October 7 2024 – Cyber Briefing

👉 What’s happening in cybersecurity today?

Apache, Avro SDK, Remote Code Execution, Okta, Vulnerability, iOS, iPadOS, Updates, VoiceOver, Visual Studio, Dump Files, Cacti, Network Monitoring Tool, China, Hackers, Telecom, US, Court Wiretap, LEGO, Website, Cryptocurrency Scam, Breach, Comcast, Customers, Breach, EigenLayer, Attack, Russia, Media, VGTRK, Ghana, National Cybersecurity Policy, EU, Court Ruling, Meta, Facebook, User Data, Commonwealth Symposium, Tanzania, Judges, Cybercrime, Irish Data Protection Commission, Ryanair, Facial Recognition, Atos, France, Cybersecurity, Assets

Listen to the full podcast

🚨 Cyber Alerts

1. Critical Apache Avro SDK Flaw Enables RCE

A critical vulnerability in the Apache Avro Java SDK, tracked as CVE-2024–47561, has been disclosed, affecting all versions prior to 1.11.4. This flaw enables attackers to execute arbitrary code on systems by exploiting improper schema parsing, particularly when applications allow user-provided Avro schemas. Apache Avro, a widely used data serialization framework, poses significant security risks if left unpatched.

2. Okta Warns Users of Exploited Vulnerability

Okta has addressed a security vulnerability that could have allowed attackers to bypass sign-on policies and gain unauthorized access to applications. Identified in a security advisory, the issue affects Okta Classic users and was introduced on July 17, 2024. Specifically, the vulnerability enabled attackers with valid credentials to circumvent application-specific sign-on conditions, including device-type restrictions and authentication requirements.

3. Apple Fixes VoiceOver Flaw in iOS Update

Apple has released critical updates for iOS and iPadOS to address two significant security vulnerabilities, including one tracked as CVE-2024–44204, which could allow the VoiceOver assistive technology to read aloud users’ saved passwords. Discovered by security researcher Bistrit Daha, this vulnerability affects multiple devices, including the iPhone XS and later, as well as various iPad Pro, iPad Air, iPad, and iPad mini models.

4. Visual Studio RCE Vulnerability Exposed

A recently discovered remote code execution (RCE) vulnerability, tracked as CVE-2024–30052, poses significant risks to users of Microsoft Visual Studio by allowing attackers to exploit debugging dump files. The vulnerability arises from the handling of embedded source files within Portable Program Database (PDB) formats, which Visual Studio trusts during debugging sessions. Researchers identified that malicious actors could manipulate dump files to execute arbitrary code by embedding harmful files with specific extensions.

5. Cacti Tool Vulnerability Enables RCE

A critical security vulnerability has been discovered in the Cacti network monitoring tool, allowing attackers to execute remote code on affected systems. This vulnerability, tracked as security advisory #GHSA-gxq4-mv8h-6qj4, stems from a log poisoning technique, enabling malicious input to be injected into log files. Cacti users are strongly urged to upgrade to version 1.2.28 to mitigate this risk, as failure to patch could expose systems to severe security breaches.

💥 Cyber Incidents

6. Hackers Breach US Court Wiretap System

Chinese hackers have infiltrated the U.S. court wiretap system by compromising the networks of major telecommunications companies, including Verizon, AT&T, and Lumen Technologies. This breach, attributed to a Chinese hacking group known as “Salt Typhoon,” raises serious national security concerns, as it may have provided the hackers with prolonged access to systems that facilitate court-authorized wiretapping in the U.S. Experts warn that such access could enable foreign entities to gain insights into sensitive government operations, potentially disrupting U.S. systems during heightened tensions with China.

7. LEGO Website Hacked to Promote Fake Crypto

On October 4, 2024, the official LEGO website was hacked, allowing cryptocurrency scammers to promote a fake “LEGO Coin” to unsuspecting fans. An unauthorized banner appeared on the homepage, claiming to offer “secret rewards” for purchasing the bogus coin, complete with images of golden tokens featuring the LEGO logo. The malicious banner redirected users to an external website selling “LEGO Tokens” using Ethereum, a popular digital currency.

8. Comcast Data Breach Affects 237K Customers

A significant data breach involving the debt collection agency Financial Business and Consumer Solutions (FBCS) has compromised the personal information of over 237,000 Comcast customers, part of a larger incident affecting 3.2 million Americans. The breach, which occurred in February 2024 but was only disclosed publicly in late April, has raised serious concerns regarding data security and customer privacy. The exposed information includes names, addresses, Social Security numbers, dates of birth, and internal ID numbers.

9. EigenLayer Hack Results in $5.7M Theft

On October 4, 2024, the Ethereum restaking protocol EigenLayer reported a significant security breach, resulting in the theft of approximately $5.7 million in tokens. The attack was traced back to a compromised email communication related to an investor’s token transfer, enabling attackers to divert around 1.6 million EIGEN tokens to a specific wallet. Following the incident, EigenLayer’s team took swift action, coordinating with law enforcement and relevant platforms to recover the stolen funds, some of which have already been frozen.

10. VGTRK Hit by Unprecedented Hacking Attack

On October 7, 2024, Russian state media giant VGTRK fell victim to an unprecedented hacking attack that severely disrupted its online broadcasting and internal services. The incident rendered key national television channels, including Rossia 1 and Rossia 24, inoperable, as reports indicated that hackers had wiped data from servers, including backups. An anonymous source described the situation as dire, with many internal communications systems, including telephones and internet services, also down.

📢 Cyber News

11. Ghana Unveils National Cybersecurity Policy

Ghana has officially launched its National Cybersecurity Policy and Strategy (NCPS) during the 2024 National Cybersecurity Awareness Month in Accra, aimed at addressing the increasing cybersecurity threats stemming from the nation’s rapid digital transformation. Unveiled by Communications and Digitalisation Minister Ursula Owusu-Ekuful, the policy provides a strategic framework consisting of five critical pillars: Legal Measures, Technical Measures, Organisational Measures, Capacity Building, and Cooperation.

12. EU Court Limits Meta’s Use of Facebook Data

The Court of Justice of the European Union (CJEU) has ruled that Meta Platforms must limit the use of personal data gathered from Facebook for targeted advertising, even if users consent to such usage. This decision stems from a case initiated by privacy activist Maximilian Schrems, highlighting the need for data minimization in accordance with the General Data Protection Regulation (GDPR). The court clarified that social networks cannot indefinitely utilize personal data for advertising purposes without setting clear time and type restrictions.

13. Tanzanian Judges Trained in Cybersecurity

Seventy Tanzanian judges, prosecutors, and investigators participated in a Commonwealth symposium held in Dar es Salaam from October 2 to 4, 2024, aimed at enhancing their capabilities in combating cybercrime. Organized by the Commonwealth Secretariat with support from the UK’s Foreign, Commonwealth, and Development Office, the symposium featured hands-on simulations and group exercises that addressed various cyber threats, including fraud, exploitation, and phishing.

14. Irish DPC Investigates Ryanair’s Facial ID

The Irish Data Protection Commission (DPC) has launched an investigation into Ryanair regarding its use of third-party facial recognition technology to verify customers who book through intermediaries. This inquiry follows 18 complaints from passengers across Europe, raising concerns over potential privacy violations under the General Data Protection Regulation (GDPR). The DPC’s examination will focus on whether Ryanair and its partners have obtained explicit consent from customers and conducted necessary data protection impact assessments, as biometrics are classified as special category information requiring enhanced safeguards.

15. Atos and France Discuss Cybersecurity Assets

Atos SE is currently engaged in negotiations with the French State regarding the potential acquisition of its Advanced Computing, Mission-Critical Systems, and Cybersecurity Products businesses, which operate under the Bull Defense and Security (BDS) division. The discussions, part of a broader strategic initiative to maintain control over critical national infrastructure, have taken a turn as a non-binding offer from the French State expired without a final agreement.