Cyber Briefing - 2024.08.22
?? What's going on in the cyber world today?
Amazon Web Services (AWS) , ALBeast Attack, MoonPeak Trojan, Espionage, NGate, Android , ATM Withdrawals, GitHub , Admin Privileges, WordPress Plugin , LiteSpeed, 麦当劳 , Instagram Hack, Solana Labs Theft, 哈里伯顿 , North Houston, DENTAL SPECIALISTS OF MINNESOTA, PLLC , British Virgin Islands Electricity Corporation, SYSTEMADMINBD, Zee Media Corporation Limited , US Federal Aviation Administration , Australian Signals Directorate , Cybersecurity and Infrastructure Security Agency , Federal Bureau of Investigation (FBI) , National Security Agency , EQUINITI SHARE PLAN TRUSTEES LIMITED , U.S. Securities and Exchange Commission , Cybersecurity Gaps Australia, New Zealand, Healthcare, Ransomware Attacks, Barracuda Networks
Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
Over 15,000 applications using Amazon Web Services (AWS) Application Load Balancer (ALB) are at risk of ALBeast attacks due to a critical configuration flaw, according to a report by the security firm Miggo. This flaw, rather than a vulnerability in ALB itself, allows attackers to bypass authentication and authorization by exploiting misconfigured ALB settings. AWS has addressed the issue by updating its documentation and offering new code to mitigate the risk.
North Korean state-sponsored hackers have launched a new cyber espionage campaign deploying a remote access trojan (RAT) called MoonPeak. Attributed by Cisco Talos to the group UAT-5394, which shows tactical overlaps with the notorious Kimsuky group, MoonPeak is a variant of the Xeno RAT and is actively under development. The malware has been used in phishing attacks, retrieving payloads from actor-controlled cloud services like Dropbox and Google Drive.
ESET researchers have identified a new Android malware, NGate, that exploits NFC technology to conduct unauthorized ATM withdrawals. NGate, which is not available on the Google Play store, operates by relaying NFC data from a victim's payment card through a compromised Android device to the attacker’s device. This enables attackers to perform illicit ATM transactions or transfer funds from victims’ accounts.
GitHub has addressed a critical security vulnerability in its Enterprise Server product, which allowed attackers to gain site administrator privileges. Identified as CVE-2024-6800 with a CVSS score of 9.5, the flaw impacted GitHub Enterprise Server instances using SAML single sign-on with specific identity providers. Attackers could exploit this flaw to forge SAML responses and escalate privileges.
A critical vulnerability in the WordPress LiteSpeed Cache plugin, tracked as CVE-2024-28000, has been disclosed, allowing unauthenticated users to gain administrator privileges. The flaw, which has a CVSS score of 9.8, affects all versions of the plugin up to 6.3.0.1 and stems from weak security hashing in the user simulation feature. This weakness permits attackers to spoof user IDs and register as administrators, enabling them to upload and install malicious plugins.
Hackers have orchestrated a high-profile scam by taking over McDonald’s Instagram account to promote a fake Solana-based meme coin named “GRIMACE.” Within just 30 minutes of the hijacking, the bogus token's market cap skyrocketed to $25 million before crashing, leading to $700,000 in stolen funds from unsuspecting investors. The scheme involved the marketing director of McDonald’s, Guillaume Huin, unknowingly amplifying the scam by sharing it on X (formerly Twitter).
On August 21, 2024, Halliburton, a leading U.S. oilfield services firm, suffered a significant cyberattack that disrupted its operations, particularly at its north Houston campus. The company acknowledged the issue and is working with external experts to determine the cause and impact while advising staff to avoid connecting to internal networks.
Dental Specialists of Minnesota, also known as The Dental Specialists, has disclosed a significant data breach affecting the protected health information (PHI) of approximately 38,442 patients. The breach, which came to light on January 23, 2024, involved unauthorized access to employee email accounts between January 11 and January 23, 2024. An investigation revealed that the compromised accounts contained sensitive data including names, demographic details, medical information, health insurance data, and dates of birth.
The British Virgin Islands Electricity Corporation (BVIEC) is grappling with a significant cyberattack that has severely disrupted its billing system. The ransomware attack, attributed to Akira ransomware, compromised the system over several weeks, forcing the utility to shut down its operations and revert to manual billing processes. General Manager Neil Smith stated that the incident is being treated as a national security issue and is under investigation by third-party experts and law enforcement.
On August 21, 2024, the Bangladeshi hacker group SYSTEMADMINBD defaced the official website of Zee Media Corporation Limited, a major Indian news network. The attack was a response to what SYSTEMADMINBD perceived as mockery of the severe flooding situation in Bangladesh, following heavy rains and the resignation of Prime Minister Sheikh Hasina amidst ongoing protests. The defaced homepage displayed a screenshot of a Zee TV Bangla article with a headline criticizing the response to the flood, accompanied by threatening messages from the hackers.
?? Cyber News
The Federal Aviation Administration (FAA) has proposed new cybersecurity rules aimed at enhancing the protection of airplanes, engines, and propellers against digital threats. As aircraft increasingly integrate with internal and external data networks, the FAA’s proposal seeks to standardize cybersecurity requirements, which were previously handled through temporary regulations. This move is designed to reduce certification costs and complexity while ensuring robust defenses against intentional unauthorized electronic interactions.
On August 21, 2024, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), alongside the U.S. Cybersecurity and Infrastructure Security Agency (CISA), FBI, NSA, and international partners, released a comprehensive guide on best practices for event logging and threat detection. This new guide aims to help organizations establish a solid baseline for event logging to counteract emerging cyber threats, including Living Off the Land (LOTL) techniques and fileless malware.
Equiniti Trust Company has agreed to settle with the U.S. Securities and Exchange Commission (SEC) over significant cybersecurity failures that led to the loss of over $6.6 million in client funds. The breaches, which occurred in 2022 and 2023, involved an email hijacking scheme and a Social Security number exploit. The SEC's findings revealed substantial lapses in Equiniti's security measures, resulting in violations of the Securities Exchange Act of 1934.
A recent report by SMX has unveiled notable cybersecurity gaps in Australia and New Zealand, revealing substantial differences in the enforcement of DMARC (Domain-based Message Authentication, Reporting, and Conformance) protocols between public and private sectors. The study indicates that while Australian federal agencies excel in DMARC implementation with 79% enforcing the protocol, New Zealand's government agencies lag, with only 33% in enforcement mode. In the private sector, Australia's ASX-listed companies show moderate adoption, with 47% enforcing DMARC, compared to New Zealand’s 64% among its largest firms.
A recent report by Barracuda Networks reveals that healthcare organizations have been increasingly targeted by ransomware attacks, accounting for 21% of such incidents over the past year, up from 18% the previous year. The study, which analyzed 200 ransomware cases between August 2023 and July 2024, highlights the severe impact of these attacks on patient care, with many resulting in canceled operations and disrupted services.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: