π What’s happening in cybersecurity today?
Facebook, MS Console, Identity Theft, Phishing Attacks, Genians, Fake KMSPico, Vidar Stealer, eSentire, PHP Vulnerability, Devcore, Hacktivists, Critical Infrastructure, Dragos, Sticky Werewolf, Russia, Belarus, Morphisec, New York Times, Source Code Leak, Mashable, New Hampshire Public Radio, Adventist Health, Niconico, PR Times, Italy, Lombardy Hospitals, RAI, Microsoft, AI-Driven Recall, Apple, Passwords Manager App, Bloomberg, Mozilla, 0Din Bug Bounty Program, Large Language Models, Google, Responsible AI Implementation, Android Apps, IoT Vulnerabilities, Forescout.
Listen to the full podcast
π¨Β Cyber Alerts
Cybersecurity researchers discovered North Korean Kimsuky APT exploiting Facebook and MS Console for targeted attacks. These systems were breached to control user accounts, spread malware, and conduct widespread online strikes. The attackers used fake Facebook accounts, malicious OneDrive links, and other advanced tactics to infiltrate their targets.
Researchers detected an attack involving a fake KMSPico activator tool delivering Vidar Stealer. The attack used Java dependencies and a malicious AutoIt script to disable Windows Defender and decrypt the Vidar payload. This incident underscores the importance of user awareness and the need for up-to-date security software to guard against such threats.
A critical remote code execution flaw, CVE-2024-4577, has been found in PHP for Windows versions 5.x and earlier. Discovered by DEVCORE, this vulnerability lets unauthenticated attackers gain full control of affected servers by exploiting a flaw in the Best-Fit feature of encoding conversion. Administrators are urged to update to the latest PHP versions to prevent exploitation.
Hacktivist groups target Operational Technology (OT) systems, aiming to disrupt operations and gain media attention. They exploit vulnerabilities, like default credentials, to compromise systems and manipulate critical infrastructure, posing serious threats to public safety. Recent attacks by groups like CyberAv3ngers and CyberArmyofRussia_Reborn underscore the increasing sophistication and potential political motivations behind hacktivist operations.
Cybersecurity researchers unveil details of Sticky Werewolf, a threat actor targeting entities in Russia and Belarus. The group’s phishing campaigns expanded to pharmaceutical, research, and aviation sectors beyond government organizations. Their sophisticated attack chain involves LNK files triggering binary execution from WebDAV servers, aiming to deploy commodity RATs and information-stealer malware.
π₯ Cyber Incidents
An anonymous hacker claims to have leaked 270GB of internal data and source code from The New York Times on 4chan. Published on June 6, 2024, the leak includes over 5,000 repositories and has sparked widespread concern about the potential implications for the historic news organization. The hacker, known as “/aicg/” on 4chan, shared a magnet link to the files, inviting users to download and share the data, which reportedly contains blueprints of well-known games like Wordle and email marketing campaigns.
New Hampshire Public Radio addresses a recent cyberattack, assuring minimal impact due to robust security measures. Initial investigations suggest limited breach of internal data, with ongoing efforts to identify and address any affected data. NHPR emphasizes transparency, prompt action, and collaboration in addressing the incident, prioritizing data recovery and stakeholder reassurance.
Adventist Health Tulare announces breach of patient data handled by Signature Performance, raising concerns about data security and patient privacy. With over 70,000 patients affected, Adventist Health emphasizes transparency and steps to mitigate risks while urging patients to remain vigilant. Questions arise about timing and correlation with previous breaches, prompting Adventist Health to ensure thorough investigation and proactive communication with affected individuals.
Popular Japanese video-sharing platform Niconico halts operations due to ongoing cyberattacks, sparking concern among millions of users. Despite rapid response efforts, the extent of the data breach remains under investigation, leaving users anxious for updates on the situation’s resolution. The cyberattack, affecting not only Niconico but also its parent company Kadokawa’s websites, prompts widespread support from users while raising questions about the attack’s origins and motives.
Asst Rhodense’s computer systems compromised, surgeries delayed in Garbagnate, Bollate, and Rho. Lombardy Region seeks aid from National Cybersecurity Agency for recovery. Uncertainty looms over ransom demand’s connection to previous cyber incidents.
π’ Cyber News
Responding to widespread criticism, Microsoft announces significant changes to its Recall feature, making it opt-in by default. Recall, previously slated for Copilot+ PCs, will undergo stringent security updates and a revamped setup process. Users gain greater control over their data, with encryption measures and biometric authentication ensuring
enhanced protection of sensitive information.
Apple’s new Password app, powered by iCloud Keychain, aims to simplify password management across devices. The app encourages strong, unique passwords to safeguard against data breaches, potentially impacting established password managers. LastPass emphasizes the importance of software independence in response to Apple’s announcement.
Mozilla has rolled out a new bug bounty program named 0Day Investigative Network (0Din), targeting security vulnerabilities in large language models (LLMs) and other deep learning technologies. This initiative, aimed at enhancing the security of the gen-AI ecosystem, invites researchers to report various security issues, including prompt injection and denial of service attacks. The program expands the scope beyond the application layer, focusing on emerging vulnerabilities in new generations of models.
In an effort to address growing concerns surrounding the proliferation of problematic content generated by artificial intelligence (AI) tools, Google has issued new guidance urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features responsibly. The search and advertising giant emphasizes the importance of safeguarding user safety and maintaining app integrity amidst the increasing adoption of AI technologies in app development.
According to Forescout’s latest findings, there has been a staggering 136% increase in vulnerabilities within Internet of Things (IoT) devices compared to the previous year. The study, drawing insights from an extensive dataset comprising nearly 19 million devices, underscores the growing security risks posed by IoT infrastructure.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
