π What are the latest cybersecurity alerts, incidents, and news?
North Korea, Hackers, Crypto Firms, Hidden Risk, Malware, macOS, ZIP Concatenation, Evade Detection, Windows, Androxgh0st Botnet, Mozi, IoT, Web, Earth Estries, Advanced Tactics, CISA, Palo Alto Networks, Flaw, Newpark Resources, Ransomware Attack, Disruption, Universal Health Corporation, Health Information, Symetra Life Insurance, Customer Data, OrthopedicsNY, Breach, Patient Data, Google News,India, Government Website, Gambling Promotion, ENISA, NIS2, Risk Management, Australia, Social Media, Ban, Youth Protection, Detroit, Cryptocurrency, Taxes, Roblox, Safety Enhancements, Kids, Social Spaces, Embed Security, AI Solutions, Overworked Analysts
Listen to the full podcast
π¨Β Cyber Alerts
1. New Hidden Risk Malware Targets macOS
North Korean cyber actors from the group BlueNoroff are targeting cryptocurrency firms with a sophisticated macOS malware campaign, dubbed βHidden Risk,β that leverages social engineering and phishing tactics. Discovered by cybersecurity firm SentinelOne, the campaign uses fake cryptocurrency news emails to trick targets into downloading a malicious app disguised as a PDF file. Once executed, the app covertly installs a backdoor on the device, using an unusual persistence method that bypasses Appleβs standard security notifications by exploiting the zshenv configuration file.
2. ZIP Concatenation Evades Windows Security
Hackers have developed a new evasion technique called ZIP file concatenation to target Windows users by embedding malicious content within multiple combined ZIP files. This method allows attackers to bypass security detection by exploiting the way different ZIP readers interpret concatenated archives. While tools like 7zip display only the contents of the first ZIP file, potentially hiding malicious payloads, WinRAR can reveal all embedded files, making it more effective at spotting threats.
3. Androxgh0st Botnet Integrates With Mozi
The Androxgh0st botnet has evolved by integrating components from the Mozi botnet, expanding its reach to target a wide range of IoT vulnerabilities. Initially focused on web server exploits since January 2024, this botnet now deploys Mozi-linked payloads, allowing it to infect IoT devices such as routers and security cameras. It leverages vulnerabilities in well-known platforms, including Cisco ASA, Atlassian JIRA, Metabase, and Apache Web Server, among others.
4. Earth Estries Employ New Advanced Tactics
Earth Estries, a high-level cyber threat actor, continues to demonstrate its ability to execute sophisticated and prolonged cyber operations through the use of diverse tactics, techniques, and tools (TTPs). The group utilizes two distinct attack chains, exploiting vulnerabilities in systems such as Microsoft Exchange and network adapter management tools. The first attack chain involves PsExec and backdoors like Cobalt Strike, Trillclient, Hemigate, and Crowdoor, delivered via CAB files. In the second chain, Earth Estries deploys malware such as Zingdoor and SnappyBee, often delivered through cURL downloads. These operations allow Earth Estries to maintain persistence, employ lateral movement across networks, and steal credentials.
5. Palo Alto Networks Flaw Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Palo Alto Networksβ Expedition tool to its Known Exploited Vulnerabilities (KEV) catalog, following evidence of active exploitation. Tracked as CVE-2024β5910, the flaw involves a missing authentication issue in the Expedition migration tool, potentially allowing attackers to take over admin accounts and access sensitive data such as credentials and configuration secrets.
π₯ Cyber Incidents
6. Newpark Resources Faces Ransomware Attack
Newpark Resources, a Texas-based supplier of fluid systems and industrial solutions to the oil and gas industry, has reported a ransomware attack that disrupted its operations. In a filing with the U.S. Securities and Exchange Commission, the company revealed that it detected the cyber incident on October 29, 2024, when an unauthorized third party accessed its internal systems.Following detection, Newpark initiated its cybersecurity response plan and launched an internal investigation with external support to assess and contain the threat.
7. Universal Health Corporation Breached
On or around July 29, 2024, Universal Health Corporation (UHC) detected unauthorized access to certain employee email accounts, leading to a potential breach of Protected Health Information (PHI). After immediate action, including password resets and engaging forensic experts, UHC confirmed on September 24, 2024, that an unauthorized third party may have accessed sensitive information, including personal and medical details such as names, Social Security numbers, medical records, and health insurance information.
8. Symetra Life Insurance Hit With Data Breach
In November 2024, Symetra Life Insurance Company reported a data breach involving unauthorized access to certain user accounts. Between April 12 and September 10, 2024, an external party was able to use personal information to log into customer accounts, exposing sensitive data such as names, addresses, email addresses, dates of birth, account numbers, and beneficiary details. Upon discovering the breach, Symetra immediately stopped unauthorized access and launched an investigation to determine the extent of the compromise.
9. OrthopedicsNY Reports 2023 Data Breach
OrthopedicsNY, LLP recently disclosed a data breach impacting sensitive patient information. The breach, which was discovered in December 2023, allowed an unauthorized party to access confidential data, including names, Social Security numbers, health insurance details, and protected health information. Following the breach, OrthopedicsNY secured its systems and launched an investigation to determine the extent of the compromise. The company filed an official notice with the Texas Attorney General on November 6, 2024, and began sending out notification letters to affected individuals.
10. Google News Spammed by Hacked Govt Website
On November 8, 2024, Google News was spammed by promotional links originating from a hacked Telangana government website, the Hyderabad Metropolitan Water Supply and Sewerage Board in India. The attack exploited a vulnerability in the site, which is typically used by Hyderabad residents to pay their water bills. Hackers injected malicious SQL code into the website, redirecting users to gambling and betting sites. The compromised links gained traction on Google News, particularly under the technology sectionβs latest news tab.
π’ Cyber News
11. ENISA Publishes NIS2 Cybersecurity Guidance
The European Union Agency for Cybersecurity (ENISA) has released new technical guidance to help EU Member States and entities effectively implement the cybersecurity risk management requirements outlined in the NIS2 Directive. This guidance supports the European Commissionβs goal of achieving a high level of cybersecurity across the EU by strengthening the resilience of critical sectors. Developed in collaboration with various cybersecurity groups, the guidance includes actionable advice on risk assessment, incident handling, business continuity, and supply chain security.
12. Australia Bans Social Media for Under-16s
Australian Prime Minister Anthony Albanese has announced a groundbreaking initiative to ban social media use for individuals under 16 years old, citing concerns over online bullying, peer pressure, scams, and sexual harassment. The new legislation, expected to be introduced by the end of 2024, will place the responsibility on social media platforms to enforce the ban, with oversight from the eSafety Commissioner. While current users under 16 will not face penalties, those gaining parental consent to join platforms will be restricted.
13. Detroit to Accept Crypto for Taxes in 2025
Detroit is set to become one of the first major U.S. cities to accept cryptocurrency for tax payments and other city services starting in mid-2025. The cityβs Office of Treasury announced that payments will be processed through a secure platform managed by PayPal, which currently supports major cryptocurrencies like Bitcoin, Ethereum, Litecoin, and Bitcoin Cash. The move is part of Detroitβs broader efforts to modernize its payment systems and attract blockchain innovation.
14. Roblox Strengthens Safety Measures for Kids
Roblox has introduced new safety measures aimed at protecting younger users by restricting access to certain experiences on its platform. Starting in 2025, users under the age of 13 will be prohibited from engaging in unrated experiences, social hangouts, and games that allow free-form 2D user creation. These changes are in response to concerns about online safety risks such as inappropriate language, grooming, and explicit content. Creators must complete a questionnaire to ensure their experiences meet safety standards before being accessible to younger players.
15. Embed Security Raises $6M to Aid Analysts
Embed Security, a cybersecurity startup founded in 2024 by former leaders from Meta, Google, FireEye, and Mandiant, has raised $6 million in an early-stage funding round led by Paladin Capital Group. The company offers an AI-driven security platform designed to alleviate the workload of overburdened security analysts by autonomously investigating alerts, detecting threats, and providing guidance. Embed Securityβs platform autonomously triages and prioritizes threats across the security stack, allowing analysts to focus on high-value tasks like remediation and threat hunting.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.