Cyber Briefing: 2024.03.27

Cyber Briefing: 2024.03.27

?? What's trending in cybersecurity today?

Keylogger, Phishing Attack, Bank Payment Notice, NuGet Package, Industrial Espionage, Developers, Ray Framework, Cyberattacks, Chinese APTs, ASEAN, Espionage, Germany, 微软 Exchange Servers, Vulnerable, Munchables, NFT Game, Exploit, Developer, Gilmer County, Ransomware Attack, Curio, Smart Contract, Breach, Loss, Big Issue, Data Breach, Concerns, Lower Austria, Training Institute, Cyber Extortion, Biden Administration, AI Accountability.

?Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.


?? Cyber Alerts

1. Phishing Unveils Keylogger Threat

Trustwave SpiderLabs uncovered a fresh phishing scheme deploying a new loader malware, unveiling the notorious Agent Tesla, a dual threat information stealer and keylogger. Disguised as a bank notification, the phishing email entices victims into opening a disguised archive file, initiating the covert deployment of Agent Tesla on their systems. This sophisticated attack, employing obfuscation and polymorphic behavior, marks a significant evolution in the tactics of cyber adversaries, enhancing their ability to evade detection and exfiltrate sensitive data stealthily.


2. Suspicious NuGet Package Alert

Threat hunters uncover SqzrFramework480 in NuGet, suspected to target developers of Chinese industrial equipment tools. Uploaded by "zhaoyushun1999," it features DLL for screen capture and remote pinging, raising security concerns. This highlights the risk of malicious code concealed within ostensibly benign software, urging users to exercise caution.


3.? Hackers Exploit Ray Framework Flaw

A new hacking campaign named "ShadowRay" targets an unpatched flaw in Ray, an open-source AI framework, aiming to hijack computing resources and leak sensitive data from diverse industries. These attacks, ongoing since September 5, 2023, have exploited vulnerabilities in Ray, utilized by major organizations like Amazon and Netflix, to infiltrate thousands of companies across sectors including education, cryptocurrency, and biopharma. With hundreds of Ray servers compromised, hackers gain access to AI models, production database credentials, and cloud tokens, showcasing the severity of the breach and the urgent need for heightened security measures.


4.? ASEAN Cyber Espionage Alert

Two China-linked APT groups, including Mustang Panda, target ASEAN nations with PlugX backdoor variants. The attacks coincide with the ASEAN-Australia Special Summit, leveraging phishing emails to deliver malware packages containing PUBLOAD and rogue DLLs. Unit 42 detects breaches, highlighting ongoing cyber espionage aimed at geopolitical intelligence within the region.


5. German Exchange Servers Vulnerable??

The German cybersecurity authority sounds the alarm on 17,000 vulnerable Exchange servers, urging immediate action. With a significant portion still on outdated versions and lacking critical patches, institutions like schools, clinics, and local governments are at risk. Admins are urged to update to current versions, install security patches promptly, and secure online instances to mitigate threats.



?? Cyber Incidents


6.? NFT Game Munchables Hit by $62M Exploit

Munchables, an Ethereum layer-2 NFT game, faces a devastating $62-million exploit, as reported by Blockchain analyst ZachXBT. The exploit, allegedly orchestrated by a North Korean developer hired by the Munchables team, involved manipulating the Lock contract to extract a massive Ether balance before the launch. Calls for intervention from the Blast team to roll back the chain and mitigate the damage have emerged from concerned users, highlighting the urgency of addressing vulnerabilities in blockchain-based gaming platforms.


7. Gilmer County Hit by Ransomware

Gilmer County, Georgia, faces service interruptions due to a ransomware attack, confirmed by an official notice. Despite efforts to respond and secure affected systems, delays are anticipated as investigations continue. With assistance from federal law enforcement and cybersecurity experts, the county assures residents that essential services, including 911, remain operational amidst the incident.


8.? Curio Smart Contract Breach

Curio, a real-world asset (RWA) liquidity firm, faced a smart contract exploit resulting in a $16 million loss. Despite the breach, Curio reassured users that only the Ethereum side was affected, with Polkadot and Curio Chain contracts remaining secure. Cyvers estimated the exploit losses at $16 million, with Curio publishing a post-mortem and compensation plan for affected users.


9.? Big Issue Ransomware Cyberattack

The Big Issue, a renowned UK street newspaper aiding the homeless, faces a ransomware attack, compromising 550 gigabytes of confidential data, including commercial and personnel files. Despite the cyber incident, CEO Paul Cheal assures proactive measures are taken, restoring limited system operations and ensuring the magazine's publication and distribution remain unaffected. This attack reflects a concerning trend as ransomware incidents against British organizations continue to rise annually, highlighting the urgent need for enhanced cybersecurity measures.


10. Lower Austria Training Institute Cyberattack

The Vocational Training Institute of Lower Austria grapples with a cyber attack involving data encryption and extortion attempts. Thanks to prompt detection by IT specialists, potential damage is mitigated, although internal documents crucial for daily operations have been compromised. The institute remains vigilant in navigating the aftermath and bolstering its cybersecurity defenses to prevent future incidents.



?? Cyber News

11.Biden's AI Accountability Push

The Biden administration advocates for mandatory audits of high-risk AI systems and clearer liability guidelines. Highlighting the need for accountability, the NTIA report emphasizes the importance of independent AI system evaluation and consequences for mismanagement of risks. These recommendations align with President Biden's executive order on AI, aiming to empower stakeholders in holding developers and deployers accountable for AI-related risks.


?12. EU Enacts Tech Rules for Election Integrity

Amid preparations for the upcoming European Parliament elections in June, the European Commission unveils stringent guidelines for major tech platforms under the Digital Services Act, targeting those with over 45 million active users in the bloc. Fines of up to 6% of global turnover await platforms found in breach of these rules, designed to curb interference risks, particularly from external actors like Russia.


13. Google's KASan Enhances Firmware

Google unveils Kernel Address Sanitizer (KASan) to bolster firmware security, signaling a focus on lower-level firmware security. Traditionally, firmware has received less scrutiny than other areas of device security. However, Google's proactive approach aims to mitigate vulnerabilities before they impact user devices by catching memory corruption issues and stability problems.


14. Portugal Halts Worldcoin Data

Portugal's data regulator, CNPD, has ordered Worldcoin to cease biometric data collection for 90 days, citing concerns over citizens' data protection rights. Worldcoin, a project by Tools for Humanity, offers cryptocurrency in exchange for biometric data, aiming to create a global digital identity system. However, complaints about unauthorized data collection from minors and deficiencies in information provision prompted the regulator's intervention.?


15. KuCoin Faces Criminal Charges

U.S. prosecutors have charged KuCoin and its founders with violating anti-money-laundering laws, alleging the exchange operated illegally and failed to implement adequate compliance measures. The indictment accuses KuCoin of violating the Bank Secrecy Act and operating an unlicensed money transmitting business, with two founders facing related conspiracy charges. Despite KuCoin's statement affirming adherence to regulations, the exchange's regulatory troubles escalate amid allegations of facilitating billions in suspicious and criminal proceeds since 2017.



Subscribe and Comment.

Copyright ? 2024 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.





要查看或添加评论,请登录

社区洞察

其他会员也浏览了