π What’s the latest in the cyber world today?
NetSupport RAT, Microsoft Office, Windows Users, DEEP#GOSU Malware, AcidPour, Linux x86 Devices, Argo System, AZORult Campaign, Google Sites, Malware Distribution, Pensacola, Florida, City Phone Line Cyber Attack, Nations Direct Mortgage, Data Leaks, Apex Legends Tournament, Mid-Match Hacks, Founder of Milady NFT Collection, F1 Spa-Francorchamps Grand Prix, Pentagon, UK Organizations Vulnerable, Cisco, Splunk Acquisition, U.S. Securities and Exchange Commission, Misleading AI Claim, NCSC, SCADA Migration.
Listen to the full podcast
π¨Β Cyber Alerts
A new phishing campaign dubbed Operation PhantomBlu is exploiting U.S. organizations by deploying the NetSupport RAT via sophisticated OLE template manipulation, as tracked by Perception Point. This method diverges from typical delivery mechanisms, showcasing a blend of innovative evasion tactics and social engineering prowess, as highlighted by security researcher Ariel Davidpur.
Securonix uncovers DEEP#GOSU, a sophisticated attack employing PowerShell and VBScript to stealthily infect Windows systems. Believed to be linked to North Korean state-sponsored group Kimsuky, the malware exhibits multi-stage capabilities, including keylogging and data exfiltration. Leveraging legitimate services like Dropbox and Google Docs for command-and-control, it poses a formidable challenge to detection.
A potent new variant of data-wiping malware, AcidPour, specifically crafted for Linux x86 devices, has emerged in the wild, according to SentinelOne’s Guerrero-Saade. With a distinct codebase from its predecessor AcidRain, this ELF binary poses a significant threat, targeting RAID arrays and UBI file systems, raising concerns over its potential victims and the scale of its attacks.
Three critical flaws in Argo, a widely used GitOps tool, threaten Kubernetes setups. KTrust researchers warn of rate limit bypass, brute force vulnerabilities, and denial-of-service risks. Nadav Aharon-Nov underscores the urgency of updating security measures to prevent breaches.
Cyber researchers uncover a new malware campaign utilizing fake Google Sites and HTML smuggling to disseminate AZORult, a commercial info-stealer. This phishing effort, yet unattributed to a specific group, targets widespread data theft, aiming to peddle sensitive information in underground forums. AZORult, a notorious tool dating back to 2016, resurfaces with enhanced stealth, leveraging HTML smuggling to circumvent traditional security measures, posing a formidable challenge to email gateways and typical security protocols.
π₯ Cyber Incidents
A cyberattack cripples Pensacola’s city government phone lines, causing widespread outages, city spokesperson Jason Wheeler confirms. Despite the disruption, emergency services like 911 remain operational, with alternate numbers established for key departments. As the city grapples with technical challenges, the public’s patience is appreciated, with plans to record and post the upcoming City Council meeting at a later date.
Nevada-based Nations Direct Mortgage discloses a data breach affecting 83,000 customers, including Social Security numbers, following a late 2023 cyberattack. The lender, operating in 35 states since 2007, initiates identity protection services for victims and faces potential class-action lawsuits. This incident echoes a wave of cyber threats across the mortgage industry, with multiple firms grappling with ransomware attacks and data breaches, underscoring the vulnerability of financial institutions to cyber risks.
Electronic Arts halts Apex Legends Global Series NA finals due to mid-match hacks compromising players’ integrity. The sudden appearance of cheat tools, including an aimbot, disrupted gameplay, leading to the postponement of the event. Hackers exploiting remote code execution vulnerabilities targeted players mid-match, prompting investigation and security measures to safeguard future competitions.
A prominent figure in the crypto space, Krishna Okhandiar, aka Charlotte Fang, founder of Remilia and Milady, claims to have fallen victim to hacking after a significant amount of Ether and NFTs were transferred to a wallet engaged in asset liquidation. The incident, highlighted by Dumpster DAO, involves assets from wallets linked to Remilia, the DAO behind the Milady Maker NFT collection. Blockchain records reveal substantial transfers and sales of Milady-related NFTs, raising concerns about the security of decentralized platforms amid the surge in crypto-related exploits and hacks.
The Spa-Francorchamps Grand Prix website suffered a cyberattack reported by RTBF, resulting in stolen email addresses. Hackers exploited this data to send fraudulent emails offering fake 50-euro vouchers, leading unsuspecting users to disclose sensitive banking details. Vanessa Maes, the general manager, urged caution, emphasizing that the Grand Prix would never request such information via email.
π’ Cyber News
The US Department of Defense marks a historic milestone with its continuous vulnerability disclosure program, having processed 50,000 reports since its inception in 2016. Launched after the success of the ‘Hack the Pentagon’ bug bounty, the program expanded to cover various military assets, allowing white hat hackers to contribute year-round. Collaborations with platforms like HackerOne led to significant savings and enhanced cybersecurity across DoD networks, showcasing the power of ethical hacking in bolstering national security.
A report by Microsoft and the University of London reveals that just 13% of UK organizations are adequately resilient to cyber-attacks, hindering the nation’s ambition of becoming an ‘AI superpower’. With 48% vulnerable and 39% at high risk, urgent investment in AI technologies is urged to combat the increasing weaponization of AI by cyber-threat actors.
Β Cisco finalizes its acquisition of Splunk, a data analysis and security powerhouse, for $28 billion. The networking giant aims to enhance its solution portfolio with Splunk’s AI, security, and observability capabilities, expecting positive financial impacts in the coming fiscal years. Chuck Robbins, Cisco’s Chair and CEO, expresses excitement about revolutionizing data usage and protection with Splunk’s integration into Cisco’s offerings.
The U.S. Securities and Exchange Commission (SEC) has imposed penalties on Delphia and Global Predictions for making deceptive statements about their use of artificial intelligence (AI) technology. Both companies agreed to pay hefty fines totaling $400,000 for engaging in “AI washing,” a marketing tactic involving misleading claims about AI integration in products and services. SEC Chair Gary Gensler emphasized the importance of transparency, stating that misleading investors about AI usage can have detrimental effects and undermine trust in financial markets.
The UKβs National Cyber Security Centre (NCSC) released guidance to help organizations decide on migrating their SCADA systems to the cloud. SCADA systems, traditionally isolated for security, now face considerations for cloud benefits. NCSC emphasizes risk-based decision-making tailored to unique organizational profiles and technical needs, crucial in a landscape of heightened cyber threats targeting critical infrastructure.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
