π What are the latest cybersecurity alerts, incidents, and news?
China, APT, Gelsemium, WolfsBane, Linux Backdoor, North Korea, Impersonate, US, IT Firms, Google Docs, Weebly, Phishing Attacks, Telecom Industry, FortiClient, VPN, Brute-Force Attacks, Linux Kernel, NVMe, RDMA Vulnerabilities, Andrew Tate, Online University, Breach, Grand Forks Public Schools, Phishing Scam, SafePay Ransomware, Triton Sourcing, Snow Brand Australia, France, Direct Assurance, Personal Details, Leak, China, Telecom Breach, BianLian Ransomware, Data Extortion, US, Crypto Reforms, FBI, Microsoft, Meta, DOJ, Global Cybercrime, Fraudulent Networks, Wiz, Dazz Security, Acquisition
Listen to the full podcast
π¨Β Cyber Alerts
1.Β Gelsemium APT Targets Linux with WolfsBane
Chinese advanced persistent threat (APT) group Gelsemium has expanded its operations by introducing WolfsBane, a Linux-based backdoor, marking the groupβs first documented use of Linux malware. Identified by cybersecurity firm ESET, WolfsBane is a variant of the groupβs long-standing Gelsevirine backdoor, previously observed on Windows systems since 2014. The malware was detected in March 2023 through VirusTotal uploads from Taiwan, the Philippines, and Singapore. In addition, researchers uncovered FireWood, another tool linked to a distinct framework called Project Wood, though its attribution to Gelsemium remains uncertain.
2.Β North Korean Firms Impersonate US IT Firms
North Korean threat actors are using front companies to impersonate U.S.-based IT and software firms, generating revenue to fund the countryβs ballistic missile and weapons programs. Operating under aliases and forged identities, these workers secure remote jobs and funnel their earnings back to the Democratic Peopleβs Republic of Korea (DPRK). Many front companies are based in China, Russia, Southeast Asia, and Africa, often copying legitimate business websites to appear credible.
3.Β Hackers Use Google Docs to Target Telecom
A sophisticated phishing campaign targeting the telecommunications and financial sectors was recently uncovered by EclecticIQ researchers in October 2024. The attackers leveraged Google Docs to deliver phishing links that redirected victims to fake login pages hosted on Weebly, taking advantage of the platformβs trusted reputation to bypass security filters. The phishing pages, designed to mimic login portals of major brands like AT&T, incorporated fake Multi-Factor Authentication (MFA) prompts to further deceive users.
4.Β FortiClient Flaw Allows Undetected Attacks
A critical flaw in FortiClient VPNβs logging mechanism has been discovered, allowing attackers to conduct brute-force attacks without detection. Cybersecurity researchers at Pentera revealed that the vulnerability stems from the way Fortinet handles authentication and authorization. While failed login attempts are logged, successful authentication attempts are not recorded unless a VPN session is created. This creates a blind spot, enabling attackers to test stolen credentials and validate accounts without alerting security teams.
5.Β Multiple Linux Kernel Flaws Patched for 2024
The Linux kernel development team recently patched two critical vulnerabilities affecting various Linux versions, including long-term support (LTS) releases. The first vulnerability, CVE-2024β53093, was identified in the NVMe multipath functionality, where partition scanning could potentially cause a deadlock in certain conditions. The second issue, CVE-2024β53094, affected the RDMA/siw (Software iWARP) driver, triggering warnings related to slab page usage in send_page operations when using iSCSI Extensions for RDMA (iSER).
π₯ Cyber Incidents
6.Β Hackers Breach Andrew Tateβs Online Platform
Hackers have breached Andrew Tateβs online course, leaking the personal data of nearly 800,000 users. The breach exposed sensitive information, including email addresses and private chat logs, which were then shared with data breach notification site Have I Been Pwned and nonprofit collective DDoSecrets. In addition to the stolen data, the attackers flooded the platformβs chatroom with disruptive emojis, including symbols such as a transgender flag, a feminist fist, and AI-generated images mocking Tate.
7.Β Grand Forks Schools Loses $2.2M in Scam
Grand Forks Public Schools in North Dakota lost $2.2 million earlier this year in a phishing scam, where scammers deceived an employee into transferring funds. Business Manager Brandon Baumbach explained that the attack, which occurred on September 13, involved social engineering tactics, with the attackers leveraging insider information to appear legitimate. Phishing, the most common form of cybercrime according to the FBIβs Internet Crime Report, continues to be a major threat.
8.Β Triton Sourcing Hit by SafePay Ransomware
New Zealand-based importer Triton Sourcing & Distribution has confirmed it was the victim of a ransomware attack by the emerging SafePay gang. The group, which has been active since October 2024, leaked at least 10GB of data, primarily consisting of XML files related to Tritonβs Exo order system and operational processes. Despite the breach, Triton stated that no personal data was affected, and it hasnβt identified any significant risks to staff or third parties. The company acknowledged the disruption to its operations but recovered quickly and is working to catch up on delayed orders.
9.Β Direct Assurance Data Breach Exposes 15,000
Direct Assurance, a subsidiary of the Axa insurance group, has confirmed a data breach that has compromised the personal information of 15,000 customers. The breach occurred after a cyberattack on one of the companyβs suppliers, exposing sensitive data such as names, dates of birth, addresses, email addresses, phone numbers, and IBANs. Although the breach affects only about 1% of Direct Assuranceβs total customer base, the incident has raised concerns, especially with the leak of IBANs, which could be exploited for fraudulent transactions.
10.Β Snow Brand Australia Hit With Ransomware
Snow Brand Australia has confirmed it was targeted in a ransomware attack by the newly emerged SafePay group, which recently listed the company on its darknet leak site. The breach, which exposed nearly 24 GB of data, included sensitive financial records such as invoices and purchase orders, along with employee information like medical certificates and superannuation details. The company detected unusual activity on its network and immediately took steps to secure its systems.
π’ Cyber News
11.Β Senator Calls Telecom Hack Worst in History
A recent cyberattack on U.S. telecommunications networks has been described as the βworst telecom hack in our nationβs historyβ by Senator Mark Warner, chairman of the Senate Intelligence Committee. The breach, allegedly linked to China, compromised sensitive surveillance data, including U.S. customer call records and communications from individuals involved in government or political activities. The hackers, identified as part of the group βSalt Typhoon,β infiltrated several telecom companiesβ networks, allowing them to listen to phone conversations and read text messages.
12.Β CFTC Commissioner Calls for Crypto Reforms
At the North American Blockchain Summit on November 21, 2024, Commodity Futures Trading Commission (CFTC) Commissioner Summer Mersinger called for structured cryptocurrency regulations in the United States. Mersinger criticized the current βregulation by enforcementβ approach and emphasized the need for clearer, proactive policies to guide the crypto industry. She pointed out that decentralized finance (DeFi) and decentralized autonomous organizations (DAOs) often face charges under existing laws without the ability to register officially, making it difficult for businesses to comply.
13.Β BianLian Shifts to Data Extortion Tactics
The FBI, alongside Australian law enforcement, has identified a significant shift in the tactics of the BianLian ransomware group, which is likely based in Russia. Previously known for encrypting victimsβ data and demanding ransom, BianLian has now transitioned to a data extortion model, focusing solely on stealing sensitive information and threatening to leak it unless the ransom is paid. The group has been targeting public-facing applications, including Windows and ESXi systems, and exploiting known vulnerabilities like ProxyShell and CVE-2022β37969 to gain initial access.
14.Β Microsoft, Meta and DOJ Disrupt Global Scams
Microsoft, Meta, and the U.S. Department of Justice (DoJ) have taken significant actions to combat cybercrime and fraudulent networks. Microsoftβs Digital Crimes Unit seized 240 fraudulent websites linked to an Egypt-based cybercriminal, Abanoub Nady, who sold a phishing kit named ONNX. This kit was used in widespread phishing campaigns targeting sectors like finance, bypassing security measures like two-factor authentication. Meanwhile, the DoJ shut down PopeyeTools, a marketplace selling stolen financial data and fraud tools, and charged its administrators from Pakistan and Afghanistan.
15.Β Wiz to Acquire Dazz Security for $450M
Wiz, a leading Cloud Native Application Protection Platform (CNAPP) provider, has announced its acquisition of Dazz Security in a deal valued at $450 million. This strategic move will significantly enhance Wizβs ability to strengthen application security and remediation across the software development lifecycle. Dazz Security, recognized for its leadership in Application Security Posture Management (ASPM), offers advanced capabilities for managing application risks and pinpointing vulnerabilities.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
