Cyber Briefing: 2024.09.10

Cyber Briefing: 2024.09.10

?? What's the latest in the cyber world today?

WhatsApp , View Once Flaw, Earth Preta, Malware, Removable Drives, Konni Group, Espionage, Russia, South Korea, Quad7 Botnet, SOHO Routers, Zyxel , Command Injection, NAS, SLIM CD, INC. , London, Charles Darwin School , France, Boulanger , Leak, Centers for Medicare & Medicaid Services , WISCONSIN PHYSICIANS SERVICE INSURANCE CORPORATION , Progress , MOVEit, New Hampshire, HPM Insurance , Russia, VPN, Blocking, Cybersecurity and Infrastructure Security Agency , U.S. Election, Security, UK, Information Commissioner's Office , National Crime Agency (NCA) Partnership, Federal Bureau of Investigation (FBI) , Crypto, Fraud, Losses, Kenya, Investment, East Africa



?Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.



?? Cyber Alerts


1. WhatsApp View Once Flaw Exposes User Media

A critical flaw in WhatsApp’s "View Once" feature, which allows users to send disappearing photos and videos, has been exploited by attackers to save and distribute media without the sender’s consent. Researchers from Zengo X discovered that the vulnerability lies in WhatsApp’s implementation, where the media is treated like regular messages but with a "View Once" flag. Attackers can modify this flag to prevent the media from disappearing, making it downloadable and shareable.


2. Earth Preta Spreads Malware via USB Drives

The Earth Preta threat group has recently enhanced its attack strategy by distributing malware through removable drives, utilizing a variant of the HIUPAN worm. This upgraded method allows Earth Preta to bypass traditional security measures and target a broader range of victims in the Asia-Pacific (APAC) region. By leveraging removable drives, Earth Preta can propagate its malware more rapidly and stealthily, posing a significant threat to government and foreign affairs sectors across countries like Myanmar, the Philippines, Vietnam, Singapore, Cambodia, and Taiwan.


3. Konni Group Target Russia and South Korea

Konni, a threat actor associated with the North Korean state-sponsored group Kimsuky, has recently intensified its cyber espionage efforts targeting both South Korea and Russia. According to researchers at the South Korean cybersecurity firm Genians, Konni employs similar tactics across both regions, including phishing emails with lures related to taxes, scholarships, and finance. These emails deploy a custom remote access trojan, allowing attackers to gain full control over compromised systems.


4. Quad7 Botnet Expands Targets to SOHO Devices

The Quad7 botnet is significantly expanding its attack vector by targeting a broader range of SOHO devices, including Zyxel VPN appliances, Ruckus wireless routers, and Axentra media servers, alongside previously reported TP-Link routers. The botnet has introduced custom malware for these new targets and is moving away from traditional SOCKS proxies to more sophisticated evasion techniques. Recent findings from Sekoia reveal that Quad7 is now utilizing new staging servers, botnet clusters, backdoors, and reverse shells, while employing the KCP communication protocol and tools like 'FsyNet' for stealthier operations.


5. Zyxel Issues Hotfix for EOL NAS Devices

Zyxel has released urgent hotfixes for a critical command injection vulnerability (CVE-2024-6342) affecting its end-of-life NAS326 and NAS542 network-attached storage devices. Discovered by researchers Nanyu Zhong and Jinwei Dong from VARAS@IIE, the flaw allows unauthenticated attackers to execute operating system commands through a specially crafted HTTP POST request to the export-cgi program. Despite these devices being past their end-of-vulnerability-support phase, Zyxel has made patches available to mitigate potential risks.



?? Cyber Incidents


6. Slim CD Suffers Breach Exposing Users

Payment gateway provider Slim CD has disclosed a significant data breach impacting approximately 1.7 million individuals. The breach, which began on August 17, 2023, and was discovered on June 15, 2024, involved unauthorized access to personal and credit card information. The compromised data includes names, addresses, credit card numbers, and expiration dates. While Slim CD has informed affected individuals and notified law enforcement and regulatory authorities, the company is not offering identity theft protection.


7. London School Closes Due to Ransomware

Charles Darwin School in south London has been forced to close temporarily following a severe ransomware attack that has disrupted its IT systems and left around 1,300 students without access to educational facilities. The attack, a cyber extortion attempt, rendered essential systems such as email and internet services unusable. The school's headteacher, Aston Smith, has informed parents about the situation, detailing the removal of staff devices and the disabling of student accounts to prevent further breaches.


8. Boulanger Data Leak Affects 100K Customers

French electronics retailer Boulanger has reported a significant data breach affecting approximately 100,000 customers. The cyberattack, which occurred between September 6 and 7, 2024, compromised personal delivery addresses, and in some cases, telephone numbers and email addresses. Boulanger has assured customers that no banking information was exposed, as payment processing is handled by third-party services. The company has notified all affected individuals in compliance with GDPR regulations and warns of potential phishing attempts by fraudsters posing as Boulanger to exploit the leaked data.


9. CMS Notifies Beneficiaries of MOVEit Breach

The Centers for Medicare & Medicaid Services (CMS) has alerted over 946,000 Medicare beneficiaries about a significant data breach potentially affecting their personal information. This breach stems from a vulnerability in MOVEit software, used by CMS contractor Wisconsin Physicians Service Insurance Corporation (WPS) for handling Medicare claims and related services. The exposed data may include protected health information and personally identifiable information of Medicare beneficiaries, as well as individuals who received care from providers audited by CMS.


10. HPM Insurance Hit With Cyberattack

HPM Insurance, based in Amherst, New Hampshire, has reported a cybersecurity incident affecting three Maine residents. Discovered on October 27, 2023, the breach involved unauthorized access to sensitive data, including personal identification information, medical details, and financial data. HPM swiftly engaged a cybersecurity firm to investigate and secured its systems. While no misuse of the compromised information has been reported, affected individuals have been notified and offered complimentary credit monitoring services.



?? Cyber News


11. Russia to Spend $644M to Block VPNs

Russia’s communications watchdog, Roskomnadzor, is set to invest 59 billion rubles ($644 million) over the next five years to upgrade its internet traffic-filtering infrastructure, according to Forbes. This significant expenditure will be used to enhance hardware designed to block or slow down access to specific online resources, particularly targeting virtual private networks (VPNs). The initiative is part of Russia's broader effort to tighten its digital sovereignty and control over internet access, following the 2019 law aimed at isolating the country from global internet services.


12. CISA Releases Election Security Guidelines

As the 2024 U.S. presidential election approaches, the Cybersecurity and Infrastructure Security Agency (CISA) has released crucial security guidelines to bolster election integrity. With the election set for November 5, CISA’s new checklists focus on both cyber and physical security, aiming to address vulnerabilities such as phishing, DDoS attacks, and ransomware. The checklists, designed to help election officials review and enhance their security measures, offer actionable steps to prevent and respond to potential threats.


13. ICO and NCA Sign MoU to Boost Cybersecurity

The Information Commissioner’s Office (ICO) and the National Crime Agency (NCA) have signed a significant Memorandum of Understanding (MoU) to enhance the UK's cyber resilience. This agreement outlines a framework for both organizations to collaborate more effectively on cybersecurity issues, focusing on protecting entities from data theft and ransomware attacks. Under this MoU, the ICO and NCA will work together to provide organizations with timely information and guidance on cybersecurity, ensuring they are directed to appropriate resources like the National Cyber Security Centre (NCSC) and are able to report cyber crimes promptly.


14. FBI Reports $5.6B in Crypto Fraud Losses

The FBI’s Cryptocurrency Fraud Report for 2023 reveals a significant surge in crypto-related financial crimes, with losses exceeding $5.6 billion. The report highlights over 69,000 complaints received by the FBI’s Internet Crime Complaint Center (IC3), with cryptocurrency fraud making up nearly half of the total financial losses. Investment fraud has emerged as the most damaging scheme, accounting for over $3.9 billion in losses. FBI Director Christopher Wray emphasized the importance of public reporting, urging victims to report scams to IC3 even if they did not suffer financial loss.


15. Kenya Calls for Boost in Cybersecurity

Kenya is calling on East African governments to significantly boost investments in cybersecurity to protect Savings and Credit Cooperatives (SACCOs) from escalating cyber threats. During a recent forum in Nairobi, Cabinet Secretary Wycliffe Oparanya, represented by Principal Secretary Susan Mang’eli, emphasized the urgent need for robust national cybersecurity frameworks and collaboration with both local and international stakeholders. SACCOs, which are crucial to financial inclusion and economic stability in the region, face increasing vulnerabilities due to their reliance on digital platforms.



Subscribe and Comment.

Copyright ? 2024 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.




要查看或添加评论,请登录

社区洞察

其他会员也浏览了