π What’s the latest in the cyber world today?
Chinese Hackers, Cisco, Custom Malware, Xctdoor Malware, South Korea, CocoaPods, iOS, macOS Apps, Exploitation, Indirector Attack, Intel CPU Flaws, Information Stealing, CapraRAT, Android Gamers, TikTok Fans, Spyware Campaign, Evolve Bank Breach, LockBit, Sensitive Data, Affirm Card Users, Kadokawa, Data Breach, Ransomware Attack, Patelco Credit Union, Banking Services, Wise, Covington and Burling LLP, Spear Phishing Attack, Cyber Insurance Costs, Crypto Hacks, Papua New Guinea, Governance Policy 2024, Outcome Health, Fraud, Rapid7, Acquisition, Noetic Cyber.
Listen to the full podcast
π¨Β Cyber Alerts
Chinese state-backed hackers, Velvet Ant, exploited a newly patched zero-day vulnerability (CVE-2024-20399) in Cisco Nexus switches. This flaw, in the CLI of Cisco NX-OS software, allowed attackers with admin privileges to execute arbitrary commands as root. Discovered in April and patched on July 2, 2024, the vulnerability was used to deploy custom malware for remote access and control. This incident highlights the importance of robust security practices for network appliances.
AhnLab Security Intelligence Center (ASEC) discovered that unidentified threat actors exploited a Korean ERP solution and vulnerable web servers to deploy the Xctdoor malware, targeting the defense and manufacturing industries. This malware, similar to past attacks by the Andariel group, allows attackers to steal system information and execute remote commands. The incident highlights the need for robust security practices, including monitoring, patching, and cautious handling of email attachments and executable files.
Critical vulnerabilities in CocoaPods, a pivotal dependency manager for iOS and macOS apps, were discovered by E.V.A Information Security researchers. These flaws allowed malicious actors to seize control of unclaimed pods, potentially injecting malicious code into widely used applications. The vulnerabilities, now patched, underscore the significant security risks posed to millions of Apple devices and highlight the urgent need for enhanced software supply chain security measures.
Researchers have uncovered a new threat named ‘Indirector’ that exploits vulnerabilities in modern Intel processors like Raptor Lake and Alder Lake. This attack manipulates the Indirect Branch Predictor (IBP) and Branch Target Buffer (BTB) to perform speculative execution and extract sensitive data from CPUs, circumventing security measures such as ASLR. Scheduled for presentation at the USENIX Security Symposium, the attack uses advanced tools to pinpoint and inject code into vulnerable branches, enabling attackers to control process flows and utilize cache side-channels for data extraction
Transparent Tribe has intensified its cyber espionage efforts through a sophisticated campaign leveraging CapraRAT spyware concealed within seemingly innocuous Android applications. These malicious apps, tailored to appeal to diverse interests including mobile gaming enthusiasts and TikTok users, exploit WebView technology to mask their true intent. Underneath their facade as legitimate platforms, they surreptitiously gather sensitive data such as SMS messages, contact details, and location information. This strategy underscores the group’s adeptness at social engineering, targeting specific user demographics to infiltrate devices and compromise security.
π₯ Cyber Incidents
Affirm Holdings announced that a cybersecurity incident at Evolve Bank and Trust, an issuer of Affirm cards, compromised personal information of Affirm card users. The breach, attributed to the LockBit ransomware group, involved unauthorized access and data leakage. Affirm assures customers that its systems remain secure, though shared personal information was compromised. Evolve Bank is offering affected individuals two years of free credit monitoring and identity theft protection. Notifications will begin on July 8, 2024, with further support for impacted customers.
Japanese media giant Kadokawa has confirmed a data breach from a ransomware attack by the BlackSuit gang, impacting business partner information and internal data, including personal details of employees at its subsidiary Dwango. The breach, detected in early June, forced Niconico, a popular video-sharing site, to temporarily shut down some services. Kadokawa assured that customer credit card information was not compromised and is currently working with external professionals to verify the extent of the breach, with plans to report findings in July.
Patelco Credit Union in Dublin, California, is contending with a ransomware attack that has necessitated the proactive shutdown of critical banking systems. As a result, electronic transactions like transfers and online banking services are currently unavailable or operating at reduced capacity, although ATM services for cash withdrawals remain accessible. While branches and call centers remain open with extended wait times expected, employees are unable to access individual account details.
Wise has responded to a data breach affecting Evolve Bank & Trust, their former partner for USD account details, potentially exposing personal information of some customers. Although Wise’s systems remain secure, they are actively investigating the incident and reassuring users that account credentials, passwords, and Wise cards have not been compromised. Customers are advised to remain vigilant against phishing attempts and unauthorized requests for sensitive information, with additional steps recommended for US-based users to protect against potential identity theft.
In February 2024, Covington in Washington DC was hit by a spear phishing attack that compromised an employee’s workstation, leading to unauthorized access. The firm discovered the breach quickly, initiating a comprehensive investigation and collaborating with cybersecurity experts and law enforcement. Covington offered affected individuals credit monitoring and identity-theft protection services, emphasizing the need for robust cybersecurity measures.
π’ Cyber News
Howden’s latest cyber report highlights a resilient market with decreasing insurance costs despite ongoing cyber threats and geopolitical tensions. The report emphasizes stable conditions bolstered by improved cyber hygiene among insureds, paving the way for sustainable growth and innovation. Expansion opportunities in international markets, particularly among SMEs, underscore a shift away from traditional U.S. dominance in cyber insurance. With enhanced risk controls and broader client outreach, Howden aims to capitalize on a maturing market poised for significant global premium growth by 2030.
In June 2024, despite a bearish cryptocurrency market, hacking incidents surged with hackers targeting various crypto platforms, resulting in losses totaling approximately $176.2 million, a significant decrease from the previous month. The largest hack affected BtcTurk, a Turkish trading platform, where $100.25 million was stolen through compromised hot wallets. Other major breaches included British exchange Lykke losing $22 million and several other platforms collectively losing millions more.
Papua New Guinea has taken proactive steps in cybersecurity leadership with its new National Data Protection and Governance Policy 2024. This policy emphasizes responsible data sharing while ensuring compliance with privacy regulations, enhancing digital security amidst growing cyber threats. By joining global initiatives and fostering ICT cooperation, particularly with Japan, PNG aims to fortify its cyber defenses and position itself as a secure player in the international digital landscape. These efforts not only build public trust and promote sustainable growth but also set a high standard for data protection across the Pacific region and beyond.
Three former executives of Outcome Health have been sentenced for orchestrating a massive fraud scheme exceeding $1 billion, impacting clients, lenders, and investors. Rishi Shah, co-founder and former CEO, received a seven-year, six-month prison sentence, while co-founder Shradha Agarwal was sentenced to three years in a half-way house. Brad Purdy, former COO and CFO, received a two-year, three-month prison term. The scheme involved overstating revenue by selling advertising inventory that was not delivered and fabricating engagement metrics. This deception allowed them to secure substantial financing, resulting in personal dividends. The case highlights the consequences of corporate fraud and underscores the importance of accountability in business practices.
Rapid7, a leading cybersecurity firm, has announced its acquisition of Noetic Cyber, specializing in cyber asset attack surface management (CAASM). This strategic move aims to bolster Rapid7’s security operations platform by integrating Noetic’s capabilities, which offer enhanced visibility of both internal and external assets across on-premise and cloud environments. By leveraging Noetic Cyber’s solutions, Rapid7 aims to empower organizations with comprehensive insights into their attack surfaces, enabling proactive threat anticipation, risk management, and efficient remediation strategies.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
