Cyber Briefing: 2024.06.26
?? What's trending in cybersecurity today?
谷歌 , Ads, E-Commerce, Polyfill Service, Sansec - experts in eCommerce security , Federal Bureau of Investigation (FBI) , Crypto Scam, 苹果 , AirPods, Bluetooth Security Vulnerability, Cleafy , Medusa Trojan, Sentinels Labs, South Africa Health Lab, MyBroadband , Geisinger , North Central PA, West Clermont Local Schools , Ohio, WCPO 9 News , Fleury-les-Aubrais Town Hall, France Blue, DG Immobilien Management, Frankfurt, Handelsblatt , Data Privacy Partnership, California Privacy Protection Agency , French Police, Den of Predators, Paris Public Prosecutor's Office, TSA - US Transportation Security Administration , New York Mobile IDs, Forbes , Snap Inc. , Safety Tools, Sextortion, JFrog , Qwak (Acquired by JFrog) , ML Deployment Security.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
?? Cyber Alerts
Google has taken measures to block ads for e-commerce sites using the Polyfill.io service. This action follows the acquisition of the Polyfill.io domain by a Chinese company, Funnull, which modified the JavaScript library to redirect users to malicious and scam sites. This supply chain attack has affected over 110,000 websites that embed the Polyfill library, according to a report by Sansec.
The FBI warns of cybercriminals masquerading as law firms to offer cryptocurrency recovery services, exploiting victims of investment scams. These fraudsters deceive by claiming affiliations with government agencies and real financial institutions, manipulating victims into sharing personal information or paying upfront fees under false pretenses. Recently, victims of these secondary scams paid over $9 million between February 2023 and February 2024, highlighting the increasing sophistication and financial impact of these deceptive schemes.
Apple has addressed a critical authentication flaw in AirPods firmware (CVE-2024-27867), affecting various models including AirPods Pro and AirPods Max. This vulnerability could allow nearby attackers to spoof device connections and potentially eavesdrop on users' conversations. Security researcher Jonas Dre?ler identified and reported the issue, leading to patches in recent firmware updates for AirPods and Beats products.
Cybersecurity researchers have identified an updated version of the Medusa Android banking trojan targeting users across multiple countries, including Canada, France, Italy, Spain, Turkey, the U.K., and the U.S. This new variant, active since July 2023 and observed in May 2024, introduces lightweight permissions and advanced capabilities like full-screen overlays and remote app uninstallation. Medusa, also known as TangleBot, continues to evolve with sophisticated features aimed at stealing banking credentials and conducting unauthorized transactions, highlighting ongoing threats in mobile banking security.
Threat actors linked to China and North Korea have targeted global government and critical infrastructure sectors with ransomware attacks from 2021 to 2023. These attacks, associated with groups like ChamelGang, aim to disrupt, distract, and remove evidence while achieving financial gain. Such tactics blur the lines between cybercrime and cyber espionage, providing strategic advantages to adversarial nations.
South Africa’s National Health Laboratory Service (NHLS) is grappling with a ransomware attack that began over the weekend, disrupting lab result dissemination crucial during the current mpox outbreak. CEO Koleka Mlisana acknowledged the severity, stating that internal and external systems remain inaccessible, affecting healthcare facilities nationwide. Despite the setback, all laboratories continue to process clinical samples, albeit with manual reporting methods in place due to disabled automated systems.
Geisinger, based in Danville, PA, faces a data breach affecting over one million patients, traced to a terminated Nuance employee with unauthorized access to personal information. The breach, discovered in late 2023 but publicly disclosed recently, includes patient names, dates of birth, addresses, and medical record details. Law enforcement is involved, and the former employee faces federal charges, while affected patients are urged to review their information and contact Geisinger for support.
West Clermont Local School District in Ohio disclosed a $1.7 million loss from a recent cyberattack, diverting payments to unauthorized accounts in late 2023. No personal data or student records were compromised. The district is collaborating with authorities and insurers, fortifying IT security measures to prevent future breaches.
The French town hall of Fleury-les-Aubrais is grappling with a severe cyberattack that has paralyzed its operations since Monday. The attack has locked down all computers and servers, disrupting crucial services such as civil status and urban planning. With elections approaching, preparations are hindered as the town works to restore functionality with assistance from cybersecurity experts.
In Frankfurt, Germany, hackers targeted cooperative company DG Immobilien, potentially compromising data from tens of thousands of cooperative bank customers. The breach may have exposed sensitive information including addresses, birthdates, investment details, and documents, prompting warnings of potential fraud. DZ Bank is leading the investigation with forensic experts, law enforcement, and data protection authorities to assess the extent of the breach and safeguard affected investors.
?? Cyber News
The California Privacy Protection Agency (CPPA) has partnered with France’s CNIL to enhance global data privacy efforts. This collaboration aims to advance research, share best practices, and bolster enforcement priorities in line with international data protection standards. It underscores the growing importance of cross-border cooperation in safeguarding privacy rights amid global data circulation challenges.
French authorities have shut down the Coco chat website, known for facilitating serious crimes including child sexual abuse and homicides. The site, seized by national police, sparked a multinational investigation involving several European countries. Referred to as "a den of predators," Coco's closure follows years of advocacy by human rights groups and child protection organizations against its unfiltered and unmoderated platform, which had reportedly attracted hundreds of thousands of users in France alone by 2023.
The TSA now recognizes digital IDs from New York, enabling convenient airport security checks for nearly 70 million Americans. Travelers can download the New York Mobile ID app for free and verify their identity using TSA's CAT-2 readers at participating airports. This advancement reflects a shift towards more secure and streamlined travel experiences, eliminating the need to present physical documents and enhancing passenger control over personal data.
Snapchat introduces new safety features to protect teens from sextortion, including warning pop-ups for suspicious messages and restricted friend requests from unfamiliar regions. These measures aim to combat online scams targeting young users by enhancing security and promoting genuine connections on the platform. Jacqueline Beauchere from Snap emphasizes these updates as crucial steps in safeguarding teens and fostering safer online interactions.
JFrog plans to purchase Qwak to enhance its DevSecOps platform with advanced machine learning capabilities. The acquisition aims to streamline the deployment of ML models from development to production, addressing integration challenges in modern software ecosystems, according to JFrog CTO Yoav Landman. Qwak's expertise in model versioning and security scanning will bolster JFrog's capabilities, ensuring robust management and compliance across the software and model lifecycle.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: