Cyber Briefing - 2024.07.18
?? What's going on in the cyber world today?
思科 , Smart Software Manager, MirrorFace, Japanese Organizations, Internet-Facing Assets, SAP AI Core, Android , BadPack Malware, Sneaky Trick, 谷歌 Cloud, TE.0, HTTP Request Smuggling, WazirX , $230M Assets, Fractal ID , Personal Data, Financial Data, Recruit Co., SUUMO, Colorado, PUEBLO COUNTY SCHOOL DISTRICT 70 , TV, Doctors, Deepfake, Health Scams, UK Government, Cybersecurity Legislation, 23andMe , Settlement, US, Data Breach, Victims, Energy Sector, Oil Sector, Atturra , Exent , Acquisition, Australia.
?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
Cisco has released patches for a critical vulnerability affecting its Smart Software Manager On-Prem (Cisco SSM On-Prem), identified as CVE-2024-20419 with a CVSS score of 10.0. This flaw allows remote, unauthenticated attackers to change user passwords, including those of administrative accounts, through crafted HTTP requests. The vulnerability, due to improper implementation of the password-change process, impacts Cisco SSM On-Prem versions 8-202206 and earlier, and is fixed in version 8-202212, with version 9 unaffected.
MirrorFace, a threat actor group, has intensified its targeting of Japanese organizations by exploiting vulnerabilities in internet-facing assets. Initially focusing on media, political, and academic sectors since 2022, MirrorFace expanded its scope in 2023 to include manufacturers and research institutions. Their modus operandi evolved from spear phishing to leveraging vulnerabilities in products like Array AG and FortiGate. Using NOOPDOOR malware, they infiltrate networks, employing techniques such as XML and DLL injection to exfiltrate data post-access.
Security researchers have identified critical vulnerabilities in SAP's AI Core platform, collectively termed SAPwned by Wiz. These flaws could potentially allow malicious actors to breach customer data and compromise internal artifacts, spreading to affect other services and environments. The vulnerabilities, disclosed in January 2024 and subsequently patched by SAP in May 2024, enabled unauthorized access to private artifacts and credentials across cloud platforms like AWS, Azure, and SAP HANA Cloud.
The emergence of BadPack poses a significant threat to Android devices, utilizing a sophisticated technique to evade detection by altering APK file headers. This method, identified by Palo Alto Networks Unit 42, complicates the analysis of Android banking Trojans like TeaBot and others, which exploit these modifications to infiltrate devices undetected. By manipulating ZIP file headers, BadPack obstructs the extraction and analysis of critical components like the AndroidManifest.xml, essential for security analysts to assess app permissions and functionality.
A new variant of HTTP Request Smuggling, TE.0, has been discovered affecting Google Cloud's Load Balancer and compromising services like Identity-Aware Proxy (IAP). This vulnerability allows attackers to manipulate HTTP request sequences, potentially leading to unauthorized access, session hijacking, or injection of malicious content. Researchers highlighted the widespread impact on thousands of Google Cloud-hosted websites, emphasizing the ongoing challenges in securing cloud infrastructures against evolving security threats like HTTP Request Smuggling.
Indian cryptocurrency exchange WazirX confirmed a significant security breach after approximately $230 million in assets were suspiciously transferred out of the platform. The breach, reportedly affecting a multisig wallet, prompted WazirX to temporarily halt all withdrawals as a precautionary measure. According to blockchain explorer Lookchain, the stolen assets include 5.43 billion SHIB tokens, over 15,200 Ethereum tokens, 20.5 million Matic tokens, 640 billion Pepe tokens, 5.79 million USDT, and 135 million Gala tokens.
Fractal ID recently disclosed a significant data breach, revealing unauthorized access to personal and financial data of a portion of its user base, including names, email addresses, wallet details, phone numbers, physical addresses, and uploaded document images. The breach occurred on July 14 and was swiftly contained by Fractal ID within a few hours. Despite assurances that no client systems were compromised, concerns have arisen regarding potential misuse of the accessed data.
Recruit Co., the parent company of SUUMO, has confirmed a data breach affecting its real estate services subsidiary, SUUMO. The incident, discovered on July 9, involved unauthorized access to a server used for testing real estate services, compromising personal data of 1,313 current and former employees dating back to 2007. While no user or customer information was compromised, Recruit Co. has taken immediate steps to address the breach, including shutting down the affected system, contacting affected individuals, and implementing enhanced security measures to prevent future incidents.
Pueblo County School District 70 in Colorado is addressing a significant data breach and ransomware attack that potentially compromised personal information of former students and current/former staff. The breach, affecting records spanning from 1991 to 2006, was confirmed following notifications from cybersecurity firm Sophos and subsequent investigations by local authorities and federal agencies including the CIA and FBI. Superintendent Ronda Rein emphasized ongoing efforts to secure data, implement enhanced cybersecurity measures such as two-step authentication, and transition critical information to cloud-based servers.
TV doctors Michael Mosley and Hilary Jones have been victims of deepfake technology, as revealed in an investigation by the British Medical Journal. These manipulated videos, appearing on social media platforms like Facebook, feature the doctors endorsing fraudulent health products purported to treat conditions such as high blood pressure and diabetes, and even selling hemp gummies. Deepfakes, created using artificial intelligence, superimpose the doctors faces onto bodies in misleading videos.
?? Cyber News
The UK government has unveiled plans to bolster national cyber resilience with the introduction of a new Cyber Security and Resilience Bill. Emphasizing the protection of critical digital services and supply chains, the legislation expands upon existing regulations to include mandatory ransomware reporting and enhanced regulatory powers. This initiative follows heightened cyber threats highlighted by recent attacks on healthcare and defense sectors, signaling a proactive approach to safeguarding against evolving cyber risks.
Genetic testing giant 23andMe has reached a pivotal settlement in a class-action lawsuit stemming from a significant 2023 data breach affecting nearly 7 million users. Announced during a San Francisco court hearing, the agreement, yet to disclose specific terms, marks a crucial step in resolving legal challenges over compromised sensitive genetic profiles. The settlement, subject to judicial review on July 30, follows intense negotiations and court-appointed leadership amid initial disagreements among plaintiffs' counsels.
In Q2 2024, despite a decrease in the number of incidents, the Identity Theft Resource Center (ITRC) reported a staggering 1170% annual increase in US data breach victims. The rise, totaling over 1 billion victims in the first half of the year, was driven by several large-scale breaches affecting companies like Prudential Financial and Infosys McCamish System, which revised victim counts upwards from tens of thousands to millions. The findings underscore ongoing vulnerabilities in data security across various sectors, urging heightened vigilance in safeguarding personal and organizational information amidst evolving cyber threats.
A recent study has highlighted the severe impact of ransomware attacks on the energy and oil sectors throughout 2024. According to the report by cybersecurity firm Sophos, these industries have faced heightened ransomware activity, resulting in prolonged recovery times and increased willingness to meet ransom demands. The findings reveal that over half of the affected organizations took more than a month to recover from attacks, underscoring the growing complexity and severity of cyber threats faced by critical infrastructure.
Atturra Limited has announced its acquisition of Exent Holdings Pty Ltd, a Brisbane-based advisory and consulting firm specializing in business transformation. This strategic move marks Atturra's expansion of its advisory capabilities beyond traditional sectors, aiming to strengthen its presence nationwide. The transaction, valued at $8 million, includes an initial $6 million in cash with an additional $2 million contingent on performance targets. Exent, renowned for its expertise in vendor-neutral business transformations across sectors such as aged care and health, aligns well with Atturra's growth strategy in Australia's technology services sector.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on:
IT team leader at NEXSOFT
4 个月Hello everyone, I am reaching out to this community of cybersecurity professionals in hopes of finding a solution to a critical issue I am currently facing. My Windows server has been infected by the Lockfile6 virus, and a large portion of my files have been damaged. Despite several recovery attempts and the use of antivirus tools, I have not yet succeeded in restoring my data. Here are some additional details: Operating System: Windows Server Type of Infection: Lockfile6 Virus Symptoms: Encrypted and renamed files, restricted access I would greatly appreciate any help, advice, or recommendations for specific tools that could help me recover these files. If anyone has encountered this type of issue before and successfully resolved it, your expertise would be incredibly valuable to me. Thank you in advance for your support! Best regards,