π What’s happening in cybersecurity today?
Iran, Hackers, Windows, Privilege Escalation, Water Makara, Obfuscated, JavaScript, Phishing Campaigns, Google, uBlock Origin, Chrome, Browser, HashiCorp Vault, Apache Roller, Cross-Site Request Forgery, Vulnerability, America First Policy Institute, Breach, Political Tensions, Central Tickets, User Information, Ukraine, Russia, Court Websites, Cyberattack, Calgary, Public Library, Offline, Germany, Hubergroup, IT Systems, US, Department of Defense, Cybersecurity Maturity Model Certification, New South Wales, Cyber Forensics, Facility, Ransomware, Costs, $1.3 Million, Cympire, Israel Defense Forces, Training, Solutions, Conscia, Ireland, PlanNet21 Group
Listen to the full podcast
π¨Β Cyber Alerts
Iranian state-sponsored hacking group APT34, also known as OilRig, has launched new cyberattacks targeting government and critical infrastructure in the Gulf region, specifically the United Arab Emirates. These attacks exploit a Windows flaw, allowing privilege escalation, and compromise Microsoft Exchange servers to steal credentials. According to Trend Micro, OilRig’s attack chain begins with deploying a web shell through a vulnerable server, followed by the use of tools to elevate privileges on compromised systems.
Trend Micro researchers have identified a significant increase in spear phishing attacks orchestrated by the threat actor group Water Makara, primarily targeting organizations in Brazil. This campaign utilizes the notorious Astaroth banking malware, leveraging obfuscated JavaScript embedded within malicious emails that often disguise themselves as official tax documents. The attacks exploit the urgency surrounding personal income tax filings, tricking recipients into downloading harmful ZIP files. These files contain a malicious LNK file that, once executed, runs JavaScript commands to connect to a command-and-control server.
Google has issued a warning that the popular ad blocker, uBlock Origin, may soon be blocked in the Chrome browser due to its reliance on the now-deprecated Manifest V2 extension specification. The warning, displayed on the Chrome Web Store, states that the extension may not adhere to the latest best practices for Chrome extensions, which are designed to enhance user privacy and security. As part of this transition to Manifest V3, Google has suggested users consider alternative ad blockers that comply with the new requirements, such as uBlock Original Lite.
HashiCorp has disclosed a critical security vulnerability in its Vault secret management platform, identified as CVE-2024-9180, which could allow attackers to escalate their privileges to the highly sensitive root policy. This flaw affects both Vault Community and Enterprise Editions across various versions and has been assigned a CVSSv3 score of 7.2, indicating a significant potential impact. The vulnerability arises from the mishandling of entries in Vaultβs in-memory entity cache, enabling a malicious actor with write permissions to manipulate their cached entity record through the identity API.
The Apache Roller team has announced a critical security update addressing a Cross-Site Request Forgery (CSRF) vulnerability that could allow attackers to escalate privileges and perform unauthorized actions on behalf of authenticated users. The newly released version, Apache Roller 6.1.4, implements essential security enhancements, including safer defaults that sanitize HTML content to prevent malicious code injection and disabling custom themes and file uploads by default to minimize risks.
π₯ Cyber Incidents
The America First Policy Institute, a prominent group advising a potential Donald Trump administration, has reported a breach of its computer systems. This marks the second known cyberattack targeting a political institution in the heat of elections, although the America First Policy Institute has not disclosed specific details regarding the compromised materials.
Central Tickets, a discount theatre ticketing platform, has confirmed a data breach that exposed the personal information of its users. The breach occurred on July 1, 2024, but the company only became aware of it in September after being alerted by the Metropolitan Police about discussions on the dark web regarding the incident. The company stated that a staging database used for testing purposes was compromised, resulting in unauthorized access to users’ names, email addresses, mobile numbers, and hashed passwords.
A significant cyberattack attributed to the pro-Ukraine hacker group BO Team has caused widespread disruptions to Russian general jurisdiction court websites, rendering them inaccessible for several days. The attack reportedly targeted the βPravosudiyeβ system, which handles case management and electronic court filings for most Russian courts. A leaked document revealed that affected services may not be restored until at least October 18, highlighting the attack’s severe impact on judicial operations.
The Calgary Public Library in Canada has closed all its locations in response to a recent cyberattack that compromised several of its systems. The decision to shut down physical locations was made on Friday afternoon as a precautionary measure to mitigate potential damage from the breach. Experts, including Tom Keenan from the University of Calgary, highlight that public institutions like libraries are attractive targets for cybercriminals due to the extensive personal data they collect, including names and addresses.
The Hubergroup, a prominent manufacturer of printing inks based in Germany, has fallen victim to a cyberattack that has significantly impacted its operations. The company’s SAP system and various regional IT infrastructures have faced restrictions for nearly two weeks, leading to delays in production and delivery. In a statement, press spokesperson Fabian Meyer-Theobaldy confirmed the incident and emphasized that the company’s security protocols had effectively isolated affected systems to prevent further spread.
π’ Cyber News
The U.S. Department of Defense (DoD) has finalized its Cybersecurity Maturity Model Certification (CMMC) 2.0 rule, establishing a new tiered security framework to enhance compliance and protect sensitive unclassified information among defense contractors. The updated model reduces the assessment levels from five to three, simplifying the certification process, especially for small and medium-sized businesses. Under the new rule, contractors in the second and third tiers will undergo third-party assessments to ensure adherence to stricter security standards, aimed at safeguarding federal contract information against cyber threats.
The New South Wales (NSW) government has announced plans to establish a state-of-the-art cyber forensics facility in Australia, funded by CBIT Digital Forensics Services (CDFS) with an investment of $11.7 million. Located in the South Jerrabomberra Regional Jobs Precinct, the facility, named the NANGU Cyber Forensics Facility, is set to create local job opportunities and enhance training in digital forensics. Expected to be completed by March 2025, this facility will provide advanced education and resources to equip professionals in cyber and digital forensics.
A recent report from Coalition reveals a dramatic increase in ransomware attack costs in 2024, with the average ransom demand soaring to $1.3 million and some variants, like Play and BlackSuit, requesting up to $4.3 million for decryption. The severity of ransomware incidents has surged by 68% in the first half of the year compared to the previous six months, although the average loss after negotiations fell to $353,000, a 12% decrease from the same period in 2023. Despite one in 280 insured businesses being affected by ransomware, the overall frequency has dropped by 10%.
Israeli cybersecurity startup Cympire has secured a significant tender from the Israel Defense Forces (IDF) to provide advanced cybersecurity simulation platforms aimed at training military personnel to combat rising digital threats. Under the contract, Cympire will deliver its cutting-edge cybersecurity training and assessment platform, which integrates advanced Cyber Range technology along with comprehensive online training content and services. Founded in 2020, Cympire specializes in military-grade, cloud-native training solutions that offer hyper-realistic environments designed to enhance the cyber defense skills of military, government, and enterprise organizations.
Cybersecurity firm Conscia has made a strategic entry into the Irish market through the acquisition of PlanNet21 Group, a well-established technology solutions provider. With revenues close to β¬70 million in 2022/23 fiscal year, PlanNet21 has a strong foothold in both the public and private sectors, serving approximately 300 customers primarily in technology, media, telecommunications, and government. Conscia, which operates across Europe, aims to leverage this acquisition to enhance its customer offerings and expand its pan-European presence.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
