π Whatβs going on in the cyber world today?
Fraud, Campaign, Trading Apps, Google Play, China, CeranaKeeper, Southeast Asia, Data Theft, DrayTek, Routers, Hacking, CosmicSting, Adobe, Magento, Stores, Cisco, Nexus, Command Injection, Bank of America, Outage, Customer, Account Access, Nitrogen, Ransomware Group, Red Barrels, Attack, Kyocera, Library System, Catholic University of Valencia, Cyberattack, Like Kids, Corporate Data, US, Department of Justice, Cybercrime, Strategy, Ransomware, Response Guidance, UK, ICO, Breach, Record-Breaking, DDoS, 3.8 Terabits per Second, MITRE, EMB3D, Threat Model, Mitigations, Embedded Devices
Listen to the full podcast
π¨Β Cyber Alerts
1.Β Global Fraud Targets Victims via Fake Apps
A global fraud campaign has been exploiting fake trading apps on the Apple App Store and Google Play Store, defrauding victims by luring them into false investments. Discovered by cybersecurity firm Group-IB, the scheme, known as βpig butchering,β tricks users into installing malicious apps disguised as legitimate financial tools. Once installed, victims are prompted to provide personal information and make investments, only to find they cannot withdraw their funds without paying additional fees.
2.Β Chinese CeranaKeeper Targets Southeast Asia
A newly uncovered threat actor known as CeranaKeeper is linked to a series of data exfiltration attacks targeting Southeast Asia, particularly focusing on governmental institutions in countries like Thailand, Myanmar, the Philippines, Japan, and Taiwan. Slovak cybersecurity firm ESET attributes these activities to Chinese cyber espionage, drawing connections to tools previously used by the Mustang Panda group. CeranaKeeper employs legitimate cloud services such as Dropbox and OneDrive to facilitate data theft through custom backdoors and various exfiltration tools.
3.Β 700K DrayTek Routers Vulnerable to Attacks
Forescout Vedere Labs has identified over a dozen critical vulnerabilities in DrayTek routers, putting more than 700,000 devices at risk of hacking. The vulnerabilities, known as DRAY includes two critical flaws, such as CVE-2024β41592, which allows remote code execution through a buffer overflow in the routerβs web interface. Another serious issue, CVE-2024β41585, enables command injection, potentially giving attackers control over the routers and access to enterprise networks.
4.Β CosmicSting Exploit Targets Magento Stores
Cybersecurity researchers have revealed that approximately 5% of all Adobe Commerce and Magento stores have been compromised due to a critical security vulnerability known as CosmicSting (CVE-2024β34102). This flaw, which has a CVSS score of 9.8, is related to an improper restriction of XML external entity references (XXE), potentially leading to remote code execution. Initially patched by Adobe in June 2024, the vulnerability has been exploited at an alarming rate, with three to five sites falling victim to attacks every hour.
5.Β Cisco Nexus Bug Enables Command Injection
Cisco has issued a critical security advisory regarding a vulnerability in its Nexus Dashboard Fabric Controller (NDFC), which could allow authenticated, low-privileged remote attackers to execute command injection attacks on affected devices. This vulnerability arises from improper user authorization and inadequate validation of command arguments, enabling attackers to submit crafted commands through a REST API endpoint or the web UI. If successfully exploited, this flaw could grant attackers arbitrary command execution with network-admin privileges on devices managed by Cisco NDFC.
π₯ Cyber Incidents
6.Β Bank of America Faces Widespread Outages
Bank of America is in the process of resolving a significant outage that has left many customers unable to access their accounts, with issues first reported around 12:45 PM ET. Customers expressed frustration as they encountered difficulties viewing account balances, with some alarmed to find their accounts showing zero balances despite previously having funds. The bank acknowledged the problem, stating that it is being addressed and has largely been resolved, although the cause of the outage remains unspecified.
7.Β Nitrogen Ransomware Breaches Red Barrels
Montreal-based video game developer Red Barrels, known for its acclaimed Outlast series, has suffered a significant cybersecurity breach attributed to the Nitrogen Ransomware Group. The attackers compromised approximately 1.8 terabytes of sensitive data, including game source codes and confidential information. In response to the breach, Red Barrels engaged external cybersecurity experts to investigate the incident, notifying stakeholders and authorities while assuring the gaming community that players were not directly affected.
8.Β Kyocera Suffers Ransomware Attack at Library
Kyocera Communication Systems Co., Ltd. recently reported a ransomware attack that occurred during the installation of a library system at the Ikaruga Town Library in Nara Prefecture, Japan. The incident, discovered on September 30, 2024, came to light when an error in the server connection revealed that the serverβs data had been encrypted by ransomware. This breach has delayed the launch of the library system, which was scheduled to go live on October 1, 2024, affecting usersβ ability to search the libraryβs collection online.
9.Β Catholic University of Valencia Breached
The Catholic University of Valencia (UCV) in Spain has fallen victim to a ransomware attack, which has compromised sensitive data stored on its servers. The institution reported that the malicious code has encrypted various information types, including personal identifiers, financial records, academic details, employment information, and health data. In response to the attack, UCV has strengthened its security measures and is collaborating with cybersecurity experts and authorities to manage the situation.
10.Β Japanβs Like Kids Hit by Ransomware Attack
On September 30, 2024, Like Kids, a prominent company in Japan, experienced a significant ransomware attack that resulted in unauthorized access to its server. Following a system malfunction, the company discovered evidence of external access by ransomware, raising concerns about the potential exposure of sensitive corporate and personal information. While the company has not yet confirmed any data leaks, they acknowledge the possibility that some information may have been accessed or compromised.
π’ Cyber News
11.Β DOJ Launches Strategy to Combat Cybercrime
The U.S. Department of Justice (DOJ) has announced a new strategic approach to combat cybercrime, emphasizing enhanced international collaboration and improved evidence collection. During a conference in Washington, D.C., Principal Deputy Assistant Attorney General Nicole Argentieri highlighted the DOJβs commitment to disrupting significant cybercriminal activities, particularly targeting notorious ransomware groups like LockBit and Alphv/BlackCat. The strategy involves a victim-centered approach, offering ransomware decryption tools to victims quickly, as well as developing laws to effectively counter cyber threats.
12.Β Global Leaders Unveil Ransomware Playbook
During the fourth International Counter Ransomware Initiative meeting held at the White House, representatives from nearly 70 nations introduced new voluntary guidance aimed at enhancing ransomware response strategies. The updated recommendations encourage victims to promptly report attacks and ransom demands to law enforcement and cyber insurance providers while discouraging the payment of ransoms unless it is determined that doing so will significantly improve the incidentβs outcome. The guidance emphasizes the importance of involving external experts in decision-making to navigate the complexities of ransomware incidents and suggests victims document their response efforts for future analysis.
13.Β UK ICO Fines Police Service Northern Ireland
The UK Information Commissionerβs Office (ICO) has imposed a fine of Β£750,000 on the Police Service for Northern Ireland (PSNI) following a significant data breach in 2023 that exposed the personal details of all 9,483 officers and staff. The breach occurred when PSNI inadvertently published sensitive information, including surnames, initials, ranks, and roles of its personnel, while responding to two Freedom of Information requests.
14.Β Record-Breaking DDoS Attack Hits 3.8 Tbps
A record-breaking DDoS attack has been discovered, peaking at an astonishing 3.8 terabits per second (Tbps) and 2.14 billion packets per second (Pps). This massive assault targeted an unnamed client of a hosting provider utilizing advanced mitigation services. The attack surpasses the previous volumetric record, set in late 2021, when Microsoft faced a peak of 3.47 Tbps. This recent wave of DDoS attacks is part of a month-long campaign that began in early September, during which over 100 hyper-volumetric attacks were mitigated.
15.MITRE Enhances EMB3D Model with Mitigations
MITRE has officially released an enhanced version of the EMB3D Threat Model, incorporating crucial mitigations aimed at addressing threats to embedded devices in critical infrastructure. Originally announced in December 2023, EMB3D provides a comprehensive framework detailing cyber threats targeting these devices, which are essential in sectors such as energy, transportation, and water systems. The updated model features detailed mitigations for each identified threat, categorized into foundational, intermediate, and leading levels, allowing vendors and original equipment manufacturers (OEMs) to prioritize their security strategies effectively.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
