π What’s trending in cybersecurity today?
Void Arachne, Winos Malware, QR Code, Phishing Platform, Microsoft 365, Free Software Lures, Hijack Loader, Vidar Stealer, Mailcow Vulnerabilities, Fake Virtual Meeting App, Vortax, Crypto Users, AMD, Maxicare, Security Breach, Kansas City Police Data, Hawaii, TheBus Network, Ransomware, Sandhar Technologies, Federal Trade Commission, TikTok, Privacy Concerns, International Monetary Fund, Green Tax, AI Impact, Microsoft, Encryption, German Cybersecurity Probe, US, Indonesia, Collaboration, Maritime Infrastructure, Social Engineering Attacks, Credentials
Listen to the full podcast
π¨Β Cyber Alerts
A hacking group called Void Arachne is targeting Chinese-speaking users with a malware campaign disguised as legitimate software installers. The malware steals user data, grants remote access to attackers, and avoids detection by targeting specific antivirus software. Users should be cautious when downloading software and only download from trusted sources.
A new and sophisticated phishing-as-a-service (PhaaS) platform, dubbed ONNX Store, has emerged, targeting Microsoft 365 accounts within financial institutions through a novel approach involving QR codes embedded in PDF attachments. This platform represents a notable evolution in phishing tactics, leveraging the guise of legitimate communication channels to infiltrate corporate networks and compromise sensitive data. ONNX Store’s operational framework bears striking resemblance to the previously identified Caffeine phishing kit, attributed to the Arabic-speaking threat actor MRxC0DER, indicating a potentially orchestrated campaign with wide-ranging implications.
Cybercriminals distribute malware disguised as popular software, luring users into downloading Trojanized applications. The hidden malware loader launches Vidar Stealer, stealing browser passwords and deploying additional malicious payloads. Caution when downloading software and avoiding suspicious emails is crucial to thwart such attacks.
Two vulnerabilities in Mailcow’s open-source mail server suite, CVE-2024-30270 and CVE-2024-31204, could allow malicious actors to execute arbitrary code. The flaws, affecting versions before 2024-04, were disclosed by SonarSource and involve path traversal and cross-site scripting. Exploiting these vulnerabilities could enable attackers to hijack admin sessions and execute commands on the server.
Insikt Group observed a malicious campaign using Vortax, a fake virtual meeting app, to target cryptocurrency users. Vortax, posing as a legitimate software, delivers three infostealers, including the rare macOS-targeting AMOS, to steal sensitive information. The campaign, likely run by the threat actor “markopolo,” represents a significant threat to both Windows and macOS users.
π₯ Cyber Incidents
AMD is investigating a potential data breach after the hacker group IntelBroker claimed to have stolen company databases. The stolen data allegedly includes information on future AMD products, spec sheets, and databases covering employee and customer information. To substantiate their claims, IntelBroker posted screenshots showing corporate email addresses and internal phone numbers of AMD employees. However, the employee information appears outdated, and no customer data has been posted yet. IntelBroker is seeking to sell the stolen data for cryptocurrency and has a history of selling data from other high-profile breaches.
Maxicare has reported a security breach involving unauthorized access to personal information. The incident affects about 13,000 members, less than 1% of Maxicareβs total membership, and pertains to booking requests through Lab@Home, a third-party provider. Maxicare assures no sensitive medical data was exposed and that their main systems remain unaffected.
The BlackSuit ransomware group has leaked sensitive data stolen from the Kansas City, Kansas Police Department (KCKPD) after failed ransom negotiations. The leaked information includes case reports, a fingerprint database, and employee data. BlackSuit, previously known as Royal and Conti, has targeted 58 organizations in 2024, showcasing their aggressive tactics to coerce victims into paying ransoms.
Hawaii’s Oahu Transit Services (OTS), which runs TheBus and TheHandi-Van in Honolulu, is experiencing a network outage due to a ransomware attack by the DragonForce group from Malaysia. The attack has taken down OTS’s websites and real-time transit apps, causing potential delays in service. This incident follows a previous ransomware attack on OTS in December 2021 and highlights ongoing cybersecurity threats to critical infrastructure.
Sandhar Technologies experienced a slight drop in its stock value following reports of a cyber-incident affecting some of its systems. The company swiftly responded to the situation, deploying cybersecurity experts and implementing necessary protocols to mitigate any potential impact. Despite the incident, Sandhar Technologies assured stakeholders that no confidential data breach occurred and that its operations remain unaffected.
π’ Cyber News
The US Federal Trade Commission referred a complaint against TikTok to the DOJ, alleging potential violations of data privacy laws. The investigation stems from a review following a 2019 settlement with Musical.ly over illegal data collection from children. While the details of the complaint are not yet public, concerns revolve around privacy practices and potential deception regarding data access.
The International Monetary Fund (IMF) recommends governments impose a green tax on AI-related carbon emissions and excess profits to address environmental and economic impacts. Generative AI’s rapid development and high energy consumption are projected to significantly increase carbon emissions from data centers. The IMF suggests alternative taxation on capital income and excess profits to mitigate job losses and wealth inequality caused by AI automation.
Microsoft has published a white paper detailing its double key encryption methods for securing customer data, following pressure from Germany’s Federal Office for Information Security (BSI). The disclosure comes after BSI invoked a legal clause demanding comprehensive information on Microsoft’s encryption practices. This move is part of BSI’s ongoing investigation into security measures following a 2023 hack attributed to a Chinese threat actor, raising concerns about Microsoft’s security protocols.
The United States and Indonesia conducted their first port-focused cybersecurity exercise in Surabaya, aiming to enhance maritime cyber resilience against potential attacks. The event included simulations of major cyber incidents and ransomware attacks, with participation from various government and private sector representatives. This exercise is part of ongoing efforts to strengthen security cooperation between the two nations, particularly in safeguarding critical maritime infrastructure.
In 2023, 92% of organizations experienced an average of six credential compromises due to email-based social engineering attacks, according to a Barracuda report. The majority of these attacks were scamming and phishing, but there was also a significant increase in conversation hijacking and business email compromise. The report highlights the evolving tactics of attackers, including the use of legitimate services and QR codes to bypass traditional security measures.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.