π What’s going on in the cyber world today?
KTLVdoor Malware, Earth Lusca, Revival Hijack, PyPI, Packages, Malicious Code, North Korea, Fake App, FreeConference, EUCLEAK, YubiKey, Clone, Security Keys, Cisco, Smart Licensing Utility, Planned Parenthood, RansomHub Attack, WS Audiology, Patient Data, Employee Data, UK, Tewkesbury Borough Council, Cyberattack, ProPark Mobility, Hospital Sisters Health System, US, Election Interference, Crackdown, Russia, Initial Access Brokers, $2 Billion, Revenue, Palo Alto Networks, IBM, QRadar, $500 Million, Irish Data Protection Commission, X, AI Training, Nigerians Sentenced, Business Email Compromise, Fraud
Listen to the full podcast
π¨Β Cyber Alerts
VMware has disclosed a critical vulnerability in its VMware Fusion product, identified as CVE-2024-38811, which allows attackers to execute malicious code. Affecting VMware Fusion 13.x versions on macOS, this flaw stems from an insecure environment variable, giving attackers the ability to exploit the system with standard user privileges. With a CVSSv3 score of 8.8, the vulnerability is classified as important and poses a significant risk, as it does not require elevated privileges for exploitation.
Cybersecurity researchers from Palo Alto Networks have identified a new attack that compromises GlobalProtect VPN software to deliver the WikiLoader malware on Windows systems. The attack, discovered in June 2024, involves poisoning GlobalProtect-themed search engine optimization (SEO) to direct users to fake installer pages. Once installed, the malware executes a complex attack chain, including DLL injection and command and control (C2) communication via compromised WordPress sites and MQTT brokers.
Cybercriminals are targeting Malaysiaβs rapidly growing digital services with a variant of the SpyNote remote access trojan (RAT) and spyware. Disguised as fake apps such as promo.apk and delivery.apk, the malware is being distributed to unsuspecting users, exploiting the countryβs increasing reliance on e-commerce, food delivery, ride-hailing, and digital payment platforms. While the exact distribution method remains unclear, it is believed that the malware spreads through malicious website redirects or SMS phishing.
On September 3, 2024, Swan Bitcoin CEO Cory Klippsten alerted users to a new phishing scam targeting the platform. The scam involves fraudulent βData Breach Noticeβ emails, exploiting data leaks from 2022 involving Klaviyo and HubSpot. Klippsten clarified on X (formerly Twitter) that these emails are fake and that Swan Bitcoin has not experienced any data breach. He emphasized that Swan Bitcoin will never ask users to transfer Bitcoin and advised vigilance against such scams.
On September 3, 2024, Google rolled out two updates for Chrome 128, addressing a total of six high-severity vulnerabilities reported by external researchers. The initial update, released last week, resolved four critical memory safety flaws, including type confusion issues and heap buffer overflows in the V8 JavaScript engine and Skia graphics library. The most recent update fixed an additional four vulnerabilities, including a use-after-free in WebAudio and an out-of-bounds write in V8.
π₯ Cyber Incidents
Transport for London (TfL) has reported a cyberattack affecting its internal systems but assures the public that there is no impact on its services. On September 2, 2024, TfL announced that it is dealing with an ongoing cyber security incident and has introduced several security measures to protect its systems. The organization is working closely with government cyber security agencies, including the National Crime Agency and the National Cyber Security Centre, to manage the situation.
On August 30, 2024, the Australian Cancer Research Foundation (ACRF) informed its donors of a data security incident involving unauthorized access to its network and email inboxes. The breach occurred when a fraudulent email from a known contact enabled a malicious actor to temporarily access employee email accounts. The compromised information may include contact details, donor IDs, payment histories, and potentially sensitive personal data such as health information. The ACRF has engaged cybersecurity experts and informed relevant authorities, including the Office of the Australian Information Commissioner and the Australian Cyber Security Centre.
The Police Ombudsman for Northern Ireland (PONI) has issued an apology following an accidental data breach that exposed the personal details of 160 current and former staff members. The breach occurred when a document containing the names, initials, and employment statuses of staff from May 2022 was inadvertently sent to 22 individuals involved in a recruitment process. The leaked document, which included detailed personal information, was shared by mistake and has since been reported to the Information Commissionerβs Office.
CBIZ, a major business services firm, has disclosed a data breach affecting nearly 36,000 clients. The breach, which occurred between June 2 and June 21, 2024, involved unauthorized access to client information due to a vulnerability in one of its web pages. Stolen data includes names, contact details, Social Security numbers, dates of birth, and health and welfare plan information. While there is no evidence that the stolen data has been misused, CBIZ has advised affected clients to enroll in credit monitoring and identity theft protection services and to consider placing a credit freeze or fraud alert.
On September 1, 2024, Tracelo, a smartphone geolocation tracking service, suffered a significant data breach, resulting in the leak of personal information for over 1.4 million individuals. The hacker, known by the alias βSatanic,β released the data on Breach Forums, which includes details from both Traceloβs customers and the people they tracked. The exposed data comprises names, contact details, and subscription information. Notably, while the breach did not include exact location data, it has raised concerns about privacy and the potential for phishing and vishing attacks.
π’ Cyber News
In a significant move to enhance cybersecurity, the Michigan Department of Environment, Great Lakes, and Energy (EGLE) is leading an initiative to improve preparedness and response among the state’s drinking water and wastewater treatment operators. Announced on September 3, 2024, this effort, part of National Preparedness Month, involves collaboration with the Michigan Cyber Command Center (MC3), Michigan State Police, and the Michigan Department of Technology, Management, and Budget (DTMB). EGLE is providing operators with free security awareness training, educational resources, and access to an online library of technical guides.
Clearview AI, a controversial facial recognition company, has been hit with its largest GDPR fine to date, totaling β¬30.5 million, by the Netherlandsβ data protection authority, Autoriteit Persoonsgegevens (AP). The fine stems from Clearview’s unauthorized collection of biometric data and failure to comply with EU privacy laws, including data access requests. The AP’s decision also includes a potential additional penalty of up to β¬5.1 million for continued non-compliance. The regulator is also exploring holding Clearviewβs executives personally liable for the violations, reflecting growing concerns over the company’s repeated disregard for European data protection standards.
On July 1, 2024, Germany enacted stricter regulations under Section 393 SGB V for processing health data using cloud-computing services. This new law mandates that health and social data be processed within Germany, the EU, or EEA member states, or in third countries with an adequacy decision by the European Commission. The law requires cloud services to meet high security standards, including obtaining a current C5 certificate from the German Federal Office for Information Security. While these regulations aim to enhance data security, they could significantly impact medical research projects involving health data, such as non-interventional studies and post-market clinical follow-ups, by imposing additional compliance burdens.
Three men in the UK have been convicted for running a fraudulent website that exploited banking security systems during the COVID-19 lockdown. Callum Picari, Vijayasidhurshan Vijayanathan, and Aza Siddeeque operated the site, which enabled criminals to bypass multi-factor authentication by tricking individuals into revealing one-time passcodes. The site, which was seized by the National Crime Agency (NCA) in March 2021, offered subscription services that facilitated fraud across major banks, including HSBC and Lloyds.
The ransomware crisis has intensified significantly in the second quarter of 2024, with new threat groups like PLAY, Medusa, and RansomHub driving a 16% increase in attacks compared to the previous quarter, and an 8% rise from the same period last year, according to Corvus Insurance. The average ransomware demand has surged to $1,571,667, marking a 102% increase and the highest figure since Q2 2022, while the average payout has also reached a record $626,415.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
