π What’s going on in the cyber world today?
MS-SQL Servers, Mallox Ransomware Attacks, Cuttlefish Malware, SOHO Routers, Data Theft, CISA, Critical GitLab Flaw, ZLoader Malware, HPE Aruba, Critical RCE Flaws, ArubaOS, DropBox Sign Hack, Authentication Keys, Panda Restaurant Group, Qantas App Glitch, Customer Travel Details, Pike Finance, $1.6M Hack, Australian Pubs and Clubs, Data Breach, FCC, Huawei, ZTE,, AI, Illicit Bitcoin Transactions, Elliptic, Zelensky, Dismissal, Cyber Chief, Ukraine, Adobe, Bug Bounty, AI, Asus, AI Laptop, Qualcomm Snapdragon
Listen to the full podcast
π¨Β Cyber Alerts
Cybersecurity experts have identified a dangerous trend where the TargetCompany ransomware group exploits vulnerabilities in poorly managed Microsoft SQL servers to deploy the Mallox ransomware. These attacks, also utilizing tools like Remcos RAT and remote screen control malware, aim to gain unauthorized access, control systems, and ultimately encrypt data to demand ransom. The repeated patterns and techniques used in these incidents underline the critical importance of robust cybersecurity practices to protect against such sophisticated threats.
Cuttlefish, a newly identified malware, is infiltrating small office and home office routers to covertly monitor traffic and pilfer authentication data from web requests. This modular malware not only steals credentials but also has capabilities for DNS and HTTP hijacking within internal networks, showing sophisticated control over compromised routers. Active since July 2023 and primarily affecting users connected to Turkish telecom providers, Cuttlefish highlights a serious escalation in network equipment threats, capturing credentials from major cloud services and manipulating router operations.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recognized a severe vulnerability in GitLab, tracked as CVE-2023-7028 with a CVSS score of 10.0, due to its active exploitation that can lead to account takeovers. This flaw, found in multiple versions of GitLab since a May 2023 update, allows attackers to send password reset emails to unverified addresses, compromising user accounts and enabling further malicious activities like data theft and supply chain attacks. In response to the threat, patches have been released for several versions of the software, and federal agencies are mandated to update their systems by May 22, 2024, to mitigate the risk.
ZLoader, a variant of the notorious Zeus trojan, has introduced sophisticated features to evade analysis and enhance its persistence on infected systems. Santiago Vicente from Zscaler ThreatLabz highlighted that the newest version, ZLoader 2.4.1.0, incorporates an anti-analysis feature that prevents the malware from running on any machine other than the originally infected one. This is achieved through stringent checks of Windows Registry keys that, if not matched, cause the malware to terminate immediately, making detection and study of the malware more challenging for cybersecurity professionals.
HPE Aruba Networking’s April 2024 advisory reveals critical remote code execution vulnerabilities in ArubaOS, impacting various network products. With ten vulnerabilities listed, including four critical-severity buffer overflow issues, the threat landscape poses significant risks to unpatched systems. To address these concerns, users are urged to enable Enhanced PAPI Security and upgrade to the latest ArubaOS versions, fortifying against potential exploits
π₯ Cyber Incidents
DropBox has reported a significant security breach in its DropBox Sign eSignature platform, where hackers accessed authentication tokens, MFA keys, hashed passwords, and customer data. The intrusion, detected on April 24, allowed unauthorized access to a configuration tool used in backend services, granting the attackers elevated privileges and access to the customer database. Despite no evidence of accessed customer documents, DropBox has reset all passwords and issued security advisories on rotating API keys and reconfiguring MFA settings to mitigate the breach’s impact.
Panda Restaurant Group, which operates Panda Express and other chains, reported a breach in March that compromised the personal information of numerous associates. The breach, which occurred between March 7-11, did not affect in-store systems or customer data, but did impact corporate systems containing sensitive employee information. Panda has since strengthened security measures, working with cybersecurity experts and law enforcement to investigate and mitigate the breach, though the total number of affected individuals remains undisclosed.
Qantas Airways has acknowledged a misconfiguration in its app that inadvertently allowed users to access sensitive information belonging to other passengers. This breach included exposure to names, upcoming flight details, points balances, and other personal data, though Qantas confirmed that no personal or financial information was compromised further. The airline has resolved the issue, attributing it to internal system changes rather than a cyberattack, and advises customers to remain alert for potential scams related to the incident.
Pike Finance, a decentralized protocol focused on cross-chain lending, was hacked, leading to a loss of approximately $1.6 million in various cryptocurrencies including Ethereum, Arbitrum, and Optimism tokens. The vulnerability exploited was related to the management of USDC transfers, where security flaws in functions designed for burning and minting USDC across chains were manipulated. Following the exploit, Pike Finance has offered a 20% reward for information leading to the recovery of the funds and is working on measures to strengthen security to prevent future breaches.
Over a million records from Australians visiting local pubs and clubs have been leaked online, allegedly stemming from a tech service provider, Outabox. The leaked information includes names, partial addresses, dates of birth, and details about the venues visited, all of which were verified by The Register. This breach not only exposes sensitive personal data but also raises concerns about the security practices of Outabox, especially regarding its outsourcing and data storage methods.
π’ Cyber News
The Department of Homeland Security (DHS) has issued a warning about the potential for global threat actors to utilize AI in executing nuclear or chemical attacks against U.S. interests. In recent guidelines, DHS highlighted existing vulnerabilities within U.S. security measures for biological and chemical sectors, stressing the urgency for critical infrastructure to bolster cybersecurity efforts and mitigate AI risks. The report encourages immediate action to provide organizations with specific, actionable recommendations and hands-on tools to effectively secure against the increasing AI-facilitated threats.
Jareh Sebastian Dalke, a former NSA employee, has been sentenced to nearly 22 years in prison for attempting to sell classified National Defense Information to what he believed was a Russian agent. Dalke, who worked briefly as an Information Systems Security Designer in 2022, was actually in contact with an undercover FBI agent during his espionage attempt. His conviction serves as a severe reminder, emphasized by FBI Director Christopher Wray, of the serious consequences of betraying national trust and security.
Verizon’s 2024 Data Breach Investigations Report reveals a concerning surge in the exploitation of zero-day vulnerabilities, with a threefold increase primarily driven by ransomware attacks. Alex Pinto, from the Verizon Threat Research Advisory Center, highlights the critical gap between the rapid pace of exploitative attacks and the slower response of organizations to patch these vulnerabilitiesβtaking an average of 55 days to address half of the critical issues. The report underscores the urgent need for improved vulnerability management and robust security measures around third-party and supply chain risks, emphasizing the importance of security training to mitigate human errors.
Changpeng Zhao, the former CEO of cryptocurrency giant Binance, has been sentenced to four months in prison for a felony related to violations of the Bank Secrecy Act. U.S. District Judge Richard Jones ruled on the case, following Zhao’s guilty plea for failing to implement an adequate anti-money laundering program at Binance. This sentencing reflects the U.S. judiciary’s stance on serious financial crimes, emphasizing the consequences of breaching trust in regulatory compliance in the cryptocurrency sector.
A coalition of newspapers led by Alden Global Capital’s MediaNews Group has filed a lawsuit against Microsoft and OpenAI, accusing them of illegally using copyrighted articles to train their AI technologies, including Microsoft’s Copilot and OpenAI’s ChatGPT. The suit, which includes major publications like the New York Daily News and Chicago Tribune, alleges that millions of articles were copied without permission, impacting the credibility of these news sources through the generation of inaccurate, AI-created content. This legal action seeks unspecified damages and an injunction against further misuse of their copyrighted content, highlighting ongoing tensions between copyright owners and tech giants over the ethical use of data in AI development.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
