Cyber Briefing - 2023.12.11

?? What's happening in cybersecurity today?

AutoSpill Attack, Android Password Managers, Pool Party, GuLoader Malware, 5Ghoul Bugs, 高通 联发科技 Chips, 麦当劳 Cyber Attack, LivaNova , 澳大利亚卧龙岗大学 , AI Act Agreement, European Union Agency for Cybersecurity (ENISA) and Cybersecurity and Infrastructure Security Agency Partnership, Privilege Escalation Exploits.

Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .

?? Cyber Alerts

1. AutoSpill Threatens Android Password Managers

?Security researchers at the International Institute of Information Technology (IIIT) unveiled AutoSpill, a new attack targeting Android password managers during autofill operations. The exploit works by capturing auto-filled credentials on Android apps, even without JavaScript injection, due to weaknesses in Android's handling of auto-filled data, potentially allowing rogue apps to capture user credentials without detection.

2. EDR Bypass with Pool Party

SafeBreach researchers introduced Pool Party, a novel process injection technique evading major EDR solutions. Exploiting Windows thread pools, they discovered eight undetectable injection techniques, achieving a 100% success rate against Palo Alto Cortex, SentinelOne EDR, CrowdStrike Falcon, Microsoft Defender for Endpoint, and Cybereason EDR.

3. GuLoader Enhances Anti-analysis Techniques

GuLoader malware utilizes evolving anti-analysis techniques, making it challenging for threat hunters. The advanced shellcode-based downloader employs sophisticated obfuscation methods and is distributed through phishing campaigns.

4. Android 14, 13 Lock Bypass Bug Found

A lock screen bypass bug in Android 14 and 13 was discovered by security researcher Jose Rodriguez, allowing potential exposure of sensitive data in users' Google accounts. Despite reporting the issue to Google in May, Rodriguez claims the tech giant has been aware of the vulnerability for at least six months and has yet to address it, posing a potential security risk for affected users.

5. Ghoul Bugs Affect Qualcomm MediaTek

?A set of vulnerabilities, named 5 Ghoul, has been discovered in the firmware of 5G mobile network modems from major vendors like Qualcomm and MediaTek. These flaws, affecting Android and iOS devices, can be exploited by threat actors to block connections, freeze connections, or downgrade 5G to 4G, potentially impacting 714 smartphones from 24 vendors.

?? Cyber Incidents

6. McDonald's Cyber Attack Doubted

Hacker groups LulzSec, ByteVigilante, and Moroccan Black Cyber Army claim responsibility for hacking McDonald's, but skepticism arises within the hacker community due to a lack of evidence. Cyber vigilantes demand proof for the alleged McDonald's data breach, questioning the credibility of the hacking groups' assertions.

7. LivaNova Faces Major Data Breach

LivaNova PLC, a major US healthcare device manufacturer, is reportedly grappling with a malicious cyberattack by the notorious LockBit ransomware group, as revealed on December 9, 2023. The group asserts its successful breach of LivaNova's systems, compromising a staggering 2.2 terabytes of sensitive data. The extensive information includes critical details such as product specifications, employee data, financial documents, client information, and patent details, raising concerns among cybersecurity experts and industry observers about the potential impact on the healthcare sector. As of now, LivaNova is yet to release an official statement, leaving the claims unverified and the situation closely monitored by the cybersecurity community.

8. UoW Reports Data breach

The University of Wollongong confirms a data breach, acknowledging the likelihood of data access. Investigations are underway, and external experts have been engaged, with regulatory bodies notified and a commitment to transparent communication with staff and students.

9. Norton Healthcare Discloses Ransomware Breach

?Kentucky health system Norton Healthcare discloses a data breach resulting from a ransomware attack on May 9, 2023. Patient, employee, and dependent data, including personal and health information, were compromised, leading to a two-year credit monitoring offer for affected individuals.

10. Hinsdale Schools Hit by Ransomware

?Hinsdale school district in New Hampshire faces a ransomware attack, initiating recovery efforts with cybersecurity experts and insurance provider Primex. Students and staff laptops have been collected for a forensic evaluation, with a focus on restoring administrative and instructional functions gradually.

?? Cyber News

11. HSBC Advances Quantum Protection in Finance

HSBC, in collaboration with Toshiba, BT, and AWS, has employed quantum protection methods to secure a €30 million foreign exchange transaction, marking a global first. With the rise of quantum computing threatening current encryption, HSBC proactively addresses potential quantum cyber attacks. The bank utilized quantum key distribution, leveraging particles of light to deliver secret keys for encryption, ensuring the security of high-value transactions in the face of emerging quantum threats.

12. Europe Seals AI Act Deal

?European lawmakers reach historic AI Act compromise, marking global regulatory leadership. The deal sets penalties for noncompliance and introduces measures on transparency, disclosure, and limits on certain AI applications.

13. FBI Delays Cyber Event Reports

?The FBI issues procedures for publicly traded companies to seek delays in reporting material cybersecurity incidents, as mandated by the U.S. Securities and Exchange Commission's rules starting from December 18. The rules require companies to determine the materiality of a cyber incident and disclose it within four business days, with potential extensions for incidents impacting public safety or national security, subject to Department of Justice approval.

14. ENISA and CISA Strengthen Cyber Cooperation

The European Union Agency for Cybersecurity (ENISA) and the US Cybersecurity and Infrastructure Security Agency (CISA) have inked a Working Arrangement, aiming to strengthen cooperation on capacity-building, best practices exchange, and situational awareness. In an era of escalating cyber threats and geopolitical complexity, collaboration between the EU and the US becomes crucial to fortify cybersecurity, protect critical infrastructure, and enhance digital resilience. The Working Arrangement focuses on systematic information sharing to improve shared awareness, marking a significant milestone in transatlantic cyber cooperation.

15. Insider Threats Exploiting Privilege

?Insider threats are escalating, with 55% of incidents relying on privilege escalation exploits, according to a Crowdstrike report. The study, based on data from January 2021 to April 2023, highlights that insiders leverage vulnerabilities to gain unauthorized access, causing both malicious and non-malicious incidents. With significant financial implications, insider attacks cost an average of $648,000 for malicious and $485,000 for non-malicious events, emphasizing the urgency for robust cybersecurity measures to counteract this growing threat.

Subscribe and Comment.

Copyright ? 2023 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .