π What are the latest cybersecurity alerts, incidents, and news?
Arid Viper, Espionage, Campaign, GravityRAT, HeavyLift, India, North Korean Hackers, Phishing, Brazilian Fintech, Sleepy Pickle, Machine Learning Models, Veeam Vulnerability, Panera Bread, Ransomware Attack, Holograph Platform, Token Minting Breach, Switzerland, DDoS Attacks, OracleCMS Data Breach, Baw Baw Shire, Grand Traverse County, 2023, Microsoft Recall, US Treasury, Artificial Intelligence, Financial Sector, North America, Record High, Cyber Insurance Claims.
Listen to the full podcast
π¨Β Cyber Alerts
Arid Viper is leveraging trojanized Android apps to distribute the AridSpy malware. These apps mimic legitimate services like messaging and civil registry applications. The campaign primarily targets users in Palestine and Egypt.
Operation Celestial Force, linked to Pakistan, has been using the GravityRAT malware since 2018. This campaign targets Indian entities with evolving malware, compromising both Windows and Android systems. Researchers from Cisco Talos highlight the operation’s success and sophistication, noting its ongoing activity and expanded toolset. The malware, now multi-platform, continues to pose a significant threat in the Indian subcontinent.
North Korean actors lead phishing activity in Brazil, focusing on government and financial sectors. UNC4899 employs social engineering to distribute trojanized Python apps targeting cryptocurrency professionals. Job-themed campaigns are recurring tactics among North Korean groups, posing persistent threats to global cybersecurity.
The security risks of the Pickle format are highlighted by the discovery of Sleepy Pickle, a novel technique targeting machine learning models directly. This attack, identified by security researcher Boyan Milanov, manipulates serialized ML models, posing a significant supply chain risk. Sleepy Pickle inserts payloads into pickle files, enabling malicious actors to alter model behavior and potentially generate harmful outputs or misinformation.
A proof-of-concept (PoC) exploit has emerged for a severe Veeam Recovery Orchestrator vulnerability, identified as CVE-2024-29855, which poses a significant risk of exploitation. Security researcher Sina Kheirkhah has developed and released the exploit, shedding light on the flaw’s severity and potential consequences. In a detailed post on his website, Kheirkhah demonstrates that the vulnerability is more straightforward to exploit than initially suggested by the vendor.
π₯ Cyber Incidents
Panera Bread, a prominent U.S. food chain giant, faces a significant data breach, prompting notifications to employees across its 2,160 cafes. In a ransomware attack in March, threat actors stole sensitive personal information, including Social Security numbers, leading to widespread concern and precautionary measures. Despite the breach, Panera pledges support, offering affected individuals one-year membership to identity protection services while investigations continue into the incident’s scope and impact on operations.
A security breach at Holograph led to the unauthorized minting of 1 billion HLG tokens. This exploit caused an 80% drop in HLG’s market value within nine hours, exposing vulnerabilities in the platform’s smart contracts. Holograph swiftly responded by patching the vulnerability, collaborating with exchanges to lock malicious accounts, and initiating compensation programs for affected users.
Switzerland’s Federal Office for Cybersecurity reported overload attacks on federal websites linked to the Ukraine conference. Despite causing minor outages, there’s no immediate danger, with operations maintaining within specified tolerance levels. DDoS attacks, though disruptive, pose no threat to data security, though they aim to spread political messages.
A significant data breach originating from OracleCMS, a third-party call center, has compromised the private information of more than 1,200 residents of Baw Baw Shire in Australia. These individuals had contacted customer service after-hours over nearly two years, from June 2014 to January 2016. The breach, while not directly infiltrating Baw Baw’s systems, exposed sensitive customer contact details and call notes, raising concerns about the security practices of third-party vendors.
In Grand Traverse County, Michigan, investigations continue into Wednesday’s ransomware attack, supported by the FBI and Michigan State Police. The county detected “network irregularities” early Wednesday morning, prompting officials to take county and Traverse City offices offline as a precaution. Emergency services remain operational, but the lack of technology complicates documentation and response procedures for law enforcement and first responders.
π’ Cyber News
A new report from the US Office of Management and Budget (OMB) uncovers critical vulnerabilities in federal systems, attributing 11 major incidents to poor patch management and inadequate authentication controls. Over the fiscal year ending September 30, 2023, federal agencies reported over 32,000 information security incidents, a nearly 10% increase from the previous year.
Microsoft postpones the release of its AI-powered Windows Recall feature, opting to test and secure it further before its public preview on Copilot+ PCs. Originally scheduled for June 18, the rollout now begins with Windows Insiders for feedback. This decision follows concerns raised by privacy advocates and cybersecurity experts about potential data vulnerabilities and misuse of the feature.
The Department of the Treasury has issued a request for information to understand the growing role of artificial intelligence in the financial services sector, aiming to balance innovation with consumer protection. Under Secretary for Domestic Finance Nellie Liang emphasizes the administration’s commitment to fostering innovation while mitigating risks posed by new technologies. With AI becoming increasingly integral to financial institutions’ operations, Treasury seeks insights into challenges faced by smaller banks and encourages strategic partnerships to bridge technology gaps.
Marsh, a leading insurance broker, has revealed that cyber insurance claims in North America surged to unprecedented levels in 2023, marking a concerning trend amid escalating cyber threats. With over 1800 reported cyber claim incidents from clients in the US and Canada, the year witnessed a stark increase in cyber-related challenges. This surge is attributed to various factors, including the heightened sophistication of cyber-attacks, the fallout from significant incidents like the MOVEit file transfer supply chain breach, and the escalating number of privacy-related claims.
A Singaporean court sentenced Kandula Nagaraju to two years and six months imprisonment for hacking into his ex-employer’s system and deleting crucial data. Nagaraju’s cyberattacks, triggered by his termination, unfolded over several months and resulted in significant financial losses for National Computer Systems (NCS). This case underscores the persistent threat posed by disgruntled employees to a company’s cybersecurity infrastructure and highlights the importance of robust access control measures and exit strategies for terminated staff.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.