October 29 2024 – Cyber Briefing

👉 What’s the latest in the cyber world today?

China, Hackers, CloudScout Toolset, Cookies, Cloud, Russia, Espionage Group, Malware, Ukraine, Telegram, Nintendo, Phishing, Google Chrome, App-Bound Encryption, visionOS, Update, Italy, Sensitive Data, Citizens, Politicians, Truth Terminal, X, Account, Memecoin, Bucharest, District 5, City Hall, Ransomware, Rogers Foam Corporation, Customers, Personal Information, CUSO Financial Services, Breach, Clients, Personal Information, US, Government,Bans, Investments, Chinese Technology, AI, Oman, Cybersecurity, Landscape, Minister Ma’awali, Netherlands, National Police, Redline, Meta, Infostealer, Operations, Australia, Breach, Citizens, Armis, $200 Million, Expand, Cybersecurity, Market Reach

Listen to the full podcast

🚨 Cyber Alerts

1. CloudScout Tool Used to Steal Cloud Cookies

Chinese state-backed hacking group Evasive Panda has deployed a new toolset called CloudScout to steal session cookies and gain unauthorized access to cloud services like Google Drive, Gmail, and Outlook. Recently reported by ESET researchers, this toolset targets authenticated sessions in web browsers by extracting session cookies, enabling access to victims’ cloud-stored data without requiring login credentials. CloudScout, integrated into Evasive Panda’s MgBot malware framework, was active from May 2022 to February 2023 and includes ten C#-written modules, three of which are tailored for data theft from specific cloud services.

2. Russian Hackers Target Ukraine via Telegram

A suspected Russian espionage group, identified as UNC5812, has been delivering malware to target the Ukrainian military through a Telegram channel named “Civil Defense.” Established on September 10, 2024, this channel claims to offer free software for potential conscripts to locate Ukrainian military recruiters, but it instead distributes malicious applications designed to deploy both Windows and Android malware. For Android users, a harmful APK named CraxsRAT is offered, which enables remote access and extensive spying capabilities.

3. Nintendo Alerts Users to Phishing Emails

Nintendo has issued a warning to its users regarding a sophisticated phishing attack that involves fraudulent emails mimicking official communications from the company. These emails, which appear to come from legitimate Nintendo addresses, are actually sent by third parties aiming to mislead recipients into clicking on malicious links that could compromise personal information. To safeguard against this threat, Nintendo advises users to delete any suspicious emails without engaging with their content or links and to report persistent phishing attempts to their email service providers.

4. New Tool Bypasses Chrome’s Cookie Security

A cybersecurity researcher has unveiled a tool that bypasses Google’s App-Bound encryption, designed to protect saved credentials in the Chrome web browser. The tool, named “Chrome-App-Bound-Encryption-Decryption,” was created by Alexander Hagenah, who observed others developing similar methods to exploit this security measure. Google’s App-Bound encryption, introduced in July 2024, aimed to secure cookies by requiring malware to gain SYSTEM privileges for decryption.

5. Apple visionOS Update Fixes Security Flaws

Apple has launched the visionOS 2.1 update for its Vision Pro mixed reality headset, effectively addressing over 25 critical security vulnerabilities that posed significant risks to user privacy and device integrity. This update includes crucial patches for various high-severity vulnerabilities, notably a kernel memory corruption issue that could lead to unexpected system terminations. Additionally, vulnerabilities in WebKit, such as memory corruption and improper handling of malicious web content, have been resolved, enhancing the overall security of the platform.

💥 Cyber Incidents

6. Mega Italian Hack Affects 800,000 Citizens

Italy’s Foreign Minister Antonio Tajani has condemned a recent cyberattack as a serious threat to democracy, following the arrest of a hacking group accused of stealing sensitive information on high-profile politicians, including former Prime Minister Matteo Renzi and Senate President Ignazio La Russa. The breach involved unauthorized access to state databases, with reports indicating that a private investigative firm accessed this data over 50,000 times between 2019 and 2024.

7. Truth Terminal Founder’s Account Hacked

The founder of Truth Terminal, Ayrey, fell victim to a hacking incident that compromised his X account, leading to the promotion of a fraudulent memecoin called Infinite Backrooms (IB). On October 29, 2024, shortly after the account was hacked, a post announcing the launch of the IB token quickly generated significant interest, propelling its market valuation to $25 million. The hackers managed to purchase 124.6 million IB tokens for $38,400 at launch and sold them within 45 minutes, netting a profit of over $600,000.

8. Bucharest City Hall Hit by Ransomware Attack

On October 26, 2024, Bucharest’s District 5 City Hall reported a significant cyberattack on its servers, with hackers demanding a ransom of $5 million. The breach was first detected when employees noticed issues with the telephone switchboard, prompting an investigation by the maintenance company, which uncovered the attack. Although only the headquarters was affected, the City Hall has reached out to the Ministry of Research, Innovation, and Digitization, as well as the National Cyber Security Directorate, to address the situation.

9. Rogers Foam Corporation Suffers Breach

Rogers Foam Corporation (RFC) has notified customers of a data security incident that may have resulted in unauthorized access to sensitive personal information, including names and Social Security numbers. Detected on September 23, 2024, the suspicious activity prompted RFC to secure its network and enlist a specialized cybersecurity firm for an in-depth investigation. By October 15, the company confirmed that certain sensitive data had potentially been compromised.

10. CUSO Financial Services Hit With Breach

Atria Wealth Solutions, the holding company for CUSO Financial Services, has alerted clients to a recent data security incident involving unauthorized access to a CUSO employee’s account. The breach, which occurred between December 19, 2023, and January 19, 2024, was discovered during an investigation into suspicious activity linked to a third-party service provider responsible for archiving communications.

📢 Cyber News

11. US Bans Investments in Chinese Tech Firms

The Biden administration has enacted stringent regulations to prohibit U.S. investments in Chinese companies involved in developing advanced technologies, including semiconductors, quantum systems, and artificial intelligence. This decision follows a 2023 Executive Order aimed at restricting investments that could enhance the military and intelligence capabilities of foreign adversaries, specifically targeting nations like China. Under the new rules, U.S. individuals and entities are barred from acquiring equity interests or providing certain types of financing to covered foreign entities.

12. Oman Announces New Cybersecurity Initiatives

Oman’s cybersecurity sector is poised for significant advancement following the announcement of new initiatives by H.E. Eng. Said bin Hamoud bin Said al Ma’awali, the Minister of Transport, Communications and Information Technology, during the recent Regional Cybersecurity Week in Muscat. Attracting over 600 experts from 60 countries, the four-day conference highlighted Oman’s commitment to enhancing international cooperation in cybersecurity.

13. Dutch Police Disrupt Malware Operations

In a significant law enforcement operation dubbed “Operation Magnus,” the Dutch National Police have successfully disrupted the infrastructure of the Redline and Meta infostealer malware, signaling a robust crackdown on cybercrime. This operation, conducted in collaboration with the FBI and other international partners, revealed that both malware strains are designed to steal sensitive data, including credentials, authentication cookies, and cryptocurrency wallets from infected devices.

14. 63% of Australians Face Cyberattacks

A recent report from the National Australia Bank (NAB) reveals a concerning trend in cybersecurity, highlighting that nearly two-thirds (63%) of Australians experienced a cyber attack or data breach in the past year. Conducted as part of Cyber Security Awareness Month, the NAB Consumer Cyber Security Survey included responses from 1,038 Australians and found that while 85% of respondents were familiar with basic cybersecurity practices, only 16% consistently implemented them.

15. Armis Raises $200M for Cybersecurity Growth

Armis, a cybersecurity startup specializing in cyber exposure management, has successfully raised $200 million in Series D funding, boosting its valuation to $4.2 billion. The investment, led by General Catalyst and Alkeon Capital, will enable Armis to enhance its product portfolio, pursue strategic acquisitions, and accelerate its entry into the federal market.