π What’s trending in cybersecurity today?
LiteSpeed Cache, WordPress, WPScan, Samsung, Steganography, RemcosRAT, AhnLab Security Intelligence Centre (ASEC), Ivanti Pulse Secure VPN, Juniper Networks, HijackLoader, Zscaler, Mobile medical care, DocGo, data theft, US Securities and Exchange Commission, Hong Kong Fire Department, Hong Kong Free Press, Sawnee Electric Membership Corporation, Atlanta News First, Perpignan Radiology Group, L’Independant, Concord, Massachusetts School District, Boston 25 News, Software liability, NextGov, Facebook, Indian election ads, Tech Transparency Project, OpenAI, AI-generated images, TikTok, ByteDance, US divestment law, Reuters, Singapore, Cybersecurity law, The Business Times.
Listen to the full podcast
π¨Β Cyber Alerts
A severe vulnerability in the LiteSpeed Cache plugin for WordPress, identified as CVE-2023-40000 with a CVSS score of 8.3, is being actively exploited to create unauthorized admin accounts on websites. WPScan reports that attackers have been setting up fake admin profiles to gain complete control over affected sites, leading to potential malware injections or further exploitative actions. Users are urged to update to the latest plugin version and rigorously check their sites for suspicious activity to mitigate the risks associated with this exploit.
Samsung has recently fortified its mobile devices against potential security threats by patching 25 vulnerabilities, enhancing protection against code execution and privilege escalation attacks. The vulnerabilities, referred to as Samsung Vulnerabilities and Exposures (SVE) items, affect various components of the devices such as the operating system and proprietary software. By addressing these critical issues in their May 2024 Security Maintenance Release, Samsung continues its commitment to safeguard user privacy and device integrity against the evolving landscape of cyber threats.
Hackers have adopted a new tactic using steganography to distribute RemcosRAT, a notorious Remote Access Trojan. This technique involves embedding malicious code within seemingly benign image files, a strategy that significantly complicates detection by traditional antivirus solutions. The attack sequence starts with a Word document that exploits vulnerabilities to download a VBScript masquerading as a JPEG file, eventually leading to the deployment of RemcosRAT on the victimβs system, showcasing a sophisticated evolution in malware delivery.
Juniper Threat Labs reports ongoing exploitation of critical vulnerabilities in Ivanti Pulse Secure VPN appliances, specifically CVE-2023-46805 and CVE-2024-21887, which are being used to deliver the Mirai botnet and other malware. CVE-2023-46805 allows attackers to bypass authentication via a flaw in the endpoint security, while CVE-2024-21887 enables command injection through web components. Organizations using these appliances are at significant risk and need to apply patches immediately to mitigate these threats and protect their network integrity.
HijackLoader, a sophisticated malware loader detected in 2023, is continually evolving, now incorporating advanced evasion tactics and using a PNG image to deliver subsequent stages of malware, including Amadey and Racoon Stealer. This loader variant utilizes new modules for process creation, UAC bypass, and employs dynamic API resolution alongside anti-hooking techniques to avoid detection. Furthermore, researchers have developed a Python script to dismantle HijackLoader samples, revealing its method of using encrypted PNGs for loading additional malicious modules, thereby enhancing its stealth and effectiveness in system infiltration.
π₯ Cyber Incidents
DocGo, a provider of mobile medical care in thirty US states and the UK, has confirmed a breach of its systems resulting in the theft of protected health information. The company responded quickly by shutting down IT systems to prevent further damage and initiating an investigation with the help of cybersecurity experts. Although the breach was limited to their US-based ambulance transportation records, DocGo is actively notifying affected individuals and does not anticipate a significant impact on their operations or finances.
The Hong Kong Fire Department recently faced a significant data breach affecting over 5,000 of its personnel and hundreds of residents, marking the third government data breach in less than a week. Unauthorized changes in access rights during a data migration by an outsourced contractor led to the exposure. Immediate measures included system suspension, revocation of the contractorβs access, and notification of affected individuals and relevant authorities, although no evidence suggests the data was published online. This incident highlights ongoing security concerns with third-party contractors handling sensitive information.
Sawnee Electric Membership Corporation (EMC) has alerted its customers to a cybersecurity breach affecting their primary website. The utility company, serving parts of seven counties in north Georgia, has advised customers to avoid using their compromised website at sawnee.com and to instead visit their new site at www.sawnee.coop for all utility-related needs. A comprehensive investigation into the incident is currently underway, and Sawnee EMC is directing customers to contact their customer service via a new email during this period, promising updates as the situation evolves.
The Coradix-Magnescan medical radiology group in Perpignan, France, faced an attempted cyberattack that impacted several of its sites including Saint-Pierre, the Mediterranean polyclinic, and others in Argelès-sur-Mer and Céret. Despite the initial system malfunctions detected last Friday, the intrusion was only observed by Tuesday, prompting immediate containment actions and an intensive investigation that, fortunately, revealed no data breaches. The group has reassured patients and staff that all radiological services are being maintained under secure conditions, although some delays are expected in the coming days as they work towards fully restoring their systems.
Concord Public Schools and the Concord-Carlisle Regional School District in Massachusetts suffered a cybersecurity attack that disrupted network operations and prompted an intense response from the districtβs IT team. Superintendent Laurie Hunter informed families that the attack included a ransomware component, primarily affecting PCs and the central office, while Macintosh devices and new networks were restored quickly. Despite concerns, there is currently no evidence of student data compromise, and the district is coordinating with external forensic and legal teams to manage the situation, with the investigation still ongoing.
π’ Cyber News
The Biden administration has started consultations with software developers to create legal frameworks that incentivize the production of secure software, aiming to reduce exploitable flaws. Announced at the RSA Conference in San Francisco by Nick Leiserson from the Office of the National Cyber Director, the initiative seeks to shift liability from consumers to manufacturers, thereby encouraging improved software development practices. These discussions, set to expand to include critical infrastructure operators, focus on creating a secure software ecosystem comparable to safety standards in other industries, with potential adjustments in how open-source software is handled to enhance overall cyber security.
A recent report reveals rampant use of fake and stolen Facebook accounts to run political ads during India’s ongoing election season, despite Meta’s ban. The Tech Transparency Project highlights a concerning trend where organizations hide their identity, threatening the transparency of India’s electoral process. With India’s massive election spending and Facebook’s vast user base, the issue underscores the challenges of ensuring election integrity in the digital age.
OpenAI has announced the development of a new detection tool designed to identify content produced by its DALL-E 3 image generator, achieving an impressive 98% accuracy rate in early tests. This tool, which effectively differentiates between AI-generated and non-AI images, will soon be tested externally by research labs and journalism nonprofits. Amidst rising concerns over AI’s role in global elections, OpenAI is also implementing tamper-resistant watermarks and has joined a significant initiative with Microsoft to bolster societal resilience against deceptive AI content.
TikTok and its parent company ByteDance have filed a lawsuit in the US Court of Appeals for the District of Columbia to challenge a new law signed by President Joe Biden, which mandates ByteDance to divest from TikTok by January 19th or face a ban in the U.S. The companies argue that the law infringes on First Amendment rights and is technically and legally impossible to execute without shutting down TikTok, affecting 170 million American users. The lawsuit also points to the “speculative” national security threats posited by U.S. lawmakers as insufficient grounds for such drastic action, highlighting the ongoing conflict over internet and technology between the U.S. and China.
Singapore has amended its cybersecurity legislation to increase the oversight of the Cyber Security Agency (CSA) over critical computer systems, especially those at high risk of cyber-attacks. This update broadens the scope to include temporary systems like those used for vaccine distribution or hosting significant international events, which have become targets for cybercriminals. Senior Minister of State Janil Puthucheary highlighted that the rapid digitalization and the shift towards cloud services necessitate these changes to protect national interests and adapt to evolving technology landscapes.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
