π What’s the latest in the cyber world today?
Google, Cloud Platform, Remote Code Execution, Tenable, CISA, Windows, Zero-Day, Attacks, Apple, iOS 18, Flaws, D-Link, WiFi 6, Routers, Mesh Systems, Critical Flaws, Selenium Grid, Exploit Kits, Delta Prime, DeFi Platform, $6 Million, Hack, Japan, Yokohama National University, Server Breach, External, Attacks, JTEKT STINGS, Online Shop, Ransomware, ServiceNow, Sensitive Data, Leak, AppOmni, Kittle’s Home Furnishing, Indiana, Personal Information, US, Sanctions, Intellexa, Consortium, Spyware, Federal Agencies, FOCAL Plan, Phishing Scheme, NASA, New South Wales, Government, Job Cuts, UK, Ransom, Payments
Listen to the full podcast
π¨Β Cyber Alerts
Google recently patched a critical vulnerability in its Cloud Platform (GCP) Composer, which could have allowed attackers to execute remote code through a dependency confusion exploit. This flaw, named CloudImposer by Tenable Research, involved the package manager retrieving a malicious package from a public repository like PyPI instead of an internal one, granting attackers elevated permissions. The attack could have led to unauthorized code execution and credential theft.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to U.S. federal agencies about a recently patched Windows MSHTML zero-day vulnerability (CVE-2024-43461) that has been actively exploited by the Void Banshee APT hacking group. This flaw, part of an exploit chain with another MSHTML vulnerability, allows attackers to execute arbitrary code by tricking users into interacting with maliciously crafted files or websites.
Apple has released a significant update for iOS 18, addressing over 33 security vulnerabilities that impacted iPhones and iPads. The update fixes critical issues across several core components, including accessibility features, Bluetooth, Control Center, and Wi-Fi. Notable fixes include preventing Siri from accessing sensitive data or controlling nearby devices without authentication, and resolving a Control Center bug that allowed screen recording without an indicator. The update also addresses a Bluetooth vulnerability that bypassed device pairing, a kernel issue leaking network traffic outside VPN tunnels, and several Safari sandbox bypasses.
D-Link has addressed critical security vulnerabilities in several of its popular WiFi 6 routers, including the DIR-X4860, DIR-X5460, and COVR-X1870. The flaws, discovered by CERT (TWCERT) on June 24, 2024, include severe issues such as stack-based buffer overflows and unauthorized access via hardcoded credentials, potentially allowing remote code execution and unauthorized device control. In response, D-Link has released firmware updates to patch these vulnerabilities.
Hackers are exploiting vulnerabilities in Selenium Grid, a popular tool for automating web applications, to deploy a range of malicious payloads including exploit kits, cryptominers, and proxyjackers. The tool’s default lack of authentication has made it an appealing target for attackers aiming to compromise systems and gain unauthorized access. By injecting base64-encoded scripts and manipulating configuration settings, these attackers can execute arbitrary commands and install malicious software, posing significant risks to organizations that rely on Selenium Grid for testing and automation.
π₯ Cyber Incidents
Delta Prime, a decentralized finance (DeFi) platform, has suffered a major security breach resulting in a loss of approximately $6 million worth of stablecoins. The attack, which began with an initial theft of around $4.5 million, saw the stolen funds swapped for ETH by the attackers. The breach exploited a private key vulnerability, granting hackers control over the platform’s admin wallet and allowing them to manipulate proxy contracts to drain funds from Delta Prime’s pools on the Arbitrum chain. This incident follows a recent $230 million hack at WazirX and highlights ongoing security risks in the cryptocurrency sector.
Yokohama National University in Japan has reported a security breach involving a laboratory server used for numerical calculations. On September 5, 2024, an external agency alerted the university about suspicious activity originating from the server’s IP address. An investigation revealed that unauthorized access through an SSH server had been exploited, turning the server into a platform for external attacks. The compromised server was swiftly disconnected from the network, and while the university is still investigating the incident, it has confirmed that no confidential or personal information was stored on the affected system.
The official online shop for Japan’s JTEKT STINGS volleyball team has been impacted by a ransomware attack targeting Kantsu Co., Ltd., a subcontractor responsible for warehouse management under the HYP Group. Reported on September 14, 2024, the breach has potentially exposed customer details including names, addresses, phone numbers, email addresses, payment methods, dates of birth, gender, and purchased products. While sensitive payment data such as credit card numbers were not compromised, the online shop has been temporarily closed as a precaution.
Over 1,000 ServiceNow instances have been found leaking sensitive corporate Knowledge Base (KB) data, revealing a significant security vulnerability. The misconfigured instances, identified by cybersecurity firm AppOmni, exposed a range of critical information, including personally identifiable information (PII), internal system details, and user credentials. Despite updates in 2023 aimed at improving Access Control Lists (ACLs), these vulnerabilities persist due to reliance on less secure user criteria permissions.
Kittle’s Home Furnishing Inc., based in Indiana, has reported a significant data security incident affecting personal information. On February 17, 2023, the company experienced a network breach that led to unauthorized access to sensitive documents. Following a comprehensive investigation, Kittle’s confirmed that the compromised data includes full names, addresses, Social Security numbers, dates of birth, driverβs license details, health insurance information, and medical records. As of August 12, 2024, the company has verified the current addresses of impacted individuals.
π’ Cyber News
The U.S. Treasury Department has intensified its crackdown on spyware with new sanctions targeting the Intellexa Consortium, a major player in commercial surveillance technology. Announced on September 16, 2024, these sanctions affect five individuals and one entity linked to Intellexa, which is known for its Predator spyware. This spyware has been implicated in serious privacy breaches, including targeting U.S. officials and journalists. The sanctions block all U.S. assets of the designated individuals and entities and warn that transactions involving them may lead to further penalties.
The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan, a strategic framework designed to bolster cybersecurity across over 100 federal agencies. The FOCAL Plan aims to unify efforts in addressing key cybersecurity priorities, including asset management, vulnerability management, defensible architecture, cyber supply chain risk management, and incident detection and response. By standardizing these critical components and fostering a collaborative defense approach, CISA intends to enhance resilience and reduce risks associated with federal networks.
U.S. federal prosecutors have indicted Wu Song, a 39-year-old employee of China’s Aviation Industry Corporation, for a years-long phishing campaign targeting NASA and U.S. military technology. The indictment, unsealed on September 16, 2024, accuses Song of attempting to steal critical aerospace and computational software, including NASA’s CBAero and the Direct Simulation Monte Carlo Analysis Code, which are crucial for missile development and aerodynamic design.
Despite the growing prevalence of cyber threats, including ransomware and data breaches, the New South Wales (NSW) government is set to cut at least 14 cybersecurity positions within Cyber Security NSW. This decision, part of a broader budget realignment, will impact ongoing staff and involve the elimination of six unfilled roles and one temporary position. The NSW Department of Customer Service has announced that it will consult with employees and the Public Service Association (PSA) union regarding the restructuring.
A recent study from Cohesity has highlighted a concerning trend in the UKβs approach to ransomware attacks. The research, which surveyed over 3,100 IT and security decision-makers across eight countries, reveals that 53% of UK organizations fell victim to ransomware in the past yearβa significant increase from 38% in 2023. Notably, 59% of these victims chose to pay the ransom, despite the majority having policies against such payments. The willingness to pay underscores a broader global issue, with 67% of worldwide respondents experiencing ransomware attacks and 83% indicating they would pay.
Copyright Β© 2024 CyberMaterial. All Rights Reserved.
