π What’s trending in cybersecurity today?
Phishing, Java RATs, AWS, GitHub, Libra Hackers, Pentesting Tools, Admin Access, Malicious, PyPI Packages, Crypto Wallets, BIPClip Campaign, Microsoft, Patch, RCE Bugs, CISA Alert, Schneider Electric, ICS Advisory, Eastern Radiologists, Data Breach, Acer Philippines, Employee Data, Hacking Forum, DDoS, FΓΌrth, Germany, Irish Health Service Executive, IT Glitch, Vaccination Data, Airbnb, Security Cameras, Privacy, US, United Nations, AI Resolution, ODNI, Election Security Leader, Presidential Race, Tor Project, WebTunnel, CISA, SCuBA, Hybrid Identity Solutions Guide.
Listen to the full podcast
π¨Β Cyber Alerts
A new phishing campaign deploys VCURMS and STRRAT RATs via a Java-based downloader. Attackers utilize public services like AWS and GitHub to store malware, employing a Proton Mail address for C2 communication. VCURMS RAT steals data from apps like Discord and Steam, while STRRAT serves as a versatile Java-based RAT.
Threat actors exploit vulnerabilities with pentesting tools, refining strategies for maximum impact. Palo Alto Networks’ Unit 42 reveals Muddled Libra hackers’ active use of these tools to gain admin access, linked to supply chain attacks and data theft incidents.
Threat hunters unearthed seven sneaky packages on PyPI, aimed at swiping BIP39 mnemonic phrases for crypto wallets, dubbing the campaign BIPClip. The packages, downloaded over 7,000 times, posed as benign tools but stealthily transmitted data to actor-controlled servers. This incident underscores the persistent danger lurking in open-source repositories, as attackers exploit abandoned projects to execute large-scale supply chain attacks.
Microsoft’s March 2024 Patch Tuesday addresses 60 vulnerabilities, including eighteen remote code execution flaws. Notably, the update includes fixes for critical vulnerabilities in Hyper-V, emphasizing the importance of prompt patching to enhance system security. Additionally, while no zero-day vulnerabilities were disclosed, some notable flaws addressed include privilege escalation in Azure Kubernetes Service and a remote code execution vulnerability in Skype for Consumer.
CISA issues a new Industrial Control Systems (ICS) advisory, focusing on Schneider Electric’s EcoStruxure Power Design. This advisory offers crucial insights into security issues and mitigation strategies for users and administrators to review promptly. Stay informed and protected against potential vulnerabilities and exploits in ICS environments.
π₯ Cyber Incidents
Eastern Radiologists, Inc. in Greenville, NC, notifies nearly 887,000 individuals of a data breach compromising protected health information. Unauthorized access to the network occurred between November 20 and 24, 2023, leading to the exposure of patient names and sensitive details. While security measures have been bolstered, affected individuals are informed via notification letters sent starting March 4, 2024.
Β Acer Philippines acknowledges a data breach affecting employee information managed by a third-party vendor. The breach, disclosed by threat actor ‘ph1ns’ on a hacking forum, prompts Acer to assure customers that their data remains unaffected and that the company’s systems are secure. Acer is collaborating with cybersecurity experts and law enforcement while conducting an investigation into the incident alongside regulatory bodies in the Philippines.
Estonian government institutions faced the largest DDoS attack in their history, attributed to pro-Kremlin hackers. Fortunately, swift action mitigated significant disruptions, as preventive measures implemented in recent years proved effective. Despite escalating cyber threats amid Russia’s invasion of Ukraine, authorities remain vigilant in safeguarding both public and private sector websites against malicious activities.
The Health Service Executive (HSE) in Ireland faces scrutiny after admitting an IT glitch compromised vaccination details of over a million individuals. The misconfiguration of a Covid-related database in December 2021 left sensitive information vulnerable to exploitation, though no data breach by hackers was reported. The Data Protection Commissioner is now investigating the lapse, which was initially identified by external security researcher Aaron Costello, highlighting ongoing concerns about cybersecurity in Ireland’s healthcare system.
The websites of the city of FΓΌrth and the district of FΓΌrth in Germany were reportedly unavailable over the weekend due to a cyberattack. Attackers flooded the servers with numerous requests from different countries, leading to limited or no access to online services for citizens. Despite the disruption, specialized applications and municipal IT remained unaffected, ensuring continuity through alternative communication channels such as phone, email, and in-person assistance.
π’ Cyber News
Airbnb has decided to prohibit the use of indoor security cameras across all of its listings worldwide, aiming to prioritize the privacy of its community. This change in policy simplifies the approach and ensures that security cameras are not allowed inside listings, regardless of their location or prior disclosure. While outdoor security cameras and other devices are still permitted, hosts must disclose their presence and location before guests book, with stricter guidelines in place to safeguard privacy.
The United States takes the lead in proposing the first-ever United Nations resolution on artificial intelligence, emphasizing the importance of safety, security, and trustworthiness in AI development. Spearheaded by U.S. National Security Advisor Jake Sullivan, the resolution seeks to ensure equal access to AI technology and foster a global conversation on its implications and governance approaches.
Β Amid growing concerns over foreign interference in the upcoming presidential election, the United States Office of the Director of National Intelligence (ODNI) has announced a significant restructuring of its election security apparatus. Jessica Brandt, a seasoned expert in foreign malign influence and disinformation, has been appointed as the first director of the Foreign Malign Influence Center. This move underscores the urgent need to bolster defenses against potential attacks by hostile actors seeking to undermine the integrity of the electoral process.
Β Tor introduces WebTunnel, a new bridge type, designed to counter censorship by disguising connections as HTTPS traffic. By blending in with regular web traffic, WebTunnel makes it difficult for oppressive regimes to block Tor connections, ensuring access to uncensored information for users in restrictive environments. With over 700 daily active users and 60 bridges worldwide, Tor aims to provide unrestricted internet access, particularly in regions with heavy censorship like China and Russia.
CISA has issued the Secure Cloud Business Applications (SCuBA) Hybrid Identity Solutions Guidance (HISG), aiding users in integrating on-premises networks with cloud-based solutions securely. This release follows extensive feedback from the 2023 public comment period.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
