π What’s the latest in the cyber world today?
CISA, GeoServer, Check Point Research, Trend Micro, Trojan Source Vulnerability, Crypto ATM, OCCRP, Minterest Protocol, Healthed Australia, The Royal Australian College of General Practitioners, Philippines Department of Migrant Workers, The Philippine Star, Dough Finance, Olympix, SB19 and Ben&Ben, YouTube Hacking, Ezra Reguerra, Cointelegraph, Kaspersky Ban, Zero Day, Atos, Financing, Recruit Co, The Japan News, Tether, Bitrace, Cambodian Scams, Oege de Moor, Startup, Github Engineers, XBOW
Listen to the full podcast
π¨Β Cyber Alerts
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting OSGeo GeoServer GeoTools to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2024-36401 with a CVSS score of 9.8, this flaw enables remote code execution via specially crafted input, allowing unauthenticated users to exploit multiple OGC request parameters. GeoServer, an open-source Java server for sharing and editing geospatial data, has addressed the issue in versions 2.23.6, 2.24.4, and 2.25.2.
MuddyWater, an Iranian-backed hacking group, has introduced a new malware implant named BugSleep, identified by Check Point Research. This sophisticated backdoor is deployed via phishing emails posing as webinar invitations, directing victims to malicious archives on Egnyte. BugSleep includes a custom loader to inject into active processes of applications like Microsoft Edge and Google Chrome, enhancing its ability to evade detection. The group, known for targeting the Middle East, has expanded its operations to include global targets in Turkey, Saudi Arabia, India, and Portugal
Void Banshee, an advanced persistent threat (APT) group, has been identified exploiting a newly disclosed vulnerability in Microsoft’s MHTML browser engine (CVE-2024-38112) to distribute the Atlantida information stealer. This zero-day exploit involves using specially crafted internet shortcut (URL) files in phishing campaigns to redirect victims to compromised sites hosting malicious HTML Applications (HTA). Once executed, these applications trigger PowerShell scripts to deploy the Atlantida stealer, designed to extract sensitive data from various applications including web browsers and cryptocurrency wallets.
A newly identified “Trojan Source” vulnerability in source code compilation poses a significant threat to enterprise security, warn researchers from Cambridge University. Nicholas Boucher and Ross Anderson highlight that this flaw allows malicious actors to insert code that appears benign during review but behaves differently once compiled. Exploiting the Unicode bidirectional algorithm, attackers can manipulate code to evade detection, potentially leading to covert attacks like those seen in the SolarWinds incident.
The proliferation of crypto ATMs in the US has brought convenience but also a surge in scams and fraud, posing significant challenges for law enforcement. Recent reports highlight cases where individuals, especially older adults, have fallen victim to sophisticated schemes, losing substantial sums to offshore accounts via these machines. Law enforcement agencies, while making some arrests, face hurdles in tracing transactions and recovering funds.
π₯ Cyber Incidents
The Minterest protocol recently fell victim to a significant security breach, resulting in the loss of approximately $1.4 million in assets. The attack, which targeted the Mantle chain and utilized funds from TornadoCash on Ethereum, involved the theft of mETH and WETH tokens. Minterest swiftly responded by halting all operations to prevent further losses and coordinating with exchanges to flag the hacker’s wallet.
Healthed, an Australian healthcare education provider, has experienced a data breach exposing participant information from its face-to-face educational seminars. The breach, attributed to a vulnerability on its website linked to work by a third-party contractor, compromised names, addresses, postal addresses, and mobile phone numbers of attendees. Upon discovery, Healthed swiftly addressed the issue within two hours and promptly notified affected individuals and staff via email.
The Department of Migrant Workers (DMW) in the Philippines has temporarily suspended its online services following a cyber attack involving Medusa ransomware, as confirmed by the Department of Information and Communications Technology (DICT). While assuring that no overseas Filipino worker (OFW) data was compromised, the DMW has taken its systems offline as a precautionary measure. Services such as issuing overseas employment certificates (OECs) and OFW passes are now being handled manually at various DMW offices nationwide.
Dough Finance, a decentralized finance (DeFi) protocol, has reported a staggering loss of $1.8 million in digital assets following a recent flash loan attack. The attack exploited vulnerabilities in the protocol’s smart contract, specifically in the “ConnectorDeleverageParaswap” contract, allowing the attacker to manipulate unvalidated call data and siphon off 608 ETH (approximately $1.8 million). Security experts from Cyvers and Olympix highlighted the breach, advising affected users to withdraw their funds.
Several prominent Filipino music artists, including SB19 and Ben&Ben, fell victim to a hacking incident where their YouTube accounts were compromised. The attackers used these channels to promote a cryptocurrency scam involving XRP, leveraging a deepfake of Ripple CEO Brad Garlinghouse. Both bands, with sizable followings exceeding millions on the platform, quickly responded to the breach. Ben&Ben announced the intrusion and partial recovery on their official Facebook page, noting the continued unauthorized streaming of fraudulent content.
π’ Cyber News
Tether has frozen 29 million USDT tied to Huione Group, a Cambodian marketplace implicated in extensive cybercrime operations across Southeast Asia. Researchers revealed Huione Guarantee’s role in facilitating scams involving money laundering, deepfake technology, and stolen data, totaling $11 billion in transactions over three years. The move by Tether follows law enforcement requests due to alleged connections with fraudulent and transnational criminal activities.
Russian cybersecurity firm Kaspersky has announced its withdrawal from the U.S. market in response to a ban imposed by the Commerce Department, effective July 20, 2024. This decision follows concerns over national security risks associated with Kaspersky’s software, which led to its addition to the Entity List. The ban prohibits U.S. businesses from engaging with Kaspersky, citing fears that its products could be exploited for cyber espionage and threats to critical infrastructure.
French IT consultancy Atos has successfully secured 1.675 billion euros in financing as part of a debt restructuring effort, crucially timed ahead of a planned acquisition by the French government. The financing, facilitated through a lock-up agreement with banks and bondholders, includes immediate access to 800 million euros, with an additional 440 million euros currently available and an anticipated 350 million euros by late July. This move comes amidst Atos’ efforts to address a substantial debt burden.
Recruit Co. is under scrutiny for mishandling student data after revelations that it sent such data to foreign businesses without adequate parental consent. The Yomiuri Shimbun reported that Recruit, authorized by local governments, obtained personal data from educational apps used by elementary and junior high school students in Japan. This data included students’ names, birth dates, and academic performance details, which were utilized to improve other apps and distributed overseas.
Former GitHub engineers have launched XBOW with a $20 million investment from Sequoia Capital, aiming to revolutionize cybersecurity with AI-powered tools. Led by Oege de Moor, known for founding Semmle (acquired by GitHub), the startup focuses on automating vulnerability research and mitigation. XBOW promises to autonomously pass 75% of web security benchmarks, including 85% of novel challenges, showcasing its effectiveness in finding and exploiting vulnerabilities.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
