π What’s happening in cybersecurity today?
Android VPN, DNS leak, Mullvad, Hackers, Microsoft Graph API, Symantec, Google, reCaptcha bug, Firefox, Mozilla, CAPTCHA scams, Sucuri, Tinyproxy, Talos, LAPD, website outage, Los Angeles Times, Wichita, network shutdown, ransomware attack, KAKE News, MedStar Health, German military, security flaws, Zeit Online, LockBit, Cannes, Simone Veil Hospital, Biometric law,Biometric Update.com, NATO, EU, European Council, European Union, Paris Olympics, cyber threats, Euronews,Cyber scams, Seniors, FBI, Russia Ukraine, CERT-UA
Listen to the full podcast
π¨Β Cyber Alerts
Despite having “Always-on VPN” and “Block connections without VPN” activated, an Android bug allows DNS query leaks while changing VPN servers, as discovered by a Mullvad VPN user. This unexpected behavior persists even with the latest Android OS, version 14, posing a significant privacy risk by potentially exposing user activities and locations. While Mullvad suggested a temporary mitigation by setting a bogus DNS server, the fundamental issues require a direct fix from Android to ensure complete user protection across all apps.
Hackers are increasingly using Microsoft Graph API to conduct stealthy operations and avoid detection by masking their communications as regular traffic through Microsoft’s cloud services, according to the Symantec Threat Hunter Team. Since early 2022, various nation-state-backed cyber groups, including APT28 and APT29, have leveraged this method for command-and-control activities. The use of Microsoft Graph API allows attackers to seamlessly integrate with trusted Microsoft infrastructure, making malicious traffic less conspicuous and thus harder to identify and block.
Google has promptly reverted a recent update to its reCaptcha service following a bug that disrupted functionality on Firefox for Windows. The issue, which caused the captcha to continuously display a spinning circle, was due to an error in the script’s dark mode detection routine specifically on Firefox. Mozilla and Google collaborated to address the flaw, with Google rolling back the script to a previous version, restoring normal service for affected Firefox users.
Hackers are using fake CAPTCHA prompts to deceive users into clicking malicious links, exploiting their familiarity with human verification systems to bypass suspicion. These deceptive prompts, which mimic legitimate CAPTCHAs, redirect users to harmful domains through an image overlay technique that hides the link to the attacker’s domain. The scam, part of the larger Mal.Metrica malware campaign, targets vulnerabilities in WordPress plugins, deceiving users with seemingly innocuous security checks that lead to malware downloads and phishing schemes.
A severe vulnerability in Tinyproxy, a widely-used lightweight proxy server, has been identified under CVE-2023-49606, enabling remote attackers to execute arbitrary code on the host machine. This critical flaw arises from improper memory handling during HTTP request parsing, which attackers can exploit by sending specially crafted HTTP requests. The risk is particularly significant in security-sensitive environments, as it allows unauthorized access and potential further internal system exploitation.
π₯ Cyber Incidents
The Los Angeles Police Department’s website was unexpectedly offline for several hours on Friday, with officials unable to provide a clear explanation for the disruption. While LAPD’s chief spokesperson, Capt. Kelly Muniz, confirmed that public safety was not compromised and denied any ransomware involvement, an online group named Dark Storm claimed responsibility for a “cyber attack” via Telegram. Despite these claims, Muniz stated there was no evidence to support the allegation of a cyber attack, as the department continues to focus on upgrading the site’s security.
The City of Wichita, Kansas, has taken drastic measures by shutting down its computer network following a ransomware attack that encrypted data on May 5th. This precaution was taken to contain the malware spread and minimize the impact, affecting various online services and necessitating a switch to business continuity measures for first responders. While it remains uncertain if personal data was compromised, the city is conducting a thorough review and has engaged with specialists to restore the affected systems, with updates to follow as the investigation progresses.
MedStar, a significant healthcare provider in the US, has reported a security breach that compromised the personal and health insurance information of 183,000 patients. This breach involved unauthorized access to employee email accounts between January and October 2023, with the investigation concluding in March 2024 revealing that sensitive patient data was potentially accessed.
Over 6,000 military meetings, including classified ones, were exposed online due to security gaps in Germanyβs military communication systems. According to Zeit Online, links to Bundeswehr video meetings were openly accessible, allowing unauthorized viewing of metadata like times, participants, and topics. Despite the military claiming the issue was fixed within 24 hours and that unauthorized access during meetings was not possible, the persistent visibility of sensitive information and inadequate encryption raises serious concerns about the security practices of the Bundeswehr.
The Simone Veil hospital in Cannes suffered a significant data breach when LockBit ransomware operators published sensitive information after a cyber attack in April. This incident forced the hospital to deactivate its computer systems and revert to manual operations, causing disruptions in medical services including the postponement of non-urgent procedures. In response to the data leakage, the hospital confirmed the authenticity of the published data, is continuing to assess the extent of the breach, and is cooperating with cybersecurity experts and legal authorities to manage the fallout and prevent future incidents.
π’ Cyber News
Illinois is considering a legislative amendment to its Biometric Information Privacy Act (BIPA) that could significantly reduce the financial penalties companies face for violations. The proposed change shifts the penalty structure from $1,000 per violation to a one-time $1,000 fee per affected individual, in response to concerns about potentially crippling damages highlighted by a recent case against White Castle. The bill, which has passed the state Senate, seeks to balance strong biometric data protections with fair penalties for violations, and is expected to be voted on in the General Assembly soon.
NATO and the European Union have strongly condemned Russia for its increasing hybrid warfare tactics, which include sabotage, cyberattacks, disinformation, and more, aimed at destabilizing member states. Recent counterintelligence operations across various countries like Czechia, Estonia, and Germany have unveiled a broad spectrum of malicious activities attributed to Russian entities such as the GRU’s APT28. Amidst these tensions, NATO and EU officials are calling on Russia to adhere to international norms, as they bolster their defensive strategies to counteract these threats and continue their unwavering support for Ukraine.
As the Paris Olympic Games approach, France is ramping up its cybersecurity defenses in anticipation of potential cyberattacks, particularly from sources like Russia. The cybersecurity team, a group of highly trained professionals often referred to as ‘cyberwarriors’, is preparing diligently by analyzing the tactics and weaknesses of potential hackers, ranging from ransomware gangs to state-sponsored entities. With critical infrastructure and the Games themselves as likely targets, the success of these cyber defenders will be measured by their ability to pass through the event unnoticed, ensuring that technology and cybersecurity remain non-issues throughout the Olympic and Paralympic games.
Cyber scams targeting older adults are alarmingly increasing, with those over the age of 60 suffering over $3.4 billion in losses in 2023 alone, marking an 11% increase from the previous year, according to the FBI’s latest report. The FBI’s 2023 Elderly Fraud Report highlights that tech support, investment, cryptocurrency scams, and personal data breaches are particularly prevalent, exploiting seniors’ dependence on technology and often their limited understanding of it. The report emphasizes the severity of these scams, noting that some elderly victims have faced catastrophic financial losses, with close to 6,000 individuals losing over $100,000 each, often equating to their life savings.
Ukraine has observed a significant increase in financially motivated cyberattacks by Russian hackers, marking a strategic shift in the ongoing cyberwar. These attacks, often conducted by newly identified groups possibly linked to the Russian military, utilize sophisticated phishing schemes to deploy malware like RemcosRAT and LummaStealer aimed at financial theft and data exfiltration. Yevheniia Volivnyk, head of Ukraine’s CERT-UA, notes that these groups not only diversify Russia’s cyberwarfare tactics but also enhance its capability by targeting Ukrainian financial institutions and governmental organizations for monetary gains.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
