π Whatβs going on in the cyber world today?
Iran, Brute-Force, US, Infrastructure, ScarCruft, Windows, Zero-Day, RokRAT Malware, VMware, HCX, SQL Injection, Cloud Solutions, Trend Micro, Cloud Edge, Remote Code Execution, Oracle, Update, Texas Tech University Health Sciences Center, Breach, Radiant Capital, $58 Million, North American Steel Tie Corporation, Data Exposure, Arts HomeBase, User Data, Unauthorized Access, Parking Pay, CISA, FBI, Product Security, Bad Practices, UK, Ireland, Crypto, Regulations, EU, Maryland, Data Center, Standards, Sonar, Acquires, Structure101
Listen to the full podcast
π¨Β Cyber Alerts
1. Iranian Attacks Target Critical US Sectors
A joint advisory from U.S. and international security agencies has exposed a year-long Iranian cyber campaign targeting critical infrastructure sectors, including healthcare, government, IT, and energy. Using brute-force attacks, such as password spraying and MFA push bombing, the attackers gain unauthorized access to networks, often modifying MFA registrations to maintain persistent access. Once inside, they steal credentials and other sensitive information, which is then sold to cybercriminals.
2. ScarCruft Exploits Zero-Day to Spread RokRAT
North Korean threat actor ScarCruft has been exploiting a recently patched Windows zero-day vulnerability (CVE-2024β38178) to spread RokRAT malware. The flaw, a memory corruption bug in the Scripting Engine, allows remote code execution when using Edge in Internet Explorer Mode. ScarCruft embedded malicious code in βtoastβ ads delivered by a compromised South Korean advertising agency, targeting users who clicked on the infected content. Once exploited, the malware provides remote access, collects sensitive data, and executes commands from a remote server.
3. VMware HCX Flaw Allows SQL Injection
VMware has identified a critical security vulnerability in its HCX platform, designated CVE-2024β38814, which allows authenticated users with non-administrator privileges to execute SQL injection attacks. This high-severity flaw, rated 8.8 on the CVSSv3 scale, affects versions 4.8.x, 4.9.x, and 4.10.x of VMware HCX, posing significant risks to organizations by potentially compromising the confidentiality, integrity, and availability of their systems. If successfully exploited, attackers could lead to severe consequences, including data theft and system manipulation.
4. Trend Micro Cloud Edge Vulnerability Exposed
Trend Micro has issued an urgent security bulletin regarding a critical vulnerability in its Cloud Edge appliance, tracked as CVE-2024β48904, which has received a CVSS score of 9.8. This command injection vulnerability affects Cloud Edge versions 5.6SP2 and 7.0, allowing remote attackers to execute arbitrary code without authentication. If exploited, this flaw could enable malicious actors to compromise affected devices and potentially gain access to connected networks.
5. Oracle Patches 334 Vulnerabilities in Update
Oracle has announced its October 2024 Critical Patch Update (CPU), addressing an impressive 334 security vulnerabilities across various product families. This significant update, marking the final CPU of the year, highlights the critical need for cybersecurity vigilance among organizations using Oracle technologies. Among the patched vulnerabilities, 35 are categorized as critical, with 16 posing the highest risk levels. Notably, 61 vulnerabilities may be remotely exploitable without authentication, underscoring the urgency for users to apply these updates promptly.
π₯ Cyber Incidents
6. TTUHSC Hit By Breach Disrupting Operations
The Texas Tech University Health Sciences Center (TTUHSC) is currently investigating a cybersecurity incident that has caused a temporary disruption to its computer systems. The breach has affected various online services, including those for patient care and student applications, impacting coursework and clinic rotations. Despite the disruption, pharmacies and clinics will remain operational.
7. Radiant Capital Suspends Lending Post Breach
Radiant Capital has suspended its lending markets after suffering a significant cybersecurity breach resulting in an estimated loss of approximately $58 million. The exploit occurred on the BNB Chain and Arbitrum networks, where attackers exploited the βtransferFromβ function, allowing them to drain funds including USD Coin and Ether from users. In response to the incident, Radiant Capital is collaborating with cybersecurity firms such as SEAL911 and Chainalysis to investigate the breach and secure its platform.
8. NARSTCO Cyberattack Exposes Sensitive Data
On October 14, 2024, North American Steel Tie Corporation (NARSTCO), a subsidiary of RailWorks, reported a significant data breach resulting from a cyberattack that compromised sensitive consumer information. The breach, which was identified on July 21, 2024, allowed unauthorized access to critical data, including names, addresses, and Social Security numbers of affected individuals. Following a thorough investigation with third-party cybersecurity experts, NARSTCO completed its review of the compromised files on September 17, 2024, and promptly began notifying those impacted.
9. Arts HomeBase Faces Security Breach
Arts HomeBase at American River College recently experienced a concerning data breach, prompting immediate changes to its cybersecurity protocols. On September 5, staff members received alerts of unauthorized access to their main HomeBase account from an unknown device identified as an iPhone, raising suspicions among staff who do not own such devices. In response to the incident, Arts HomeBase staff have become more vigilant about safeguarding their information, implementing stricter password policies, and introducing measures like blackout screens on desktop monitors to protect sensitive data.
10. Japanβs Parking Pay Suffers Data Breach
Parking Pay Management Office, Inc. has issued an important notice regarding a potential data breach that may have exposed the personal registration information of its members. Following unauthorized external manipulation of their management system on September 16, 2024, it has been confirmed that sensitive data, including member IDs, email addresses, vehicle number plates, and invitation codes, may have been accessed. While no credit card or payment information was compromised, the company urges members to change their passwords as a precautionary measure.
π’ Cyber News
11. CISA Releases Product Security Guidelines
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released the Product Security Bad Practices catalog, a pivotal resource aimed at enhancing software security across industries, especially those connected to critical infrastructure. This catalog identifies high-risk software development practices and offers guidelines for mitigating these vulnerabilities, urging manufacturers to adopt secure practices to protect against potential cyber threats.
12. UK Reports Rise in National Cyber Incidents
The United Kingdom has reported a significant increase in cybersecurity incidents deemed βnationally significant,β with a 50% spike noted this year, according to Richard Horne, the new CEO of the National Cyber Security Centre (NCSC). Speaking at the Singapore International Cyber Week, Horne revealed that severe incidents have tripled, highlighting the urgent need for enhanced cyber defenses. This rise in attacks is attributed to rapid advancements in technology, which have empowered novice hackers with tools once reserved for state-sponsored actors.
13. Ireland Moves Swiftly to Regulate Crypto
Ireland is swiftly drafting new cryptocurrency regulations in anticipation of stringent European Union Anti-Money Laundering (AML) and counter-terrorism financing laws set to take effect on December 30, 2024. Finance Minister Jack Chambers emphasized the urgency of updating the countryβs crypto framework to ensure compliance with the EU directives, which will enhance the powers of financial intelligence units to suspend transactions and impose stricter reporting requirements for crypto exchanges.
14. Maryland CEO Indicted for SEC Fraud Scheme
Deepak Jain, the 49-year-old CEO of a Maryland IT services firm, has been indicted on multiple counts of fraud and making false statements to the U.S. Securities and Exchange Commission (SEC). A federal grand jury in Washington, D.C., accused Jain of orchestrating a scheme to deceive the SEC into believing his companyβs data center met the highest reliability and security standards, when in fact it did not. The indictment reveals that Jain created a fictitious entity called βUptime Councilβ to produce fraudulent certification letters falsely claiming compliance with Tier IV standards.
15. Sonar Buys Structure101 For Code Insights
Sonar has strengthened its capabilities in code architecture by acquiring Structure101, an Irish company known for its expertise in code structure analysis. This acquisition, led by Chris Chedgey since 1999, aims to address critical design issues that hinder software maintainability and evolution. By integrating Structure101βs design rules into its workflows, Sonar plans to help developers better manage technical debt and improve software design.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
