Cyber Briefing - 2024.02.27
?? What's the latest in the cyber world today?
The White House , Memory-Safe Languages, Brands Domains Hijacked, Spam Operation, Travelers, Booking.com Email Scam, Agent Tesla, Critical SQLi Flaw, WordPress Plugin, New IDAT Loader, Remcos RAT, Steganography, 蒂森克虏伯 Automotive, 沃尔玛 's Spark Driver, Data Breach, 微策略 's X Account Hacked, Ethereum Airdrop Scam, Hamilton, Ontario, Municipal Services, South Carolina's Hampton School District, U.S. National Institute of Standards and Technology (NIST) , Cybersecurity Framework, UK's National Cyber Security Centre , Cyber Governance Guidance, UK's Privacy Watchdog, Serco , Employee Biometric Tracking, Myanmar Scam Syndicate, Florida Man, Cyber Conspiracy.
Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
?? Cyber Alerts
??The White House Office of the National Cyber Director (ONCD) calls on tech firms to embrace memory-safe programming languages like Rust to enhance software security by mitigating memory safety vulnerabilities. These vulnerabilities, common for decades, pose significant risks such as unauthorized data access and code execution by threat actors, necessitating urgent action to address the root causes. ONCD's report aligns with President Biden's cybersecurity strategy, urging software vendors to take responsibility for defending cyberspace by adopting more secure programming practices.
Guardio Labs uncovers a sophisticated spam and click monetization scheme dubbed SubdoMailing, hijacking thousands of domains and subdomains from legitimate brands. Coordinated by threat actor ResurrecAds, the campaign leverages trusted domain names to circulate millions of spam and phishing emails daily, evading standard security measures. With deceptive tactics and adept evasion of email authentication methods like SPF, DKIM, and DMARC, the operation seeks to generate maximum clicks and profit for its ad network clients.
With the onset of a new travel season, attackers are tailoring their tactics, leveraging popular travel-related service providers like Booking.com to distribute Agent Tesla malware, as uncovered by Forcepoint researchers. Utilizing emails impersonating legitimate inquiries, attackers trick recipients into opening infected PDF attachments, ultimately deploying obfuscated JavaScript to download and execute the malicious payload. Agent Tesla, a notorious RAT, enables attackers to conduct data theft and execute commands on compromised Windows systems, posing a significant threat to travelers and organizations alike.
A critical SQL injection flaw in Ultimate Member plugin (CVE-2024-1071, CVSS 9.8) poses a serious threat to 200,000 installations, enabling attackers to pilfer sensitive data. Defiant warns of the flaw stemming from insecure query functionality, leaving databases vulnerable. Users urged to update to version 2.8.3 to patch the exploit and fortify their sites against potential breaches.
Ukrainian entities in Finland face a targeted cyber assault distributing the Remcos RAT via the IDAT Loader, as revealed by the Computer Emergency Response Team of Ukraine (CERT-UA). Employing steganography within the IDAT Loader, attackers obscure their payloads, complicating defense efforts against the intrusion. The campaign, linked to a threat actor known as UAC-0184, underscores the evolving tactics of cyber adversaries seeking to infiltrate critical infrastructure and institutions.
ThyssenKrupp's Automotive division fell prey to hackers, prompting a shutdown of IT systems. As a pivotal player in global steel production and a cornerstone of numerous industries, the firm swiftly contained the threat, affirming its commitment to security and resilience.
?Wal-Mart's delivery platform, Spark Driver, faced a data breach, compromising sensitive consumer information like names, Social Security numbers, and driver's license details. Following the breach, Spark Driver initiated an investigation and started notifying affected individuals through breach notification letters, urging them to take necessary precautions. If you've received such a notification, it's crucial to understand the risks and seek legal advice to safeguard against potential fraud or identity theft.
MicroStrategy's X account fell victim to a hack, leading to a fraudulent Ethereum-based MSTR token airdrop. Users directed to a fake MicroStrategy webpage unknowingly granted permissions, resulting in significant losses exceeding $440,000, according to blockchain experts.
Hamilton, Ontario grapples with a cyber attack, causing widespread disruptions to phone, email, and transit services, escalating from a disruption to a cyber incident. As experts investigate the cause, the city assures residents of prioritized response efforts to safeguard systems and sensitive information, emphasizing transparency and collaboration with cybersecurity experts to mitigate impacts swiftly.
The Hampton County School District in South Carolina combats a sophisticated scam with law enforcement's aid, safeguarding against financial loss. Enhanced cybersecurity training and vendor process review are slated for added protection.
?? Cyber News
?The U.S. National Institute of Standards and Technology (NIST) has released a major update to its Cybersecurity Framework, emphasizing governance and risk management for organizations of all sizes. The revised framework encourages a dynamic approach to cybersecurity, with continuous updates and a focus on establishing cybersecurity strategies from the C-suite down to managerial levels. With added emphasis on governance, the framework provides organizations with a voluntary model to prioritize cybersecurity actions, fostering continuous improvement and adaptability to evolving cyber threats.
The UK's National Cyber Security Centre emphasizes the critical role of boardrooms in cyber-risk management, advocating for proactive engagement and understanding of cybersecurity governance. Ahead of the rollout of the Cyber Governance Training Pack for Boards, decision-makers are urged to prioritize cybersecurity and leverage technology to drive organizational agendas and deliver value. NCSC's initiatives aim to empower boards with knowledge and practical guidance to navigate evolving cyber threats and ensure effective risk management strategies.
?Serco Leisure, a UK-based company managing numerous leisure centers, ordered to cease using facial recognition and fingerprint scanning for employee attendance tracking. The UK's Information Commissioner's Office found the company unlawfully processing biometric data of over 2,000 employees, leading to a violation of the UK General Data Protection Regulation. The company faces no fines but must comply with the enforcement notice and cease biometric data processing immediately.
?Investigators track $100 million in crypto payments to a Myanmar scam syndicate, revealing the lucrative business of romance scams and ransom extortion. The joint investigation by Chainalysis and International Justice Mission exposes operations within the notorious KK Park, shedding light on the intersection of cyber fraud and human trafficking. As the cryptocurrency ecosystem takes action, concerns over the exploitation of vulnerable workers intensify, prompting global attention to the growing menace of pig butchering scams.
Timothy Burke of Florida faces serious charges, including conspiracy and unauthorized access to protected computers, potentially leading to a lengthy prison sentence. Accused of exploiting compromised credentials, Burke and an unnamed conspirator accessed systems of major entities like the National Sports League and SteamCo, stealing valuable information for personal gain. The indictment reveals a sophisticated cybercrime operation, involving interception and theft of electronic communications, prompting the United States to seek forfeiture of assets linked to the illicit activities.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: