π What’s trending in cybersecurity today?
Fake Crypto Wallet, Recovery Packages, PyPI, Zimbra Postjournal, Bluetooth, XWorm Malware, Verizon Outage, FCC Investigation, French Broker, Meilleurtaux, VA Employees, Medical Privacy, Vice Presidential Candidates, New York Sports Club, Rackspace, CISA Guidance, Operational Technology Principles, European Commission, AI Code of Practice, Evil Corp Syndicate, Ransomware Attacks, Crypto Hacks, Apono, Cloud Security Solutions.
Listen to the full podcast
π¨Β Cyber Alerts
A new wave of malicious packages was uncovered in the Python Package Index (PyPI), disguised as cryptocurrency wallet recovery tools. These packages specifically targeted users of well-known wallets such as Atomic, Trust Wallet, Metamask, and Exodus, stealing sensitive data including private keys and transaction histories. The attackers tricked users with fake download statistics and installation instructions, making the packages appear trustworthy. Once installed, the tools exfiltrated wallet data to remote servers, employing advanced techniques like dead drop resolvers to avoid detection.
Cybersecurity researchers are alerting organizations about ongoing attacks exploiting a newly disclosed vulnerability in Synacor’s Zimbra Collaboration platform. Proofpoint observed these attacks beginning September 28, 2024, targeting CVE-2024-45519, which allows unauthenticated attackers to execute arbitrary commands on vulnerable systems. Users are strongly advised to apply the latest patches to mitigate the risk of exploitation.
A significant vulnerability in Bluetooth technology known as CVE-2020-26558 has been identified, threatening devices that support various Bluetooth Core Specifications. This flaw, dubbed βImpersonation in the Passkey Entry Protocol,β allows man-in-the-middle attackers to exploit the pairing process, leading to unauthorized access between devices. Security experts advise users to stay updated on patches and manufacturers to implement the latest specifications to mitigate risks associated with this vulnerability.
XWorm is a sophisticated malware known for its evasion tactics and potential to inflict serious damage on systems. Recently analyzed by NetSkope researchers, a new variant of XWorm, identified as version 5.6, is delivered via Windows script files, showcasing its versatility since its initial discovery in 2022. This malware employs various obfuscation methods and malicious techniques, including downloading obfuscated PowerShell scripts and creating files in targeted directories to establish persistence through scheduled tasks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog by adding several new entries, including vulnerabilities in D-Link routers and SAP Commerce Cloud. The newly listed vulnerabilities include CVE-2023-25280, an OS command injection vulnerability in the D-Link DIR-820 Router, and CVE-2020-15415, which affects DrayTek Multiple Vigor Routers. CISA mandates that federal agencies address these vulnerabilities by October 21, 2024, while encouraging private organizations to also review and mitigate risks associated with these identified threats.
π₯ Cyber Incidents
Β
Verizon experienced a major outage affecting over 100,000 users across the western United States, leaving many without mobile service on a Monday morning. Reports of service disruptions began around 9:30 a.m. ET, with the Federal Communications Commission (FCC) launching an investigation into the incident. After a ten-hour struggle, Verizon announced that services were fully restored, advising customers to restart their devices if they still faced issues and expressing appreciation for their patience throughout the ordeal.
Β
Meilleurtaux, a French company specializing in the brokerage of financial products, informed its customers on September 27 about a significant personal data leak following an external attack on its IT systems. The company acted swiftly to contain the breach but confirmed that certain personal data was compromised. The exposed information includes customers’ first and last names, postal and telephone details, dates and countries of birth, family situations, income amounts, and professional statuses, affecting those who had recently sought support from the firm.
Β
A criminal investigation is underway into unauthorized access to the medical records of vice presidential candidates JD Vance and Tim Walz by Department of Veteran Affairs employees. This breach of medical privacy, discovered during a routine log review, involved at least a dozen employees accessing the records without proper authorization. The VA has referred the matter to federal prosecutors, and those responsible may face serious consequences, including termination and criminal penalties.
Β
On September 26, 2024, New TSI Holdings, Inc. operating as New York Sports Club notified the California Attorney General of a data breach impacting 19,836 individuals. The breach allowed an unauthorized party to access sensitive employee information, including names, Social Security numbers, and passport numbers. In response to the incident, New York Sports Club began notifying affected individuals and secured its network to enhance cybersecurity measures.
Β
Rackspace experienced a data breach that exposed limited customer monitoring data after threat actors exploited a zero-day vulnerability in a third-party tool used by ScienceLogic’s SL1 platform. ScienceLogic quickly developed and distributed a patch to address the vulnerability while assisting affected customers. Although the attack led to unauthorized access to internal Rackspace monitoring web servers, the company confirmed that customer configurations and hosted data remained secure, and no further action was needed from customers.
π’ Cyber News
The Australian Signals Directorateβs Australian Cyber Security Centre partnered with CISA, the FBI, and the NSA to release a guide on the principles of operational technology (OT) cybersecurity. This guide aims to help critical infrastructure organizations recognize how their business decisions may negatively affect the security of their OT environments. By following the six outlined principles, organizations can improve their decision-making processes to enhance security and ensure business continuity in the face of potential risks.
The European Commission has appointed a 13-member team to draft the code of practice for general-purpose artificial intelligence as mandated by the AI Act. Announced on a recent Monday, the commission established four working groups focusing on key areas such as transparency, copyright, risk assessment, and governance related to AI systems, including large language models. With implementation set for next August, the working groups consist of chairs and vice-chairs from the fields of computer science, AI governance, and law, tasked with refining the drafts under the commission’s oversight.
The Evil Corp cybercrime syndicate has been hit with new sanctions from the United States, United Kingdom, and Australia, further tightening the net around its operations. The U.S. Treasuryβs Office of Foreign Assets Control (OFAC) sanctioned seven individuals and two entities connected to the group, which has been implicated in conducting BitPaymer ransomware attacks. These actions follow a previous wave of sanctions in 2019 that targeted seventeen individuals and seven entities affiliated with Evil Corp, including its notorious leader, Maksim Yakubets.
In September, the cryptocurrency sector experienced significant losses exceeding $120 million due to more than 20 hacking incidents. According to blockchain forensic firm PeckShield, this figure marks a 61.76% decrease from August’s losses. Notably, Singapore-based BingX suffered the most severe impact, losing over $40 million, followed by Penpie and Indodax with losses of $27 million and $21 million, respectively.
Cloud access startup Apono has successfully raised $15.5 million in a Series A funding round, increasing its total funding to $20.5 million. Led by New Era Capital Partners, the round also received backing from Mindset Ventures, Redseed Ventures, and Silvertech Ventures. Founded in 2022 and based in Wilmington, Delaware, Apono specializes in AI-driven least privilege access and anomaly detection, aiming to streamline access management while enhancing security in complex cloud environments.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
