading company closes its doors following an $8 million fine from New York state regulators due to compliance failures, cybersecurity vulnerabilities, and money laundering risks. Genesis Global Trading, Inc., surrendered its licenses and faced penalties for violating financial industry rules, prompting the shutdown. The New York State Department of Financial Services emphasized the deficiencies in cybersecurity protections and the late, inadequate cybersecurity risk assessment filed by the company, raising concerns about its ability to detect and report suspicious activities.
