Cyber Briefing - 2024.02.22
?? What's going on in the cyber world today?
谷歌 Cloud Run, Banking Trojan Distribution, Wi-Fi Authentication Flaws, Android, Linux, SSH-Snake Malware, SSH Credentials, Lateral Movement, Mustang Panda, Advanced PlugX Variant, Joomla! , XSS Vulnerabilities, RCE Prevention, CellPhone Outage, US, European Parliament, Change Healthcare , Ontario's Laurentian University/Université Laurentienne , Stratford-on-Avon District Council Worker, The White House , Port Cybersecurity, Cybersecurity Talent Shortage, 苹果 PQ3, Advanced Messaging Security, DoorDash , California Consumer Privacy Act Violations, Delinea , Fastpath Solutions, LLC , Enhanced Authorization Management.
Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
?? Cyber Alerts
??Security researchers warn of hackers leveraging Google Cloud Run to disseminate Astaroth, Mekotio, and Ousaban banking trojans, with campaigns primarily targeting Latin American countries. Cisco Talos observed a surge in misuse of the service, facilitated by phishing emails and malicious MSI installer files, enabling attackers to establish persistence on victims' systems and exfiltrate sensitive financial data. Astaroth, Mekotio, and Ousaban pose significant threats, employing advanced evasion techniques and targeting hundreds of financial institutions across multiple regions, underscoring the urgency for enhanced security measures to mitigate these risks.
Security experts have unveiled critical authentication bypass vulnerabilities in widely-used Wi-Fi software, posing serious risks to Android, Linux, and ChromeOS users. These flaws, designated as CVE-2023-52160 and CVE-2023-52161, enable attackers to deceive victims into connecting to malicious networks or gain unauthorized access to trusted networks, potentially leading to data interception and malware infiltration.
A newly discovered threat, SSH-Snake, employs a sophisticated approach to seek and utilize private keys, enabling lateral movement within victim networks undetected. Developed by Sysdig Threat Research Team, this "self-modifying worm" evades typical detection patterns, making it highly elusive while searching for and exploiting SSH credentials across breached systems.
Cybersecurity researchers have uncovered the activities of the China-linked threat actor, Mustang Panda, employing a sophisticated variant of the PlugX backdoor called DOPLUGS to target Asian countries, including Taiwan, Vietnam, and others. This customized malware serves as a downloader for PlugX, demonstrating a unique deployment tactic to evade detection. Through well-crafted spear-phishing campaigns, Mustang Panda leverages its arsenal of PlugX variants and other tools like Poison Ivy RAT to establish connections with compromised systems, underscoring the group's persistent and evolving threat landscape.
Five vulnerabilities in Joomla's content management system could lead to arbitrary code execution on affected websites. The issues, fixed in versions 5.0.3 and 4.4.3, range from inadequate MFA management to XSS flaws with the highest risk posed by CVE-2024-21725. While one XSS vulnerability, CVE-2024-21726, has moderate severity, it could still enable remote code execution if exploited cleverly, urging Joomla admins to apply updates promptly to mitigate risks.
A widespread cellphone outage affected major carriers including AT&T, T-Mobile, and Verizon in the US, with AT&T experiencing the largest number of issues, nearly 60,000 reports at 7:45 a.m. ET. The outage, impacting users from New York to Montreal, led to concerns as some police departments were unable to receive 911 calls, raising issues about public safety. Despite over 800 reported outages on T-Mobile and Verizon, the cause of the disruption remained unclear, prompting frustration among users and highlighting concerns about the reliability of the country's telecommunications infrastructure.
?Traces of hacking found on phones of EU Subcommittee members prompts urgent screening offer amid cybersecurity concerns. The European Parliament takes heightened measures due to the sensitive nature of the Subcommittee's portfolio, closely monitoring devices for potential threats. With elections looming, recent discoveries underscore the pervasive challenge of spyware infiltration across Europe's political landscape, raising alarm for democratic processes and privacy breaches.
领英推荐
Change Healthcare, a leading U.S. healthcare technology company, confirmed a cyber attack causing a network interruption. Immediate action was taken to disconnect systems, but the disruption is expected to last throughout the day. Local pharmacies, including Scheurer Health in Michigan, are experiencing outages affecting prescription processing, highlighting the widespread impact of the incident.
Laurentian University faces IT disruption post-cyberattack, sparking privacy concerns and hindering various services. Students express frustration over lack of communication and worry about submission deadlines and payments amidst website outage. University assures efforts underway to restore systems.
A former employee of the Stratford-on-Avon District Council has confessed to unlawfully accessing 79,000 residents' email addresses from a database for personal gain, leading to a significant data breach. This breach occurred in November of the previous year and impacted databases related to garden waste collection, as well as those of another council. Following an investigation, the individual, who is no longer associated with the council, was cautioned by the police under the Data Protection Act 2018.
?? Cyber News
?The recent executive order issued by the White House aims to strengthen cybersecurity measures at maritime ports in response to escalating cyber threats, particularly from China-linked hacking groups. With over $20 billion slated for port infrastructure improvements and expanded authority for the U.S. Coast Guard, the initiative underscores the urgent need to safeguard critical maritime assets against potential cyberattacks. This proactive approach seeks to mitigate risks to national security and economic stability posed by cyber intrusions targeting vital supply chain networks.
A recent report from Kaspersky highlights that over 40% of companies worldwide are struggling to fill critical cybersecurity roles, especially in information security research and malware analysis. The shortage is particularly acute in Europe, Russia, Latin America, and the Asia-Pacific region. Despite efforts to attract talent with high salaries and better working conditions, innovative solutions are urgently needed to address this shortfall and strengthen cybersecurity resilience against evolving threats.
?Apple introduces PQ3, a cutting-edge post-quantum cryptographic protocol for iMessage, ensuring robust protection against potential quantum computing threats. With PQ3, iMessage achieves 'level 3' security, distinguishing itself by limiting decryption capabilities even if an encryption key is compromised, and automatically updating post-quantum keys for ongoing protection.
?California's Attorney General reached a settlement with DoorDash, accusing the food delivery giant of unlawfully selling consumers' personal data without notice or consent, violating the state's stringent privacy law. The settlement highlights the importance of compliance with the California Consumer Privacy Act (CCPA), emphasizing that businesses must respect consumers' privacy rights. DoorDash agreed to pay a $375,000 civil penalty, review vendor agreements for data sharing, and provide annual reports to the Attorney General's office, marking the second CCPA enforcement settlement under Attorney General Bonta's tenure.
California's Delinea expands its portfolio with the acquisition of identity governance and administration provider Fastpath, positioning itself as a leader in managing authorization across various IT environments. The move underscores Delinea's commitment to providing robust solutions for securing modern, distributed infrastructures and applications. With this acquisition, Delinea aims to offer unparalleled insights and control over user access and privileges, reinforcing its position in the privileged access management market.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: