π What are the latest cybersecurity alerts, incidents, and news?
Google Chrome, bug, SQL Injection, Apple, Book Travel, FIN7, Google Ads, Kimsuky, Facebook, MS Management Console, espionage, SocGholish, FakeBrowser updates, Dell, Data Breach, British Columbia, Government Networks, Russian Hackers, Latvian TV, Moscow parade, Tappware, Data Breach, Phishing, Kennedy Collective, US Treasury,Finance sector, FBI, AI, Cybercrime, RSA Conference, Interpol, Crypto Fraud, Accenture, Navy contract, Nmap.
Listen to the full podcast
π¨Β Cyber Alerts
Google has swiftly responded to a critical security threat in Chrome, patching a severe “use after free” vulnerability, CVE-2024-4671, which affects the browser’s visuals component. Discovered by an anonymous researcher, this vulnerability was being actively exploited, prompting an urgent update to versions 124.0.6367.201/.202 for enhanced user safety. Users are advised to verify their Chrome version via settings to ensure they have the latest protection against potential data leakage or system crashes.
Researchers uncovered a critical SQL injection vulnerability in Appleβs Book Travel portal, leading to potential remote code execution (RCE). They exploited this flaw by manipulating JSON API functions and bypassing security checks, like the improperly set ‘isOnDisplay’ property. The discovery was promptly addressed by Apple, which implemented a fix within two hours, while the Masa team, maintaining an open-source version of Mura CMS, also released a security update.
Sponsored Google Ads become a lucrative tool for cybercriminals like FIN7 to spread malware swiftly. By masquerading as trusted brands, they lure victims into downloading malicious payloads disguised as signed MSIX files. eSentireβs vigilant Threat Response Unit uncovered this scheme, demonstrating the critical role of proactive threat detection in safeguarding against sophisticated cyberattacks.
The North Korean group Kimsuky is leveraging Facebook to infiltrate networks related to human rights and security affairs concerning North Korea. They create counterfeit profiles resembling South Korean officials, using these to forge connections and distribute malware via documents or links. Additionally, they employ disguised Microsoft Management Console (MMC) files to execute malicious commands, highlighting the increasing sophistication in cyber-espionage tactics and the urgent need for advanced cybersecurity measures.
Enterprises are falling victim to the stealthy SocGholish malware, which masquerades as browser update notifications on compromised websites. eSentire’s recent report reveals that these deceptive prompts trick users into downloading a file named βUpdate.js,β which contains the malicious payload. This malware employs sophisticated techniques to evade detection and initiates a multi-stage infection process, significantly threatening organizational security.
π₯ Cyber Incidents
Dell Technologies has issued warnings to millions of its customers following a security breach that compromised their personal data. The stolen information includes customers’ full names, physical addresses, and details about their Dell product purchases and orders. Although the breach did not expose any financial details, email addresses, or phone numbers, the absence of a formal breach notice to the SEC as of the last update adds a layer of concern regarding transparency and regulatory compliance.
British Columbia has been the target of sophisticated cybersecurity incidents affecting its government networks, announced Premier David Eby. While investigations by the Canadian Centre for Cyber Security and other agencies are ongoing, there is no current evidence that sensitive information has been compromised. The incidents are considered severe enough to warrant an official inquiry and have raised concerns about possible espionage, especially following recent warnings about foreign interference in Canadian political affairs.
Russian hackers redirected television broadcasts in Latvia to show a military parade in Moscow, catching thousands of unsuspecting Latvians off guard. The hackers did not target the Latvian operator Balticom directly but compromised a Bulgarian-based interactive TV server that delivers content to Balticom. This incident, described by Latvian authorities as part of Russia’s hybrid warfare tactics, briefly affected around 5% of Balticom’s viewership, showcasing the continued provocations and cybersecurity threats posed by state actors.
Tappware, a notable IT service provider, has suffered a significant data breach, with 50GB of its database leaked on a hacker forum, containing 2.3 million rows of sensitive personal data including names, addresses, and phone numbers. Discovered by the Bangladesh Cyber Security Intelligence (BCSI) through routine monitoring, this breach poses severe risks of identity theft and fraud for the individuals affected. Tappware now faces urgent cybersecurity challenges, including potential legal consequences and the critical need to reinforce data protection measures to regain customer trust and ensure compliance with data protection laws.
The Kennedy Collective in Trumbull has reported a significant breach of sensitive information following a phishing attack, affecting both employees and patients. The compromised data includes personal health information, Social Security numbers, and driverβs license numbers. While the full extent of the breach is currently unclear, the organization has reinforced its cybersecurity measures and provided additional anti-phishing training to prevent future incidents.
π’ Cyber News
The U.S. government is joining forces with Wall Street to launch Project Fortress, a new cybersecurity initiative designed to protect the American financial system from severe cyberattacks. Announced in a letter from Deputy Treasury Secretary Wally Adeyemo to bank CEOs, this public-private partnership focuses on both defensive and offensive strategies to deter potential hackers. Defensive measures include a cyber hygiene tool for vulnerability scanning, while offensive tactics involve employing Treasuryβs national security tools and U.S. law enforcement to confront and impose consequences on adversaries targeting the financial sector.
At the RSA cybersecurity conference in San Francisco, the FBI highlighted a growing threat from cybercriminals using artificial intelligence to enhance phishing and social engineering attacks. These AI tools enable criminals to create highly realistic voice and video imitations, as well as sophisticated emails that are hard to distinguish from legitimate communications. The FBI urges businesses and individuals to stay vigilant, implement multi-factor authentication, and educate themselves on the evolving tactics of AI-powered fraud to protect sensitive information and prevent financial losses.
Law enforcement agencies from Austria, Cyprus, and Czechia, with support from Europol and Eurojust, have successfully dismantled a fraudulent cryptocurrency operation, arresting six individuals involved. Initiated in December 2017, the scam involved a bogus online trading company that lured investors into buying a nonexistent cryptocurrency through an ICO, using established currencies like Bitcoin and Ethereum. In a coordinated raid, authorities seized assets worth over EUR 2.15 million, including cryptocurrencies, cash, luxury vehicles, and property, effectively halting the operations of this deceptive scheme.
Accenture Federal Services has secured a substantial $789 million contract from the U.S. Navy to bolster cybersecurity within its maritime forces worldwide. This initiative, part of the SHARKCAGE project, will see Accenture collaborating with the Navy’s various cyber teams to enhance network security both ashore and at sea, integrating state-of-the-art technology and analytics. The contract, which spans up to ten years, underscores a strategic focus on safeguarding critical defense assets and sensitive data against evolving cyber threats.
Nmap, the renowned open-source tool for network discovery and security auditing, has released version 7.95, featuring significant updates to its OS and service detection capabilities. With the addition of 336 new signatures, the tool now supports the latest versions of major operating systems like iOS, macOS, Linux, and OpenBSD, bringing its total signature count to 6,036. The update also includes enhanced service/version detection abilities, now covering 1,246 protocols, including new entries such as grpc and mysqlx, making it an even more powerful asset for network administrators.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
