π What’s the latest in the cyber world today?
F5 Load Balancers, Sygnia, Social Engineering, PowerShell, ERP Servers, VPN Deployment, AhnLab Security Intelligence Center, ScriptBlock Smuggling Attack, BC Security, VMware, Broadcom, Phishing Attack, Los Angeles County Health Department, Amtrak, Massachusetts Office of Consumer Affairs and Business Regulation, Rekah Pharmaceuticals, CTech, Germany, Agatharied Hospital, Merkur.de, Iluka Resources, Mining Weekly, CISA, AI Cybersecurity Response Exercise, Social Media Warning Labels, The Wall Street Journal, Election Security, Empire Market Sales, United States Attorney for the Northern District of Illinois, US Federal Trade Commission, Adobe.
Listen to the full podcast
π¨Β Cyber Alerts
Sygnia cybersecurity researchers discovered that Chinese threat actors, known as the Velvet Ant group, have been actively exploiting vulnerabilities in F5 load balancers for over two years. Despite initial mitigation efforts, the attackers utilized advanced techniques like DLL hijacking and PlugX malware to maintain persistence on legacy Windows systems. Sygnia’s findings highlight the challenge of defending against persistent threats, emphasizing the need for enhanced security measures and vigilance across network infrastructure.
Hackers increasingly rely on social engineering to exploit security vulnerabilities, focusing on psychological manipulation rather than technical flaws. Tactics like phishing and pretexting deceive users into divulging sensitive information or executing harmful actions. Recent research by Proofpoint highlights new methods where hackers use deceptive browser popups to trick users into running malicious PowerShell scripts, leading to the installation of malware like DarkGate and Vidar Stealer.
ERP servers hold critical data, making them lucrative targets for hackers to access sensitive information, commit fraud, and disrupt business operations. Recently, AhnLab Security Intelligence Center (ASEC) uncovered an attack where a hacker compromised a Korean companyβs ERP server, setting up a SoftEther VPN server for remote access. The attacker exploited weak MS-SQL server credentials to gain control, installed a web shell, and deployed SoftEther VPN to establish a VPN server, potentially for further malicious activities.
Researchers have identified a significant security vulnerability in PowerShell v5, diminishing its utility among threat actors and red teamers. Despite the introduction of PowerShell security logging, PowerShell v5 has seen reduced usage due to this enhanced logging capability, providing blue teams with more tools to combat PowerShell-based threats. However, several techniques emerged to bypass this logging, such as AMSI and ScriptBlock logging bypasses, which involve disabling logging entirely rather than spoofing logs.
VMware has issued a critical security advisory, VMSA-2024-0012, addressing multiple vulnerabilities in VMware vCenter Server. These vulnerabilities, including heap overflow and local privilege escalation issues, could allow attackers to execute remote code or gain root access. Patches have been released, and users are strongly advised to apply them immediately to mitigate the risks.
π₯ Cyber Incidents
Over 200,000 individuals have been impacted by a significant data breach at the Los Angeles County Department of Public Health (DPH). This breach, which occurred between February 19 and 20, 2024, was initiated through a phishing attack where an external threat actor obtained login credentials from 53 DPH employees. The compromised email accounts contained a wealth of sensitive personal, medical, and financial information, including names, birth dates, medical record numbers, Social Security numbers, and health insurance details.
Amtrak recently disclosed a data breach involving its Guest Rewards program, affecting some customer accounts. Unauthorized access was detected between May 15 and May 18, 2024, likely due to credentials obtained from third-party sources. Impacted customers are advised to change their login details and enable multifactor authentication for added security.
Rekah, an Israeli pharmaceutical company, has temporarily shut down its distribution system in response to a cyber attack. CEO Mordechai Algrably confirmed the incident and stated that efforts are underway to restore the system while exploring manual alternatives. The attack, affecting subsidiary Ophir & Shalpharm Medicines and Cosmetics, prompted Rekah to engage external cybersecurity experts to mitigate the intrusion and minimize potential damages.
In a shocking announcement at a local political gathering, Landrat Olaf von LΓΆwis disclosed that Agatharied Hospital had fallen victim to a significant cyberattack, prompting the immediate establishment of a crisis team. The attack has severely disrupted hospital operations, affecting patient care and data accessibility, highlighting vulnerabilities despite prior security measures. Further details on the extent and origin of the breach are pending investigation.
Iluka Resources, a rare earths miner in Australia, recently thwarted a denial-of-service attack aimed at disrupting its external website. The company assured stakeholders that its internal systems remained secure, preventing any data loss or privacy breaches. This incident follows similar cyber threats faced by other players in the Australian rare earths sector, highlighting ongoing cybersecurity challenges in the industry.
π’ Cyber News
CISA spearheads its inaugural AI security tabletop exercise at Microsoft’s Reston facility, bringing together experts from government and private sectors to tackle AI-driven cyber threats. The exercise is a pivotal component of JCDC’s mission to foster collaboration and information sharing in response to evolving cybersecurity challenges. Industry leaders underscore the importance of proactive measures and public-private partnerships in securing AI technologies and safeguarding critical infrastructure.
US Surgeon General Vivek Murthy has urged for warning labels on social media apps, highlighting their potential harm to adolescents. In a New York Times article, Murthy emphasized that while these labels won’t solve the issue alone, they can raise awareness and influence behavior. He reiterated the urgent need for Congress to act to protect the mental health of young people, citing studies linking social media use to increased risks of depression among teenagers.
CISA and EAC provide election officials with a comprehensive guide for enhancing election security through public communications. Open communication with the public is essential for maintaining trust in the integrity of the elections process. The guide offers practical tools and resources to help officials develop effective communication plans tailored to their jurisdictions.
Thomas Pavey and Raheim Hamilton, accused of operating Empire Market from 2018 to 2020, face life imprisonment for facilitating over $430 million in illicit transactions. Charged with various offenses including drug trafficking and money laundering, they await trial in Chicago federal court. The case highlights persistent challenges in law enforcement’s efforts to combat dark web activities despite previous shutdowns of similar platforms.
The FTC sued Adobe for allegedly deceiving customers with hidden early termination fees for their “annual paid monthly” subscription plans. The cancellation process was also complex, involving navigating multiple pages and dealing with unresponsive customer service. Adobe claims their subscription terms are transparent and the cancellation process is simple, but will fight the accusations in court.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
