π What’s the latest in the cyber world today?
Azure, DarkGate, Malware, AutoHotkey, Zyxel, NAS, June 2024, Android, Vidar Stealer, Evasion Tactics, Evade, Google Chrome, Plugin, $1M Scam, Binance, Microsoft, India, Twitter Account, Hijacked, Cryptocurrency Scammers, Australian Mining Firm, Have I Been Pwned, Clarity.fm, U.S. Lawmakers, US DoD’s, China, Canadian Centre Cyber Security, AI Model, Predict Weather, EMEA, DDoS Surge, Attacks, Deutsche Bank, Partners, Bitpanda.
Listen to the full podcast
π¨Β Cyber Alerts
Security researchers at Tenable discovered a critical flaw in Azure Service Tags that allows attackers to bypass firewall rules and access customers’ private data. By exploiting this vulnerability, attackers can impersonate trusted services and craft malicious SSRF-like web requests, compromising network security. Microsoft advises adding extra authentication and authorization layers to protect against this risk, although they contend that Service Tags were never intended as a security boundary. The flaw impacts at least ten other Azure services, including Azure DevOps and Azure Machine Learning.
DarkGate malware has shifted from AutoIt scripts to AutoHotkey mechanisms, aiming to evade detection. The latest version, released in March 2024, includes enhanced remote access features but omits certain previous capabilities. The malware continues to adapt quickly, exploiting security flaws and phishing tactics to bypass protections.
Zyxel has swiftly responded to critical command injection and remote code execution vulnerabilities affecting its NAS326 and NAS542 devices, both of which have already reached their end-of-vulnerability support. The company has released patches targeting these vulnerabilities, despite the products having surpassed their end-of-support date, underlining Zyxel’s commitment to ensuring the ongoing security of its users
June’s Android security update addresses 37 vulnerabilities, including high-severity elevation of privilege bugs. The first part of the update resolves 19 flaws in Framework and System components, with seven addressed in the System component alone. Devices running the latest patch level, 2024-06-05, receive fixes for an additional 18 vulnerabilities in Kernel and other components, including critical flaws in Qualcomm-specific components.
Vidar Stealer, a malware-as-a-service, poses grave risks with its advanced evasion tactics and broad data theft capabilities. Sold on the dark web, it targets personal and financial data, leveraging social media for its operations. Vigilance, robust security measures, and collaborative efforts are essential to combat this dynamic cyber threat.
π₯ Cyber Incidents
A Chinese trader falls victim to a hacking scam using a Google Chrome plugin. Despite complaints, Binance fails to prevent abnormal transactions, leaving the trader devastated. The hacker exploits stolen cookies to bypass authentication and carry out leveraged trades, blaming Binance for inadequate security measures.
The official Microsoft India account on Twitter, boasting over 211,000 followers, was compromised by cryptocurrency scammers seeking to impersonate Keith Gill, famously known as Roaring Kitty. With a verified status, the account lent credibility to the hijackers’ posts, increasing the likelihood of unsuspecting users falling victim to their schemes. Exploiting Gill’s recent resurgence in popularity, the threat actors enticed followers with promises of GameStop cryptocurrency as part of a supposed presale, directing them to a malicious website designed to drain cryptocurrency wallets.
Anonymous hackers strike Northern Minerals, releasing stolen data following Chinese shareholders’ divestment deadline. The mining company’s cyber breach comes amidst efforts to challenge China’s control of dysprosium production, a key mineral for electric vehicle magnets. Australian Treasurer’s move to block Chinese stake prompts concerns over potential cyber retaliation, highlighting tensions in foreign investment and cybersecurity realms.
A significant collection of 361 million email addresses, sourced from various cybercrime channels, has been incorporated into the Have I Been Pwned database, providing users with the ability to check for potential compromises to their accounts. These credentials were gathered from password-stealing malware, credential stuffing attacks, and previous data breaches, underscoring the pervasive nature of cyber threats.
A data breach at Clarity.fm exposed personal info of business leaders and celebrities, raising concerns over cybersecurity and potential targeting by cybercriminals. The leak included names, contact details, payment records, and consultation content, highlighting the importance of robust data security measures. Businesses and individuals must prioritize data protection to mitigate the risks of targeted scams and phishing attacks in an increasingly digital landscape.
π’ Cyber News
Bipartisan senators express “serious concern” over Defense Department’s heightened reliance on Microsoft products. The Defense Department faces scrutiny over its decision to invest further in Microsoft despite cybersecurity incidents. Lawmakers emphasize the need for a multi-vendor approach to ensure robust cybersecurity practices.
Canadian authorities warn of escalating cyber espionage operations by China, targeting citizens and organizations. These cyber threat actors, often directed by PRC intelligence services, aim to access sensitive information aligning with Beijing’s national objectives, compromising various sectors, including government, critical infrastructure, and research and development.
Microsoft’s Aurora model, boasting 1.3 billion parameters, promises to transform weather prediction with its advanced AI architecture and extensive atmospheric training. The breakthrough technology aims to enhance accuracy in forecasting extreme weather events, vital for mitigating climate change’s impact. With its high spatial resolution and computational efficiency, Aurora could democratize access to critical weather and climate information, benefiting communities worldwide.
DDoS attacks in Europe, the Middle East, and Africa (EMEA) have surged, surpassing North America as the most targeted region in Q1 2024, according to a new Akamai report presented at Infosecurity Europe 2024. The ongoing conflicts in the region, including the Russia-Ukraine war and the Israel-Hamas conflict, have contributed to the rise in DDoS attacks, with politically motivated hacktivists and nation-state sponsored actors exploiting the situation. The UK has emerged as the biggest target for DDoS attackers in the EMEA region, followed by Saudi Arabia and Germany.
Bitpanda and Deutsche Bank’s collaboration introduces real-time cash payments for German crypto traders, enhancing transaction efficiency and security. German users will benefit from Bitpanda’s access to Deutsche Bank’s API-based account solution, streamlining fund transfers through German IBANs. This partnership signifies a step forward in making crypto accessible to the masses, leveraging the trust and integrity built by Bitpanda over the years.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.