π What’s the latest in the cyber world today?
TunnelVision, VPN Security, Leviathan Security Group, Citrix NetScaler, Bishop Fox, American Express, Phishing Scam, Avast, APT42, Broadcom, pgAdmin, PostgreSQL, NYC Students, Personal Info Hacked, New York Post, UK Ministry of Defence, Data Breach, The Guardian, El Salvador, Resecurity, Cégep de Lanaudière, Canada, La Presse, Guardant Lab,Patient Info, State of California Department of Justice, RSA, US Department of State, German Ambassador, Russia, Deutsche Welle, U.S. Customs, High-Tech Surveillance, Mexican Border, Electronic Frontier Foundation, Israel, Cyber Dome, France24, Poloniex,, Tornado Cash, The Block.
Listen to the full podcast
π¨Β Cyber Alerts
Cybersecurity experts at Leviathan Security Group recently exposed a perilous new cyberattack named “TunnelVision,” which endangers Virtual Private Networks (VPNs). This novel method circumvents the encryption of VPNs, risking exposure of sensitive data to unwanted surveillance. By exploiting flaws in VPN routing, TunnelVision could reveal and potentially leak data, posing a significant threat to both individual privacy and corporate security.
A newly discovered security vulnerability in Citrix NetScaler ADC and Gateway appliances allows unauthorized access to sensitive data. Identified by Bishop Fox, this out-of-bounds memory read issue affects certain software versions and could enable remote attackers to steal credentials and session tokens. Citrix has released patches for the affected versions and urges immediate updates to protect against potential exploits observed in active attacks.
Cybercriminals are deploying deceptive emails to trick American Express cardholders, posing as official communications to solicit sensitive personal and financial information. The phishing emails, detailed by Avast Threat Labs, coax recipients into a bogus “American Express Personal Safe Key” setup, ironically touted as protection against phishing. The emails feature links leading to fake webpages on platforms like Google Forms, designed to harvest extensive personal details, effectively making the scam particularly convincing.
The Damselfly APT group, also known as APT42, has escalated its cyber espionage tactics using sophisticated backdoors like NiceCurl and TameCat to infiltrate key infrastructures. Primarily delivered through spear-phishing, these tools enable discreet initial access and deep control over compromised systems, notably in the energy sector across the U.S., Europe, and the Middle East. The group’s refined strategies and targeting of critical sectors highlight the heightened threat level and the ongoing challenge in cybersecurity defense.
PostgreSQL’s pgAdmin tool recently addressed two significant vulnerabilities, identified as CVE-2024-4216 and CVE-2024-4215, both rated high with a severity of 7.4. The first vulnerability involved cross-site scripting that could allow an attacker to execute malicious scripts and steal cookies, while the second was a multi-factor authentication bypass that could let an attacker perform restricted actions without MFA verification. Both issues, affecting versions prior to 8.5, have been resolved in the latest pgAdmin release, and users are urged to update to v4 8.6 immediately to safeguard their systems against potential exploitation.
π₯ Cyber Incidents
Over two years after a significant data breach involving Illuminate Education, New York City Public Schools (NYCPS) has disclosed that additional students were affected beyond the initial 800,000 reported victims. NYCPS officials have intensified cybersecurity measures and imposed stricter compliance protocols on contractors to safeguard student information. In response to the breach, affected students are being offered two years of free credit and identity-monitoring services, with enrollment required by July 30, 2024.
The UK Ministry of Defence (MoD) has experienced a significant data breach involving a third-party payroll system, compromising the personal details of current and former military personnel. Immediate actions were taken to secure the network, and investigations are ongoing, with no current evidence that data was removed. Defence Secretary Grant Shapps is scheduled to address the incident in the Commons, highlighting the measures being taken to protect affected personnel and offering them access to data protection services to monitor potential misuse of their information.
Resecurity has uncovered a significant breach, revealing the personal information of over five million citizens of El Salvador on the Dark Web, affecting over 80% of the country’s population. The leaked data, totaling 144 GB and posted by an entity known as ‘CiberinteligenciaSV,’ includes high-definition photos labeled with unique identification numbers and other sensitive information such as names, dates of birth, and contact details. This breach not only exposes the victims to potential identity theft and fraud but also raises concerns about the misuse of biometric data, particularly with the advent of generative AI technologies capable of creating deep fakes.
The CΓ©gep de LanaudiΓ¨re in Joliette, QuΓ©bec, Canada, will suspend classes for 7000 students for at least three days following a cyberattack on May 3. The attack targeted several servers, leading to the temporary closure of its institutions in Joliette, Terrebonne, and L’Assomption. While cybersecurity experts have not yet detected any data leaks, the administration is actively working with Montreal-based StreamScan to investigate the origins of the incident and ensure the protection of sensitive information.
Guardant, a cancer screening lab, has notified patients of a data breach that exposed sensitive information due to a file being inadvertently made accessible online from October 2020. The exposed data included names, medical record numbers, treatment details, and test results, although it did not contain financial details or Social Security numbers. The file was accessed by unidentified parties multiple times before the breach was discovered and reported, highlighting a significant lapse in data security practices at Guardant.
π’ Cyber News
At the RSA cybersecurity conference in San Francisco, U.S. Secretary of State Antony Blinken announced a comprehensive international cyber strategy aimed at fostering a “vibrant, open and secure technological future.” This plan outlines the Biden administration’s approach to collaborating globally on cybersecurity, the digital economy, and technological development, emphasizing partnerships with allies and stakeholders. The strategy focuses on promoting economic prosperity, enhancing security to combat cybercrime, supporting human rights, and tackling transnational challenges through digital solidarity and international cooperation.
The German ambassador to Russia, Alexander Graf Lambsdorff, has been recalled to Berlin for consultations after accusations of cyberattacks orchestrated by Moscow, targeting members of Chancellor Olaf Scholz’s Social Democrats. The recall, initiated by Foreign Minister Annalena Baerbock, underscores Germany’s grave concern over the cyber campaign, believed to be linked to Moscow’s GRU military intelligence agency and executed by the APT28 group, also known as Fancy Bear. As tensions escalate, other European countries, including the Czech Republic, are also taking diplomatic actions against Russia in response to alleged cyber intrusions.
A recent Electronic Frontier Foundation (EFF) report reveals that U.S. Customs and Border Protection (CBP) is significantly enhancing its surveillance operations along the Mexican border by incorporating military-grade technologies. This includes the deployment of new Integrated Surveillance Towers (IST), artificial intelligence, drones, and even robotic dogs designed for remote surveillance. The expansion aims to integrate various surveillance systems into a comprehensive network, potentially transforming vast border areas into a closely monitored zone, raising concerns about privacy and the intensification of surveillance practices.
Israel is fortifying its defenses against cyberattacks with the development of a “cyber dome,” mirroring the protective strategy of its Iron Dome missile defense system. This initiative comes in response to a significant increase in cyberattacks, particularly from Iran and its allies, amidst ongoing regional conflicts. The new system aims to centralize and enhance Israel’s cyber defenses by providing real-time, proactive protection across the entire Israeli cyberspace, highlighting a coordinated effort that involves the public, private, and academic sectors.
The hacker behind last year’s Poloniex breach, where $100 million was stolen from a hot wallet, has moved 1,100 ETH (around $3.4 million) to the cryptocurrency mixer Tornado Cash, in efforts to launder the funds. Security firm PeckShield tracked this activity, highlighting the use of mixing services by cybercriminals to hide their digital tracks. This incident is believed to be the handiwork of the North Korean Lazarus Group, known for its major cyber heists, including a staggering $600 million theft from the Ronin sidechain.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
