👉 What’s trending in cybersecurity today?

Open-Source, AI Models, Vulnerabilities, Konni APT, Spear-Phishing, Midnight Blizzard, Info-Stealing Campaign, Government, Google Chrome, Updates, WebRTC, QNAP, Zero-Day, NAS, Canada Revenue Agency, Fraudulent Refunds, Ohio Marysville Schools, Australia, Tocal College, Japan, Karel Čapek, Demae-can, Malware Attack, CISA, International Plan, Enhanced Collaboration, UN Cybercrime Treaty, Florida, Bitcoin, Pension Fund, E-Waste, AI, Proofpoint, Acquisition, Normalyze, Data Security

Listen to the full podcast

🚨 Cyber Alerts

1. Critical AI Model Flaws Threaten Security

Researchers have disclosed multiple high-risk vulnerabilities in popular open-source AI and machine learning (ML) models, posing serious security threats such as remote code execution and unauthorized data access. Protect AI, through its Huntr bug bounty platform, identified over three dozen security flaws across tools like ChuanhuChatGPT, Lunary, and LocalAI. Notably, Lunary’s vulnerabilities include two critical flaws — CVE-2024–7474 and CVE-2024–7475 — with a CVSS score of 9.1, allowing unauthorized data access and configuration changes that could compromise user data and login security.

2. Konni APT Group Intensifies Phishing Attacks

The Konni Advanced Persistent Threat (APT) group has ramped up its cyber assault on organizations, deploying sophisticated spear-phishing tactics to compromise sensitive data. Active since 2014 and primarily targeting regions like South Korea and Russia, Konni’s recent campaign from mid-April to early July 2024 focused on South Korean entities, particularly in engineering and market analysis. Utilizing Korean-themed malicious documents disguised as “meeting materials” and “tax evasion” documents, the group has demonstrated meticulous planning and execution.

3. New Russian Info-Stealing Campaign Unveiled

The Russian cyber espionage group known as Midnight Blizzard has intensified its operations with a novel information-stealing campaign targeting government workers and organizations across multiple sectors. According to Microsoft’s Threat Intelligence team, since October 22, 2024, the group has deployed highly targeted spear-phishing emails containing Remote Desktop Protocol (RDP) configuration files. These malicious attachments grant the attackers full access to victims’ devices, allowing them to map local resources, including printers and clipboard contents, to their servers.

4. Google Chrome Patch Fixes Critical Flaws

Google has issued a critical security update for its Chrome browser, patching two significant vulnerabilities that pose serious risks to users. The update elevates the Stable channel to versions 130.0.6723.91/.92 for Windows and Mac, and 130.0.6723.91 for Linux. The vulnerabilities addressed include CVE-2024–10487, an out-of-bounds write issue in the Dawn graphics system that could allow attackers to execute code or crash systems, and CVE-2024–10488, a use-after-free vulnerability in the WebRTC component that could lead to arbitrary code execution or data breaches.

5. QNAP Patches Zero-Day in NAS Backup Software

QNAP has swiftly addressed a critical zero-day vulnerability tracked as CVE-2024–50388, which was exploited by security researchers during the Pwn2Own Ireland 2024 competition. The flaw, stemming from an OS command injection weakness in the HBS 3 Hybrid Backup Sync version 25.1.x, could allow remote attackers to execute arbitrary commands on affected devices. Following its discovery, QNAP released a patch in version 25.1.1.673 of the software, urging users to update their systems to mitigate potential risks.

💥 Cyber Incidents

6. Canada Revenue Agency Hit With Major Breach

A recent investigation by CBC’s The Fifth Estate and Radio-Canada revealed that the Canada Revenue Agency (CRA) paid out millions in fraudulent refunds following a significant breach affecting over 62,000 taxpayer accounts between March 2020 and December 2023. Hackers exploited confidential data from H&R Block Canada to gain unauthorized access to personal CRA accounts, changing direct deposit information and submitting false tax returns, resulting in more than $6 million in bogus refunds.

7. Marysville Schools Close Due to Cyberattack

Marysville Village Exempted Schools in Marysville, Ohio, faced significant disruption following a cybersecurity incident over the weekend that forced the cancellation of classes on Monday. The district reported the incident, which impacted its technology systems, on its website but did not specify the nature or extent of the breach. While the schools reopened on Tuesday, teachers and staff continued to experience limited access to email and operational phone systems.

8. Tocal College Ransomware Breach Exposes Data

The Department of Primary Industries and Regional Development (DPIRD) in Australia, responsible for the Tocal College Student database, recently suffered a significant ransomware incident involving Loki ransomware. The breach was detected on September 16, 2024, prompting immediate action to shut down access to the database and remove it from the system. A forensic investigation revealed that the threat actor accessed the database from September 13 to 16, during which personal information, including names, dates of birth, addresses, and contact details, may have been exposed.

9. Karel Čapek Tea Shop Hit by Data Breach

The Karel Čapek Tea Shop’s official online store recently faced a significant cybersecurity breach, leading to the unauthorized access of sensitive customer data. This incident has potentially compromised the personal information of 103,289 customers and the credit card details of 58,407 individuals. The breach was traced back to a vulnerability in the website’s system, which allowed unauthorized third-party access and tampering with the payment application, exposing a large volume of sensitive data.

10. Demae-can Service Disrupted by Malware

On October 25, 2024, Demae-can, a prominent delivery service in Japan, faced a significant system outage caused by an overwhelming server load, which temporarily halted operations. While the service was initially restored, another disruption occurred on October 26 at 2:30 PM, this time linked to a malware attack from a cryptocurrency mining software known as “RedTail.” Following the detection of the malware, the Demae-can team promptly removed it and conducted extensive security checks to ensure the integrity of their systems.

📢 Cyber News

11. CISA Unveils Its First International Plan

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled its inaugural International Strategic Plan for 2025–2026, aimed at bolstering U.S. critical infrastructure through global partnerships. This strategic initiative builds upon CISA’s 2023–2025 framework and aligns with national directives, emphasizing the importance of international collaboration in addressing the growing complexities of cyber and physical threats.

12. Senators Demand Changes to Cybercrime Treaty

Six Democratic senators have expressed significant concerns regarding the United Nations Convention Against Cybercrime, urging the Biden administration to amend provisions that threaten human rights, privacy, and cybersecurity. In a letter addressed to key officials, including Secretary of State Antony Blinken, the senators highlighted the potential for the treaty to legitimize oppressive practices by authoritarian regimes like Russia and China. They warned that the current treaty could undermine freedom of expression and individual privacy rights while enabling excessive surveillance measures.

13. Florida Official Pushes Bitcoin in Pensions

Florida’s Chief Financial Officer, Jimmy Patronis, has called for the inclusion of Bitcoin in the state’s retirement fund investments, aligning with a growing trend among U.S. states to explore cryptocurrency. In a letter to the Florida State Board of Administration, Patronis described Bitcoin as “digital gold,” emphasizing its potential to diversify the state’s investment portfolio and serve as a hedge against the volatility of traditional asset classes.

14. AI Boom Set to Dump a Mountain of E-Waste

The rapid growth of generative artificial intelligence (AI) is poised to create a significant e-waste crisis, with projections suggesting that electronic waste from AI hardware could reach as much as 2.5 million tons annually by 2030. A study conducted by researchers at Cambridge University and the Chinese Academy of Sciences indicates that the waste generated could equate to over 10 billion discarded iPhones per year. This alarming forecast highlights the urgent need for the tech industry to address the environmental consequences of AI technologies.

15. Proofpoint Set to Acquire Normalyze

Enterprise cybersecurity leader Proofpoint has announced its intention to acquire data security posture management (DSPM) firm Normalyze, aiming to enhance its cybersecurity platform. The acquisition, expected to close in November 2024, will integrate Normalyze’s advanced DSPM technology, which enables organizations to discover, classify, and secure sensitive data across various environments. Financial details of the deal remain undisclosed, but Normalyze has raised over $26 million since its inception.

Copyright © 2024 CyberMaterial. All Rights Reserved.