Cyber Briefing - 2024.08.02

Cyber Briefing - 2024.08.02

?? What are the latest cybersecurity alerts, incidents, and news?

比特梵德 , GravityZone, SSRF, Facebook , Lumma Stealer, Photo Editor, 微软 , Edge, Arbitrary Code Execution, BITSLOTH Backdoor, BITS, Cloudflare , Tunnels, RansomHub, McDowall Affleck , ????? , Student Data, Sable International , Convergence , DeFi, PETERSON HOLDING CO , Cybersecurity and Infrastructure Security Agency Chief Artificial Intelligence Officer, Lisa Einstein , National Cyber Security Centre , ACD 2.0, UK, Reserve Bank of India (RBI) , Payments, Tech Support, Fraud, Gaming, DDoS



?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .



?? Cyber Alerts


1. Bitdefender Flaw Allows SSRF Attacks

A critical vulnerability in Bitdefender’s GravityZone Update Server, identified as CVE-2024-6980, has been discovered, potentially exposing organizations to server-side request forgery (SSRF) attacks. This flaw, with a CVSS score of 9.2, originates from a verbose error-handling issue in the proxy service, impacting GravityZone Console versions before 6.38.1-5 running on-premises. Exploiting this vulnerability, attackers could access sensitive resources, bypass security controls, manipulate server operations, and gather confidential information.


2. Attackers Spread Malware via Facebook Pages

Attackers are hijacking Facebook pages to distribute the Lumma stealer, a malicious software that steals user credentials. This campaign, discovered by Trend Micro researchers, involves phishing tactics to gain control of legitimate Facebook pages. Once hijacked, the pages promote a fake AI photo editor, luring users into downloading an endpoint management utility that ultimately delivers the Lumma stealer. This malware targets sensitive information such as system details, browser data, and extensions.


3. Microsoft Edge Flaw Allows Code Execution

Microsoft has released a critical security update for its Edge browser, addressing three significant vulnerabilities, including one that allows attackers to execute arbitrary code. The update, issued on August 1, 2024, fixes flaws in versions prior to 127.0.2651.86, including CVE-2024-7256, a validation issue in the Dawn graphics component, and CVE-2024-6990, an uninitialized use vulnerability. Users are strongly advised to update their browsers immediately to mitigate these risks.


4. New BITSLOTH Backdoor Uses BITS for Stealth

Cybersecurity researchers have identified a new Windows backdoor, BITSLOTH, which exploits the Background Intelligent Transfer Service (BITS) for stealthy command-and-control operations. Discovered by Elastic Security Labs on June 25, 2024, during an attack on a South American Foreign Ministry, BITSLOTH is notable for its use of BITS to blend in with regular network traffic, making detection difficult.


5. Cloudflare Tunnels Used for RAT Delivery

Threat actors have been exploiting Cloudflare’s TryCloudflare feature to create one-time tunnels for distributing various remote access trojans (RATs), including AsyncRAT, GuLoader, Remcos, VenomRAT, and Xworm. According to Proofpoint, these attacks have been ongoing since February 2024, using phishing messages that contain URLs or attachments leading to the creation of tunnels, which then facilitate a multi-stage infection chain. The attackers, who use multiple languages and varied lures, have impacted thousands of organizations globally



?? Cyber Incidents


6. McDowall Affleck Hit by Ransomware Attack

McDowall Affleck, an Australian engineering firm, has confirmed a cyber incident following claims by the ransomware group RansomHub. On August 1, 2024, RansomHub alleged that it had accessed 470 GB of McDowall Affleck’s data, including critical documents, insurance records, and personal information. The firm has taken immediate steps to secure its systems and engaged forensic experts to investigate the breach. McDowall Affleck has reported the incident to the Australian Cyber Security Centre (ACSC) and is cooperating with law enforcement.


7. JNBU Suffers Major Data Breach

Jeonbuk National University (JBNU) has issued an apology following a significant data breach affecting over 320,000 individuals. On August 1, 2024, the university revealed that its online system, "Oasis," was compromised during multiple hacking attempts on Sunday, with the breach discovered during the second attempt, which lasted six hours. The exposed data includes sensitive personal information such as names, national identification numbers, mobile numbers, email addresses, residential addresses, and academic details of 322,425 students, alumni, and Continuing Education Center participants.


8. Sable International Hit by Major Cyberattack

Sable International, a global financial and immigration services firm, has experienced a significant cyber attack, prompting the company to shut down its server, website, and transactional portal as it manages the incident. The firm, which serves expatriates and high-net-worth individuals, has reported the breach to South African and UK authorities in compliance with data privacy regulations.


9. Convergence DeFi Hack Results in $212K Loss

On August 1, 2024, the decentralized finance (DeFi) protocol Convergence suffered a significant breach, resulting in a $212,000 loss. The hack was triggered by the accidental removal of a critical line of code from the CvxRewardDistributor smart contract. This error, made during a gas optimization update, allowed the attacker to exploit the contract, minting and selling 58 million CVG tokens.


10. Peterson Holding Suffers Data Breach

Peterson Holding based in Maine has reported a data breach that occurred between June 27 and 28, 2023, during which unauthorized access to its computer systems was detected. The breach potentially exposed personal information, including names and Social Security numbers. The company swiftly responded by isolating affected servers, changing passwords, and launching a comprehensive investigation, which concluded on May 8, 2024.



?? Cyber News


11. CISA Names Lisa Einstein Chief AI Officer

The Cybersecurity and Infrastructure Security Agency (CISA) has appointed Lisa Einstein as its first Chief Artificial Intelligence Officer. Einstein, who previously served as the Senior Advisor for AI and Executive Director of the CISA Cybersecurity Advisory Committee, will lead the agency’s efforts to integrate AI into cybersecurity strategies. Her new role emphasizes CISA’s commitment to responsible AI use and governance to enhance the security of critical infrastructure.


12. NCSC Launches ACD 2.0 to Tackle New Threats

On August 2, 2024, the UK's National Cyber Security Centre (NCSC) announced the launch of Advanced Cyber Defence (ACD) 2.0, an updated initiative designed to address the evolving cyber threat landscape. ACD 2.0 will introduce a new suite of cybersecurity tools and services to address gaps in the commercial market, while also reviewing and potentially transferring management of existing tools to the private sector. The update responds to advancements in cyber threats and aims to enhance protection for the majority of people in the UK.


13. RBI Mandates MFA for All Card Payments

On August 2, 2024, the Reserve Bank of India (RBI) introduced a new framework requiring additional factor authentication (AFA) for all digital payment transactions, with specific exemptions. This move aims to enhance digital payment security by incorporating alternative methods beyond traditional SMS-based one-time passwords (OTPs). Under the new rules, all transactions, except card-present ones, must use a dynamic, non-reusable authentication factor created after payment initiation.


14. Tech Support Fraud Leader Gets Seven Years

On August 2, 2024, Vinoth Ponmaran, a key figure in a large-scale tech support fraud scheme, was sentenced to seven years in prison by the United States Attorney for the Southern District of New York. Ponmaran’s operation, which spanned from March 2015 to July 2018, targeted elderly victims across the U.S. and Canada, defrauding them of over $6 million. The scheme involved misleading pop-ups that falsely claimed malware infections, directing victims to pay for non-existent computer repairs.


15. Gaming Industry Sees Rise in DDoS Attacks

The gaming industry has experienced a dramatic 94% increase in layer 7 distributed denial-of-service (DDoS) attacks over the past year, according to Akamai. The report, covering January 2023 to June 2024, highlights the sector's growing vulnerability amidst its vast player base and high revenue. With over 25 billion attacks recorded in peak months and significant rises in bot activity, the industry faces new cybersecurity challenges.



Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .




Kenan Causevic

freelancer

54 分钟前

aicryptoregs.com AI fixes this Latest cybersecurity alerts and incidents

回复

aicryptoregs.com AI fixes this Latest cybersecurity alerts and incidents.

回复
Saad Janjua

Cyber Security | Digital Forensics | Networking | Ethical Hacking | Python Programming

3 个月

awesome!

要查看或添加评论,请登录

社区洞察

其他会员也浏览了