π What are the latest cybersecurity alerts, incidents, and news?
WordPress, LiteSpeed, Cache Plugin, Vulnerability, XSS, Perfctl, Malware, Linux, Servers, Cryptocurrency, North Korea, Hackers, Southeast Asia, VeilShell, Backdoor, Key Group, Russia, Prince Ransomware, US, UK, Royal Mail, Phishing, Universal Music Group, Breach, Personal Information, Bloom Hearing Clinic, New Zealand, Michigan, Wayne County, Government Services, Uttarakhand, IT Systems, Massachusetts, Judge Rotenberg Center, Texas, Attorney General, TikTok, Child Privacy, CISA, Federal Agencies, Zero Trust, Implementation, US, Government, Domains, Phishing, Russia, Inmates, Settlement, Sellafield, Nuclear Site, Failures
Listen to the full podcast
π¨Β Cyber Alerts
1.Β LiteSpeed Cache Plugin Vulnerable to XSS
A critical security flaw in the WordPress LiteSpeed Cache plugin, identified as CVE-2024β47374, has exposed millions of websites to stored cross-site scripting (XSS) attacks. The vulnerability, affecting all versions up to 6.5.0.2, allows malicious actors to inject arbitrary JavaScript code, potentially leading to privilege escalation and site compromise. Exploiting the flaw requires enabling specific Page Optimization settings, such as βCSS Combineβ and βGenerate UCSS.β The issue was addressed in version 6.5.1, released on September 25, 2024.
2.Β New Perfctl Malware Targets Linux Servers
A new malware campaign has emerged, targeting misconfigured and vulnerable Linux servers with a stealthy malware known as perfctl, aimed at cryptocurrency mining and proxyjacking. Researchers from Aqua Security report that perfctl employs sophisticated evasion techniques, such as becoming dormant when users are logged in and deleting its binary after execution to avoid detection. The malware exploits a vulnerability in Polkit (CVE-2021β4043, also known as PwnKit) to escalate privileges to root and deploy a cryptocurrency miner called perfcc.
3.Β North Korean Hackers Use VeilShell Backdoor
North Korean hackers affiliated with APT37 have launched a campaign, dubbed SHROUDED#SLEEP, deploying a previously undocumented backdoor and remote access trojan (RAT) called VeilShell to target Cambodia and potentially other Southeast Asian countries. This sophisticated attack involves delivering a ZIP archive containing a Windows shortcut (LNK) file, likely via spear-phishing emails. Once executed, the LNK file triggers PowerShell code to extract malicious components while distracting the user with a seemingly innocuous document.
4.Β Key Group Targets Russia with Ransomware
The Key Group, a financially motivated ransomware organization, has been actively targeting Russian windows users since its discovery in April 2022. Known for negotiating with victims via Telegram, this group primarily utilizes the Chaos ransomware builder alongside several other variants, including Annabelle, RuRansom, Hakuna Matata, and the latest NoCry variant. By maintaining a GitHub repository for its command and control (C2) infrastructure, the Key Group showcases its adaptability in the cybercrime landscape. Security solutions like Symantec and VMware Carbon Black have identified various malicious indicators associated with the group, employing adaptive, behavior-based, and machine learning techniques to thwart their attacks.
5.Β Prince Ransomware Campaign Targets US and UK
A new ransomware campaign known as βPrince Ransomwareβ has emerged, targeting individuals and organizations in both the UK and the US through a sophisticated phishing scam that impersonates the British postal service, Royal Mail. Detected by researchers at Proofpoint in mid-September, this campaign utilizes contact forms on target websites to evade traditional email security measures, allowing attackers to reach multiple recipients. Victims receive messages appearing to originate from a Proton Mail address, leading them to download a ZIP file from Dropbox that ultimately deploys the ransomware.
π₯ Cyber Incidents
6.Β Universal Music Group Suffers Data Breach
Universal Music Group (UMG) has disclosed a data breach that occurred on July 15, 2024, affecting the personal information of 680 residents in the United States. The breach was detected following unauthorized activity in one of UMGβs internal applications, prompting the company to engage cybersecurity experts for investigation and remediation. According to a filing with the Maine Attorney Generalβs Office, the exfiltrated data potentially included names and Social Security numbers.
7.Β Bloom Hearing Clinic Hit by Ransomware
Bloom Hearing Specialists in New Zealand has reported a significant ransomware attack that has compromised sensitive customer data, including bank details, patient records, and insurance information. The breach, which occurred in July and was disclosed in late August, has raised concerns about the potential for fraud and identity theft among affected individuals. Bloom has alerted the authorities, including the police and the Privacy Commissioner, and is actively investigating the incident while taking steps to secure its systems.
8.Β Ransomware Attack Disrupts Wayne County
Wayne County government in Michigan has suffered a significant cyberattack, resulting in the disruption of various services as hackers demand a ransom. The attack, which was reported on October 3, has led to the countyβs information technology team investigating the incident in collaboration with cybersecurity partners, including the FBI and Michigan State Police. As a result of the breach, operations at the Wayne County Sheriffβs Office were impacted, preventing jail inmates from being bonded out and defense attorneys from scheduling client visits.
9.Β Uttarakhand Government Hit by Cyberattack
A severe cyberattack recently hit the government IT systems of Uttarakhand, India, crippling over 90 critical websites, including the Chief Ministerβs helpline and various essential public services. The attack occurred unexpectedly, leading to a complete shutdown of government operations, affecting both public-facing services and internal functions. Emergency protocols were swiftly activated, and a team of cybersecurity experts was deployed to assess the damage and restore operations.
10.Β JRC Notifies Individuals of Data Breach
The Judge Rotenberg Educational Center (JRC) in Massachusetts has notified individuals of a data security incident resulting from a ransomware attack on February 13, 2024. Following the attack, JRC engaged cybersecurity experts for a thorough forensic investigation, which confirmed on September 5 that personal information may have been compromised. The affected data could include names, Social Security numbers, driverβs license numbers, medical information, and health insurance details.
π’ Cyber News
11.Β Texas Sues TikTok Over Privacy Violations
The Texas Attorney Generalβs office has filed a lawsuit against TikTok, accusing the popular short video app of violating state laws regarding the protection of childrenβs privacy. Attorney General Ken Paxton claims that TikTok has been sharing sensitive personal information of minors without obtaining parental consent, thereby compromising their online safety. The lawsuit is grounded in the Securing Children Online through Parental Empowerment Act (SCOPE), which mandates that tech companies must not disclose or sell minorsβ personal identifying information without parental approval.
12.Β CISA to Evaluate Federal Zero Trust Progress
The Cybersecurity and Infrastructure Security Agency (CISA) is ramping up efforts to evaluate the progress of U.S. federal agencies in implementing zero trust architectures ahead of a critical November deadline. Agencies were required to submit updated implementation plans outlining their strategies for eliminating implicit trust and securing critical assets by September 30, following guidance from the Office of Management and Budget (OMB). CISAβs zero trust initiative lead, Brandy Sanchez, emphasized the agencyβs goal of fostering collaboration rather than enforcing punitive measures.
13.Β US Seizes 41 Domains Linked to Russian Scams
The United States has seized 41 internet domains allegedly used by Russian intelligence agents in a sophisticated spear-phishing campaign targeting U.S. government employees. Deputy Attorney General Lisa Monaco stated that these domains were part of a scheme orchestrated by the βCallisto Group,β a unit within Russiaβs Federal Security Service (FSB), which aimed to steal sensitive information by impersonating legitimate email accounts. The campaign not only targeted current and former employees of the Pentagon and State Department but also included U.S.-based companies and members of the intelligence community.
14.Β Inmates Receive $6.49M Settlement for Breach
CorrectCare has agreed to a $6.49 million settlement following a data breach that exposed sensitive information for nearly 600,000 prison inmates across several states, including Louisiana, Georgia, South Carolina, and California. The breach, attributed to a misconfigured web server, affected inmates who received medical care from January 2012 to July 2022. Under the settlement, eligible class members can claim up to $10,000 for unreimbursed losses linked to the breach, which may include expenses for bank fees and credit monitoring.
15.Β Sellafield Fined $415K for Security Failures
The Sellafield nuclear waste processing and storage site in the UK has been fined $415,000 (Β£332,500) by regulators due to significant cybersecurity shortcomings that left its IT systems vulnerable to unauthorized access for several years. The Office for Nuclear Regulation (ONR) reported breaches of the Nuclear Industries Security Regulations from 2019 to 2023, highlighting failures to protect sensitive nuclear information and comply with security plans for annual penetration testing.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
