Cyber Briefing - 2024.07.25
?? What's going on in the cyber world today?
Cybersecurity and Infrastructure Security Agency , BIND 9, DNS Software, 英伟达 , AI Products, Docker, Inc , Stargazer Goblin, GitHub Malware, Fake Accounts, DDoS Attack, Russian Banks, Croatia, Split Airport, Louisville Jefferson, Sydney Sweeney, X Account, NC State Bureau of Investigation , Vendor Breach, CrowdStrike , Fortune 500, Uninsured Loss, Meta , Nigeria, Scam Accounts, Vanta , Series C, Funding, AI, Mimecast , Code42 (acquired by Mimecast) , Insider Threat Defense.
?Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
The Internet Systems Consortium has patched multiple vulnerabilities in the BIND 9 DNS software that could lead to denial-of-service conditions. Exploitation of these flaws might result in server crashes, CPU depletion, and slow query processing. Updated versions 9.18.28, 9.20.0, and 9.18.28-S1 address these issues, with no current evidence of active exploitation.
Nvidia has released patches for vulnerabilities in its AI and networking products, including a high-severity flaw in Jetson products and issues in the Mellanox OS switch system. Exploiting these vulnerabilities could lead to denial of service, code execution, and escalation of privileges. Nvidia has reported over 60 vulnerabilities this year, highlighting the importance of timely updates.
Docker has released patches for a critical vulnerability in Docker Engine that could let attackers bypass authorization plugins. Discovered in April 2024, this flaw had persisted since Docker Engine v18.09.1 but was not fixed in subsequent versions, potentially leaving systems vulnerable for five years. Users are urged to update to the latest versions to mitigate risks of unauthorized access and privilege escalation.
U.S. national security agencies are cautioning technology startups to scrutinize foreign venture capital investments closely, especially from Chinese sources. The warning highlights that such investments might be attempts to gain access to sensitive technology and intellectual property, with recent concerns escalating since 2018. Startups must balance the need for funding with the potential risks of losing proprietary data or facing legal and financial repercussions if foreign investments are found to threaten national security.
Stargazer Goblin has launched a massive malware Distribution-as-a-Service operation using over 3,000 fake GitHub accounts. This network, known as Stargazers Ghost Network, distributes password-protected malware through compromised WordPress sites and GitHub repositories. Despite GitHub's efforts to remove malicious repositories, the network persists, exploiting the platform's trust to target victims with sophisticated infostealers.
Several major Russian banks faced significant disruptions to their mobile apps and websites due to a DDoS attack. Complaints surged in the morning, with issues affecting banks like Gazprombank, Alfa-Bank, VTB, and Rosbank, leaving users unable to make payments or access accounts. Authorities are investigating politically motivated cyber attacks as the situation evolves and defenses are reinforced.
The St Jeronim Airport in Split, Croatia, faced major disruptions this week due to a cyberattack. The IT system experienced failures around 7:30 pm on Monday, leading to flight cancellations and delays, and forcing passengers to stay overnight. The attack, linked to the Akira group, has been described as ransomware, and efforts are ongoing to resolve the issues and restore normal operations.
领英推荐
Jefferson County Clerk’s Offices in Louisville, Kentucky, are closed for the third consecutive day due to a cyberattack. The attack, discovered early Monday morning, has led to the temporary closure of all eight branches, affecting services like vehicle registration, real estate transactions, and marriage licenses. Officials are collaborating with cybersecurity experts and law enforcement to investigate and repair the system, with no evidence yet suggesting that personal information has been compromised. There is no current estimate for when the offices will reopen.
Sydney Sweeney's cellphone was hijacked by scammers on the same day her X account was compromised to promote a cryptocurrency scam. A Verizon Wireless receipt, dated July 2, was leaked, revealing that changes were made to her cellphone account, suggesting a SIM swapping attack. On that day, Sweeney's X account posted cryptic messages linking to a meme coin scam, amplifying the impact of the breach.
The North Carolina State Bureau of Investigation is currently probing a cyberattack that targeted a vendor-managed system in May. The breach, which involved encrypted data on a server, was detected through an email alert received on May 13, following earlier warnings of network compromise. Despite the attack, SBI confirmed that no personal information was accessed, and measures were swiftly implemented to secure the affected system.
?? Cyber News
A massive CrowdStrike outage is set to cost Fortune 500 companies over $5 billion, with 80-90% of these losses likely uninsured. The incident, affecting 8.5 million Windows machines, has hit sectors like healthcare and banking hardest, with recovery proving challenging. The extensive financial damage and limited insurance coverage highlight the vulnerability of companies relying on traditional systems.
In the first half of 2024, malware-based threats increased by 30% compared to 2023, with a notable spike from March to May, seeing a 92% rise in May alone. SonicWall’s report highlights a staggering 78,923 new malware variants and identifies a significant trend of sophisticated evasion techniques, including the exploitation of PowerShell by over 90% of malware families. Additionally, IoT attacks surged by 107%, driven by vulnerabilities like the TP-Link flaw, and ransomware incidents varied significantly across regions, with North America and Latin America experiencing increases while EMEA saw a decline.
Meta has banned 63,000 accounts tied to Nigerian scammers, known as Yahoo Boys, who were involved in financial sextortion schemes targeting users in the United States. The crackdown reveals that these scammers were mostly targeting adults, though some attempts involved minors, prompting referrals to the National Center for Missing and Exploited Children. The removal of these accounts is part of Meta’s ongoing efforts to combat cybercrime and protect users from financial extortion and other malicious activities.
Vanta has raised $150 million in Series C funding, pushing its total capital to $353 million and valuing the company at $2.45 billion. Led by Sequoia Capital, with significant participation from other major investors, this funding will accelerate Vanta’s expansion and AI innovations. The company, known for its trust management platform, aims to enhance automated compliance and security for its 8,000+ customers.
Mimecast has announced its acquisition of Code42, enhancing its Human Risk Management platform. Code42, known for its expertise in insider threat management and data loss prevention, will integrate into Mimecast's solutions, offering expanded protection against data exfiltration and insider risks. This strategic move aligns with Mimecast's goal of providing a comprehensive approach to human-centered security threats.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: