Cyber Briefing - 2024.03.12
?? What's the latest in the cyber world today?
Fake Leather Wallet App, Apple Store, Cryptocurrency, Darktrace, MSIX Malware, Deceptive Notion Installer, Threat, User Data, Ahnlab, Italian Police, Insurance Scams, QR Codes, Ivass, Proof-of-Concept Exploit, Progress OpenEdge Vulnerability, HackerNews, JetBrains TeamCity Flaw, BianLian, Ransomware Attacks, Roku Data Breach, Exposes, 15,000+ Accounts, Maine Attorney General, French Government Agencies, Cyberattacks, Le Monde, Interior Health, British Columbia, US Federal Budget, Department of Defense, OpenAI's Sora, Garante Per La Protezioni Dei Dati Personali, Broadcom Carbon Black, Symantec, Russian, South Korean, US ODNI, CIA, Open-Source Intelligence Strategy.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
?? Cyber Alerts
?A fake Leather wallet app on Apple's App Store is siphoning digital assets, prompting urgent warnings. This surge in crypto drainers underscores the importance of cautious app sourcing, as scammers exploit platforms like Apple's, leaving users vulnerable to significant losses.
A malicious MSIX malware posing as the Notion installer is circulating, masquerading as the legitimate application on a website resembling Notion's homepage. Despite being signed with a valid certificate, the 'Notion-x86.msix' file harbors LummaC2, an infostealer capable of pilfering sensitive data like browser and cryptocurrency information.?
Italian Postal Police warns of QR code scams, used by fraudsters to deceive victims into paying for fake insurance policies. Scammers exploit QR codes as a quick payment method, tricking victims into believing they're paying legitimate insurance agencies when, in reality, they're sending money directly to the fraudsters. To stay safe, verify the legitimacy of offers, be cautious of QR code-only payments, and report any suspicious activity promptly to authorities.
A critical security flaw in Progress Software's OpenEdge Authentication Gateway and AdminServer has been disclosed, with technical details and a proof-of-concept exploit available. Tracked as CVE-2024-1403, the vulnerability poses a severe risk, potentially allowing unauthorized access by bypassing authentication protections in affected OpenEdge versions.?
Threat actors wielding the BianLian ransomware leverage vulnerabilities in JetBrains TeamCity software, facilitating their extortion campaigns. Security researchers detail the attack chain, highlighting the exploitation of CVE-2024-27198 or CVE-2023-42793 to gain initial access and execute malicious commands for lateral movement. The emergence of proof-of-concept exploits for other critical flaws, like CVE-2023-22527 impacting Atlassian Confluence, further underscores the pervasive nature of cyber threats in the current landscape.
Roku discloses a breach affecting 15,000+ users, leading to fraudulent purchases and unauthorized access to accounts. Threat actors sell compromised accounts for as little as $0.50 each, exploiting stored credit cards for illegal transactions. Despite Roku's response to secure affected accounts and refund unauthorized purchases, users are urged to remain vigilant and review their account activity for any suspicious behavior.
Multiple French government agencies face intense cyberattacks, likely DDoS assaults, with familiar methods employed despite their severity. Prime Minister Gabriel Attal's office confirms the attacks' unprecedented intensity, prompting activation of a crisis cell to mitigate impacts and restore state website access. While the attackers remain unidentified, Pro-Russia hacking groups, including NoName, claim responsibility, targeting state sites and subdomains of France's energy company, EDF.
领英推荐
Amid an Royal Canadian Mounted Police investigation, Interior Health discloses a potential privacy breach affecting thousands of employees, spanning from 2003 to 2009. The compromised document contains sensitive information like social insurance numbers and home addresses, prompting urgent action from affected individuals. Interior Health emphasizes proactive measures to safeguard personal data and has enlisted external security experts to assess the situation thoroughly.
Stanford University's Department of Public Safety encountered a data breach, affecting 27,000 individuals, including potential exposure of sensitive personal information like names and social security numbers. The breach, attributed to a ransomware attack by the Akira gang in September 2023, prompted immediate action from the university, including collaboration with law enforcement and cybersecurity experts.
The Town of Huntsville is actively investigating a recent cybersecurity incident, working closely with experts to secure their network and assess the situation. While no evidence of compromised data has been found yet, precautionary measures have impacted some online services and municipal operations. Updates include closures of Town Hall and meeting cancellations, with the municipality emphasizing transparency and community patience during the ongoing investigation.
?? Cyber News
The Biden administration's proposed budget reveals moderate increases in cybersecurity funding, allocating $13 billion for federal civilian cybersecurity and $7.4 billion for military cybersecurity, among other initiatives. Although significant in absolute terms, experts note these allocations represent incremental growth within the broader federal budget. Despite these funding measures, challenges remain, with ongoing uncertainty over appropriations and partisan debates impacting cybersecurity priorities in Congress.
The Italian data protection regulator launches an inquiry into OpenAI's Sora, focusing on data use and processing procedures. Sora, a text-to-video AI model, is under scrutiny as it prepares for integration into OpenAI products, raising concerns about privacy compliance. This inquiry follows previous regulatory actions and underscores growing European scrutiny on AI privacy practices.?
Broadcom announced the merger of Carbon Black and Symantec into a new unit focused on enhancing network and data telemetry with Endpoint Detection and Response (EDR) technologies. This consolidation follows Broadcom's acquisition of VMware for $69 billion, allowing it to create a new Enterprise Security Group to manage its cybersecurity portfolio effectively. The move aims to integrate the strengths of Symantec's data and network protection tools with Carbon Black's EDR and application control products, enhancing visibility and control for customers while investing in R&D to improve existing solutions.
Russia apprehends a South Korean national on cyber espionage charges, transferring him from Vladivostok to Moscow for further investigation. The detainee, Baek Won-soon, stands accused of transmitting classified information to foreign intelligence agencies, sparking international concern amid escalating cyber conflicts. This incident underscores the complex geopolitical landscape, with state-sponsored hacking activities increasingly shaping global relations and security dynamics.
The Office of the Director of National Intelligence (ODNI) and the CIA unveiled a fresh open-source intelligence (OSINT) strategy, emphasizing the growing importance of publicly or commercially available data in intelligence operations. Despite limited details provided in the six-page unclassified report, the strategy outlines a four-part approach to enhance OSINT collection, processing, and utilization until 2026.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: