👉 What’s going on in the cyber world today?

Storm-1811, Quick Assist, Social Engineering Attacks, Microsoft , Turla Group, LunarWeb, LunarMail, Diplomatic Missions, ESET , Foxit PDF Reader, Check Point Software , Wi-Fi Attack, Malicious Networks, Fiskars Group , MediSecure , Ransomware Attack, Michigan Drive Medical Practice , Pau, France, Airport, Schools, LEMKEN , Global Cyber Assault, Federal Bureau of Investigation (FBI) , BreachForums, UK, Cyber Defense System, Election Concerns, National Cyber Security Centre (NCSC), Android, Security, Theft Protection, Ethereum Heist, U.S. Department of Justice , Palo Alto Networks , Acquires, IBM’s QRadar.

Listen to the full podcast

🚨 Cyber Alerts

1. Storm-1811’s Quick Assist Cyber Attacks

Microsoft’s Threat Intelligence team reveals an alarming trend: the notorious cybercriminal group Storm-1811 is utilizing Quick Assist, a Microsoft client management tool, to orchestrate sophisticated social engineering attacks. Storm-1811, known for deploying Black Basta ransomware, has adopted a multi-stage attack chain, commencing with voice phishing to deceive victims into installing remote monitoring tools like QakBot and Cobalt Strike, culminating in ransomware deployment.

2. Turla’s LunarWeb and LunarMail Attacks

In a targeted cyber campaign, the Russian group Turla infiltrates European Ministries, deploying LunarWeb and LunarMail backdoors. LunarWeb employs HTTP(S) for command and control, masquerading as legitimate requests, while LunarMail, disguised as an Outlook add-in, communicates via email. These sophisticated tactics underscore Turla’s evolving threat capabilities.

3. Hackers Target Foxit PDF Users

Security researchers unveil a sophisticated PDF exploit, meticulously targeting users of Foxit Reader, exploiting a critical design flaw within its security warning system. This flaw, cunningly presenting users with deceptive prompts, facilitates the execution of malicious code, granting attackers unauthorized access to compromised systems. Suspected to be orchestrated by APT-C-35, this wide-reaching campaign signifies a concerning escalation in cyber threat tactics.

4. Wi-Fi SSID Spoofing Threat in WPA2/WPA3

A critical design flaw in Wi-Fi standards permits SSID spoofing, luring devices into connecting to rogue networks, bypassing authentication protocols. Despite encryption measures, this vulnerability poses substantial security risks, urging the implementation of enhanced protocols and defensive strategies.

5. Google Patches Third Chrome Zero-Day

Google has announced the release of Chrome 125 to the stable channel, introducing fixes for nine vulnerabilities, with four identified by external researchers. The most significant among them is CVE-2024-4947, a high-severity type confusion flaw in the V8 JavaScript engine, which has already been exploited in the wild. This vulnerability poses a serious risk, as successful exploitation could allow a remote attacker to execute arbitrary code within a sandbox via a crafted HTML page, as stated in a NIST advisory.

💥 Cyber Incidents

6. Fiskars Group Cyber Incident

Fiskars Group experienced a cyber security incident impacting some U.S. systems, yet operations remain unaffected. Swift containment measures were implemented upon detection, with ongoing investigations and cooperation with law enforcement underway. Committed to data protection, Fiskars Group assures continued support and transparency throughout the process.

7. Australia’s MediSecure Hit by Cyber Attack

Australia’s MediSecure, a digital prescription provider, faces website shutdown and phone line closure following a ransomware attack. The Melbourne-based health company works with cyber authorities to address the breach, emphasizing legal and ethical obligations. National security agencies mobilize to coordinate a response, led by Home Affairs Minister Clare O’Neil.

8. Michigan Medical Data Theft Alert

Hypertension-Nephrology Associates in Michigan alerts patients after a cyberattack in February 2024 compromised their data. The threat actor demanded ransom to prevent the release of stolen patient information, leading to an investigation confirming unauthorized access to patient records and subsequent data exfiltration. The practice is taking steps to enhance security measures and support affected patients, including offering credit monitoring services and engaging third-party experts for compliance and further investigation.

9. Pau Cyberattack Affect Airport and Schools

A cyberattack impacted Pau-Pyrénées Airport, Eklore business school, and the Pau digital campus, all under the Chamber of Commerce and Industry in France. Despite the incident, operational activities remain uninterrupted, with investigations underway involving cybersecurity experts. The attack, suspected to be ransomware, has disrupted digital tools but hasn’t halted essential operations.

10. Global Cyberattack Hits LEMKEN

Agricultural machinery leader LEMKEN faced a widespread cyber attack on May 11, 2024, impacting all its global locations. In response, all IT systems were promptly halted, with production paused while remote work for office staff was enabled. Despite the setback, critical contacts remain reachable, and measures are underway to restore operations.

📢 Cyber News

11. BreachForums Seized Again by FBI

Law enforcement agencies, led by the FBI, have once again seized control of BreachForums, a notorious online platform for trafficking stolen data. With collaborative efforts from international partners, the FBI has replaced the site with a seizure banner, signaling its control over the cybercrime forum. As investigations proceed, authorities urge individuals with information on cybercriminal activities to come forward, emphasizing the global crackdown on illicit online activities.

12. UK Introduces Cyber Defense Amid Elections

The UK government unveils Personal Internet Protection, an additional security layer for political figures, aiming to thwart spear-phishing and malware threats. This initiative coincides with rising cyberattacks, notably attributed to Chinese and Russian threat actors, prompting intensified global cooperation on cybersecurity. The NCSC, in collaboration with international partners, releases comprehensive guidance, emphasizing the importance of device updates, vigilance against phishing, and multifactor authentication for enhanced personal cybersecurity.

13. Google Boosts Android Security

Google is rolling out new privacy and security features for Android, focusing on safeguarding users’ devices and data in case of theft, including advanced protection measures available via Google Play services update. One standout addition is the private space feature, offering users a secure area for sensitive apps, accessible only with a separate PIN.

14. Brothers Arrested for $25M Crypto Theft

Two brothers, Anton Peraire-Bueno and James Pepaire-Bueno, have been indicted for allegedly orchestrating a “first-of-its-kind” scheme, manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency in just 12 seconds. Arrested in Boston and New York, they face charges of wire fraud, conspiracy, and money laundering, potentially resulting in a maximum 20-year prison sentence for each count.

15. Palo Alto Networks Acquires IBM’s QRadar

Palo Alto Networks acquires IBM’s QRadar cloud security assets, integrating them into its Cortex XDR platform to deliver advanced threat detection and response capabilities across cloud, on-premises, and hybrid environments. This strategic partnership aims to leverage AI and machine learning to provide unparalleled protection against sophisticated cyber threats, with IBM establishing a dedicated cybersecurity practice within its Consulting division to deliver consulting, implementation, and managed services for Palo Alto Networks’ security platforms.

Copyright © 2024 CyberMaterial. All Rights Reserved.