Cyber Briefing - 2024.08.21

Cyber Briefing - 2024.08.21

?? What's trending in cybersecurity today?

CERT-UA , Vermin, Phishing, SHANGHAI FUDAN MICROELECTRONICS GROUP CO., LTD , RFID Cards, Backdoor, Apache DolphinScheduler , UULoader Malware, Weaponized PDFs, Czechia, Mobile Users, Progressive Web Apps, CannonDesign , Avos Locker, Ransomware, Arizona, Microchip Technology Inc. , City of Bella Vista , DAI, Maker Wallet, California, AI Catastrophe Bill, Vida Fitness Inc , Nigeria, IPv6 Transition, DDoS, Costs, Fabric Cryptography , Verifiable Processing Unit.



?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .



?? Cyber Alerts


1. New Vermin Linked Phishing Campaign Unveiled

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning regarding a new phishing campaign linked to the Vermin threat group, tracked as UAC-0020. This campaign uses photos of alleged prisoners of war (PoWs) from the Kursk region as bait, luring victims into downloading a ZIP file. The archive contains a Microsoft Compiled HTML Help (CHM) file that executes an obfuscated PowerShell script.


2. Backdoor in Fudan RFID Cards Allows Cloning

Researchers from Quarkslab have discovered a critical hardware backdoor in millions of RFID cards produced by Shanghai Fudan Microelectronics, enabling the instant cloning of these contactless cards. The flaw affects the FM11RF08S variant, which was marketed as resistant to known attacks. The backdoor allows any entity with knowledge of it to bypass user-defined security keys and read all data on the cards within minutes.


3. Code Exec Bug Discovered in DolphinScheduler ?

A critical vulnerability identified as CVE-2024-43202 has been discovered in Apache DolphinScheduler, a popular open-source workflow orchestration platform. This security flaw, affecting all versions from 3.0.0 up to but not including 3.2.2, allows attackers to execute remote code, posing significant risks such as unauthorized system control, data breaches, and potential disruptions.


4. UULoader Malware Uses PDFs to Evasion

A new strain of malware known as UULoader is targeting users through weaponized PDF documents, primarily affecting Korean and Chinese speakers. This malware, which disguises itself as legitimate software through malicious .msi installers, employs advanced evasion techniques including DLL side-loading and file header stripping. By removing file headers and packaging components in a .cab archive, UULoader eludes static detection tools and masquerades as benign data.


5. Czech Mobile Users Hit by New Banking Scam

Mobile users in the Czech Republic are being targeted by a sophisticated phishing scheme that exploits Progressive Web Applications (PWAs) to steal banking credentials. Cybersecurity firm ESET reports that attackers are mimicking legitimate banking apps, such as ?eskoslovenská obchodní banka (CSOB), OTP Bank, and TBC Bank, to trick users into installing fraudulent PWAs. These deceptive apps are distributed via automated calls, SMS, and social media ads, and appear as authentic updates for banking apps.



?? Cyber Incidents


6. CannonDesign Confirms Avos Locker Breach

CannonDesign, a prominent U.S. architectural and consulting firm, has confirmed a significant data breach linked to the Avos Locker ransomware attack that occurred between January 19-25, 2023. The breach, which involved unauthorized network access and data exfiltration, has compromised personal information of over 13,000 clients, including names, addresses, Social Security numbers, and driver’s license details.


7. Microchip Technology Hit by Cyberattack

Microchip Technology Incorporated, based in Chandler, Arizona, has revealed that a cyberattack significantly impacted its operations over the weekend, affecting multiple manufacturing facilities. The company, which serves a wide range of industries, including industrial and automotive sectors, detected suspicious activity on August 17, 2024. By August 19, the attack had disrupted the use of certain servers and business operations, leading to reduced operational capacity.


8. Cyberattack Disrupts City of Bella Vista

The City of Bella Vista, Arkansas, has been forced to close its offices through Wednesday, August 21, due to a potential cyberattack. The closure comes after the city’s IT department detected suspicious activity on Sunday, leading to a precautionary shutdown of network systems, including internet and phone services. As the investigation into the incident continues, city operations are being conducted remotely via email and virtual channels.


9. Phishing Attack Leads to Theft of $55M

On August 20, 2024, a major crypto phishing attack resulted in the theft of $55 million from a high-profile wallet in the decentralized finance (DeFi) protocol Maker. The attack was executed when the wallet owner unknowingly signed a malicious transaction, transferring ownership of 55.47 million DAI to a phishing address. Despite attempts to rectify the mistake by moving the funds to a new address, the transaction had already been completed. Blockchain analytics firm Lookonchain reported that the attackers have since converted the stolen stablecoins into 10,625 Ether and withdrawn them.?


10. FlightAware Admits to Leaking Sensitive Data

FlightAware, a popular flight tracking website, has disclosed a significant data breach that exposed sensitive customer information, including Social Security numbers and payment details, dating back to January 2021. The company, which filed a breach notice with California's State Attorney General on August 13, 2024, revealed that a configuration error led to the inadvertent leakage of personal data for over three years.



?? Cyber News


11. California AI Bill Clears Committee

The California State Assembly Appropriations Committee has approved an amended version of the Safe and Secure Innovation for Frontier Artificial Intelligence Models Act, initially proposed by State Senator Scott Wiener. This bill, aimed at preventing AI-related disasters, faced criticism from industry leaders and federal lawmakers who argued it might stifle innovation. The revised bill now removes the provision allowing the state attorney general to sue AI companies for negligence before a catastrophe occurs and softens the requirements for safety testing


12. VIDA Fitness Suspends Locker Room Cameras

VIDA Fitness in Washington, D.C., has announced a pause on its plans to install surveillance cameras in men's locker rooms amid growing privacy concerns from members. The gym's owner, David von Storch, stated that the decision to halt the installation is aimed at addressing members' objections while emphasizing that the cameras were intended to combat theft, which has been a significant issue.


13. Nigeria Leads Africa in IPv6 Adoption

Nigeria is leading Africa's digital transformation by transitioning from IPv4 to IPv6, a move set to enhance cybersecurity and internet services across the continent. Announced by Dr. Bosun Tijani, Nigeria's Minister of Communications, Innovations, and Digital Economy, this initiative positions Nigeria as the first African nation to fully adopt IPv6. The upgrade, unveiled at the IPv6 Driven Digital Infrastructure Summit in Abuja, promises to improve network efficiency, security, and economic opportunities by providing a virtually limitless number of IP addresses.


14. DDoS Attacks Cost $6,000 Per Minute in 2024

In the first half of 2024, the cost of Distributed Denial of Service (DDoS) attacks has surged to $6,000 per minute, with an average attack now lasting 45 minutes—an 18% increase from the previous year, according to Zayo's latest report. The frequency and duration of these attacks have risen significantly, with DDoS attacks up 106% from the latter half of 2023. Short-burst attacks, lasting less than 10 minutes, continue to dominate, representing 86% of all attacks in early 2024.


15. Fabric Cryptography Secures $33M for VPU

Fabric Cryptography has secured $33 million in Series A funding to advance its development of the Verifiable Processing Unit (VPU), a groundbreaking chip designed for cryptographic applications. Co-led by 1kx and Blockchain Capital, with support from Matter Labs, Offchain Labs, and Polygon, this investment will help the Santa Clara-based startup enhance its hardware and software offerings. The VPU aims to revolutionize cryptographic computations, offering performance improvements akin to those seen in AI hardware advancements.



Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .




Thanks for the mention! The full article "Meet UULoader: An Emerging and Evasive Malicious Installer. " is here >> https://cyberint.com/blog/research/meet-uuloader-an-emerging-and-evasive-malicious-installer/

要查看或添加评论,请登录

社区洞察