π What’s happening in cybersecurity today?Wi-Fi Vulnerability, Windows, DISGOMOJI Malware, Indian Government, TIKTAG Attack, ARM MTE, ASUS Routers, D-Link Router, Keytronic Data Breach, Victoria Racing Club, Australia, Polish TVP Sport, Euro 2024 Broadcast, MARINA Cyberattack, Philippines, Russian Disinformation Campaign, Moldovan Election, Ethical AI Use, Pope Francis, G7,Β Deepfake, Google’s Privacy Sandbox, London Hospitals, Scattered Spider, Spain
Listen to the full podcast
π¨Β Cyber Alerts
Microsoft has disclosed a critical Wi-Fi vulnerability in Windows, rated 8.8 out of 10 in severity, known as CVE-2024-30078. This flaw allows an unauthenticated attacker to execute remote code without user interaction, affecting all supported Windows versions and requiring only physical proximity. Security experts emphasize the urgent need to apply patches, especially in environments with dense device connectivity, to mitigate the significant risk posed by this vulnerability.
Cybersecurity firm Volexity has discovered a new Linux malware called DISGOMOJI, which uses emojis for command execution. Linked to a Pakistan-based threat actor, the malware targets government agencies in India by deploying phishing emails with UPX-packed ELF executables. DISGOMOJI stands out for using Discord and emojis as a command and control platform, potentially evading detection by traditional security software.
A recent research paper introduces the TIKTAG attack, leveraging ARM’s Memory Tagging Extension (MTE) to potentially leak memory tags with high success rates. Developed by a Korean team, this technique targets Google Chrome and Linux kernel, demonstrating vulnerabilities in speculative execution that undermine MTE’s security provisions.
A critical vulnerability affecting multiple ASUS router models has been identified, allowing remote attackers to execute arbitrary system commands without authentication. The flaw, assigned CVE-2024-3912 with a CVSS score of 9.8, poses significant security risks due to an arbitrary firmware upload vulnerability. ASUS has released firmware updates for affected models to mitigate this high-severity issue.
A critical vulnerability, CVE-2024-6045, has been identified in several D-Link wireless router models, allowing unauthenticated attackers to gain administrative access. The high-severity vulnerability, with a CVSS score of 8.8, stems from an undisclosed factory testing backdoor. D-Link has released firmware updates to mitigate the risk, urging users to promptly update their devices to protect against potential exploitation.
π₯ Cyber Incidents
Keytronic faced a significant data breach, disrupting its operations and leaking 530GB of data. The cyberattack, attributed to Black Basta, led to a two-week shutdown of Keytronic’s domestic and Mexico operations. The breach has financially impacted the company, with substantial expenses incurred for cybersecurity measures.
Globe Life, a Texas-based insurance holding company, recently disclosed a cybersecurity incident that may have compromised consumer and policyholder information. The breach was discovered during a security review prompted by a state insurance regulator’s inquiry. While the company has revoked access to the affected portal, the full impact of the breach is still under investigation.
Victoria Racing Club experiences a cyberattack, raising concerns for tens of thousands of members. CEO Steve Rosich assures normal operations but urges cyber vigilance among stakeholders. Investigation underway with support from the Australian Cyber Security Centre.
Polish sports channel TVP Sport suffered a DDoS attack during Sunday’s Euro 2024 match between Poland and the Netherlands, blocking access to their website from IP addresses in Poland, as confirmed by TVP Sport director Jakub Kwiatkowski. Viewers missed the first half but regained access by the second, witnessing the Netherlands secure a 2-1 victory over Poland in the tournament opener.
MARINA, the Philippines’ maritime authority, suffered a significant cyberattack on June 16, 2024, compromising four critical web systems. The breach, attributed to hacker “ph1ns,” exposed sensitive data of ship owners and seafarers, highlighting vulnerabilities in government cybersecurity. Efforts are underway to restore system integrity by June 18, emphasizing the urgent need for enhanced digital defenses in public sectors.
π’ Cyber News
US, UK, and Canada accuse Kremlin of meddling in Moldova’s election and EU referendum, alleging support for preferred candidates and agitation against incumbent President Maia Sandu. The joint statement underscores solidarity in defending democratic values against Russian aggression, highlighting disinformation, covert activities, and support for pro-Russia candidates. Allies express full confidence in Moldova’s ability to manage threats linked to Kremlin interference, urging Moscow to respect Moldova’s sovereignty and the outcomes of free, fair elections.
Pope Francis made history by participating in the G7 summit, addressing the ethical implications of artificial intelligence. He emphasized the importance of AI serving humanity and warned against relinquishing human decision-making to machines. Francis advocated for responsible AI development, citing concerns about autonomy, transparency, and the potential misuse of technology in weapons systems.
Google’s Privacy Sandbox, meant to replace third-party tracking cookies, is accused of still enabling user tracking by a privacy group. Noyb claims users are tricked into enabling first-party ad tracking while believing they’re opting for privacy. The group argues this violates data protection laws despite being less invasive than current methods.
London hospitals, including Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospital NHS Foundation Trust, faced significant disruptions due to a ransomware attack by Qilin on Synnovis, formerly Viapath. Over 800 operations and 700 appointments were postponed, with ongoing service impacts expected for months as Synnovis works on IT system recovery.
A 22-year-old UK man linked to the notorious Scattered Spider cybercrime group was arrested in Palma de Mallorca while attempting to flee to Italy. Known as “Tyler,” he operated as a SIM swapper, involved in high-profile ransomware attacks per vx-underground. Scattered Spider, alias 0ktapus and UNC3944, is notorious for sophisticated social engineering, targeting SaaS applications with encryptionless extortion and fear-mongering tactics. The FBI and Spanish Police collaborated on the arrest, reflecting ongoing efforts to combat global cyber threats.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
