π What are the latest cybersecurity alerts, incidents, and news?
Mac Malware, Fake Arc Browser Ads, Malwarebytes, Trojanized Notezilla Installers, Conceptworld Website, Rapid7, Unfurling Hemlock Malware Campaign, Outpost24, Kimusky,Β Malicious Chrome Extension, Zscaler, Juniper, 7News YouTube, CoinTelegraph, Crypto Scammers, TeamViewer Compromised, Shoe Zone, Research Tree, Interpol, Ministry of Information of the Republic of Crimea, DDoS Attacks, Lee Hsien Loong Deepfake Scam Videos, Peacock AI-Powered Olympic Recaps, NBC Universal, Al Michaels, Center for Investigative Reporting Sues OpenAI, Clearview,Β AI Facial Recognition, Manila Hacking Spree
Listen to the full podcast
π¨Β Cyber Alerts
Water Sigbin is actively targeting Oracle WebLogic servers to deploy cryptocurrency miners using fileless execution techniques. By exploiting CVE-2017-3506 and CVE-2023-21839, the attackers run malware solely in memory to evade detection. Their multi-stage loading process uses PowerShell scripts and sophisticated loaders to ensure successful deployment.
OpenSSH maintainers have fixed a critical flaw allowing unauthenticated remote code execution with root privileges on glibc-based Linux systems. This vulnerability, CVE-2024-6387, affects millions of servers, potentially leading to complete system compromise. Users are urged to apply patches and implement network controls to mitigate the risk.
The Reserve Bank of India has issued an urgent advisory to banks, highlighting the escalating threat of cyberattacks targeting the financial sector. Emphasizing robust IT governance, the RBI advises defining clear roles and responsibilities within the Board of Directors and Executive Management. The advisory stresses adherence to international standards like COBIT to align IT practices with business objectives, enhancing resilience against cyber threats. Banks are urged to segregate information security from IT operations and conduct regular risk assessments to proactively identify and mitigate vulnerabilities.
Microsoft has resumed the rollout of the KB5039302 update for Windows 11, now excluding users of virtualization software. Initially paused due to reboot issues, the update is available again for most devices, with exceptions for those running virtual machine tools like CloudPC and Azure Virtual Desktop. Users are advised to check Windows Update for availability, while Microsoft continues to address additional bugs affecting Taskbar display in specific system configurations.
Hackers are actively exploiting a critical vulnerability (CVE-2024-0769) in D-Link DIR-859 routers, even though the model is no longer receiving updates. This flaw, centered on the “fatlady.php” file, allows unauthorized access to sensitive configuration files like ‘DEVICE.ACCOUNT.xml’, compromising account information such as passwords and user details. Despite D-Link confirming no patches will be released, the severity of the exploit underscores ongoing security risks associated with legacy devices and the importance of replacing or securing vulnerable routers to mitigate potential breaches.
π₯ Cyber Incidents
Microsoft is notifying customers of data breaches by Russian state hackers, targeting email accounts of executives. The breach, attributed to the group Midnight Blizzard (APT29), underscores ongoing cybersecurity challenges for major tech firms. This incident prompts heightened security measures and scrutiny over potential vulnerabilities in corporate and government sectors.
HubSpot is actively investigating a cybersecurity incident targeting a limited number of its customers. Since detecting unauthorized access attempts, the company has swiftly implemented response measures to mitigate risks and safeguard customer data. With over 216,000 corporate clients, including prominent names like Discord and Eventbrite, HubSpot remains focused on protecting its platform integrity amidst ongoing investigations.
Franklin County, located in Washington state responded swiftly to a ‘brute force’ cyber attack, effectively safeguarding their systems and preventing data breaches through prompt action from their Information Technology Department. Upon detecting the threat, all systems were immediately taken offline as a precautionary measure. They were gradually restored while efforts focused on isolating the source and assessing the impact. Although most systems are now operational, the specific system targeted remains offline for continued investigation and maintenance.
Government of Guernsey officials recently responded to an attempted cyber attack on their IT network, which temporarily disrupted access to email and Microsoft Teams for deputies as a precautionary measure. Deputy Mark Helyar expressed concerns over the sudden password resets implemented during the incident. Chief Digital and Information Officer Ge Drossaert assured that swift action prevented data compromise, highlighting effective security protocols.
Federated Co-op Ltd. in Western Canada has disclosed a cybersecurity incident affecting customer-facing systems and cardlock fuel stations. The incident, first reported Thursday and confirmed Saturday via Facebook, prompted precautionary shutdowns of affected systems. While no evidence suggests customer data compromise, FCL has enlisted third-party experts for investigation. Some services, including cardlocks, have resumed, but restoration timelines remain unclear. Local Co-ops in Saskatchewan reported similar IT outages, highlighting widespread disruptions to FCL operations and digital platforms.
π’ Cyber News
The U.S. Treasury and IRS have announced new regulations requiring custodial brokers to report digital asset transactions starting in 2025. This aims to improve tax compliance in the growing digital asset market by focusing initially on operators of trading platforms and certain wallet providers. Non-custodial brokers, like decentralized platforms, are currently exempt, with future regulations planned to address their unique challenges in tax reporting. These efforts align with broader goals under the Infrastructure Investment and Jobs Act of 2021 to modernize tax policies for the digital economy.
Huawei Technologies has forged partnerships with Chinese companies to embark on local production of high-bandwidth memory (HBM) chips, a move seen as crucial in bolstering its AI infrastructure capabilities amidst ongoing US sanctions. Since facing restrictions from accessing Western technology in 2019, Huawei has strategically focused on developing domestic tech solutions. Collaborating with Wuhan Xinxin Semiconductor Manufacturing, Jiangsu Changjiang Electronics Tech, and Tongfu Microelectronics, Huawei aims to overcome market challenges dominated by South Korean giants like SK Hynix and Samsung Electronics.
LevelBlue, the rebranded entity from AT&T Cybersecurity, has announced a significant workforce reduction of 15%, affecting approximately 150 employees out of its 1,000-person workforce. This decision follows AT&T’s sale of a majority stake in the managed cybersecurity services firm to WillJam Ventures. LevelBlue emphasized that these layoffs are part of a strategic restructuring aimed at enhancing the depth, quality, and delivery of its managed security services. The company expressed gratitude for its employees’ contributions while noting ongoing hiring efforts in areas aligned with customer and partner needs.
Sony Group has entered the cryptocurrency market by acquiring Amber Japan, formerly DeCurret. This expands Sony’s reach into regulated digital asset trading, with Amber Japan rebranded as S.BLOX and planning upgrades for its WhaleFin platform. The move follows Amber Group’s restructuring post-FTX collapse, aligning with Sony’s strategy to diversify into blockchain and NFT technologies, as evidenced by recent patent filings for NFT frameworks aimed at integrating digital assets across gaming platforms.
Indonesian authorities conducted a raid on a villa in Bali, resulting in the arrest of over 100 foreign nationals suspected of involvement in cybercrime. Among those detained were 14 Taiwanese citizens, with the identities of the remaining individuals still under investigation. The raid uncovered computers and mobile phones allegedly used in cybercrime activities. Indonesian immigration officials indicated the suspects may have misused their visas and residence permits in addition to engaging in cyber offenses. The investigation is ongoing, with challenges anticipated in prosecuting the suspects if their alleged victims reside outside Indonesia.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
