π Whatβs going on in the cyber world today?
Ghost Tap, Hackers, NFC, Payment Apps, NodeStealer Malware, Facebook Ads, Credit Cards, Gabagool, Phishing Campaign, Cloudflare, Security Filters, Kubernetes, Vulnerability, Command Execution, Apple, Zero-Days, Thailand, Breach, The 1 Co, 5 Million, Customers, Ukrainian Intelligence, Russia, MTS Bank, France, Lozère Chamber of Agriculture, Softway Medical Group, 750K Patients, Ransomware Attack, Italy, Inps Servizi, Contribution Data Systems, Google, Antitrust Lawsuit, CISA, Software Weaknesses, GitHub, Fund, Open Source, Security, Scattered Spider Gang, US, Department of Justice, N-able, Adlumin, Acquisition
Listen to the full podcast
π¨Β Cyber Alerts
1.Β NFC Exploited for Mobile Payment Theft
Hackers are exploiting NFC technology in a scheme known as Ghost Tap, enabling them to steal funds from mobile payment services like Google Pay and Apple Pay. The attack involves banking malware or phishing to steal card credentials and one-time passwords, linking stolen cards to payment apps. Using a tool called NFCGate, attackers relay tap-to-pay data to mules who make fraudulent transactions at retail point-of-sale terminals. This method allows cybercriminals to operate globally and anonymously, evading anti-fraud systems by mimicking legitimate transactions.
2.Β NodeStealer Malware Targets Facebook Ads
NodeStealer, a Python-based malware, has evolved to target Facebook Ads Manager accounts and steal credit card data stored in victimsβ web browsers. Originally a JavaScript-based threat, NodeStealer now employs sophisticated techniques to harvest sensitive information, including using stolen cookies to generate access tokens through the Facebook Graph API. Researchers at Netskope revealed that attackers use the malware to hijack Facebook accounts for malvertising campaigns, which promote further malware infections.
3.Β Gabagool Uses Cloudflare to Bypass Security
A sophisticated phishing campaign, dubbed βGabagool,β has been uncovered by the TRAC Labs team, targeting corporate and government employees. This campaign uses Cloudflareβs R2 storage service to host malicious content, exploiting the platformβs trusted reputation to bypass security filters. The attack begins with phishing emails sent from compromised mailboxes, which contain links redirecting users through multiple file-sharing platforms before landing on a Cloudflare R2 bucket page.
4.Β Critical Kubernetes Vulnerability Allows RCE
A critical security vulnerability, tracked as CVE-2024β10220, has been discovered in Kubernetes, affecting clusters using the in-tree gitRepo volume to clone repositories into subdirectories. This high-severity flaw, with a CVSS score of 8.1, allows attackers to execute arbitrary commands outside of container boundaries by exploiting the hooks folder in target repositories. The vulnerability impacts Kubernetes versions v1.28.11 to v1.30.2, posing a significant threat to the security of affected clusters. Kubernetes administrators are advised to update to fixed versions (v1.31.0, v1.30.3, v1.29.7, or v1.28.12), or alternatively, use an init container for Git cloning tasks.
5.Β Apple Patches Actively Exploited Zero-Days
Apple has rolled out urgent security updates to address two zero-day vulnerabilities actively exploited in the wild. The flaws, CVE-2024β44308 and CVE-2024β44309, affect JavaScriptCore and WebKit components, respectively, and could lead to arbitrary code execution and cross-site scripting (XSS) attacks. The vulnerabilities were discovered by Googleβs Threat Analysis Group and are believed to be exploited in targeted attacks, potentially involving government-backed or mercenary spyware.
π₯ Cyber Incidents
6.Β The 1 Co Suffers Data Breach Affecting 5M
The 1 Co, a retail loyalty program part of Central Group, has issued an apology following a data breach that affected approximately 5 million customers. Despite an initial investigation revealing no flaws in its security systems, the company has expressed deep concern over the incident and is taking immediate action to enhance security measures. The breach has prompted the company to cooperate with both government and private organizations to further assess its systems.
7.Β Ukrainian Hackers Disrupt Russian MTS Bank
Ukrainian intelligence hackers, reportedly from the Cyber Corps of the Defense Intelligence of Ukraine, have launched a significant cyberattack on Russian MTS Bank. The attack, which began on November 19, 2024, involved a large-scale Distributed Denial of Service (DDoS) assault, leading to widespread disruptions in the bankβs services. Users in Russia reported difficulties accessing mobile apps, making transfers, withdrawing cash, and paying for services. The MTS-Business online banking platform was also affected, with some reports of funds being erroneously debited from accounts.
8. Lozère Chamber of Agriculture Hit by Attack
The LozΓ¨re Chamber of Agriculture in France fell victim to a cyberattack on Monday, which has severely disrupted its operations. The attack has limited access to the chamberβs computer systems, prompting an immediate response from the IT department to investigate the breachβs origin. Security analyses are ongoing as officials work to restore normalcy. This incident follows a similar cyberattack last October, which targeted the Normandy Chambers of Agriculture, highlighting a concerning trend in the sector.
9.Β Cyberattack Exposes Data of 750K Patients
Softway Medical Group has confirmed a cyberattack targeting its MediBoard platform, which is used by hospitals for electronic patient record (EPR) management. The breach, which impacted patient data from French hospitals, was not caused by any software vulnerability or misconfiguration within MediBoard, according to the company. Instead, the compromise occurred due to the use of stolen credentials from the affected hospital.
10.Β Ransomware Attack Hits Inps Servizi Systems
On November 18, 2024, Inps Servizi, an Italian provider of cumulative contribution data for companies via model F24 to QuAS, fell victim to a ransomware cyberattack. The breach only affected Inps Serviziβs internal systems and did not impact the broader operations of QuAS. The compromised data was limited to the total contributions paid by companies and did not include any personal information of individual members.
π’ Cyber News
11.Β US Seeks to Force Google to Sell Chrome
The U.S. Justice Department, along with a group of states, has escalated its antitrust case against Google by requesting a federal court to force the tech giant to sell its popular Chrome browser. This move follows a ruling in August 2024, where Judge Amit Mehta found that Google had illegally maintained a monopoly over online search. The lawsuit also demands Google either sell Android or be prohibited from making its services mandatory on Android devices. Additionally, the government seeks to stop Googleβs paid agreements with Apple and others to be the default search engine.
12.Β CISA Releases Top 25 Software Weaknesses
The US Cybersecurity and Infrastructure Security Agency (CISA) has released its 2024 list of the Top 25 Most Dangerous Software Weaknesses, developed in collaboration with the Homeland Security Systems Engineering and Development Institute. This list highlights the most commonly exploited vulnerabilities, which cybercriminals use to steal data, disrupt services, and compromise systems. The ranking is based on data from over 31,000 CVE records and identifies critical weaknesses, such as SQL injection, cross-site scripting, and out-of-bounds write errors.
13.Β GitHub Launches $1.25M Fund for Open Source
GitHub has announced the launch of the GitHub Secure Open Source Fund, with an initial $1.25 million investment aimed at improving the security of 125 open-source projects. This initiative, which is accepting applications until January 7, 2025, offers financial support, security education, certification, mentorship, and access to GitHubβs Security Lab. Each project will receive $10,000 in funding and additional resources such as free access to GitHub tools like Copilot and Secret Scanning.
14.Β Five Members of Scattered Spider Indicted
Five members of the Scattered Spider cybercrime group have been indicted in the U.S. for their role in a multi-million dollar cybercrime operation. The gang used sophisticated social engineering techniques, such as phishing attacks, to target employees at major companies, stealing credentials to access sensitive data, including cryptocurrency accounts. The accused β ranging from 20 to 25 years old and based in the U.S. and U.K. β have been charged with conspiracy to commit wire fraud, identity theft, and other offenses.
15.Β N-able Acquires Adlumin for $266 Million
N-able has acquired cybersecurity operations vendor Adlumin for up to $266 million, a strategic move aimed at enhancing its IT management platform with cloud-native XDR (Extended Detection and Response) and MDR (Managed Detection and Response) solutions. This acquisition, which brings Adluminβs advanced threat detection, ransomware prevention, and compliance automation expertise to N-ableβs offerings, will help address the growing demand for integrated security solutions.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
