👉 What’s happening in cybersecurity today?

Microsoft, Azure, Black Screen, Phishing, ChatGPT, Users, OpenAI, Payment Alerts, Privilege Escalation, MediaTek, Google, Sleep, AI Tool, Zero-Day, SQLite, Database Engine, Typosquat, Packages, npm, Wiz Khalifa, X Account, Hack, Memecoin, Housing Authority, Cactus Ransomware, South East Technology University, Portsmouth City Council, DDoS, Ransomware, Memorial Hospital and Manor, Canada, India, Cyber Adversary, Tensions, Japan, Cybersecurity, Bill, Political Uncertainty, Australia, Philippines, Cyber Boot Program, Snapchat, Online Grooming, UK, Malaysia, Ministries, Cyber Attacks

Listen to the full podcast

🚨 Cyber Alerts

1. Microsoft Warns Users of Black Screen Issues

Microsoft recently alerted Azure Virtual Desktop (AVD) users to potential black screen issues that can last up to 30 minutes during login, following the installation of the Windows 10 July 2024 preview update (KB5040525). This problem, which primarily affects enterprise users, arises from a deadlock between the Azure Active Directory (AAD) broker and the AppX Deployment Service (AppxSvc), impacting users’ access to backend services and causing single sign-on (SSO) failures, particularly in Office applications such as Outlook and Teams.

2. Businesses Hit by ChatGPT Phishing Scam

Barracuda Networks has detected a large-scale phishing campaign that impersonates OpenAI, aiming to steal credentials from ChatGPT users worldwide. The attackers are sending phishing emails that falsely claim to be from “OpenAI Payments,” notifying recipients of unsuccessful subscription payments and urging them to click a link to update their payment information. Over 1,000 of these emails have been traced back to a single domain, “topmarinelogistics.com,” which, while appearing legitimate, is used to facilitate the attack.

3. Flaws in MediaTek Chips Allow Escalation

Recent security bulletins have revealed critical vulnerabilities in MediaTek smartphone chipsets that could allow attackers to escalate privileges and gain unauthorized access to affected devices. These vulnerabilities impact various Android versions, specifically 12, 12L, 13, and 14, and are linked to multiple components of MediaTek’s architecture. Two notable vulnerabilities include CVE-2024–20104, a high-severity out-of-bounds write issue in the DA component affecting chipsets like MT6781 and MT6789, and CVE-2024–20106, a type confusion flaw in the m4u component that impacts chipsets such as MT6739 and MT6765.

4. Google’s Big Sleep Finds Zero-Day in SQLite

Google has announced the discovery of a zero-day vulnerability in the widely used SQLite open-source database engine, identified through its AI-assisted framework, Big Sleep. This marks a significant milestone as it is touted as the first real-world vulnerability uncovered by an artificial intelligence agent. The vulnerability involves a stack buffer underflow, which can lead to application crashes or arbitrary code execution. Google reported that the flaw was discovered in a development branch of SQLite and has been addressed as of early October 2024, prior to any official release.

5. 280+ Malicious Typosquat Packages Target npm

A recent investigation has unveiled over 280 malicious typosquat packages targeting JavaScript developers within the npm (Node Package Manager) ecosystem. Initiated in late October 2024, this sophisticated attack specifically aimed at developers utilizing popular libraries such as Puppeteer and Ethers.js. The campaign began with stealthy test publications, including a package named daun124wdsa8, which masqueraded as a legitimate tool.

💥 Cyber Incidents

6. Rapper Wiz Khalifa’s X Account Hacked

Rapper Wiz Khalifa’s X account was reportedly hacked on November 3, 2024, leading to the promotion of a fraudulent memecoin called “WIZ” to his 35.7 million followers. The hackers claimed that Khalifa was collaborating with their team to launch the token for crypto fans. Initially, the WIZ memecoin saw a surge in value, reaching a peak market capitalization of $3.4 million shortly after its launch on the Solana-based memecoin platform, pump.fun. However, this hype was short-lived, as the token’s value quickly plummeted to below $10,000 within an hour, primarily due to early holders cashing out.

7. HACLA Confirms Cactus Ransomware Breach

The Housing Authority of the City of Los Angeles (HACLA) has confirmed a cyberattack on its IT network, following claims from the Cactus ransomware gang. HACLA, which oversees over 32,000 public housing units and serves low-income families, acknowledged the incident and has engaged external forensic IT specialists to investigate the breach. While specific details regarding the timing of the attack and the potential exposure of sensitive data remain undisclosed, the Cactus ransomware group alleges to have stolen 891 GB of files, including personal identifiable information, financial documents, and corporate correspondence.

8. South East Technology University Breached

A cyberattack targeting the Information Technology (IT) systems at South East Technology University (SETU) in Ireland has raised alarms, prompting immediate action from the college’s IT team. The attack, which occurred on Friday at the Waterford campus, has so far shown no evidence of compromised data or information. Simon Woodworth, a lecturer at Cork University Business School, emphasized the importance of containing the breach to prevent it from spreading to other campuses, particularly Carlow.

9. Cyberattack Hits Portsmouth City Council

Portsmouth City Council has confirmed that its website was taken offline following a distributed denial-of-service (DDoS) attack attributed to the hacker group NoName057(16). The attack reportedly affected over a dozen local authorities across the UK, including Bournemouth, Christchurch & Poole, Medway, Exeter, and Burnley. Portsmouth City Council assured residents that their personal data was not compromised and that council services remained unaffected. The council’s IT team worked swiftly to restore the website, which was back online within two hours.

10. Ransomware Attack Hits Georgia Hospital

Memorial Hospital and Manor in Bainbridge, Georgia, fell victim to a ransomware attack that compromised its Electronic Health Record (EHR) system, a significant disruption to its operations. The breach was detected early Saturday morning, prompting the hospital staff to implement contingency measures by reverting to paper-based processes to continue providing care. While this temporary solution allows the hospital to maintain some level of service, it may lead to longer wait times for patients seeking treatment.

📢 Cyber News

11. Canada Designates India as Cyber Adversary

In a significant escalation of diplomatic tensions, the Canadian government has officially designated India as a “cyber adversary,” placing it alongside China, Russia, Iran, and North Korea in its latest National Cyber Threat Assessment for 2025–2026. Released by the Canadian Centre for Cyber Security, the report cites concerns over India’s cyber capabilities and alleged espionage activities. Canada accuses India of leveraging its cyber program to further national security interests, including espionage against Canadian networks.

12. Japan’s Cybersecurity Bill Delayed

The Japanese government’s plans to introduce a bill aimed at enhancing cybersecurity capabilities have been postponed due to political uncertainty following the recent general election. Initially scheduled for submission during an extraordinary parliament session, the bill sought to implement “active cyber defense,” which would allow the government to monitor and respond to potential cyberattacks on critical infrastructure.

13. Australia Unveils New Cyber Boot Program

Australia and the Philippines have announced a partnership to launch a “Cyber Boot Program,” aimed at enhancing the cybersecurity capabilities of the Philippines. The initiative seeks to bolster the country’s defenses against cyber threats by raising awareness and imparting technical skills necessary for organizations and companies to effectively prepare for and respond to cyberattacks. According to Professor Helge Janicke from the Australian Cyber Security Cooperative Research Centre, the program will include awareness initiatives and war gaming exercises to help participants better understand potential cyber threats and appropriate responses.

14. Snapchat Leads in Online Child Grooming

Online grooming crimes against children have surged to alarming levels, with Snapchat emerging as the most prevalent platform for offenders, according to a recent report by the National Society for the Prevention of Cruelty to Children (NSPCC) in the UK. Over the past six years, cases of “Sexual Communication with a Child” have skyrocketed by 89%, with nearly half of these incidents occurring on Snapchat. The report highlights that girls represent 81% of the victims, and even primary school-aged children are targeted, with the youngest victim reported being just five years old.

15. Malaysia Faced Over 1K Cyber Attacks in 2023

In 2023, Malaysia’s ministries experienced a staggering 1,547 cyber attacks, highlighting the growing threat to the country’s digital infrastructure. According to the Prime Minister’s Department, all incidents were successfully detected and mitigated through the diligent efforts of the National Cyber Security Agency (Nacsa) and the National Security Council (NSC). Minister in the Prime Minister’s Department Dr. Zaliha Mustafa confirmed that the government is committed to enhancing the cybersecurity posture of its agencies by implementing advanced antivirus solutions and establishing a robust Multi-Factor Authentication (MFA) system.

Copyright © 2024 CyberMaterial. All Rights Reserved.