π What’s going on in the cyber world today?
Microsoft Email Accounts, Fickle Stealer, Windows, SquidLoader Malware, Phishing Attacks, Atlassian, Confluence, Jira, Rogue Raticate, Malicious PDFs, Kraken Crypto Exchange, CDK Global, Crown Equipment, UK Health Club Chain, Deepfake Scandal, Network Security, Space Industry, Chris Pashley, ARPA Health, Japan, New Zealand, Intelligence Sharing Pact, PQShield.
Listen to the full podcast
π¨Β Cyber Alerts
The CVE-2024-0762 vulnerability in Phoenix SecureCore UEFI firmware affects various Intel Core processors, posing a serious security risk. Identified by Eclypsium, this flaw enables unauthorized code execution by exploiting a buffer overflow in TPM configuration. Phoenix Technologies has issued patches, but the widespread impact demands urgent attention from enterprises to secure affected devices.
Positive Technologies researchers found that ExCobalt’s new tool, GoRed, uses DNS and ICMP tunneling for C2 server communication, bypassing network security. ExCobalt, an offshoot of the notorious Cobalt group, employs this technique to evade detection and maintain persistence in compromised networks. This sophisticated method allows the transfer of sensitive data and unauthorized access, posing significant risks to affected organizations.
UNC3886 utilizes ‘Reptile’ and ‘Medusa’ rootkits on VMware ESXi VMs for stealthy operations, enabling credential theft and lateral movement. Mandiant’s report reveals UNC3886’s widespread attacks across multiple continents, targeting government, technology, and defense sectors. The threat actor also employs custom malware like ‘Mopsled’ and ‘Riflespine’ for sophisticated command and control, utilizing platforms such as GitHub and Google Drive.
ANSSI links Russian-linked threat actors like Nobelium to cyber attacks targeting French diplomatic entities. Using compromised email accounts and phishing tactics, these attacks aim to infiltrate and compromise sensitive diplomatic communications. Recent incidents, including phishing campaigns in Kyiv and Romania, highlight ongoing cybersecurity threats posed by these sophisticated state-sponsored actors.
Symantec reveals a prolonged espionage campaign targeting telecoms in an unnamed Asian nation. Using sophisticated tools like Coolclient, Quickheal, and Rainyday, associated with known Chinese threat groups, attackers aimed at gathering intelligence or potentially disrupting critical infrastructure. This operation underscores ongoing cybersecurity challenges and the persistent threat posed by state-sponsored espionage in the region.
π₯ Cyber Incidents
NHS England confronts the aftermath of a cyber attack by group Qilin, resulting in a data leak impacting Synnovis. Over 1,100 operations and numerous appointments across London hospitals have been disrupted. As investigations progress to assess the leaked data’s scope and content, NHS services are working tirelessly to manage patient care and restore normal operations amidst ongoing cybersecurity challenges.
Geopost reports unauthorized access to its Spanish subsidiary’s database, compromising essential customer details including names, addresses, emails, and in some cases, phone numbers. The incident prompted immediate notifications to national cybersecurity authorities and initiated a thorough investigation with cybersecurity experts. Measures were swiftly implemented to reinforce security and mitigate potential impacts, as the company addresses concerns over potential misuse of stolen data for spam or phishing activities.
YKGI, the parent company of a Taiwanese bubble tea chain, has reported a cyber-security incident involving its customer relationship management system to the Singapore Exchange. The breach exposed names, mobile numbers, email addresses, and encrypted login passwords of Chicha San Chen members. The unauthorized access occurred through a vulnerability on a shared server operated by an external vendor.
Amper, a Spanish engineering and technology firm serving defense, security, energy, and telecommunications sectors, fell victim to a cyberattack where hackers allegedly seized 650 gigabytes of project data, user information, and employee details including payroll and financial data. The cybersecurity firm HackManac disclosed the breach on social media, with confirmation from company sources to Europa Press.
Accenture has refuted claims of a significant data leak after analyzing information posted by the leaker 888 on BreachForums. Contrary to the threat actor’s assertions of compromising data from over 32,000 employees, Accenture identified only three employee names and email addresses in the dataset.
π’ Cyber News
The Biden administration has announced a ban on Kaspersky antivirus software, citing security risks tied to its Russian roots and alleged government ties. This decision mandates US companies and consumers to transition to alternative cybersecurity solutions by September 29, 2024. Despite Kaspersky denying any collusion with the Russian government, the ban extends to prohibiting software updates and usage within the US, emphasizing national security concerns over potential data exploitation. The move marks a significant escalation in efforts to safeguard sensitive information from foreign cyber threats, impacting millions of users reliant on Kaspersky’s services worldwide.
The United Nations Security Council is poised to discuss cybersecurity amid contentious debates, notably after Russia vetoed investigations into North Korea’s cyber activities funding its weapons programs. South Korea’s presidency emphasizes the urgency of addressing sophisticated cyber threats threatening global peace. This high-level debate, led by Foreign Minister Cho Tae-yul, aims to bolster international security amidst growing concerns over ransomware and cryptocurrency thefts aiding illicit arms development.
The Department of Homeland Security underscores the urgency of safeguarding critical infrastructure from multifaceted risks. Secretary Alejandro Mayorkas emphasizes the growing challenges posed by nation-state adversaries like China, alongside emerging threats from AI and quantum computing. New guidance calls for resilience measures and collaborative efforts across sectors to enhance readiness against cyber disruptions and ensure national security.
A Dutch appellate court has mandated that Oracle and Salesforce defend against a class-action lawsuit centered on their Data Management Platforms (DMPs), accused of using cookies to track personal information in violation of GDPR. The Privacy Collective (TPC) alleges the tech giants collect, enrich, and sell user data for targeted advertising through Real Time Bidding. Oracle and Salesforce argue they are not responsible for placing cookies, contending they merely facilitate data segmentation and do not profit from data sales directly. The lawsuit seeks substantial compensation for alleged GDPR breaches affecting millions of Dutch users.
Semperis has closed a substantial $125 million growth financing round led by JP Morgan and Hercules Capital, gearing up for a potential public market debut. The New Jersey-based enterprise identity protection specialist has also onboarded seasoned executives with cybersecurity IPO experience to its leadership team, including a new CFO, CRO, and CLO. Known for its Active Directory protection solutions, Semperis continues to fortify organizations against cyber threats with innovative products designed for prevention, detection, and recovery from attacks on Microsoft Active Directory installations.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
