June 27 2024 – Cyber Briefing

👉 What’s trending in cybersecurity today?

Skeleton Key, AI Safeguards, SpyMax Malware, Telegram Users, Fake App, Snowblind Malware, Southeast Asia Banking Apps, HappyDoor Malware, North Korean, Email Users, WordPress, Security Update, XSS, Path Traversal Flaws, Evolve Bank, Data Breach, LockBit Group, AU10TIX, User Data Exposure, Rabbit AI, Security Breach, Meiller Kipper, Croatian University Hospital Centre Zagreb,, Russia, EU Media Outlets, Sanctions Dispute, CISA, Memory Safety, Open-Source Projects, European Commission, Microsoft, Antitrust Violations, Russian Hacker, Ukraine, WhatsApp, Honey Trap

Listen to the full podcast

🚨 Cyber Alerts

1. Hackers Exploit AI with Skeleton Key

Hackers are finding new ways to bypass ethical and safety measures in AI systems, exploiting them for malicious purposes. Microsoft researchers discovered the Skeleton Key technique, which can bypass responsible AI guardrails in various generative models. To combat this, Microsoft has deployed Prompt Shields and updated their LLM technology to prevent such attacks.

2. SpyMax Malware Targets Telegram Users

Researchers at K7 Labs have uncovered a new threat targeting Telegram users called SpyMax. This Remote Administration Tool (RAT) steals sensitive data from Android devices without requiring the device to be rooted. The malware masquerades as a legitimate Telegram app, luring users into granting necessary permissions, and then sends stolen data to a remote server.

3. Snowblind Malware Hits Banking Apps

Promon research reveals a new threat, Snowblind, disrupting Android banking apps by evading anti-tampering detection. This malware exploits accessibility services to steal credentials, hijack banking sessions, and disable security features like 2FA. Snowblind’s sophisticated use of system calls and seccomp bypasses app defenses, allowing it to operate undetected and exfiltrate sensitive user data.

4. North Korean Hackers Deploy HappyDoor

Cybersecurity experts at ASEC have uncovered ongoing use of the sophisticated ‘HappyDoor’ malware by North Korean hackers, known as the Kimsuky group. This malware, active since 2021 and continuously updated, exploits email attachments to infiltrate systems, employing tactics like obfuscated JScript to evade detection.

5. WordPress Released Urgent Update 6.5.5

WordPress has issued a crucial security update, version 6.5.5, addressing severe vulnerabilities that pose risks to website security. This release includes fixes for XSS vulnerabilities in HTML API and Template Part Block, along with a path traversal issue on Windows-hosted sites, which could lead to unauthorized data access.

💥 Cyber Incidents

6. Evolve Bank Confirms LockBit Data Breach

Arkansas-based Evolve Bank & Trust has acknowledged a data breach orchestrated by a known cybercriminal organization, believed to be affiliated with the LockBit ransomware group. The breach resulted in the unauthorized release of sensitive customer data, including PII such as names, Social Security Numbers, and account details, on the dark web. While Evolve assures that retail banking services like debit cards and digital banking remain unaffected, impacted customers will receive credit monitoring and may be issued new account numbers.

7. AU10TIX Exposes User Data in Security Breach

AU10TIX, a key identity verification partner for tech giants like TikTok and Uber, inadvertently left administrative credentials exposed online, potentially compromising user privacy. The exposed data included sensitive information such as names, IDs, and facial images used for identity verification. Despite claims that the system housing the data has been decommissioned and no evidence of exploitation found, the incident underscores the critical need for robust security measures in the face of increasing online identity verification requirements.

8. Rabbit AI Security Breach Exposes User Data

Rabbitude’s findings have uncovered a critical flaw in Rabbit’s R1 AI assistant, revealing hardcoded API keys that compromise user data security. This breach allows unauthorized access to sensitive information handled by Rabbit, posing serious privacy risks. Despite Rabbit’s ongoing investigation and reassurances, the incident underscores concerns about the device’s security protocols and the company’s response effectiveness.

9. Cyberattack Hits German Vehicle Manufacturer

Meiller Kipper, based in Munich, Bavaria, Germany, faces a serious cyberattack, prompting police involvement and the deployment of security and forensic experts for investigation. In response, the company has taken proactive steps by temporarily disabling all Internet-based communication channels, including landline telephony, to safeguard business partners until a thorough analysis can be conducted.

10. Croatian Hospital Faces Cyberattack

The University Hospital Centre Zagreb (KBC Zagreb) is grappling with a cyberattack that has led to the shutdown of its information system. As a precautionary measure, the hospital is gradually restoring online services pending security clearance, impacting patient processing speeds. While emergency services and medical labs continue to operate normally, the slowdown necessitates manual documentation of medical reports and potential patient redirections to other facilities.

📢 Cyber News

11. Russia Bans 81 EU Media Outlets

Russia’s decision to block 81 European media outlets, including Politico and Le Monde, in response to EU sanctions has sparked international condemnation. The Kremlin’s move, seen as retaliatory, targets outlets accused of spreading what Russia calls misleading information about its military actions in Ukraine. Despite criticism from EU officials and affected media, Russia indicated it might reconsider the bans if sanctions against Russian media are lifted.

12. CISA Urges Shift to Memory-Safe Languages

CISA’s latest report highlights widespread vulnerabilities in critical open-source projects due to memory-unsafe code, impacting over half of analyzed projects. Despite challenges like performance requirements and resource constraints, CISA advocates for adopting memory-safe languages such as Rust, Java, and Go to mitigate risks associated with memory-related vulnerabilities. The agency emphasizes the importance of safe coding practices, rigorous dependency management, and comprehensive testing to safeguard software integrity against memory flaws.

13. Microsoft Faces EU Antitrust Charges

The European Commission accuses Microsoft of antitrust violations for integrating Teams with its productivity software, potentially leading to hefty fines. This bundling practice is alleged to disadvantage competitors in the remote communication and collaboration tools market. Microsoft’s adjustments to offer suites without Teams have not appeased concerns over fair competition, prompting ongoing scrutiny and legal proceedings.

14. Russian Hacker Indicted in Cyber Attacks

Amin Timovich Stigal, linked to Russian military intelligence, faces U.S. charges for orchestrating cyber attacks against Ukraine and its allies. These attacks, involving destructive malware, aimed to disrupt governmental and IT entities. The U.S. has issued a $10 million reward through Rewards for Justice for information leading to his capture or details on the cyber operations.

15. London Man in WhatsApp Honey Trap

Police in Islington, London, have arrested a man suspected of sending unsolicited “honey trap” messages to politicians and journalists in Westminster. The arrest, made under suspicion of harassment and offenses under the Online Safety Act, follows an investigation into sexually suggestive WhatsApp messages reported since April. The messages, tailored with detailed knowledge of targets’ political activities, escalated to explicit conversations and requests for compromising photos, prompting concerns about cybersecurity and personal privacy among British officials.

Copyright © 2024 CyberMaterial. All Rights Reserved.