October 21 2024 – Cyber Briefing

👉 What’s happening in cybersecurity today?

End-to-End Encryption, Cloud Storage, Bumblebee Malware, Corporate Networks, Bitdefender, Man-in-the-Middle, Spectre Bypass, Intel, AMD, Linux, Veeam, CISA, Known Exploited Vulnerabilities, ESET, Phishing, Wipers, DeFi Protocol, Tapioca DAO, Fair Vote Canada, Data Leak, Moldova, Parliament, Bank of Cyprus, DDoS, Disinformation Tactics, US Elections 2024, Huawei Cloud, Cybersecurity Certification, Kroger, Facial Recognition, Privacy Concerns, FBI Most Wanted, Milan, Stripe, $1.1 Billion, Acquisition, Bridge

Listen to the full podcast

🚨 Cyber Alerts

1. Severe Flaws Found in Cloud Storage Services

Researchers from ETH Zurich have uncovered critical security vulnerabilities in several major end-to-end encrypted (E2EE) cloud storage providers, including Sync, pCloud, Seafile, Icedrive, and Tresorit. These flaws allow a malicious server to tamper with or inject files, manipulate metadata, and even access plaintext data, exposing users to serious risks. The vulnerabilities stem from common cryptographic design failures, such as unauthenticated keys and encryption protocol downgrades.

2. Bumblebee Malware Targets Corporate Networks

Bumblebee, a sophisticated malware loader, has resurfaced, posing a significant threat to corporate networks globally. Recent findings from Netskope Threat Labs reveal a new infection chain linked to Bumblebee, marking its first emergence since the Europol-led Operation Endgame in May 2024. Initially identified by Google’s Threat Analysis Group in March 2022, Bumblebee is known for infiltrating corporate systems to deploy additional payloads, including Cobalt Strike beacons and ransomware.

3. Bitdefender Flaws Expose Users to MITM

Bitdefender Total Security has been found to have multiple critical vulnerabilities that expose users to Man-in-the-Middle (MITM) attacks due to improper certificate validation in its HTTPS scanning functionality. Identified under several CVEs, including CVE-2023–6055 and CVE-2023–6056, these flaws allow attackers to intercept and alter communications by trusting invalid or self-signed certificates. Other vulnerabilities, such as CVE-2023–6057 and CVE-2023–49567, involve the insecure trust of DSA-signed certificates and outdated hash functions like MD5 and SHA1, further facilitating MITM exploits.

4. X86 CPUs Vulnerable to Spectre Bypass

Recent research from ETH Zurich has revealed new vulnerabilities affecting Intel and AMD CPUs on Linux, specifically related to speculative execution attacks that bypass existing Spectre mitigations. The vulnerabilities impact various generations of Intel processors, including the 12th to 14th consumer chips and 5th and 6th generation Xeon processors, along with AMD’s Zen 1, Zen 1+, and Zen 2 microarchitectures. These attacks exploit flaws in the Indirect Branch Predictor Barrier (IBPB), a crucial defense mechanism against such threats, allowing attackers to leak sensitive information despite prior mitigations.

5. CISA Adds Veeam Vulnerability to KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that a recently discovered vulnerability in Veeam software is being actively exploited by ransomware gangs, prompting its addition to the Known Exploited Vulnerabilities (KEV) Catalog. This critical vulnerability, rated with a severity score of 9.8, could allow attackers to gain full control of affected systems, manipulate data, and move laterally within networks.

💥 Cyber Incidents

6. ESET Partner Breach Leads to Phishing

Hackers have compromised ESET’s exclusive partner in Israel, Comsecure, to execute a phishing campaign targeting Israeli businesses with malicious data wipers disguised as antivirus software. Beginning on October 8, attackers sent emails branded with ESET’s logo from the legitimate domain eset.co.il, indicating a significant breach of the email server. The phishing emails, falsely claiming to be from “ESET’s Advanced Threat Defense Team,” warned recipients of state-backed threats and offered a fictitious tool called “ESET Unleashed” to protect their devices.

7. Tapioca DAO Hit by $4.7 Million Hack

Tapioca DAO, a decentralized finance (DeFi) protocol, fell victim to a significant social engineering attack that resulted in the theft of $4.7 million. The incident, which occurred on October 18, involved the attacker compromising the ownership of the vesting contract for the Tapioca DAO Token (TAP) and the USDO stablecoin. By leveraging phishing tactics, the attacker managed to gain access to sensitive data, allowing them to claim and sell vested TAP tokens. In response to the breach, Tapioca has offered a $1 million bounty in Tether to the attacker in hopes of recovering the remaining $3.7 million.

8. Fair Vote Canada Suffers Email Data Leak

Fair Vote Canada has disclosed a data leak affecting approximately 34,000 email addresses, raising concerns about the organization’s data security practices. Although no financial information was compromised, the breach involved personal data from 2020, including names, phone numbers, addresses, and details about donations, which became publicly accessible due to inadequate security measures on an external website. The organization traced the incident to a well-meaning volunteer who had temporary access to the data.

9. Moldova Hit by Cyberattack Before Elections

Moldova’s parliamentary email servers were targeted in a cyberattack on October 17, just days before the country’s presidential election and a referendum on enshrining European Union integration in the constitution. The incident was confirmed by a press service statement, which noted that cybersecurity experts are investigating the breach and working to secure the data. This attack comes amid an alarming rise in cyber incidents in the region, particularly as Moldovans prepare to vote in a critical election where incumbent President Maia Sandu, a pro-EU advocate, is seeking re-election against ten challengers.

10. Bank of Cyprus Thwarts DDoS Cyber Attack

On October 21, 2024, the Bank of Cyprus announced that it successfully thwarted a cyber-attack aimed at disrupting its website operations on the afternoon of October 20. The attempted Distributed Denial of Service (DDoS) attack, which began around 18:30 local time, was designed to render the bank’s websites inaccessible; however, the institution confirmed that its sites remained fully operational throughout the incident.

📢 Cyber News

11. Foreign Disinformation Highlighted by CISA

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have released a joint public service announcement detailing tactics foreign threat actors are using to disseminate disinformation ahead of the 2024 U.S. general election. The announcement emphasizes the importance of election security as a matter of national security, urging Americans to remain vigilant against misleading content designed to undermine trust in the democratic process.

12. CSA and Huawei Enhance Cybersecurity Guide

The Cyber Security Agency of Singapore (CSA) has partnered with Huawei Cloud to release a new Security Companion Guide aimed at simplifying the Cyber Trust mark certification process for enterprises. Launched during GovWare 2024, the guide addresses the growing cybersecurity challenges faced by organizations, with over 80% reporting incidents in the past year. The guide outlines practical steps for implementing cybersecurity practices based on a cloud security responsibility-sharing model, helping businesses enhance their defenses against cyber threats.

13. Kroger’s Facial Recognition Plan Criticized

Kroger’s plans to implement facial recognition technology in its grocery stores have sparked growing concerns among lawmakers, who fear the potential for biased pricing and risks to customer privacy. In a recent letter, Congresswoman Rashida Tlaib highlighted the discriminatory implications of using facial recognition, particularly in predominantly Black and Brown neighborhoods. Lawmakers, including Senators Elizabeth Warren and Bob Casey, expressed worries that the technology could enable Kroger to create detailed customer profiles, leading to price discrimination based on individual shopping habits.

14. FBI’s Most Wanted Hacker Arrested in Milan

A 43-year-old Italian-Australian man, listed as one of the FBI’s most wanted hackers, was arrested at Milan’s Malpensa Airport after eluding authorities for over three years. The arrest, conducted by Milan State Police, follows an indictment from the U.S. District Court of North Carolina, which accuses him of participating in a sophisticated cyber fraud scheme that defrauded victims of approximately $31 million.

15. Stripe Acquires Bridge for $1.1 Billion

Stripe has made headlines with its historic acquisition of stablecoin platform Bridge for a staggering $1.1 billion, marking Stripe’s largest acquisition to date and setting a record in the cryptocurrency sector. Founded by entrepreneurs Sean Yu and Zach Abrams, Bridge has established itself as a leading software solution provider for enterprises looking to process stablecoin payments. This acquisition significantly enhances Stripe’s capabilities in the cryptocurrency space, coinciding with the recent reintroduction of cryptocurrency payment functionalities for U.S. businesses, which now support USDC transactions across multiple blockchain networks.