Cyber Briefing: 2024.03.20
?? What's trending in cybersecurity today?
Federal Trade Commission , WordPress , Andariel, North Korea, South Korea, AhnLab, Inc. , Machine Learning, DoS, The Pokémon Company International , TechCrunch , Plaiptext, Firebase, Johnson Matthey, Crinetics Pharmaceuticals , US Environmental Protection Agency (EPA) , Cyber Task Force, 源讯 , Airbus , Ukraine, Microsoft, Russia, Spyware, Threat
?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
?? Cyber Alerts
The U.S. Federal Trade Commission (FTC) cautions Americans about scammers impersonating agency staff to swindle money. These fraudulent schemes, conducted through calls, emails, or texts, have led to a surge in median financial losses, reaching $7,000 in 2024 from $3,000 in 2019. To combat this, the FTC provides guidelines to recognize and report such scams, emphasizing vigilance against coercive demands and suspicious requests.
Critical flaws in the Automatic plugin by ValvePress put over 40,000 websites at risk, enabling SQL execution and SSRF attacks. The vulnerabilities allow unauthenticated users to execute SQL queries and download arbitrary files, posing significant security threats. ValvePress has issued updates to address these issues and enhance plugin security, emphasizing the importance of prompt patching
The Andariel threat group, known for targeting Korean companies, has incorporated MeshAgent into their attacks, enhancing their remote control capabilities. Alongside other tools like AndarLoader and ModeLoader, MeshAgent is utilized during the lateral movement phase, allowing the threat actors to distribute malware and execute commands remotely. This marks the first known instance of Andariel using MeshAgent, demonstrating their evolving tactics in cyber operations.
Threat researchers unveil a novel cyber-attack method, dubbed "Conversation Overflow," which deceives machine learning (ML)? systems to infiltrate enterprise networks by masking phishing emails with benign content. This tactic aims to bypass advanced security measures by exploiting the trustworthiness of ordinary email communication, allowing malicious messages to reach victims' inboxes undetected. To combat such threats, security teams are urged to bolster AI and ML algorithms, provide ongoing training, and enforce multi-layered authentication protocols.
Researchers from CISPA Helmholtz Center for Information Security in Germany revealed a new denial-of-service (DoS) attack vector targeting widely used UDP-based application protocols, impacting thousands of internet-facing systems. This self-perpetuating loop attack utilizes IP spoofing to perpetually exchange messages between two servers, overwhelming networks and causing service disruption. The attack, affecting protocols like NTP, DNS, and TFTP, poses a significant threat, with nearly 300,000 internet hosts potentially vulnerable and new CVE identifiers assigned to the vulnerabilities involved.
The Pokemon Company took proactive measures, resetting passwords for certain accounts following detected hacking attempts, aiming to thwart potential unauthorized access. These efforts come in response to credential stuffing attacks, where hackers leverage compromised login credentials to gain illicit entry into accounts. While the company clarified that no security breach occurred, they bolstered security by resetting passwords for affected users, urging password resets as a precautionary step.
?Cybersecurity researchers uncover vast plaintext password exposure due to misconfigured Firebase instances, affecting millions of users' sensitive data. Despite efforts to alert affected companies, many instances remain unsecured, underscoring the critical need for robust security measures in online databases. The incident sheds light on the widespread risk of unauthorized access and highlights the imperative for organizations to prioritize data protection.
Sustainable technology leader Johnson Matthey faces a third-party data breach, compromising 6000 employee records. Despite valuing its workforce, a cybersecurity incident due to human error led to the exposure of sensitive employment-related documents, including Social Security numbers and dates of birth. While the company swiftly retrieved the files and initiated an investigation, the lack of access controls on the external platform raises concerns about potential data access by unauthorized parties.
Trezor's official Twitter account was compromised, leading to posts promoting fake presale token offerings and directing users to send funds to fraudulent wallet addresses. Independent investigators quickly flagged the suspicious activity, with posts being removed shortly after being uploaded. This incident highlights the importance of robust security measures, especially for companies in the crypto space.
Amid claims by the LockBit ransomware gang of data theft, pharmaceutical company Crinetics Pharmaceuticals, listed on Nasdaq, is under investigation for a potential cyberattack. Crinetics swiftly responded to the incident, activating its cybersecurity protocols, engaging third-party experts, and informing law enforcement. Despite the ongoing investigation, the company reassures that its operations and research databases remain unaffected, emphasizing its commitment to thorough security measures and legal compliance.
?? Cyber News
?The U.S.Environmental Protection Agency (EPA) is launching a "Water Sector Cybersecurity Task Force" to address cyber threats facing the water sector. EPA Administrator Michael Regan and National Security Advisor Jake Sullivan underscored the importance of securing water systems against cyber attacks in a letter to all U.S. Governors, citing recent intrusions by threat actors such as Cyber Av3ngers and Volt Typhoon. The move aligns with CISA's warning about the urgent risk posed by Volt Typhoon and highlights the need for critical infrastructure entities to enhance cybersecurity measures.
Ukraine Cyber Police apprehended three individuals suspected of hijacking over 100 million emails and Instagram accounts globally, with suspects facing up to 15 years in prison if convicted. Utilizing brute-force attacks, the organized group monetized stolen credentials on the dark web, leading to various fraudulent schemes conducted by other threat actors. Authorities advised users to enhance security measures like two-factor authentication and robust passwords to safeguard against such attacks.
Shares of Atos plunged on Tuesday as Airbus terminated discussions on acquiring Atos' cybersecurity division. Atos had announced the potential sale in January, but the talks concluded without an agreement, resulting in a significant drop in Atos' stock value by over 21%. This setback follows Atos' recent failed attempt to sell its legacy managed infrastructure services business.
?Microsoft halts cloud services for Russian users following European sanctions, impacting access to essential business tools like Power BI and Azure. Softline assists in migration to local alternatives amidst geopolitical tensions and economic sanctions, signaling a broader withdrawal of Western tech firms from the Russian market.
A coalition of democratic nations, including the United States and 17 others, has united to combat the misuse of commercial spyware, recognizing its significant risks to national security and individual privacy. This international effort aims to establish robust guardrails, prevent malicious use, enhance information sharing, and partner with industry and civil society to uphold human rights and democratic principles. The coalition's commitment involves implementing the Guiding Principles on Government Use of Surveillance Technologies and adhering to the Code of Conduct to counter the proliferation and misuse of commercial spyware. By engaging additional partners worldwide and aligning policies, this initiative seeks to mitigate the misuse of spyware and promote responsible use that respects human rights and civil liberties.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: