π What’s happening in cybersecurity today?
Dropbox Used to Steal Credentials and Bypass MFA, Novel Phishing Campaign, WordPress Popup Builder Vulnerability, GovQA Vulnerabilities, Risk to Public Records, Magnet Goblin Group, 1-Day Exploits, Nerbian RAT Deployment, QNAP, Alert, Critical Authentication Bypass Flaw, NAS Devices, CISA, Ivanti Compromise, Microsoft, Russian Hackers Source Code Theft, Greensboro College, Data Breach, Belgium’s Coffee Producer Beyers, Jersey Financial Services Commission, White House,Tax Incentives for Cybersecurity, UK Government, Cyber Insurance Overhaul Amid Rising Ransomware Threat, Google, Cyberdefense Hub in Tokyo, UniCredit, UK’s Lancashire Boosts Cybersecurity.
Listen to the full podcast
π¨Β Cyber Alerts
Darktrace’s research reveals a phishing campaign exploiting Dropbox infrastructure, circumventing multifactor authentication (MFA) protocols. The attack underscores the trend of leveraging trusted services for malware dissemination, evading standard security measures.
Hackers exploit a flaw in outdated versions of the Popup Builder plugin, infecting thousands of WordPress sites with malicious code tracked as CVE-2023-6000, a cross-site scripting vulnerability. Despite earlier warnings and campaigns, Sucuri now observes a surge in attacks over the past three weeks, targeting the same vulnerability, affecting over 3,300 websites.
GovQA, a widely used tool for managing public records requests, was found to have vulnerabilities that could have allowed hackers to access sensitive personal data, including IDs and medical reports. Discovered by cybersecurity researcher Jason Parker, the flaws have since been patched by Granicus, the platform’s developer, to prevent unauthorized access and data breaches.
Magnet Goblin, a financially motivated threat actor, rapidly exploits one-day vulnerabilities to breach edge devices and public-facing services, deploying Nerbian RAT and MiniNerbian malware. Their agility in leveraging new vulnerabilities poses a significant threat, targeting servers like Ivanti Connect Secure VPN, Magento, Qlik Sense, and Apache ActiveMQ.
QNAP warns of vulnerabilities in its NAS software products, posing risks of unauthorized access. While some flaws require authentication, one can be exploited remotely. Users urged to update to patched versions to mitigate risks and safeguard valuable data from potential breaches.
π₯ Cyber Incidents
The US Cybersecurity and Infrastructure Security Agency faced a recent hack, forcing two critical computer systems offline, including one for sharing security tools. Despite assurances of no operational impact, the incident underscores the vulnerability of even top cybersecurity agencies, emphasizing the importance of robust incident response plans.
Β Microsoft discloses that the Russian-backed group Midnight Blizzard accessed its source code repositories and internal systems, leveraging information from corporate email systems. While no evidence suggests compromise of customer-facing systems, Microsoft is investigating the breach’s extent and has increased security measures.
Greensboro College responds to a data breach, occurring between Aug. 10 and Aug. 21, 2023, where unauthorized access to specific systems compromised sensitive information such as social security numbers and bank details. The college is actively notifying potentially affected individuals, enhancing network security measures, and cooperating with law enforcement, urging students to monitor their bank statements for any signs of fraudulent activity.
Belgium’s coffee producer Beyers, located in Breendonk, faced a cyber attack last week, joining Duvel-Moortgat in the recent wave of hacking incidents. With investigations ongoing and police exploring potential links between the attacks, the extent of the impact and the perpetrators remain uncertain. The Rivierenland police zone is actively working to uncover any connections and determine the implications for both companies affected.
Jersey’s Financial Services Commission experienced a data breach, exposing non-public names and addresses. The breach, caused by a system vulnerability, prompted immediate investigations and apologies from the organization. Deputy Ian Gorst acknowledged the incident and assured thorough investigations for enhanced security measures.
π’ Cyber News
A White House advisory board recommends tax incentives to drive cybersecurity among critical infrastructure owners. The proposal aims to close the gap between current market forces and national security goals, urging organizations to adopt best practices and standards. Financial incentives could bolster proactive cybersecurity investments and mitigate persistent cyber threats across critical sectors.
The Conservative government under PM Rishi Sunak dismisses calls for a cyber insurance reinsurance plan, citing concerns over potential market damage. This stance drew criticism for its perceived failure to address the rising ransomware threat, with accusations of inadequate preparation from opposition MPs. Despite calls for reforms, the government remains cautious about intervening in insurance markets, opting instead for further investigation into cyber incident reporting and available resources.
Β Google launches its inaugural Asia-Pacific cyberdefense center in Tokyo, aiming to bolster regional cyber defenses against rising threats. The hub, situated in Google’s Roppongi office, will facilitate collaborative research with engineers from various countries, including Japan, India, and South Korea. Led by experienced cyber defense experts, the initiative seeks to enhance cybersecurity efforts across the region, addressing growing concerns over unauthorized network access by hostile actors.
Β UniCredit, Italyβs second-largest bank, faces a β¬2.8 million fine for a 2018 data breach affecting over 750,000 customers. This penalty serves as a reminder for banks to bolster cybersecurity measures to safeguard customer data. Despite UniCredit’s claim of immediate resolution, it intends to appeal the decision.
Lancashire’s police and crime commissioner, Andrew Snowden, allocates Β£150,000 seized from criminals to initiate a county-wide cyber security initiative, aiming to safeguard businesses against fraud and cyber crime. Through the Lancashire Cyber Support Programme, up to 250 small and medium-sized businesses will receive essential training and support to mitigate cyber threats and respond effectively to potential attacks, enhancing their resilience in the digital landscape. Supported by the North West Cyber Resilience Centre, the programme underscores the commitment to combating cybercrime and protecting businesses from financial loss.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
