Cyber Briefing - 2024.08.19
?? What's happening in cybersecurity today?
Xeon Sender, Cloud APIs, SMS Phishing, India, PM Kisan Samman Nidhi Yojana , RollingCache, Cache Side-Channel, Linux Kernel, CPU Bypass, Memory Write, QWERTY Infostealer, Windows, New York, JEWISH HOME LIFECARE , Ukraine, monobank.com , DDoS,? Salford Housing Register, Summit National Bank , Russia, Nuclear Developer, OpenAI , Iran, US Election Propaganda, ChatGPT , TikTok , Grand National Assembly of Turkey (Turkish Parliament/TBMM) , 谷歌 Chrome, Info Redaction, Android, Pakistan, VPNs, Firewall, U-Haul , Settlement, California.
?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
Threat actors are leveraging a tool called Xeon Sender to conduct large-scale SMS phishing (smishing) campaigns by exploiting legitimate cloud APIs from services like Amazon SNS, Nexmo, and Twilio. The Python-based tool, distributed via Telegram and hacking forums, enables attackers to send bulk SMS messages using valid credentials without targeting any vulnerabilities in the providers themselves. Xeon Sender offers features such as phone number validation, API key management, and account credential verification, making it accessible to even lower-skilled threat actors.
Cybercriminals are targeting beneficiaries of India’s Prime Minister Kisan Yojana initiative by distributing fake app links on social media, tricking farmers into downloading malicious Android applications disguised as official tools. These fake apps, such as "PM KISAN YOJANA.apk," prompt users to enter sensitive information like mobile numbers, bank details, and MPINs while also stealing SMS messages. This can lead to significant financial losses by compromising personal and banking information.
Researchers from the University of Rochester have developed RollingCache, a cutting-edge defense mechanism against cache side-channel attacks. This novel technique enhances the security of shared computing systems by dynamically altering cache access patterns, which disrupts attackers' ability to exploit cache contention vulnerabilities. Unlike traditional methods that rely on encryption or cache partitioning, RollingCache employs runtime behavior to create non-deterministic mappings of memory addresses to cache sets, making it significantly harder for attackers to predict access patterns.
Researchers have discovered a critical vulnerability in the Linux kernel's dmam_free_coherent() function, identified as CVE-2024-43856. This flaw stems from a race condition caused by improper operation sequencing when managing DMA (Direct Memory Access) allocations. The issue allows attackers to exploit the race condition to bypass CPU controls and write arbitrary data into system memory. The vulnerability could lead to system instability, data corruption, and crashes.
A new malware strain known as "QWERTY Info Stealer" has emerged, targeting Windows systems with sophisticated anti-debugging techniques and robust data exfiltration capabilities. Discovered on a Linux-based server with the domain mailservicess[.]com, this malware employs multiple strategies to evade detection, such as checking for debuggers using both common and obscure Windows API functions. Once installed, QWERTY Info Stealer collects system data and browser information, creating directories on the infected machine to store this data.
A data breach at Jewish Home Lifecare, now known as The New Jewish Home in New York, has compromised the personal information of over 100,000 individuals following a BlackCat ransomware attack. Disclosed earlier this year, the breach, detected on January 7, exposed sensitive data including names, Social Security numbers, financial and medical information. The ransomware group Alphv, also known as BlackCat, claimed responsibility for the attack and purportedly accessed various sensitive documents.
Monobank, a Ukrainian digital bank, is enduring a massive Distributed Denial of Service (DDoS) attack that has lasted for three days, with over 5.5 billion requests hitting its systems. The attack, which began on August 16, prompted immediate involvement from Amazon Web Services (AWS) and Ukrainian national security services due to its unprecedented scale. Despite the ongoing assault, Monobank co-founder Oleh Horokhovskyi has assured that the situation remains under control, though the scale of the attack is notable.
领英推荐
Salford City Council, England has suspended its housing register service following a cyber breach on August 2, which has potentially exposed personal data of approximately 5,000 users. The breach, affecting the Salford Home Search website managed by a third-party firm, has led to warnings about potential phishing attempts targeting users. Residents are advised to monitor their bank accounts, change passwords, and consider credit monitoring.
Summit National Bank has announced a data breach that may have exposed personal information of both current and former customers. On May 15, 2024, the bank discovered suspicious activity in an email account, which had been accessed by an unauthorized actor between May 13 and May 16, 2024. The investigation, conducted with the help of third-party forensic experts, revealed that the compromised account potentially contained sensitive information, including customer names, Social Security numbers, contact details, and financial account information.
Ukrainian Defense Intelligence cyber specialists, in collaboration with the hacker group VO Team, have successfully disrupted the operations of Vega Company, a Russian nuclear warhead developer based in Snezhinsk, Chelyabinsk. The attack, reported on August 18, 2024, led to the failure of 1,173 switches and 10 servers, resulting in significant data loss and severed internet and communication services for key strategic enterprises in the region, including the All-Russian Scientific Research Institute of Technical Physics (VNIITF).
?? Cyber News
OpenAI has recently taken action to block a covert Iranian influence operation that was using ChatGPT to generate propaganda for the upcoming U.S. presidential election. The operation, identified as Storm-2035, involved creating and distributing politically charged content through various social media platforms and websites. Despite the attempt to influence U.S. politics, OpenAI noted that the content generated had minimal engagement and was largely ineffective.
The Turkish Parliament has intensified its focus on social media platforms, especially TikTok, amid recent regulatory actions. Lawmakers convened to address the implications of recent bans on Instagram and Roblox, with a particular emphasis on TikTok’s cybersecurity risks. The debate highlighted Instagram's temporary closure over compliance issues, the ban on Roblox due to inappropriate content, and ongoing scrutiny of Telegram for illegal activities.
Google Chrome is set to enhance user privacy by introducing a new feature for Android users. The upcoming update will automatically redact sensitive information, such as credit card details and passwords, when sharing or recording your screen. Currently, Chrome's incognito mode prevents capturing such details, but regular tabs do not offer this protection. The new experimental feature, labeled "Redact Sensitive Content During Screen Sharing, Screen Recording, and Similar Actions," aims to obscure sensitive form fields during these activities.
Pakistan is currently grappling with significant internet slowdowns, sparking a heated debate over the cause. While government officials attribute the issue to increased use of virtual private networks (VPNs), which they claim strain the network, activists argue that the slowdown is part of a broader strategy to implement a China-style internet firewall. This firewall, they suggest, is intended to suppress dissent and control online discourse, particularly in the wake of unrest linked to former Prime Minister Imran Khan's supporters.
U-Haul has agreed to pay $5,085,000 to settle a class action lawsuit following two significant data breaches that occurred in California in September 2022 and December 2023. The settlement, which addresses claims that U-Haul failed to protect customer information, will provide affected customers with up to $100 each. The breaches reportedly exposed personal details, including names and driver's license numbers. Although U-Haul denies any wrongdoing, the settlement aims to resolve the dispute and avoid further litigation.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: