π What’s happening in cybersecurity today?
Llama Drama, Vulnerability, AI Models, Risk, Grandoreiro, Banking Trojan, Phishing Attack, Android, Google Play, SugarGh0st, RAT, US, AI Research Organizations, ViperSoftX, Malware, Cryptocurrency, American Radio Relay League, Cyberattack, Radio Services, UniSuper, Cyber Incident, Erases, Account, Backups, San Francisco Transit Authority, Richland, Data Breach,Β 911 Services, Kyrgyzstan, Mob Violence, Cyber Assaults, Slack, Policy, Data Usage, Chinese Nationals, Charged, $73M Crypto Scam, Pink Drainer, Retires, Microsoft, Surface, AI PCs,, Azure, Multi-Factor Authentication.
Listen to the full podcast
π¨Β Cyber Alerts
A critical vulnerability in a popular Python package allows arbitrary code execution, endangering systems and data. Dubbed “Llama Drama” (CVE-2024-34359), the issue affects the Jinja2 and llama_cpp_python tools, exposing over 6,000 AI models to potential attacks. The flaw has been patched in llama_cpp_python 0.2.72, mitigating the risk.
Since March 2024, the Grandoreiro banking trojan has resurfaced in a global phishing campaign after a law enforcement takedown in January. Targeting over 1,500 banks across 60 countries, this large-scale attack is likely facilitated through a malware-as-a-service model. Significant improvements to the malware, including enhanced string decryption and domain generation, highlight active development and a broader targeting strategy.
Cyble warns of Antidot, a new Android banking trojan masquerading as a Google Play update. Capable of stealing credentials, logging keystrokes, and initiating overlay attacks, it poses a significant threat to users’ privacy and security. With its ability to adapt to multiple languages and employ advanced evasion techniques, Antidot highlights the evolving sophistication of mobile malware.
Proofpoint discovers UNK_SweetSpecter operation targeting US businesses, universities, and government agencies using AI-themed bait emails. These emails contain zip archives housing JavaScript droppers, which deploy the SugarGh0st RAT for data exfiltration and keylogging. The campaign aligns with US efforts to counter Chinese AI espionage, indicating potential state-backed cyber espionage.
ViperSoftX malware evolves with Tesseract OCR engine to steal cryptocurrency data from infected systems. It utilizes new techniques for sensitive data extraction and deploys additional malware strains like Quasar RAT and TesseractStealer. Avast and TrendMicro uncover updated routines, highlighting ongoing advancements in malware sophistication.
π₯ Cyber Incidents
The American Radio Relay League (ARRL) faces a cyberattack, impacting IT systems and online services like email and Logbook of the World. ARRL, representing amateur radio enthusiasts nationwide, deals with the aftermath, assuring members of their data’s security. The incident’s nature, whether ransomware or another cyber threat, remains undisclosed.
UniSuper faces a major setback as its entire account, including backups, is wiped out at Google Cloud. Despite some backups with another provider, the incident causes significant downtime, with full restoration taking over two weeks. The joint statement from UniSuper and Google Cloud attributes the disruption to an inadvertent misconfiguration, marking an unprecedented event for both parties.
The Central Contra Costa Transit Authority, County Connection, in San Francisco, reports a recent cyberattack. Measures are taken to secure networks and identify affected individuals for direct notification. Despite the incident, efforts are made to reassure San Francisco customers of swift response and data protection.
The city of Richland confirms server breach, compromising personal data for residents in Benton County, Washington. Immediate response initiated to contain breach; consultant hired to assess and strengthen security measures. Updates on data protection to be shared via social media and city website.
Bishkek, Kyrgyzstan’s capital, grapples with mob violence targeting foreign students, sparked by a contentious viral video. The turmoil garners international concern, notably from India and Pakistan, as diplomatic tensions rise amidst the chaos. Additionally, cyberattacks on Kyrgyzstan’s critical infrastructure compound the crisis, with hacktivist groups targeting governmental and private sector systems.
Slack faces backlash as users express outrage over the use of private data to train AI models. The controversy arises after users discover that Slack AI tools were leveraging their messages and chat content for training purposes. Despite initial discontent, Slack updates its policies to clarify that customer data is not used to train third-party AI models.
The U.S. Department of Justice has accused two Chinese nationals of leading a $73 million international crypto scam involving shell companies and U.S. bank accounts. Arrested in Atlanta and Los Angeles, Li and Zhang face charges of money laundering linked to cryptocurrency investment fraud, with prosecutors alleging their involvement in a global money laundering syndicate.
The notorious Pink Drainer crypto-wallet draining kit abruptly announced its retirement after achieving its goal of pilfering over $85 million in digital assets. With the developer silent and the Telegram chat record deleted, the encrypted messaging service channel vanished, leaving victims and authorities grappling with the aftermath. Despite the shutdown, the emergence of successors like Angel Drainer underscores the ongoing threat of crypto theft, prompting continued vigilance among users.
Microsoft’s annual Build conference kicks off, featuring major AI announcements and the launch of Surface Pro 10 and Surface Laptop 6, equipped with Qualcomm’s X-series chips for enhanced performance. Attendees can expect insights from CEO Satya Nadella on how AI will revolutionize developer workflows and business productivity across industries. Watch the event live on YouTube or the company’s website for in-depth discussions on Azure, Azure AI, GitHub, and more.
Microsoft’s Azure rolls out MFA enforcement, boosting account security for users starting in July. Admins will see a gradual rollout, starting with the Azure portal and extending to CLI, PowerShell, and Terraform access. Redmond emphasizes proactive MFA enablement, citing studies showing over 99% protection against cyber threats.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
