π What’s trending in cybersecurity today?
Microsoft, Patch Tuesday, Exploited Bugs, Crimson Palace, China, Cyberespionage, CosmicBeetle, RansomHub, ScRansom, Ransomware, Ivanti, Endpoint Manager, Vulnerabilities, TDSSKiller, EDR Software, KemperSports, Breach, Personal Information, New Jersey, Local 1964, Hack, Personal Health Information, Delhi Capitals, Twitter, Indian Premier League, Cyber Attack, Indodax Exchange, Hack, Hot Wallets, Deepfake, Tim Cook, Cryptocurrency, Scam, US, Department of Commerce, Scale, Tool, Supply Chain Risks, UK, National Crime Agency, Cybercrime, Surge, Australia, Children, Social Media, Ban, Namibia, Cybercrime Bills, Ford, Patent, In-Car Ad Tech
Listen to the full podcast
π¨Β Cyber Alerts
Microsoft has released its September 2024 Patch Tuesday update, addressing a total of 79 security vulnerabilities across its platforms. This includes patches for three actively exploited Windows flaws: CVE-2024-38014, an Elevation of Privilege vulnerability; CVE-2024-38217, a Mark-of-the-Web Security Feature Bypass; and CVE-2024-38226, a Microsoft Publisher Security Feature Bypass. Additionally, the update covers CVE-2024-43491, a critical Remote Code Execution vulnerability related to Windows Update, which has been flagged due to its rollback of previous fixes.
The Crimson Palace cyberespionage campaign has intensified, with Chinese state-directed attackers targeting government and public service organizations across Southeast Asia. After a brief period of dormancy, Sophos X-Ops has identified a resurgence of activity from threat clusters Cluster Bravo and Cluster Charlie. The latter has adopted new techniques, including the use of web shells and open-source tools like Havoc and SharpHound, to re-establish and extend their foothold.
CosmicBeetle, a notorious threat actor, has unveiled a new custom ransomware strain named ScRansom, targeting small- and medium-sized businesses (SMBs) across Europe, Asia, Africa, and South America. This new ransomware replaces CosmicBeetle’s previous tool, Scarab, and represents a significant shift in their malicious toolkit. In addition to deploying ScRansom, CosmicBeetle is believed to be working with the RansomHub group, leveraging their infrastructure for enhanced attack capabilities.
Ivanti has released critical security updates for Endpoint Manager (EPM) to address multiple vulnerabilities, including ten severe flaws that could enable remote code execution. Among the issues is CVE-2024-29847, a deserialization vulnerability with a CVSS score of 10.0, allowing unauthenticated attackers to execute code remotely. Other vulnerabilities include several SQL injection flaws with CVSS scores of 9.1, which could be exploited by authenticated users with admin privileges.
The RansomHub ransomware group has recently been observed exploiting Kaspersky’s TDSSKiller tool to disable endpoint detection and response (EDR) software on compromised systems. TDSSKiller, originally designed to detect and remove rootkits and bootkits, is being used by the attackers to neutralize advanced security measures by interacting with kernel-level services. Following the disruption of EDR defenses, RansomHub deploys the LaZagne tool to harvest credentials from various databases, facilitating further lateral movement within the network
π₯ Cyber Incidents
KemperSports, a prominent golf course management and hospitality firm, has disclosed a significant data breach affecting over 62,000 individuals. The company informed the Maine Attorney General’s Office that it detected suspicious activity on its network starting April 1, 2024. Subsequent investigations revealed unauthorized access to systems containing sensitive personal information, including names and Social Security numbers. Although KemperSports has not confirmed misuse of the stolen data, affected individuals are being offered one year of free credit monitoring and identity restoration services.
New Jersey’s Local 1964, including the International Longshoremen’s Association (ILA) Health & Insurance Fund and Retirement Fund, has reported a significant data security incident affecting its members. The breach, which involved unauthorized access to files between March 27, 2024, and May 27, 2024, was discovered following a network disruption on May 28, 2024. Affected data may include names, Social Security numbers, dates of birth, health information, and financial account details.
In a concerning series of cyber incidents, both the Delhi Capitals and Rajasthan Royals, prominent teams in the Indian Premier League (IPL), experienced Twitter account hacks on September 10, 2024. The attack on the Delhi Capitals’ account was followed by a similar breach of the Rajasthan Royals’ handle, with both incidents involving the posting of suspicious and misleading content. From the Rajasthan Royals’ account, links to a cryptocurrency platform named “Radium” were shared, mirroring the earlier hack of the Delhi Capitals.
On September 11, 2024, Indonesian crypto exchange Indodax suspended its operations following a significant cyberattack that resulted in an estimated $22 million loss. The breach, targeting Indodax’s hot wallets, led to the theft of various cryptocurrencies, including Bitcoin, Ether, Tron, Polygon, and Shiba Inu. Investigations by blockchain firms like PeckShield, Cyvers, and SlowMist revealed the attacker exploited vulnerabilities in the withdrawal system and signature machine.
On September 9, 2024, during Appleβs highly anticipated “Glowtime” event, scammers exploited the occasion by using a deepfake video of Apple CEO Tim Cook to promote a cryptocurrency scam. The fraudulent live stream, which attracted over 355,000 viewers, featured an AI-generated version of Cook endorsing a scheme to double investments in Bitcoin and Ethereum. The video, which has since been removed, included a fake QR code leading to a malicious website designed to trick users into sending cryptocurrency to the scammers.
π’ Cyber News
The U.S. Department of Commerce has introduced a new tool called “Scale” designed to address and analyze supply chain risks across various industries. Announced on September 10, 2024, during a supply chain summit, the tool utilizes over 40 indicators in three categoriesβgeopolitical, logistical, and technologicalβto provide comprehensive diagnostic assessments. Commerce Secretary Gina Raimondo highlighted the tool’s extensive scope and its focus on structural and systemic risks rather than real-time disruptions. The Scale tool aims to enhance federal oversight of supply chain security and will contribute to the Department’s broader efforts to build resilience and stability in critical industries.
The National Crime Agency (NCA), once hailed as Britain’s elite force against organized crime, including cybercrime, is currently facing a severe crisis. According to a recent Spotlight on Corruption report, the NCA is “on its knees” due to a significant “brain drain,” with nearly 20% of its cyber capacity lost annually. The report attributes this to a broken pay system, leading to inflated costs as the agency relies on temporary labor and consultants, now comprising over 10% of its budget. The report calls for urgent reform and increased investment to ensure the NCA can effectively combat the rising threats of cybercrime, which has surged due to the growth of online commerce and connectivity.
Australian Prime Minister Anthony Albanese has announced plans to introduce legislation aimed at banning social media use for children under a certain age, likely between 14 and 16. In a recent interview with the Australian Broadcasting Corp., Albanese highlighted concerns over the negative impact of social media on young users and stated that the government would begin by testing age verification technology later this year. While social media giants like Meta already enforce a minimum age requirement of 13, they advocate for empowering young users through parental controls rather than imposing outright bans.
Namibia is making significant strides in bolstering its digital security infrastructure with the imminent completion of its Data Protection and Cybercrime Bills. Announced by Minister of Information and Communication Technology Emma Theofelus during the 8th National ICT Summit, these bills are designed to safeguard citizens’ personal information amid rapid technological advancements. Theofelus emphasized the necessity of a robust framework to navigate the evolving digital landscape, highlighting the importance of digital transformation in enhancing government services and fostering sustainable development.
Ford Motor Company is seeking a patent for innovative technology designed to enhance in-car advertising by listening to conversations among vehicle occupants. According to the patent application published on August 29, the system, termed βin-vehicle advertisement presentation,β aims to tailor ads based on real-time conversations, the vehicle’s location, and travel data. By analyzing audio signals and historical data, the technology would customize advertisements to drivers, predicting routes and destinations to deliver relevant ads.
Β 
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
