July 08 2024 – Cyber Briefing

👉 What’s happening in cybersecurity today?

HappyDoor Malware Variant, North Korea, MongoDB Compass, Apache HTTP Server, Google Cyber Threat Assessment, Amazon Prime Day, Phishing, OpenAI Breach, Roblox Breach, RockYou2024, Forbes, Cloudflare DNS Resolver, BGP Hijack, Shopify Data Breach, Arkansas Attorney General, Temu Data Collection, UK Prime Minister, UAE Cybersecurity Collaboration, Australia Cybersecurity Directives, Insecure Browser Extensions, Museum of Malware.

Listen to the full podcast

🚨 Cyber Alerts

1. North Korea’s New Evolving HappyDoor Malware

Kimsuky has released the latest version of their notorious HappyDoor malware, which captures screens and records keystrokes. This new version, observed in 2024, uses encrypted communications and advanced techniques to steal sensitive information, posing a significant global threat. HappyDoor achieves persistence by altering registry values and using the task scheduler, making detection and mitigation challenging. Spear phishing emails remain their primary method of distribution, highlighting the urgent need for organizations to adopt robust cybersecurity measures.

2. Critical Vulnerability in MongoDB Compass

A critical vulnerability (CVE-2024-6376) in MongoDB Compass prior to version 1.42.2 exposes systems to code injection attacks. The flaw stems from inadequate sandbox protections in the ejson shell parser, posing high risks to system security, including arbitrary code execution.Users and administrators are strongly urged to promptly update to MongoDB Compass version 1.42.2 or newer to mitigate these risks and bolster overall system security against such exploits.

3. Apache Fixes Source Code Disclosure Flaw

The Apache Software Foundation has fixed CVE-2024-39884, a critical source code disclosure vulnerability in Apache HTTP Server versions prior to 2.4.61. This flaw exposes server-side scripts and configuration files when certain legacy content-type configurations are mishandled, potentially allowing unauthorized access to sensitive data. Users should update to version 2.4.61 to secure their systems against exploitation.

4. Cyber Threats Facing 2024 Paris Olympics

Mandiant’s assessment released by google unveils a landscape fraught with state-sponsored espionage, disruptive operations, and financially-motivated attacks targeting event organizers, sponsors, and infrastructure. From Russia’s historical aggression to China, Iran, and North Korea’s moderated risks, the Games face unprecedented cybersecurity challenges.

5. Beware of Amazon Prime Day Phishing Scams

Prepare for Amazon Prime Day with caution as cybercriminals ramp up phishing scams, aiming to exploit eager shoppers with fake emails and malicious websites. Check Point reports alarming numbers: over 1,230 new Amazon-related domains registered in June 2024, 85% flagged as malicious. These deceptive sites mimic Amazon’s interface to steal personal and financial data.Tips include scrutinizing URLs, ensuring HTTPS and a padlock icon, using strong passwords, limiting personal information sharing, and verifying email sources.

💥 Cyber Incidents

6. OpenAI Secrets Stolen by Unknown Hacker

In 2023, OpenAI experienced a security breach where internal discussions about their AI technology were compromised by a hacker. Although no source code or customer data was accessed, concerns arose over potential vulnerabilities to foreign espionage, particularly from entities like China. The incident prompted internal debates about AI security protocols and highlighted the broader risks associated with advanced technology in national security contexts.

7. Roblox Data Breach Exposes Developer’s Info

Roblox has disclosed a data breach stemming from a third-party service used for its Developer Conference, compromising attendee data including full names, email addresses, and IP addresses from registrations over the past two years. The incident, attributed to an unauthorized intrusion into the third-party’s systems, has prompted Roblox to notify affected developers and implement undisclosed measures to prevent future breaches.

8. Hacker Leaks Billions of Passwords on Forums

In a significant cybersecurity development, a hacker using the alias ‘ObamaCare’ has uploaded a staggering 10 billion stolen passwords to a notorious crime marketplace. The database, named RockYou2024, combines passwords from over 4,000 breached databases spanning two decades, posing a severe risk of credential stuffing attacks. As concerns mount over the validity of the data, users are urged to employ password managers and check their credentials against exposure tools to mitigate potential threats.

9. Cloudflare DNS Hit by Dual BGP Attacks

Recently, Cloudflare’s 1.1.1.1 DNS resolver service experienced disruptions caused by two concurrent BGP incidents, underscoring vulnerabilities in internet routing protocols. Unauthorized announcements from AS267613 and AS262504 led to a misrouting of traffic, impacting global users for several hours. These events highlight ongoing concerns over the security of BGP, prompting renewed calls for enhanced adoption of measures like RPKI to authenticate and secure routing information.

10. Third-Party App Blamed for Shopify Data Leak

Shopify has refuted claims of a data breach after a threat actor known as ‘888’ began selling what they allege to be customer data stolen from the platform. The e-commerce giant clarified that their systems remained secure and attributed the data leakage to a third-party app, with plans for the app developer to notify affected customers directly. The compromised data reportedly includes Shopify IDs, names, emails, mobile numbers, order histories, and subscription details.

📢 Cyber News

11. Arkansas Sues Temu for Data Theft

Arkansas Attorney General Tim Griffin has filed a lawsuit against the Chinese e-commerce platform Temu, alleging it operates as “malware” and illegally gathers personal data from consumers. Griffin’s lawsuit, under state consumer protection laws, targets Temu’s parent companies, PDD Holdings Inc. and WhaleCo Inc., accusing them of deceptive trade practices that compromise user privacy.

12. UK and UAE Discuss Cyber Collaboration

Prime Minister Keir Starmer had a productive conversation with UAE President Sheikh Mohamed Bin Zayed al-Nahyan, discussing mutual congratulations on the Prime Minister’s election victory and reflecting on the success of the UAE-hosted COP28 Summit. They agreed to deepen collaboration in defense, cybersecurity, trade, and investment, with plans for a future meeting to further strengthen bilateral ties between the UK and UAE.

13. Australia Pushes New Cybersecurity Directive

Australia’s Department of Home Affairs has unveiled three new mandatory cybersecurity directives aimed at fortifying national defenses by 2030. These directives require government entities to rigorously assess supplier risks, conduct regular security assessments of internet-facing systems, and collaborate closely with the Australian Signals Directorate to share critical threat information.

14. 350M Installed Insecure Chrome Extensions

A comprehensive analysis by Stanford University exposes critical security risks in the Chrome Web Store’s browser extensions. Researchers identified over 26,000 problematic extensions, ranging from malware and policy violations to vulnerabilities, persisting on average for 1,248 days. This longevity has exposed over 350 million global users to potential privacy breaches and security threats.

15. Museum of Malware Art Opens in Helsinki

Helsinki’s Museum of Malware Art merges cybersecurity with creativity, transforming digital threats into captivating exhibits. Curated by industry expert Mikko Hyppönen, the museum aims to educate and engage through innovative art installations. It promises a unique blend of technology and public awareness, challenging perceptions of cybersecurity in a visually compelling way.

Copyright © 2024 CyberMaterial. All Rights Reserved.