π What’s trending in cybersecurity today?
Skeleton Key, AI Safeguards, SpyMax Malware, Telegram Users, Fake App, Snowblind Malware, Southeast Asia Banking Apps, HappyDoor Malware, North Korean, Email Users, WordPress, Security Update, XSS, Path Traversal Flaws, Evolve Bank, Data Breach, LockBit Group, AU10TIX, User Data Exposure, Rabbit AI, Security Breach, Meiller Kipper, Croatian University Hospital Centre Zagreb,, Russia, EU Media Outlets, Sanctions Dispute, CISA, Memory Safety, Open-Source Projects, European Commission, Microsoft, Antitrust Violations, Russian Hacker, Ukraine, WhatsApp, Honey Trap
Listen to the full podcast
π¨Β Cyber Alerts
Hackers are finding new ways to bypass ethical and safety measures in AI systems, exploiting them for malicious purposes. Microsoft researchers discovered the Skeleton Key technique, which can bypass responsible AI guardrails in various generative models. To combat this, Microsoft has deployed Prompt Shields and updated their LLM technology to prevent such attacks.
Researchers at K7 Labs have uncovered a new threat targeting Telegram users called SpyMax. This Remote Administration Tool (RAT) steals sensitive data from Android devices without requiring the device to be rooted. The malware masquerades as a legitimate Telegram app, luring users into granting necessary permissions, and then sends stolen data to a remote server.
Promon research reveals a new threat, Snowblind, disrupting Android banking apps by evading anti-tampering detection. This malware exploits accessibility services to steal credentials, hijack banking sessions, and disable security features like 2FA. Snowblind’s sophisticated use of system calls and seccomp bypasses app defenses, allowing it to operate undetected and exfiltrate sensitive user data.
Cybersecurity experts at ASEC have uncovered ongoing use of the sophisticated ‘HappyDoor’ malware by North Korean hackers, known as the Kimsuky group. This malware, active since 2021 and continuously updated, exploits email attachments to infiltrate systems, employing tactics like obfuscated JScript to evade detection.
WordPress has issued a crucial security update, version 6.5.5, addressing severe vulnerabilities that pose risks to website security. This release includes fixes for XSS vulnerabilities in HTML API and Template Part Block, along with a path traversal issue on Windows-hosted sites, which could lead to unauthorized data access.
π₯ Cyber Incidents
Arkansas-based Evolve Bank & Trust has acknowledged a data breach orchestrated by a known cybercriminal organization, believed to be affiliated with the LockBit ransomware group. The breach resulted in the unauthorized release of sensitive customer data, including PII such as names, Social Security Numbers, and account details, on the dark web. While Evolve assures that retail banking services like debit cards and digital banking remain unaffected, impacted customers will receive credit monitoring and may be issued new account numbers.
AU10TIX, a key identity verification partner for tech giants like TikTok and Uber, inadvertently left administrative credentials exposed online, potentially compromising user privacy. The exposed data included sensitive information such as names, IDs, and facial images used for identity verification. Despite claims that the system housing the data has been decommissioned and no evidence of exploitation found, the incident underscores the critical need for robust security measures in the face of increasing online identity verification requirements.
Rabbitude’s findings have uncovered a critical flaw in Rabbit’s R1 AI assistant, revealing hardcoded API keys that compromise user data security. This breach allows unauthorized access to sensitive information handled by Rabbit, posing serious privacy risks. Despite Rabbit’s ongoing investigation and reassurances, the incident underscores concerns about the device’s security protocols and the company’s response effectiveness.
Meiller Kipper, based in Munich, Bavaria, Germany, faces a serious cyberattack, prompting police involvement and the deployment of security and forensic experts for investigation. In response, the company has taken proactive steps by temporarily disabling all Internet-based communication channels, including landline telephony, to safeguard business partners until a thorough analysis can be conducted.
The University Hospital Centre Zagreb (KBC Zagreb) is grappling with a cyberattack that has led to the shutdown of its information system. As a precautionary measure, the hospital is gradually restoring online services pending security clearance, impacting patient processing speeds. While emergency services and medical labs continue to operate normally, the slowdown necessitates manual documentation of medical reports and potential patient redirections to other facilities.
π’ Cyber News
Russia’s decision to block 81 European media outlets, including Politico and Le Monde, in response to EU sanctions has sparked international condemnation. The Kremlin’s move, seen as retaliatory, targets outlets accused of spreading what Russia calls misleading information about its military actions in Ukraine. Despite criticism from EU officials and affected media, Russia indicated it might reconsider the bans if sanctions against Russian media are lifted.
CISA’s latest report highlights widespread vulnerabilities in critical open-source projects due to memory-unsafe code, impacting over half of analyzed projects. Despite challenges like performance requirements and resource constraints, CISA advocates for adopting memory-safe languages such as Rust, Java, and Go to mitigate risks associated with memory-related vulnerabilities. The agency emphasizes the importance of safe coding practices, rigorous dependency management, and comprehensive testing to safeguard software integrity against memory flaws.
The European Commission accuses Microsoft of antitrust violations for integrating Teams with its productivity software, potentially leading to hefty fines. This bundling practice is alleged to disadvantage competitors in the remote communication and collaboration tools market. Microsoft’s adjustments to offer suites without Teams have not appeased concerns over fair competition, prompting ongoing scrutiny and legal proceedings.
Amin Timovich Stigal, linked to Russian military intelligence, faces U.S. charges for orchestrating cyber attacks against Ukraine and its allies. These attacks, involving destructive malware, aimed to disrupt governmental and IT entities. The U.S. has issued a $10 million reward through Rewards for Justice for information leading to his capture or details on the cyber operations.
Police in Islington, London, have arrested a man suspected of sending unsolicited “honey trap” messages to politicians and journalists in Westminster. The arrest, made under suspicion of harassment and offenses under the Online Safety Act, follows an investigation into sexually suggestive WhatsApp messages reported since April. The messages, tailored with detailed knowledge of targets’ political activities, escalated to explicit conversations and requests for compromising photos, prompting concerns about cybersecurity and personal privacy among British officials.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.