π What’s the latest in the cyber world today?
npm Packages, SSH, Backdoor, Ethereum, Wallet Keys, Beast, Ransomware, Windows, Linux, ESXi, VMware, Remote Code Execution, CISA, ScienceLogic, Zero-Day, Known Exploited Vulnerabilities, Docker, API, Cryptominer, Johnson & Johnson, Breach, Sensitive Information, Juventus, X Account, Hack, Arda Guler, Transak, Breach, Employee, Laptop, Winnebago Public Schools, Cyberattack, South China Athletic Association, US, Sensitive Data, Protection Rule, Quad Nations, Cybersecurity, Workforce, Synapxe, Cybersecurity Framework, Sophos Secureworks, Acquisition, Great Expressions, Settlement
Listen to the full podcast
π¨Β Cyber Alerts
Cybersecurity researchers have identified malicious npm packages targeting Ethereum wallet developers by embedding an SSH backdoor to steal private keys and gain remote access to compromised machines. Published under accounts like “crstianokavic” and “timyorks,” these rogue packages impersonate the legitimate “ethers” library, commonly used in Ethereum development. The packages, such as “ethers-mew” and “ethers-web3,” attempt to write the attacker’s SSH key to the victimβs machine, granting unauthorized access.
Cybersecurity researchers at Cybereason have identified a new strain of ransomware known as Beast, which is actively targeting Windows, Linux, and ESXi systems. This sophisticated malware, developed initially in Delphi and now in C and Go, employs advanced encryption techniques, including elliptic-curve and ChaCha20 encryption, to render victims’ data inaccessible.
VMware has released critical updates to address a remote code execution (RCE) vulnerability in vCenter Server, tracked as CVE-2024-38812, which carries a CVSS score of 9.8. The vulnerability, identified as a heap overflow in the DCE/RPC protocol implementation, allows attackers with network access to exploit the flaw by sending specially crafted packets, potentially leading to RCE.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog following reports of its active exploitation as a zero-day. Tracked as CVE-2024-9537, this flaw, which has a CVSS v4 score of 9.3, involves an unspecified third-party component that could allow for remote code execution.
Trend Micro researchers have uncovered a new method employed by malicious actors to exploit Docker remote API servers, using the gRPC protocol over HTTP/2 (h2c) to deploy the SRBMiner cryptominer for illicit XRP mining. This sophisticated attack begins with the threat actor probing the Docker API to ascertain its availability and version before requesting upgrades and methods to manipulate Docker functionalities.
π₯ Cyber Incidents
Johnson & Johnson has disclosed a data breach that has impacted the personal information of over 3,200 individuals. The company informed the Maine Attorney Generalβs Office last week that it detected unauthorized activity on its network in mid-August 2024. Following the discovery, Johnson & Johnson launched an investigation and implemented measures to enhance its cybersecurity. A third-party digital forensic investigation indicated that files related to its insurance practice were stored in a compromised network location.
Juventus has confirmed that their English X account was hacked, leading to the publication of a false post announcing the signing of Real Madrid midfielder Arda Guler. The misleading post featured a photo of the 19-year-old Turkish international at an airport with a caption welcoming him to Juventus. In response, the club clarified on their official Italian X account that their English account had been compromised and urged fans to disregard the misinformation.
Transak, a prominent crypto payment services provider, has reported a data breach affecting over 92,000 users, which was discovered on October 21, 2024. The breach resulted from a sophisticated phishing attack that compromised an employee’s laptop, exposing sensitive personal information, including names, dates of birth, passport details, and driverβs license information used for Know Your Customer (KYC) verification.
Winnebago Public Schools (WPS) in Nebraska experienced a significant cyberattack on October 21, 2024, leading to substantial disruptions in its operations. Superintendent Kamau Turner announced the breach during a live feed, informing the community that the district’s computer systems had been compromised. In response, WPS has temporarily shut down various services, including phone systems and internet connectivity, as the IT team assesses the damage and implements security measures to prevent further intrusions.
The Office of the Privacy Commissioner for Personal Data (PCPD) has accused the South China Athletic Association (SCAA) of negligence following a data breach that exposed the personal information of over 72,300 members. The breach, which occurred in March, was attributed to the association’s inadequate cybersecurity policies and failure to secure its servers, allowing a hacker to access sensitive data including ID card numbers, passport details, phone numbers, and addresses.
π’ Cyber News
The U.S. Department of Justice has proposed a new rule to protect sensitive data belonging to U.S. citizens from foreign threats, particularly in light of disinformation campaigns targeting the upcoming presidential elections. The rule, derived from President Bidenβs Executive Order 14117, aims to curb the exploitation of sensitive data by nations identified as risks, such as China and Russia.
The Quad nationsβIndia, Australia, Japan, and the United Statesβhave launched the Quad Cyber Challenge, a collaborative initiative aimed at strengthening global cybersecurity through workforce development and education. This program unites government agencies, educational institutions, and the private sector to promote responsible cyber ecosystems and enhance public awareness of cybersecurity issues. Key events, including a recent gathering at the White House and sessions hosted by Japan’s National Center of Incident Readiness and Australia’s Government House, have focused on inspiring students and young professionals to pursue careers in cybersecurity.
Singaporeβs national HealthTech agency (Synapxe) has partnered with the Global Digital Health Partnership (GDHP) to launch the GDHP Guidance for Medical Device Cybersecurity (GMDC) framework. Announced at the GovWare Healthcare Forum 2024, this comprehensive framework aims to standardize cybersecurity guidelines for medical device manufacturers and healthcare delivery organizations globally. The GMDC, adapted from Singaporeβs Cybersecurity Labelling Scheme, provides tiered security recommendations to ensure medical devices are “secure-by-design.”
In a transformative move within the cybersecurity landscape, Sophos has announced its acquisition of Secureworks for $859 million in an all-cash deal aimed at bolstering their combined security offerings. Set to close in early 2025, the acquisition will provide Secureworks shareholders with $8.50 per share, reflecting a 28% premium over the stock’s recent average price.
Great Expressions Dental Centers, a Michigan-based dental practice operating 250 locations across nine states, has agreed to a preliminary settlement of $2.7 million following a data breach that compromised the personal information of over 1.9 million patients and employees. The settlement, pending final approval in a Michigan federal court on December 12, will provide compensation to affected individuals, including cash benefits for those whose Social Security numbers were accessed.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
