๐ Whatโs trending in cybersecurity today?
CISA, SolarWinds, Web Help Desk, HORUS Protector, EDRSilencer, Microsoft, Dataverse, Google Chrome, Vulnerabilities, Westpac, Internet Banking, Wellfleet Group, Germany, Johannesstift Diakonie, Japan, Saizeriya, Ransomware, Texas Spine Consultants, FIDO Alliance, Passkey, White House, AI Chip, Europe, Police Agencies, Darknet Markets, Google Play, Malicious Apps, Netskope, Dasera, Cloud, Data Security
Listen to the full podcast
๐จย Cyber Alerts
1.ย CISA Warns of Critical SolarWinds Flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a critical vulnerability in SolarWinds Web Help Desk (WHD) software. Tracked as CVE-2024โ28987, this flaw, with a CVSS score of 9.1, stems from hard-coded credentials that allow unauthorized access to modify sensitive data, including help desk ticket details. Cybersecurity firm Horizon3.ai provided technical specifics in September 2024, a month after SolarWinds disclosed the issue.
2.ย HORUS Protector Used to Spread Malware
The HORUS Protector crypter is currently being leveraged to distribute various Trojan malware families, including AgentTesla, Remcos, Snake, and NjRat. This distribution primarily occurs through archive files that contain VBE scripts, which are encoded Visual Basic scripts designed to evade detection. Upon execution, these scripts decode and launch malicious payloads, utilizing sophisticated obfuscation techniques that complicate detection and prevention efforts.
3.ย EDRSilencer Tool Used to Bypass Security
EDRSilencer, an open-source red team tool, has been increasingly utilized by cybercriminals to evade detection by Endpoint Detection and Response (EDR) systems. Researchers from Trend Micro have observed that this tool can identify running EDR processes and manipulate network traffic using the Windows Filtering Platform (WFP) to mute security alerts. By disrupting communication between EDR tools and their management consoles, EDRSilencer poses a significant risk to cybersecurity.
4.ย Dataverse Flaw Enables Privilege Escalation
A critical security vulnerability identified as CVE-2024โ38139 has been discovered in Microsoft Dataverse, enabling authorized attackers to escalate their privileges over a network. With a high severity rating of 8.7 on the CVSS scale, this flaw stems from improper authentication mechanisms within the cloud-based storage solution, potentially allowing users with existing high-level access to gain unauthorized entry to sensitive data or system resources.
5.ย New Chrome Update Patches 17 Security Flaws
Google has launched Chrome 130, a critical update that addresses 17 security vulnerabilities in its popular web browser. Among the flaws fixed, CVE-2024โ9954 โ a high-severity use-after-free vulnerability in Chromeโs AI component โ was reported by an external researcher and earned a $36,000 bounty. The update also resolves several medium-severity issues related to Web Authentication, user interface elements, and DevTools.
๐ฅ Cyber Incidents
6.ย Westpac Outage Disrupts Internet Banking
Westpac is facing significant backlash from customers after experiencing a third consecutive day of outages affecting its online and mobile banking services. This disruption has left millions unable to access their accounts or make transactions, with reports of individuals unable to pay for essentials like petrol due to non-functioning cards. The bank has yet to disclose the underlying cause of these outages, which have also raised concerns about a potential cyber attack, as they have been referred to the governmentโs lead cybersecurity agency.
7.ย Wellfleet Group Hit With Data Breach
On October 14, 2024, Wellfleet Group, LLC, notified the Attorney General of Texas about a data breach involving unauthorized access to sensitive information. The breach compromised personal data belonging to certain individuals, including names, addresses, medical information, health insurance details, and dates of birth. Following the discovery of the incident, Wellfleet initiated an investigation and began sending data breach notification letters to those affected.
8.ย Cyberattack Disrupts Johannesstift Diakonie
The Johannesstift Diakonie, a prominent healthcare provider operating across several federal states in Germany, has fallen victim to a significant cyberattack that occurred on October 14, 2024. The incident involved a crypto attack that led to the encryption of all servers, resulting in widespread failure of IT systems within their facilities. While the organization reassured the public that patient care remains unaffected, essential functions such as patient data management, staff deployment planning, and appointment scheduling have been disrupted.
9.ย Japanโs Saizeriya Faces Ransomware Attack
Saizeriya Co., Ltd., a prominent Japanese restaurant chain, has confirmed that it fell victim to a ransomware attack, resulting in significant disruptions to its services due to server outages. The company has expressed concern over a high likelihood of personal and confidential information being compromised, which may include employee data, business partner information, and customer service inquiries. In response to the breach, Saizeriya has taken measures to isolate its compromised systems from both the internet and internal networks to prevent further damage.
10.ย Texas Spine Consultants Suffers Data Breach
Texas Spine Consultants (TSC), a full-service orthopedic center, has reported a data breach potentially affecting the personal and protected health information of some patients. The incident was detected around May 13, 2024, when TSC noticed unusual activity in one of its employee email accounts. Following the discovery, TSC engaged a specialized cybersecurity firm to conduct a forensic investigation, which confirmed that unauthorized access to certain patient data, including names, dates of birth, medical information, and health insurance details, had occurred.
๐ข Cyber News
11.ย FIDO Alliance Releases New Passkey Specs
The FIDO Alliance recently announced the release of new specifications aimed at securely transferring passkeys and credentials across different providers, enhancing the user experience and promoting wider adoption of passkeys. This initiative, which includes contributions from major companies such as 1Password, Apple, Google, and Microsoft, introduces the Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF). These specifications standardize the format for transferring passkeys and other credentials between management platforms, ensuring a secure and seamless transition for users switching providers.
12.ย White House Considers AI Chip Export Limits
The Biden administration is considering expanding export limits on advanced AI chips produced by Nvidia and AMD to include certain Persian Gulf countries, particularly Saudi Arabia and the United Arab Emirates. This move, driven by national security concerns, could place restrictions on sales of these chips, which are essential for AI data center investments in the region. The U.S. government has previously prohibited the sale of these advanced AI chips to China and imposed restrictions on numerous other countries to prevent indirect access to China.
13.ย EU Police Crack Down on Darknet Markets
In a significant crackdown on darknet drug markets, European police agencies, including Dutch, Finnish, and Swedish authorities, have made substantial strides this October by shutting down multiple illicit online platforms. Notably, Finnish police have dismantled Sipulitie, which emerged as a leading drug marketplace in Finland since its launch in 2023, alongside a chat-based contraband site operated by the same administrator.
14.ย Over 200 Malicious Apps Found on Google Play
Over 200 malicious applications have been identified on the Google Play Store, collectively downloaded nearly eight million times from June 2023 to April 2024. Among the various malware types discovered, the โJokerโ malware emerged as the most prevalent, accounting for 38.2% of detections. This info-stealer is known for subscribing victims to premium services while also grabbing SMS messages. Other notable threats included adware (35.9%), facestealers (14.7%), and the Coper malware (3.7%), which performs keylogging and phishing attacks.
15.ย Netskope Acquires Dasera for Data Security
Netskope has acquired Dasera, a data security posture management (DSPM) startup, to enhance its capabilities in safeguarding both structured and unstructured data across cloud environments. This acquisition aims to integrate Daseraโs innovative solutions with Netskopeโs existing security framework, allowing for better protection of platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) settings. Led by former McKinsey and HP executive Ani Chaudhuri, Daseraโs approach focuses on providing expert visibility and data lineage, facilitating a seamless blend into Netskopeโs offerings.
Copyright ยฉ 2024 CyberMaterial. All Rights Reserved.