Cyber Briefing - 2024.07.19

?? What are the latest cybersecurity alerts, incidents, and news?

SolarWinds , Play Ransomware, Linux , VMware , ESXi, DUSTPAN, BEACON, Revolver Rabbit, Domain Generation Algorithm, HotPage, 微软 Driver, Hijack Browsers, CrowdStrike , Windows Blue Screen, Global Disruption, Teledifus?o de Macao, Hotel Waldst?tterhof Luzern , Email Scams, Loire-Atlantique Department, France, The Vernon Company , Operation Spincaster, Approval Scams, Crypto Wallets, R.R. Donnelley's Inc. , Settlement, Bangladesh, Internet Shutdown, Protests, CTERA , Funding, PSG Equity , Hybrid Cloud Data, Okta , Startup Contest, Identity, Privacy, Security.

Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .

?? Cyber Alerts

1. SolarWinds Patches 11 Critical ARM Flaws

SolarWinds has addressed 11 critical security vulnerabilities in its Access Rights Manager (ARM) software, potentially preventing unauthorized access to sensitive data and execution of arbitrary code. Of these flaws, seven are rated Critical with a CVSS score of 9.6, and the other four are rated High with a CVSS score of 7.6. Notable vulnerabilities include CVE-2024-23472, a directory traversal flaw allowing file deletion and information disclosure, and CVE-2024-28074, an internal deserialization remote code execution vulnerability.

2. Play Ransomware Targets ESXi Servers

Trend Micro threat hunters have discovered a new Linux variant of the Play ransomware that specifically targets VMware ESXi environments. This marks the first time the Play ransomware group, known for its double-extortion tactics, has focused on ESXi servers, potentially expanding its victim pool. The ransomware verifies if it is running in an ESXi environment before executing its encryption routines, effectively evading many security measures. The new variant has been particularly active in the United States.

3. APT41 Targets Global Sectors with DUSTPAN

In a recent report, Mandiant, in collaboration with Google’s Threat Analysis Group (TAG), has uncovered a persistent cyber espionage campaign by APT41 targeting global sectors including shipping, media, technology, and automotive. The campaign, which began in 2023, employed a sophisticated toolkit comprising ANTSWORD and BLUEBEAM web shells, the DUSTPAN dropper, and the BEACON backdoor for command-and-control. APT41's advanced tactics involved data exfiltration using SQLULDR2 and PINEGROVE, while deploying DUSTTRAP for minimal forensic footprints.

4. Revolver Rabbit Registers 500K RDGA Domains

Cybersecurity researchers at Infoblox have uncovered the alarming use of Registered Domain Generation Algorithms (RDGAs) by the unidentified attacker known as "Revolver Rabbit." This actor has registered an astonishing 500,000 domains using RDGA techniques, demonstrating a sophisticated method to evade detection and support various malicious activities. RDGAs allow for the programmatic creation and registration of numerous domains, significantly complicating traditional detection efforts.

5. HotPage Malware Uses Signed Microsoft Driver

Researchers have identified a new malware strain known as HotPage.exe, which disguises itself as a browser enhancement tool but instead hijacks web traffic and injects code into remote processes. Discovered at the end of 2023, HotPage.exe is particularly concerning due to its use of a Microsoft-signed driver from the obscure Chinese company Hubei Dunwang Network Technology Co., Ltd. This driver, which was removed from the Windows Server Catalog in May 2024, allowed the malware to manipulate browser content, redirect users to ad-filled sites, and collect data under the guise of improving internet security.

?? Cyber Incidents

6. Global IT Outage Disrupts Flights and Banks

A recent update to CrowdStrike's Falcon sensor has caused widespread issues for Windows users, resulting in persistent blue screen of death (BSOD) errors with the message "DRIVER_OVERRAN_STACK_BUFFER." This problem, which began on July 19, 2024, impacts both Windows 10 and 11 systems, rendering many devices, including critical servers, inoperable. CrowdStrike has acknowledged the issue and is working on a resolution, advising affected users to avoid opening individual support tickets at this time.

7. Macao's TDM Website Suffers Cyberattack

On July 18, 2024, Macao's public broadcaster, Teledifus?o de Macao (TDM), fell victim to a cyberattack that disrupted its website and mobile applications. The attack, which involved an abnormal surge in traffic, was first detected by the Macau Post and Telecommunications Bureau (CTT). TDM was able to restore normal operations by 8:18 PM after implementing recommended cybersecurity protocols from CTT and the Macau Cybersecurity Incidents Alert and Response Centre (CARIC). This incident follows a similar attack on five Macao government websites the previous week, highlighting an alarming rise in cyber incidents in the region.

8. Switzerland Hotel Suffers Phishing Attack

Guests at the Waldst?tterhof Hotel in Brunnen SZ were recently targeted by a sophisticated phishing attack. Cybercriminals sent emails that appeared to come from the hotel's official address, using a personal greeting and professional photo to gain trust. The deceptive emails claimed to be a "verification of the payment method" and asked for credit card details, although the hotel only charges upon arrival. The hotel swiftly responded by alerting affected guests, clarifying that the emails were not from them, and reassuring that reservations remained valid.

9. Loire-Atlantique Department, France Attacked

On July 16, 2024, the Loire-Atlantique Department in France fell victim to a cyberattack, but officials have assured the public that no public services were affected. The attack, which targeted the departmental council network, did not disrupt essential services like the payment of Active Solidarity Income (RSA). In response, the department has issued a call for vigilance among its 5,000 employees, advising them to reset their passwords and enhance their cybersecurity practices.

10. Vernon Company in Iowa Reports Data Breach

The Vernon Company has notified individuals of a data exposure incident involving third-party vendor QAD Inc. On June 10, 2024, QAD informed Vernon Company that unauthorized access to their servers had compromised certain data. Following an investigation, it was confirmed that personal information, including names and credit card details, may have been affected. Vernon Company assures that their own systems were not compromised and is offering affected individuals twelve months of free credit monitoring through TransUnion.

?? Cyber News

11. Operation Spincaster To Battle Phishing

Chainalysis has launched Operation Spincaster, a global initiative aimed at disrupting approval phishing scams that have cost victims over $2.7 billion since May 2021. This operation, which involves collaboration between public and private sectors across six countries, leverages advanced blockchain analytics to identify and track compromised wallets. With over 100 participants from 12 public sector agencies and 17 crypto exchanges, Operation Spincaster has already led to significant interventions, including seizing funds and preventing theft.

12. R.R. Donnelley Settles $2.1M SEC Charges

R.R. Donnelley & Sons Company (RRD) has reached a $2.1 million settlement with the U.S. Securities and Exchange Commission (SEC) over allegations of inadequate cybersecurity controls related to a major data breach in late 2021. The SEC's enforcement action, announced on July 18, 2024, highlights failures in RRD's handling of cybersecurity incidents, including insufficient reporting and internal controls. The breach, discovered in December 2021, compromised sensitive data from 29 clients, leading to significant scrutiny of RRD's incident response practices.

13. Bangladesh Cuts Mobile Internet Amid Protest

In response to escalating student protests and violent clashes in Bangladesh, authorities have imposed a nationwide shutdown of mobile internet services, severely disrupting communications across the country. The unrest, which has resulted in at least six deaths and numerous injuries, stems from student demonstrations against a controversial quota system for government jobs. The junior telecommunications minister, Zunaid Ahmed Palak, justified the internet disruption as necessary to maintain public security and counteract the spread of misinformation.

14. Ctera Secures $80M Funding from PSG Equity

Ctera, a leading hybrid cloud data management provider, has secured $80 million in primary and secondary funding from PSG Equity. This investment, announced on July 18, 2024, will support Ctera’s expansion and enhance its AI-driven services. Founded in 2008, the New York-based company offers a global file system over public and private clouds, helping organizations manage and secure their unstructured data. The new funds will be used for business growth, AI integration, and buying out existing shareholders, reinforcing Ctera's commitment to advancing hybrid cloud storage solutions.

15. Okta Launches Contest for US Startups

Okta has launched its first SaaS Startup Competition aimed at early-stage US companies. The competition evaluates business potential, innovation, and identity-enabled workflows with finalists pitching at Oktane24 in Las Vegas. The winner may receive up to $500,000 and support from Okta’s identity management experts and venture capitalists.

Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .