Cyber Briefing: 2024.06.06

?? What's going on in the cyber world today?

Linux Ransomware, VMware ESXi, Malware, Windows Recall, Federal Bureau of Investigation (FBI) , LockBit, Decryption Keys, Chinese Espionage, Southeast Asia, Phishing, General Dynamics , Spain, Ukraine, United Nations Women Aotearoa New Zealand , Australia, @Elm Grove, Wisconsin, Belgium, Media Outlets, Editions de la Libre Belgique , Robinsons Land Corporation , Toyota Motor Corporation , Philippines, Kali Linux Released, 谷歌 Maps, Argentina, Crypto, RansomHub, Knight, 赛门铁克 .

Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .

?? Cyber Alerts

1. New Linux Ransomware Targets VMware ESXi

Researchers have identified a new Linux variant of the TargetCompany ransomware that targets VMware ESXi environments using a custom shell script to deliver and execute its payloads. Known also as Mallox, FARGO, and Tohnichi, the TargetCompany ransomware operation first emerged in June 2021, focusing on database attacks against organizations primarily in Taiwan, South Korea, Thailand, and India. The new variant ensures it has administrative privileges before continuing its malicious activities.

2. Chinese Spies Target Southeast Asian Gov

A high-profile government organization in Southeast Asia has been targeted by a complex, long-running Chinese state-sponsored cyber espionage operation known as Crimson Palace. The campaign aimed to maintain network access for cyberespionage, collecting sensitive military and technical information. Researchers identified three intrusion clusters linked to known Chinese threat actors, using novel evasion techniques and various malware to execute their attacks.

3. FBI Offers 7,000 LockBit Decryption Keys

The FBI urges past LockBit ransomware victims to come forward after obtaining over 7,000 decryption keys. Law enforcement's Operation Cronos takedown led to the seizure of servers containing these keys, aiding in victims' data recovery. LockBit, despite infrastructure takedowns, remains active, prompting ongoing efforts to combat its cyber threats.

4. Malware Exploits Microsoft's Recall

Cybersecurity experts reveal vulnerabilities in Microsoft's Recall feature, designed to help users find past activities on Windows PCs. Despite Microsoft's claims of requiring physical access and valid credentials, researchers demonstrate how malware can easily retrieve sensitive data collected by Recall. Concerns mount over potential privacy breaches and the need for enhanced security measures before Recall's official release.

5. Phishing Lures Run Malicious Code

Phishing emails employ social engineering to trick users into executing malicious HTML attachments. Clicking a deceptive button initiates a sequence leading to the download and execution of harmful scripts, potentially facilitating malware downloads or sensitive data theft. Users should remain vigilant and exercise caution when handling email attachments to mitigate the risk of infection.

?? Cyber Incidents

6. General Dynamics Spain Hit by Cyberattack

Santa Barbara Systems, a subsidiary of General Dynamics in Spain, which is tasked with refurbishing tanks for delivery to Ukraine, has fallen victim to a cyberattack. The attack, reportedly claimed by a pro-Russia hacker group known as NoName, targeted the company's website. Although the attack was swiftly detected, General Dynamics decided to temporarily disconnect its website as a precautionary measure until a thorough investigation is conducted to ensure the security of its systems.

7. Cyber Threat Averted by UN Women

UN Women Australia, a nonprofit advocating for women's rights, confronts a significant cyber threat. Partnering with Cloudflare, they navigate challenges, highlighting the escalating cybersecurity needs of vulnerable organisations in 2024. With Cloudflare's assistance, UN Women Australia fortifies its online security, safeguarding its operations and mission from future attacks.

8. Elm Grove Faces Cyber Incident

The Village of Elm Grove in Wisconsin faces a recent cybersecurity breach, triggering swift investigation and law enforcement notification. After restoring network safety, ongoing assessments by cybersecurity experts ensue, ensuring comprehensive analysis. Enhanced security protocols are underway to safeguard against future threats, prioritizing data privacy and system integrity.

9. Belgian Media Hit by Cyberattack

La Libre Belgique, DH, and LN24 grapple with a recent cyberattack, disrupting their operations. As a result, Thursday's newspapers from La Libre are anticipated to be published in a simplified format, alongside the digital version, while potential disruptions in paper distribution are acknowledged.

10. Robinsons Land and Toyota Hit by Cyber Attack

Robinsons Land and Toyota Motor Philippines encounter a cyber attack, prompting concern over compromised personal data. The National Privacy Commission (NPC) confirms the breach, emphasizing the seriousness of the situation. NPC's Compliance and Monitoring Division chief underscores the importance of companies promptly reporting breaches to ensure data security and privacy.

?? Cyber News

11. Cybersecurity Talent Shortage in US

Over 200,000 more workers needed to close talent gap, CyberSeek data reveals. The initiative, a collaboration of NIST’s NICE program, CompTIA, and Lightcast, aims to provide detailed insights into the cybersecurity job market. Despite a record 1.2 million cybersecurity workers in the US, the demand remains high, with network and system engineers, analysts, and officers topping the list of sought-after roles.

12. Kali Linux 2024.2 Tools and Fixes

Kali Linux unveils its latest version, packed with eighteen new tools and crucial fixes for the Y2038 bug, addressing potential time-related system malfunctions. This release caters to cybersecurity experts and ethical hackers, offering enhanced penetration testing capabilities and network security research tools. Additionally, users can expect updated visual elements and desktop improvements, ensuring a smoother and more efficient experience.

13. Google Maps Timeline Goes Local

Google has unveiled plans to revise the storage of Maps Timeline data, moving it to users' devices rather than their Google accounts starting December 1, 2024. This shift, initially disclosed in December 2023, aligns with efforts to bolster user privacy, with the auto-delete function now defaulted to three months, down from 18 months.

14. Argentina Crypto Registry Boosts Integrity

Argentina has unveiled plans to introduce a national registry specifically tailored for cryptocurrency exchanges. Spearheaded by Argentina's National Securities Commission (CNV), the initiative sees the launch of the Virtual Asset Service Provider (VASP) registry, with close to a hundred applications already submitted by individuals and legal entities, according to official government statements. Under the new framework, entities seeking to offer crypto trading services in Argentina must undergo a rigorous registration process, with operations permitted only upon confirmation of registration.

15. RansomHub Linked to Knight Ransomware

Security analysts reveal RansomHub's roots in Knight ransomware, tracing its evolution from data theft to a major RaaS operation. Recent attacks on United Health and Christie’s underscore its growing prominence and the collaboration between cybercrime groups. Symantec's findings suggest a separate actor now wields the Knight source code, fueling RansomHub's rapid rise in the cyber underworld.

Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .