Cyber Briefing: 2024.03.26

?? What's the latest in the cyber world today?

Top Python Developers, Supply Chain Hack, Microsoft 365 , Gmail Accounts, MFA-Phishing Kit, CISA, SQL Injection Risks, AMD Zen CPUs, ZenHammer Attack, Comsec , OpenVPN Inc. , Critical Flaw, Privilege Escalation, Panera Bread , Nationwide Outage, Giant Tiger , Customer Data Compromised, City of St. Cloud, Ransomware Attack, Netherlands, Public Administration Sites, DDoS Attacks, Ariza Credit Union , Grenada, Cyberattack, Report, Congress, Armed Cyber Military, Michael Sulmeyer , Assistant Secretary of Defense for Cyber, Florida Governor, Social Media Ban, US, UK, Sanction, China-Linked Hackers, Critical Infrastructure, China, US Tech Ban, Government Computers, Trade War.

?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .

?? Cyber Alerts

1.? Python Developers Hit by Supply Chain Attack

Unidentified adversaries launched a sophisticated attack impacting individual developers and GitHub. Exploiting various tactics like typosquatting and cookie theft, they injected trojanized code into popular packages like Colorama, posing grave security risks. This alarming breach underscores the critical need for heightened vigilance in package installations and repository management.

2. New MFA Phishing Targets Microsoft, Gmail

Cybercriminals exploit Tycoon 2FA, a sophisticated PhaaS platform, to target Microsoft 365 and Gmail accounts, evading two-factor authentication. Sekoia analysts discovered the platform in 2023, noting its continuous enhancement and widespread use, leveraging 1,100 domains and facilitating thousands of attacks. Tycoon 2FA employs a multi-step process, including session cookie theft and mimicking 2FA challenges, to bypass security measures and deceive victims seamlessly.

3.? CISA Pushes SQL Injection Fixes ?

CISA and the FBI issued a joint alert urging technology manufacturing executives to conduct formal software reviews and implement measures to eradicate SQL injection vulnerabilities before product shipment. SQL injection attacks pose severe risks, enabling threat actors to access confidential data and potentially take over targeted systems, necessitating the adoption of parameterized queries with prepared statements for enhanced security.

4. ZenHammer Exposes AMD Flaws

Academic researchers unveil ZenHammer, the inaugural Rowhammer variant targeting recent AMD Zen CPUs, challenging prior assumptions about their vulnerability to such attacks. Developed by ETH Zurich, ZenHammer demonstrates that AMD Zen chips and DDR5 RAM modules are susceptible to Rowhammer exploits, potentially compromising system security. Despite AMD's acknowledgment and ongoing mitigation efforts, users are urged to apply patches and consider hardware with enhanced Rowhammer protections to safeguard against this emerging threat.

5.? OpenVPN 2.6.10 Security Update

OpenVPN rolls out version 2.6.10, prioritizing bug fixes and enhancements for the Windows Platform. The update also addresses four vulnerabilities, including a privilege escalation flaw (CVE-2024-27459) discovered by Microsoft researcher Vladimir Tokarev. Users are urged to upgrade promptly to mitigate potential exploitation risks posed by these vulnerabilities.

?? Cyber Incidents

6. Panera Bread Service Disruption

Panera Bread faces a nationwide outage since Saturday, impacting its IT systems, online ordering, and reward program functionalities. Customers report being unable to make electronic payments, redeem loyalty points, or access employee scheduling details through in-store kiosks. While the company apologizes for the inconvenience and assures customers of ongoing efforts to resolve the issue, speculation arises regarding the outage's cause, potentially indicating a cyberattack due to the broad range of services affected over the weekend.

7. Giant Tiger Faces Customer Data Breach

Discount retailer Giant Tiger acknowledges a customer data compromise linked to a third-party vendor, affecting contact information like names, emails, and phone numbers. The company, committed to transparency, promptly alerted impacted customers and emphasized caution regarding email and phone communications. While cybersecurity experts conduct an independent investigation, Giant Tiger reassures customers that payment information and passwords were not compromised, and in-store systems remain unaffected.

8.? City of St. Cloud Hit by Cyberattack

St. Cloud, Florida, becomes the latest victim in a series of ransomware attacks plaguing cities in the state, with several city services affected by the cyberattack. Despite the disruption, city departments are working to maintain essential services while the issue is being resolved. The incident follows similar attacks on other Florida cities, highlighting a concerning trend of increasing ransomware threats against state and local governments.

9.? Netherlands Provinces Hit by Cyberattacks

Several provinces' websites, including Noord-Holland, Groningen, and Noord-Brabant, will be offline due to a suspected cyberattack on Monday. The attack, likely a DDoS attack, overwhelms servers with traffic, making websites inaccessible. Such attacks, often attributed to Russian hackers, target Dutch entities in response to the country's support for Ukraine.

10. Cyberattack Hits Ariza Credit Union

Ariza Credit Union in Grenada has notified its members of a cyberattack, leading to service disruptions across its branches, ATMs, online services, and Point of Sale systems. Despite the inconvenience, the credit union assures members that their deposits remain secure and emphasizes efforts to restore normal operations swiftly. With computerized systems offline as a precautionary measure, Ariza Credit Union prioritizes security and apologizes for any inconvenience caused to its members.

?? Cyber News

11. Call for Independent Cyber Armed Service

?A leading national security think tank advocates for the establishment of a Cyber Force branch within the U.S. military to address growing cyber threats. Backed by a 40-page white paper, the proposal urges Congress to allocate resources for a dedicated force equipped with specialized training and a substantial budget. Highlighting systemic inefficiencies and the need for centralized expertise, the report emphasizes the importance of bolstering the nation's cyber defense capabilities in the face of evolving threats.

12. US Nominates First Cyber Assistant Secretary

Michael Sulmeyer, the principal cyber advisor to the US Army, is nominated for the new assistant secretary of defense for cyber policy role at the Pentagon. With extensive experience in cybersecurity across military, government, and academic sectors, Sulmeyer is poised to lead policy efforts in the evolving cyber landscape. The nomination awaits confirmation by the Senate as part of the Department of Defense's strategic response to increasing cybersecurity challenges.

13. Florida Bans Kids from Social Media

Florida Governor Ron DeSantis has signed HB 3, a contentious bill prohibiting children aged 13 and under from using social media, requiring parental consent for 14- and 15-year-olds. The measure, aimed at safeguarding youth from social media's adverse effects on mental health, mandates platforms to delete underage users' data and employ safety features. While supporters applaud the move as protecting minors, critics argue it infringes on free speech rights and could pose data privacy concerns.

14. US and UK Sanction China-Linked Hackers

?The United States and the United Kingdom have jointly imposed sanctions on China-linked hackers accused of targeting critical infrastructure, including indictments against seven individuals and sanctions on a Chinese company and two nationals. Affiliated with APT 31, a state-sponsored cyber espionage group, these hackers pose a direct threat to national security, prompting a coordinated response from both nations. The sanctions aim to deter future cyber-attacks and demonstrate a unified stance against state-sponsored cyber threats.

15. China Restricts US Tech in Government

In a recent development reported by The Financial Times, China has unveiled guidelines prohibiting the use of AMD and Intel processors, as well as Microsoft Windows and foreign database products, in government systems. Government agencies are mandated to adopt "safe and reliable" domestic alternatives, with a list of 18 approved processors including Huawei and Phytium chips, both banned in the US. The move, seen as China's most aggressive yet in the ongoing tech trade dispute, could significantly impact Intel and AMD, with China accounting for a substantial portion of their annual revenue.

Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .