๐ Whatโs trending in cybersecurity today?
Business Email Compromise, Microsoft, Apple, Privacy, Risk, Ivanti, Cloud Service Appliance, Lua-Based Malware, Gamers, Fake Cheating Scripts, Vulnerabilities, Zero-Days, Qantas, Passports, Cyber Theft, Symbiotic, X, Phishing, Malware, Germany, Cyberattack, Sterling Corporation, Breach, Name Badges, Security Incident, CISA, FBI, Iran, Cyber Threats, Australia, Cyber Security Act, Ransom, Payment Reporting, EU, Sanctions, Russia, Hackers, UN, Asia, Cybercrime Cartels, Cloudflare, Kivera, Cloud Security, Misconfigurations
Listen to the full podcast
๐จย Cyber Alerts
1.ย Microsoft Warns of Attacks via File Hosting
Microsoft has issued a warning about the increasing use of legitimate file hosting services like SharePoint, OneDrive, and Dropbox in Business Email Compromise (BEC) attacks. Cybercriminals are exploiting these platforms to evade traditional security measures in a technique called living-off-trusted-sites (LOTS). Attackers send phishing emails that direct recipients to malicious files hosted on trusted services. Victims are asked to verify their identity via a one-time password (OTP), which leads them to a phishing page that steals their login credentials and two-factor authentication (2FA) tokens.
2.ย Apple Mirroring Flaw Risks Personal Privacy
A newly discovered flaw in Appleโs mirroring feature within iOS 18 and macOS Sequoia updates raises significant concerns about personal privacy. According to a report from Sevco Security, the issue allows personal iPhone apps to be visible to the IT department when mirrored on corporate Macs, categorizing them like native macOS applications. Although app data is not directly shared, the mere presence of specific applications, such as health and dating services, can inadvertently expose sensitive personal information.
3.ย Three Critical Ivanti CSA Flaws Exploited
Ivanti has raised an urgent alarm regarding the active exploitation of three critical vulnerabilities in its Cloud Service Appliance (CSA), identified as CVE-2024โ9379, CVE-2024โ9380, and CVE-2024โ9381. These zero-day flaws allow authenticated attackers with admin privileges to execute arbitrary SQL statements, perform remote code execution, or bypass security restrictions. The exploitation of these vulnerabilities is being facilitated in conjunction with another previously patched vulnerability, CVE-2024โ8963, which is a critical path traversal flaw.
4.ย Gamers Targeted by Malware in Cheat Scams
Gamers worldwide are increasingly falling victim to a new wave of cyberattacks involving Lua-based malware, which is being disguised as fake cheating script engines. According to a report from Morphisec, this malware exploits the popularity of Lua within the gaming community, enabling it to establish persistence on infected systems and deliver additional payloads. Initially documented by OALabs earlier this year, the attacks involve tricking users into downloading malicious payloads hosted on GitHub.
5.ย Microsoft Issues Update Fixing 118 Flaws
Microsoft has released a significant security update addressing 118 vulnerabilities across its software ecosystem, with two of these flaws actively exploited in the wild. Among the vulnerabilities, three are classified as Critical, while 113 are deemed Important and two Moderate. Notably, CVE-2024โ43572, a remote code execution vulnerability in Microsoft Management Console, and CVE-2024โ43573, a spoofing vulnerability in the Windows MSHTML platform, are currently being exploited.
๐ฅ Cyber Incidents
6.ย Qantas Passports at Risk from Cyber Theft
Qantas has confirmed that the passports of nearly 1,000 customers may have been compromised following a cyber theft involving two employees of India SATS, a ground handling service used by the airline in India. These employees exploited their access to flight bookings to fraudulently steal frequent flyer points, affecting over 800 customer accounts during July and August 2024. While Qantas has restored the stolen points and suspended the involved contractors, the airline emphasized that this incident was not a result of a cyber attack but rather an abuse of access by employees.
7.ย Symbiotic Protocolโs X Account Hacked
The Symbiotic X staking protocol experienced a significant security breach on October 5, 2024, when its official account was hacked and used to promote a phishing site designed to deceive users. As of October 7, the compromised account was still active, leading unsuspecting users to a fraudulent link that claimed they could check their accumulated points. Upon clicking the link, users were directed to a site that mimicked the legitimate Symbiotic platform but was actually a trap aimed at draining their cryptocurrency wallets.
8.ย German Municipality Suffers Cyberattack
The Elbe-Heide municipality in Germany has temporarily limited access to its administration following a proactive measure to prevent a cyberattack. All digital systems were shut down, resulting in the suspension of digital processes, which has affected the availability of various municipal offices. Experts are currently assessing the situation and working diligently to check the systems to facilitate a safe restart. The municipality has requested the publicโs understanding during this challenging time as they prioritize security and the integrity of their operations.
9.ย Sterling Corporation hit By Data Breach
Sterling Corporation has alerted individuals about a recent data security incident that may have compromised personal information, including names and Social Security numbers. The breach was discovered on July 18, 2024, when the company noticed suspicious activity that disrupted access to parts of its cyber network. After promptly taking systems offline and engaging cybersecurity experts for investigation, Sterling confirmed on September 12, 2024, that personal information could be involved.
10.ย Name Badges LLC Notifies Customers of Breach
Name Badges, LLC has notified customers of a potential data security incident involving credit card information that occurred between December 6 and December 23, 2023. The company was alerted to the issue by its credit card processing partner on May 9, 2024, and promptly initiated an investigation, engaging a third-party cybersecurity firm to conduct a forensic review. Although the investigation revealed no evidence of misuse of personal information, Name Badges, LLC is notifying customers as a precautionary measure.
๐ข Cyber News
11.ย CISA Issues Guidance on Iranian Threats
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued crucial guidance to help U.S. political campaigns and officials counter escalating cyber threats from Iranian hackers. These threats are primarily linked to Iranโs Islamic Revolutionary Guard Corps (IRGC), which has been targeting senior government officials, think tank personnel, journalists, and lobbyists using phishing and social engineering tactics. The agencies warn that Iranian cyber actors often impersonate trusted contacts to direct victims to fake login pages, compromising their accounts.
12.ย New Australian Act Mandates Ransom Reporting
Australia is set to introduce its first standalone Cyber Security Act, proposed by Cyber Security Minister Tony Burke, which will mandate reporting of ransom payments and establish new standards for smart devices. This legislation is part of the 2023โ2030 Australian Cyber Security Strategy and aims to enhance the nationโs resilience against emerging cyber threats. Key features include a โsafe harbourโ provision that encourages organizations to report cyber incidents without fear of immediate regulatory repercussions, and increased government powers to address major flaws in risk management among critical infrastructure operators.
13.ย EU Strengthens Sanctions on Russian Hackers
The European Council has introduced a new sanctions framework targeting Russian nationals and organizations involved in malicious cyber activities, including election misinformation and disruptive cyberattacks. This initiative aims to address hybrid threats from Russia that threaten the fundamental values of the European Union and its member states. Sanctioned individuals and entities will face asset freezes and travel bans, while European citizens will be prohibited from financial transactions with these targets.
14.ย UN Says Asian Cybercrime Cartels Are Rising
A recent United Nations report highlights the alarming rise of cybercrime syndicates across Southeast Asia, which have formed powerful alliances with human traffickers, money launderers, and cryptocurrency services. These sophisticated cartels have adopted advanced technologies, generating significant profits, estimated between $18 billion and $37 billion in losses for victims in the region in 2023 alone. Operating from heavily fortified compounds, these groups engage in large-scale fraud, online scams, and other illegal activities with minimal law enforcement interference.
15.ย Cloudflare Buys Cloud Security Firm Kivera
Cloudflare has announced its acquisition of Kivera, a New York-based cloud security startup, aimed at minimizing cloud misconfigurations and enhancing overall security. This acquisition will integrate Kiveraโs technology into Cloudflare One, providing businesses with improved preventive controls to mitigate risks associated with cloud usage. Cloudflare CEO Matthew Prince highlighted the growing complexity of multi-cloud environments, noting that Kiveraโs real-time enforcement capabilities will help organizations avoid costly security breaches caused by human errors.
Copyright ยฉ 2024 CyberMaterial. All Rights Reserved.