π What’s the latest in the cyber world today?
Avast, DoNex Ransomware, HCL Domino Server, CloudSorcerer, APT, Orcinius Trojan, Dropbox, Google Docs, Broadcom, NATO, Cyber Threats, Frankfurt University, Cyberattack, Zotac, Trivandrum, Kerala, Coinbase, Scams, Crypto Theft, DDoS Attacks, Liechtenstein, Australian Government, China, APT40 Advisory, Cider Founder, Sola Security, National Health Service Flaws, Stacks, Bitcoin, L2 Security Framework, Breach Secure Now, Lyra Technology Group
Listen to the full podcast
π¨Β Cyber Alerts
Researchers have discovered a critical flaw in the DoNex ransomwareβs cryptographic schema, allowing them to develop a decryptor for all its variants and predecessors. This significant breakthrough, publicly discussed at Recon 2024, has been used discreetly since March 2024 to assist victims in decrypting their files.DoNex employs a complex encryption process involving ChaCha20 symmetric encryption and RSA-4096 asymmetric encryption. Victims can now use the released decryptor by following a guided process to recover their files.
A critical security flaw has been uncovered in HCL Domino server software, posing a significant risk by potentially exposing sensitive configuration details to remote, unauthenticated attackers. Identified as CVE-2024-23562, the vulnerability affects versions 11, 12, and 14 of the software, with earlier versions also suspected to be vulnerable. HCL has acknowledged the issue and is actively monitoring it under SPR# EPORD2AKDF, although a permanent fix is not yet available.
A new advanced persistent threat (APT) group named CloudSorcerer has emerged, targeting Russian government entities with sophisticated malware leveraging cloud services for command and control operations. Tracked by cybersecurity firm Kaspersky, CloudSorcerer exhibits similarities to previous APT campaigns like CloudWizard while employing distinct tactics and malware tools. The group’s malware adapts its behavior based on the host process, enabling covert data collection and malicious command execution.
The Orcinius Trojan, recently discovered, employs Dropbox and Google Docs in a complex attack strategy. Initially distributed through Excel spreadsheets containing VBA macros, modified using ‘VBA stomping’, the malware infiltrates systems to capture keystrokes and monitor active windows. This multi-stage approach allows Orcinius to bypass traditional security measures, posing significant risks of data breaches and financial losses.
Amid global tensions and the ongoing conflict in Ukraine, NATO faces a mounting barrage of cyber threats from state-sponsored actors and criminal groups. This article examines the alliance’s challenges with adversaries like APT29 and APT44 from Russia, and evolving cyber espionage tactics from China. These threats encompass intelligence gathering, disruptive attacks on critical infrastructure, and the influence of hacktivists and cyber criminals.
π₯ Cyber Incidents
Frankfurt University of Applied Sciences has been targeted by a cyberattack, causing a complete shutdown of its IT systems since July 6, 2024. Despite extensive security measures, hackers breached the university’s infrastructure, prompting immediate responses such as blocking external access and disabling critical services. As a result, online enrollment processes and external communications are currently unavailable, although on-site operations continue.
Computer hardware manufacturer Zotac has inadvertently exposed sensitive customer information related to return merchandise authorization (RMA) requests due to misconfigured web folders. The issue, discovered by a viewer of the YouTube channel GamersNexus, allowed Google Search to index private documents such as invoices, addresses, and contact details. Although Zotac has taken steps to secure most of the exposed data and disabled document uploads on their RMA portal, remnants still appear in search results.
Kerala’s Health Minister Veena George disclosed a recent cyber attack on the Regional Cancer Centre (RCC), which disrupted operations for five days starting April 28. The ransomware incident targeted software used by crucial departments at the centre but, reassuringly, patient data remained secure throughout. Prompt action was taken with notifications to state authorities and a subsequent investigation, revealing the impact on eight desktops and four servers. Minister George emphasized the integrity of patient records, safeguarded by robust backup systems, and confirmed no patient information leaked onto the dark web.
Several Coinbase users fell victim to sophisticated impersonation scams recently, resulting in substantial financial losses. One victim reported losing $1.7 million after a scammer posed as a Coinbase security team member and tricked them into disclosing part of their wallet’s seed phrase. The scam involved convincing the victim to visit a fake website to stop supposed unauthorized transactions, ultimately draining their wallet of funds.
Since Monday, July 8, 2024, around noon, the websites of Liechtenstein’s National Administration and the government experienced downtime due to DDoS attacks on their service providers. These attacks, claimed by a pro-Russian hacker group, temporarily disrupted access to the sites but did not result in any data breaches. Prompt detection enabled swift resolution of the issues, with authorities initiating investigations into the incident to mitigate future risks.
π’ Cyber News
The Australian government has publicly addressed China regarding cyberattacks attributed to APT40, as detailed in an advisory jointly released with international cyber security agencies. APT40, allegedly backed by the Chinese Ministry of State Security, has targeted Australian organizations using vulnerabilities in Microsoft Exchange, Atlassian Confluence, and Log4J, along with compromised SOHO hardware and Australian websites for command and control infrastructure.
Guy Flechter, co-founder of Cider Security, has secured $28 million in Seed funding for his new venture, Sola Security, just months after selling Cider to Palo Alto Networks for $300 million. Sola, still in stealth mode, aims to pioneer innovative cybersecurity solutions. Investors include S Capital, S32, and Michael Moritz, highlighting confidence in Flechter’s track record and the potential of his latest endeavor.
FormerΒ National Cyber Security Centre CEO Ciaran Martin warns of urgent need to address NHS vulnerabilities to mitigate future cyber threats, following a major ransomware attack that disrupted healthcare services in London. Despite recent investments in cybersecurity resilience, concerns persist over outdated IT infrastructure, as highlighted by a British Medical Association report revealing significant operational inefficiencies.
Hypernative has joined forces with Stacks, Bitcoin’s leading Layer 2 (L2) platform, to bolster security across its ecosystem. This collaboration integrates Hypernative’s advanced cybersecurity tools, enabling real-time threat detection and response for applications and smart contracts on Stacks. By monitoring both on-chain and off-chain activities, Hypernative aims to safeguard against sophisticated attacks, ensuring the integrity and innovation potential of Bitcoin’s programmable economy.
In a strategic move to bolster cybersecurity offerings, Breach Secure Now (BSN) has teamed up with Lyra Technology Group, a leader in MSP solutions. This exclusive partnership integrates BSN’s automated breach prevention and productivity training platform into Lyra’s suite of managed services, empowering MSPs to enhance their clients’ cybersecurity readiness. Lyra Technology Group aims to equip MSPs with robust defenses against evolving cyber threats
Copyright Β© 2024 CyberMaterial. All Rights Reserved.