Cyber Briefing - 2024.08.05

Cyber Briefing - 2024.08.05

?? What's happening in cybersecurity today?

Apache Corporation , Code Execution, Panamorfi, Jupyter, Discord , DDoS, 罗克韦尔自动化 , Cybersecurity and Infrastructure Security Agency , DVRs, NetSecFish, Android, Trojan, BlankBot, Financial Data, Turkey, Intel 471 , Platinum Technology Resource , Illinois, vpnMentor , Google Ads , Mobile Guardian ?? ???? , Israel, WeRedEvils, Iran, First Commonwealth Federal Credit Union , US, Germany, Cryptonator , Money Laundering, TikTok , Children's Data, UK, AI, Funding, RailTel Corporation of India Ltd , Cylus , India, Railways, WeChat Pay , Malaysia, E-Wallet Services.



?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .



?? Cyber Alerts


1. Critical Apache RCE Vulnerability Found

A critical vulnerability has been discovered in the Apache InLong project, specifically within its TubeMQ component, posing a severe threat to users worldwide. This flaw allows remote attackers to execute arbitrary code, potentially compromising the entire InLong infrastructure. Given the widespread use of Apache InLong across various sectors, including finance, healthcare, and e-commerce, the impact could be extensive, leading to data breaches and operational disruptions.


2. New Panamorfi Discord DDoS Campaign Revealed

A new Distributed Denial of Service (DDoS) campaign named Panamorfi has emerged, leveraging misconfigured Jupyter notebooks and Discord to launch attacks. Operated by the threat actor yawixooo, the campaign begins with gaining access to exposed Jupyter notebooks, from which attackers deploy a Minecraft server DDoS tool through Discord. This tool, downloaded as a zip file containing two Jar files, facilitates a TCP flood attack aimed at overwhelming target servers.


3. Major Flaw in Rockwell Automation Devices

A severe vulnerability has been uncovered in Rockwell Automation’s ControlLogix 1756 devices, identified as CVE-2024-6242, which allows unauthorized access and manipulation of device configurations. This flaw, with a CVSS v3.1 score of 8.4, enables attackers to bypass the Trusted Slot feature in ControlLogix controllers, potentially executing common industrial protocol (CIP) commands. Discovered by Claroty, the vulnerability permits attackers to send elevated commands and modify the PLC CPU’s logic, even from untrusted network cards.


4. Vulnerability Exposes 400K DVRs to Hackers

A critical security vulnerability has been discovered in multiple digital video recorders (DVRs), exposing over 400,000 devices to potential cyber-attacks. The flaw, identified in models such as TVT DVR TD-2104TS-CL and Provision-ISR DVR SH-4050A5-5L(MM), results from insufficient access controls on the devices' web servers. This vulnerability, categorized under CWE-200: Information Exposure, allows unauthorized access to sensitive device information, including hardware and software versions, serial numbers, and network configurations.


5. BlankBot Trojan Targets Turkish Individuals

Cybersecurity researchers have identified a new Android banking trojan named BlankBot, which is specifically targeting Turkish users to steal their financial information. Discovered on July 24, 2024, BlankBot employs various malicious techniques, including keylogging, screen recording, and overlay injections, to access sensitive data such as bank account credentials and payment information. The trojan uses Android's accessibility services to gain extensive control over infected devices, circumventing security measures introduced in Android 13.



?? Cyber Incidents


6. 4.6 Million US Voter Records Exposed Online

A significant data breach has exposed 4.6 million voter records and election documents, with sensitive information from Platinum Technology Resource in Illinois made publicly accessible online. Discovered by cybersecurity researcher Jeremiah Fowler, the breach involved 13 non-password-protected databases containing critical details such as voter registrations, Social Security Numbers, and driver’s license information.


7. Google Ads Glitch Exposes Competitor Data

A significant reporting glitch in Google Ads, which began on July 30, 2024, exposed sensitive competitor information and led to the unavailability of critical reporting tools. The issue, affecting a small fraction of advertisers, allowed some users to view unrelated item IDs, product titles, and Merchant Center information from other accounts.


8. Mobile Guardian Suffers Major Breach

On August 4, 2024, Mobile Guardian experienced a significant security breach that compromised iOS and ChromeOS devices enrolled in its platform. The unauthorized access led to the remote wiping of a small percentage of devices across North America, Europe, and Singapore. While the breach caused temporary disruptions and restricted access for users, there is no evidence suggesting that personal data was exposed. In response, Mobile Guardian halted its services to prevent further unauthorized access and is actively investigating the incident.


9. Israeli Hackers Disrupt Internet in Iran

The Israeli hacker group WeRedEvils has claimed responsibility for recent internet disruptions in Iran, as reported by the Jerusalem Post. On August 2, 2024, the group announced their intention to target Iran's internet systems via their Telegram channel, and subsequently reported a successful breach of Iran’s communications infrastructure. The outage affected several regions, including Tehran, Mashhad, and Kermanshah, with users experiencing significant disruptions.


10. First Commonwealth Credit Union Breached

On August 2, 2024, First Commonwealth Federal Credit Union, based in Lehigh Valley, Pennsylvania, announced a data security incident involving unauthorized access to personal information of some current and former members. Discovered on June 27, 2024, the breach revealed that sensitive data, including names, addresses, Social Security numbers, dates of birth, and account numbers, might have been compromised.



?? Cyber News


11. Cryptonator Site Seized and Admin Charged

US and German Authorities have seized the online cryptocurrency wallet Cryptonator as part of a joint operation and charged its founder, Roman Pikulev, following a significant international crackdown. The U.S. Department of Justice, IRS-Criminal Investigation, FBI, and German Federal Criminal Police Office led the operation against Cryptonator, which was accused of failing to implement anti-money laundering (AML) controls and facilitating illicit activities.


12. US Sues TikTok for Violating Kids Data Laws

On August 5, 2024, the U.S. Justice Department, alongside the Federal Trade Commission, filed a lawsuit against TikTok, accusing the company of illegally collecting personal data from children under 13 and violating previous agreements related to online privacy. The lawsuit alleges that TikTok, operated by China-based ByteDance, failed to obtain parental consent before collecting data from young users, did not honor requests to delete such accounts, and continued to allow underage users to create accounts using third-party credentials.


13. UK Withdraws £1.3B Funding for AI Projects

The UK Labour government has announced it is shelving £1.3 billion in funding previously pledged by the Conservative administration for AI projects, including the development of the UK’s first exascale supercomputer at the University of Edinburgh. The decision, which includes withdrawing £800 million earmarked for the supercomputer and £500 million for the AI Research Resource, is justified by the Labour government as addressing “unfunded commitments” not included in the previous budget plans.


14. RailTel Announces Partnership with Cylus

RailTel, a prominent public sector enterprise, has teamed up with Cylus, a leading cybersecurity firm, to enhance cybersecurity across Indian Railways. Announced on August 2, 2024, this strategic partnership aims to fortify the protection of critical railway infrastructure, including signaling, trackside operations, and SCADA networks. RailTel will integrate Cylus’ advanced technology, CylusOne, into its existing systems to safeguard against emerging cyber threats.


15. WeChat Pay MY to End Services in Malaysia

Chinese tech giant Tencent has announced that WeChat Pay Malaysia will cease all payment services starting September 1, 2024. The move comes as part of a business strategy adjustment, and new e-wallet user registrations have already been halted as of August 1, 2024. Existing users will have until December 31, 2024, to withdraw their balances through the e-wallet portal, with special withdrawal arrangements in place from January 1, 2025.



Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .




Saad Janjua

Cyber Security | Digital Forensics | Networking | Ethical Hacking | Python Programming

3 个月

Awesome!

要查看或添加评论,请登录

社区洞察

其他会员也浏览了