π Whatβs the latest in the cyber world today?
Supply Chain Attacks, Open-Source, Jetpack Vulnerability, WordPress Sites, CounterSEVeillance, TDXDown, Trusted Execution Environments, North Korean Hackers, Linux, FASTCash, ATM, Splunk, Game Freak, Source Code Leak, Funlab, Lynx Gang, Varsity Brands, Red House, Gryphon Healthcare, EU, NIS2 Deadline, Australian Government, AI Impact Law, Hong Kong Police, Deepfake, Crypto Scam, Hampshire Law Firm, Levales Solicitors, StoΓ―k, Cyber Insurance
Listen to the full podcast
π¨Β Cyber Alerts
1.Β New Supply Chain Attacks Exploit Open-Source
Cybersecurity researchers are raising alarms about the vulnerability of open-source ecosystems to supply chain attacks that exploit entry points in languages such as Python, npm, Ruby Gems, and more. These entry points allow developers to expose functionalities and load plugins, but they can also be abused by attackers to execute malicious code during software installation or execution. Techniques such as command-jacking and command wrapping can silently hijack legitimate commands, enabling attackers to harvest sensitive information while maintaining the appearance of normal operations.
2.Β Jetpack Patches Flaw Affecting 28M Websites
The Jetpack WordPress plugin, utilized by approximately 28 million websites, has addressed a critical vulnerability that could potentially allow logged-in users to access forms submitted by others. Discovered during an internal security audit, this flaw has existed since version 3.9.9, released in 2016. Jetpack, owned by Automattic, collaborated with the WordPress.org Security Team to roll out automatic updates to 101 versions of the plugin, ensuring that all installed sites are now secure.
3.Β New Attacks Target AMD and Intel TEEs
Recent research has revealed significant vulnerabilities in the Trusted Execution Environments (TEEs) of AMD and Intel processors, particularly through new attack methods known as CounterSEVeillance and TDXDown. The CounterSEVeillance attack, developed by researchers from Graz University of Technology and Fraunhofer Institute, specifically targets AMDβs Secure Encrypted Virtualization (SEV) technology, enabling attackers to exploit performance counters to extract sensitive information, including cryptographic keys.
4.Β New Linux FASTCash Malware Targets ATMs
North Korean hackers have unleashed a new Linux variant of the FASTCash malware, enabling them to infiltrate payment switch systems at financial institutions and execute unauthorized cash withdrawals. Previously targeting Windows and IBM AIX systems, this variant specifically targets Ubuntu 22.04 LTS distributions. Security researcher HaxRob revealed that this Linux version operates similarly to its predecessors, manipulating ISO8583 transaction messages to replace βdeclineβ responses with fraudulent βapproveβ notifications.
5.Β Critical Splunk Vulnerabilities Allow RCE
Splunk has issued critical patches addressing multiple high-severity vulnerabilities in its Enterprise product, which could enable attackers to execute remote code on affected systems. Among the most severe flaws is CVE-2024β45733, affecting Windows versions prior to 9.2.3 and 9.1.6, allowing low-privileged users to gain remote code execution due to insecure session storage configurations. Another significant vulnerability, CVE-2024β45731, enables unauthorized file writing to the Windows system root directory, potentially facilitating malicious DLL injection.
π₯ Cyber Incidents
6.Β Game Freak Cyberattack Leaks Source Code
Game Freak, the renowned Japanese video game developer best known for the PokΓ©mon series, confirmed a cyberattack that occurred in August 2024, resulting in the unauthorized access and leakage of sensitive data. This breach has led to the exposure of source code and design documents for upcoming PokΓ©mon titles, sparking significant concern within the gaming community. Alongside the leaked game-related content, personal information belonging to current and former employees, contractors, and associates was also compromised, including full names and email addresses.
7.Β Funlab Confirms Ransomware Attack by Lynx
Australian entertainment company Funlab has confirmed it was the victim of a ransomware attack attributed to the Lynx ransomware gang. The attack was disclosed after Lynx listed Funlab on its leak site, although the gang has not revealed the extent of the data exfiltrated or the ransom demanded. Funlab reported that the incident affected its IT systems over the weekend of September 20β22, 2024, but all operations resumed within 48 hours. The company stated that while no guest data appears to have been accessed, limited information from a small number of current and former employees may have been compromised.
8.Β Varsity Brands Hit With Major Data Breach
Varsity Brands, a prominent U.S.-based manufacturer of academic apparel and cheerleading gear, has reported a data breach affecting nearly 66,000 individuals. The company discovered βunusual activityβ on May 24, 2024, prompting an immediate shutdown of the compromised systems. While Varsityβs breach notification indicates that only a βsmall subsetβ of files was accessed, the details provided to the Maine Attorney General reveal that personal identifiers of affected individuals were exposed.
9.Β Red House Suffers Significant Data Breach
On January 25, 2024, Red House experienced a significant data security incident that compromised its computer systems, temporarily disrupting operations. An investigation revealed that an unauthorized actor gained access to sensitive employee, vendor, and customer information, including names and Social Security numbers. Following the breach, Red House promptly notified federal law enforcement and implemented measures to assess the security of its systems.
10.Β Gryphon Healthcare Hack Exposes Patients
Gryphon Healthcare, a Texas-based healthcare revenue cycle management firm, is notifying nearly 400,000 individuals about a significant data breach stemming from an unnamed third-party partner. The breach, detected on August 13, 2024, allowed unauthorized access to sensitive personal and protected health information of patients for whom Gryphon provides medical billing services. Affected data includes names, dates of birth, Social Security numbers, addresses, health insurance details, and medical records.
π’ Cyber News
11.Β Most EU Nations Set to Miss NIS2 Deadline
Most European Union (EU) nations are poised to miss the impending deadline for implementing the Network and Information Security Directive 2 (NIS2), a critical cybersecurity regulation aimed at enhancing security measures across essential sectors, including finance, energy, and healthcare. Despite the directive coming into force early last year, only six countries β Belgium, Croatia, Greece, Hungary, Latvia, and Lithuania β have successfully incorporated NIS2 into their national statutes ahead of the October 17 deadline.
12.Β Australia Reviews AI Impact on Consumer Law
The Australian government is conducting a comprehensive review of how artificial intelligence (AI) affects the Australian Consumer Law (ACL) to ensure that it remains suitable for the evolving business landscape. As part of a broader initiative to foster safe and responsible AI use, this review, led by Treasury and involving the Department of Health and Aged Care and the Attorney-Generalβs Department, aims to assess whether current consumer protections adequately address risks associated with AI-enabled goods and services.
13.Β 27 Arrested in Hong Kong Deepfake Scam
Hong Kong police have successfully dismantled a sophisticated deepfake romance scam that swindled victims out of $46 million through fake cryptocurrency investments. The operation targeted individuals across Hong Kong, Singapore, and mainland China, utilizing advanced deepfake technology to create convincing online personas. Authorities arrested 27 suspects, including university graduates and alleged members of the Sun Yee On triad, who facilitated the scheme by establishing fake trading platforms.
14.Β Law Firm Sanctioned for Security Lapses
Levales Solicitors LLP, a Hampshire-based law firm specializing in criminal and military law, has faced significant reprimands from Ukβs Information Commissionerβs Office (ICO) following a serious data breach that compromised sensitive client information. Hackers accessed the firmβs secure cloud-based server, resulting in the unauthorized exposure of personal details of 8,234 clients, including names, addresses, national insurance numbers, prisoner numbers, and health statuses.
15.Β StoΓ―k Secures $27M to Boost Cyber Insurance
StoΓ―k, a French startup focused on cyber insurance for small and medium-sized businesses (SMBs), has successfully raised β¬25 million (approximately $27 million) in a Series B funding round. As cyber threats increasingly impact smaller enterprises, StoΓ―k aims to address this challenge by providing tailored insurance products specifically designed for European companies. Unlike other firms that primarily target the U.S. market, StoΓ―k covers businesses with annual turnovers of up to β¬750 million, offering coverage limits of β¬7.5 million.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
