π What’s happening in cybersecurity today?
Malicious Python Package, Sliver C2, Fake Requests Logo, Critical Next.js Vulnerability, North Korean Hackers, Durian Golang Malware, Apache OFBiz, RCE Flaw, CISA, Black Basta Ransomware, Europol, EPE Portal Breach, Christieβs Cyberattack, Luk Fook, Embargo Group, Data Leak, Firstmac Limited, BTC Scam, US State Attorney Generals, Privacy Laws, UK Record Ransomware Cyberattacks, Information Commissionerβs Office, Fortinet, AI Safety Institute, Safer AI Development, Auto Lenders, Synthetic Identity Fraud.
Listen to the full podcast
π¨Β Cyber Alerts
Cybersecurity experts uncover a sneaky Python package, requests-darwin-lite, masquerading as a variant of the popular requests library. Inside its PNG logo lies a hidden Golang version of the Sliver C2 framework. This revelation underscores the ongoing threat to open-source ecosystems, emphasizing the crucial need for systematic security measures.Cybersecurity experts uncover a sneaky Python package, requests-darwin-lite, masquerading as a variant of the popular requests library. Inside its PNG logo lies a hidden Golang version of the Sliver C2 framework. This revelation underscores the ongoing threat to open-source ecosystems, emphasizing the crucial need for systematic security measures.
Two critical vulnerabilities in Next.js pose significant risks, identified as CVE-2024-34350 and CVE-2024-34351, with a severity rating of 7.5 (High). One flaw enables response queue poisoning, while the other facilitates Server-Side Request Forgery (SSRF). These vulnerabilities have been addressed in Next.js versions 13.5.1 and 14.1.1, respectively, accompanied by published security advisories urging users to update promptly.
Kimsuky unleashes Durian, a potent Golang-based malware, in targeted assaults on South Korean cryptocurrency firms, as disclosed in Kaspersky’s Q1 2024 APT trends report. This sophisticated threat, observed in August and November 2023, leverages legitimate software pathways for infiltration, executing a payload that facilitates a multi-stage infection process. Employing Durian, Kimsuky orchestrates a series of malware deployments, aiming to extract sensitive browser data, suggesting a concerted effort to pilfer valuable information for North Korean interests.
Apache OFBiz exposes businesses to significant security risks due to numerous vulnerabilities allowing unverified remote code execution. Companies relying on OFBiz for critical functions such as budgeting and online sales are at heightened risk. Urgent updates to version 18.12.11 are crucial to mitigate these serious threats and safeguard sensitive data.
CISA and FBI reveal Black Basta’s extensive breach of 500+ organizations, targeting healthcare and critical infrastructure sectors worldwide. Operating since April 2022, the ransomware gang has netted over $100 million in ransom payments and poses significant cyber risks. Defenders are urged to bolster defenses, update systems, and apply recommended mitigations to thwart Black Basta attacks.
π₯ Cyber Incidents
Europol launches investigation into breach of EPE portal after threat actor claims theft of classified documents. The incident affects the Europol Platform for Experts, impacting cybercrime data sharing among global law enforcement. Concerns rise over potential exposure of sensitive law enforcement information and the wider implications of the breach.
Days before its marquee spring auctions, Christieβs website falls victim to hackers, redirecting visitors to a placeholder page. The auction house, set to sell millions in art, faces disruption as it works to resolve the cyberattack, leaving collectors and dealers seeking information via phone numbers provided on the site.
Hong Kong-based Luk Fook Holdings launches investigation into potential customer data breach after dark web post claims access. With a cybersecurity consultancy’s help, they assess breach validity and review system security comprehensively. Luk Fook reports the incident to authorities, vows to enhance information system security for customer privacy protection.
Firstmac Limited, a major non-bank lender in Australia, discloses a data breach after the Embargo extortion group leaks over 500GB of allegedly stolen data from the company. The breach includes sensitive customer information such as names, contact details, and even driver’s license numbers.
After allegedly duping a user into sending $68M worth of wBTC, the attacker sends back $153K in Ether as a gesture of goodwill, alongside a message agreeing to negotiate. Despite the small percentage returned, negotiations continue, highlighting the complexities of resolving crypto scams and the importance of vigilance against address poisoning attacks.
π’ Cyber News
Fifteen state attorneys general urge Congress to preserve existing state privacy laws, expressing concerns that new federal legislation could undermine state-level protections. The draft American Privacy Rights Act (APRA) is criticized for potentially superseding stronger state laws and delaying privacy rights enforcement. California Attorney General Rob Bonta leads the coalition, highlighting the importance of state autonomy in addressing evolving privacy threats and advocating for the retention of robust state-level protections.
Britain faced an unprecedented wave of ransomware and cyberattacks in 2023, impacting vital sectors like central government, local government, and utilities. The Information Commissionerβs Office (ICO) reported a significant rise in data breaches caused by cyber incidents, emphasizing the urgent need for enhanced cybersecurity measures across all industries. As organizations grapple with increasingly sophisticated threats, the ICO calls for proactive measures to bolster foundational controls and safeguard personal information from malicious actors.
In the second half of 2023, the time gap between vulnerability disclosure and exploitation dwindled to just 4.76 days, signifying a 43% reduction from earlier in the year. This compressed timeline heightens pressure on organizations to swiftly patch exposed systems to avert breaches.
The UK’s AI Safety Institute unveils Inspect, a platform for AI safety evaluations, now available worldwide. With a focus on fostering secure AI innovation, it aims to streamline safety testing across borders and ensure consistent evaluation standards. Through open-source accessibility, it empowers diverse stakeholders to contribute to advancing AI safety practices globally.
Synthetic identity fraud has emerged as a top threat to the auto lending industry, with a staggering $7.9 billion in losses recorded in 2023, driven by a 98% increase in attempts. Point Predictive’s study highlights that income misrepresentation, synthetic identities, and credit washing pose significant risks, constituting nearly 75% of challenges faced by auto lenders.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.