Cyber Briefing: 2024.08.28

Cyber Briefing: 2024.08.28

?? What's trending in cybersecurity today?

Apache OFBiz? , BlackByte Ransomware Gang, Encryptor, QR Code, Phishing, 微软 Sway, Credentials Theft, Fortra , FileCatalyst, SQL Injection, AMD , ServiceBridge.ai , Data Leak, Legacy Capital Advisors, LLC , Employee Email, Banham Poultry (2018) Limited , California, Cucamonga Valley Water District , Payments Disruption, Biden Administration, Meta , Censorship, COVID-19, Australia, Cybersecurity Advisory Board, Uplift Plan, Malta? Nationalist Party, Ethical Hackers, Check Point Software , Acquisition, Cyberint, a Check Point Company , Threat Intelligence, Notion , Russia



?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .



?? Cyber Alerts


1. CISA Adds Critical Apache OFBiz Flaw to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in the Apache OFBiz open-source enterprise resource planning (ERP) system, identified as CVE-2024-38856, to its Known Exploited Vulnerabilities (KEV) catalog due to reports of active exploitation. This flaw, with a CVSS score of 9.8, allows remote code execution through an incorrect authorization mechanism that can be exploited by unauthenticated attackers using a crafted Groovy payload.


2. BlackByte Unveils New Encryptor and TTPs

The BlackByte ransomware gang, known for its association with Conti splinter groups, has introduced a new encryptor alongside advanced tactics, techniques, and procedures (TTPs). The updated encryptor features a distinctive file extension, ‘blackbytent_h,’ and employs a Bring Your Own Vulnerable Driver (BYOVD) technique with an increased number of vulnerable drivers compared to previous iterations. In recent attacks, BlackByte affiliates have shifted their approach by exploiting CVE-2024-37085, an authentication bypass vulnerability in VMware ESXi, to simultaneously encrypt multiple virtual machines.


3. QR Code Phishing Exploits Microsoft Sway

A new QR code phishing campaign is exploiting Microsoft Sway to steal Microsoft 365 credentials. Cybersecurity researchers have identified that attackers are using Sway, a legitimate cloud-based application for creating presentations and documents, to host fake pages that serve malicious QR codes. When scanned, these codes redirect users to phishing sites designed to capture login credentials.


4. Eight Apps Leak Sensitive Data Over HTTP

Research has uncovered that eight mobile apps for Android and iOS are exposing sensitive user data due to inadequate security measures. These apps, including Klara Weather, Military Dating App MD Date, Sina Finance, CP Plus Intelli Serve, Latvijas Pasts, HaloVPN, i-Boating, and Texas Storm Chasers, transmit user information such as device details, geolocation, and credentials over unencrypted HTTP connections instead of HTTPS.


5. Critical SQL Injection Flaws in FileCatalyst

Fortra has urgently released patches to address two critical SQL injection vulnerabilities, CVE-2024-6632 and CVE-2024-6633, in its FileCatalyst Workflow software. Disclosed on August 27, 2024, these flaws could severely compromise system confidentiality, integrity, and availability. The vulnerabilities affect versions up to 5.1.6 Build 139, allowing unauthorized database modifications and information disclosure.



?? Cyber Incidents


6. AMD Hit by Second Cyberattack in 2024

Advanced Micro Devices (AMD) has recently fallen victim to a second significant cyberattack in 2024, with the threat group IntelBroker claiming responsibility for the breach. This attack follows a similar incident that occurred earlier in the year, underscoring a troubling pattern of targeted cyber intrusions. AMD has announced that it is actively investigating the incident to understand its full scope and implications. The compromised data, which includes sensitive user credentials, internal resolutions, and other critical information, is now reportedly being sold on dark web marketplaces.


7. 32M Documents Leaked from ServiceBridge

Security researcher Jeremiah Fowler has uncovered a massive data breach involving ServiceBridge, a cloud-based field service management platform. The exposed database, which contained over 32 million documents totaling 2.68TB, included sensitive business records such as contracts, invoices, and HIPAA consent forms dating back to 2012. The leaked data spanned various industries and countries, revealing private information like names, addresses, partial credit card numbers, and site audit reports


8. Legacy Capital Advisors Suffers Data Breach

Georgia's Legacy Capital Advisors LLC has announced a data breach involving employee email accounts. Discovered on September 25, 2023, the breach was caused by unauthorized access to multiple employee email accounts, beginning in late July 2023. Following an extensive investigation, completed on March 20, 2024, Legacy confirmed that sensitive information, including names and Social Security numbers, was exposed.


9. Poultry Factory Breach Exposes Staff Data

A cyber attack on Banham Poultry, a major poultry factory in Norfolk, England, has compromised sensitive staff information. On August 18, 2024, unauthorized access to the factory’s systems resulted in the theft of personal details, including National Insurance numbers, passport copies, and bank information. The company promptly shut down its systems and engaged external forensic experts to assess the breach.


10. IE Water District Hacked Disrupting Payments

The Cucamonga Valley Water District (CVWD) in Inland Empire, California, is investigating a ransomware attack that occurred on August 15, 2024. The incident disrupted the district's phone payment system, preventing customers from making payments via phone. While the attack affected the phone system, CVWD’s water distribution operations and customer database were not impacted.



?? Cyber News


11. Australia to Launch New Cyber Advisory Board

Australia is set to appoint a new cybersecurity industry advisory board in the coming months, aimed at supporting the Commonwealth Cyber Uplift Plan, according to National Cybersecurity Coordinator Lieutenant General Michelle McGuiness. The board will include major industry providers and experts to enhance public-private partnerships and improve government cyber maturity. This initiative, part of the 2023-2030 Australian Cyber Security Strategy, seeks to bolster the protection of government IT systems against cyberattacks.


12. Malta Demands End to Probe of Young Hackers

The Nationalist Party (PN) of Malta has called for an end to the ongoing investigation into four young ethical hackers, who have been caught in a legal limbo since 2023. The students, Giorgio Grigolo, Michael Debono, Luke Bjorn Scerri, and Luke Collins, discovered a vulnerability in the FreeHour app and reported it to the owner, seeking a bug bounty in return. Instead, they faced arrest, strip searches, and equipment seizures. The PN argues that this prolonged investigation is stifling their enthusiasm and talent in cybersecurity, and emphasizes the need for a national cybersecurity policy to support and nurture young digital innovators.?


13. Check Point to Acquire Cyberint for $200M

Check Point has announced plans to acquire Israeli external risk management vendor Cyberint Technologies to bolster its security operations and managed threat intelligence capabilities. The acquisition, expected to close by the end of 2024 for approximately $200 million, aims to enhance Check Point's ability to defend against both internal and external cyber threats. Cyberint's expertise in threat intelligence, digital risk protection, and attack surface management will integrate with Check Point's existing security operations, enabling more effective risk detection and mitigation.


14. Notion Announces Exit from Russia

Notion has announced its decision to exit the Russian market due to U.S. government restrictions on software services. Effective September 9, 2024, Notion will terminate all accounts and workspaces associated with users in Russia. Users have until September 8 to export their data, with options including PDF, HTML, and CSV formats available. Following the deadline, Russian-based accounts and workspaces will be deleted, and access will be permanently revoked. Notion will also cancel subscriptions for affected users on the same date, ensuring no additional charges.



Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .




要查看或添加评论,请登录

社区洞察

其他会员也浏览了