Cyber Briefing: 2024.09.16
?? What's happening in cybersecurity today?
Gecko Campaign, Latin America, Mekotio, Mispadu, Microsoft Azure , API Management, 苹果 Vision Pro, AppleCare+ Fraud, Docker, Inc , Remote Code Execution, Kawasaki Motors Europe N.V. , Ransomhub, Ransomware, France, Cnav , Neymar, X Account Hacked, Germany, Radio Geretsried , Belgium, LolaLiza , US Sanctions, Russia Today , China, 振华重工 , National Security, Maritime, Australia, Data Breach Record, UK, Meta , AI, Training, 23andMe Settlement
?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
In September 2024, researchers from SCILabs uncovered the Gecko Assault campaign, which distributes two types of malware—Mekotio and Mispadu—targeting users primarily in Latin America. These malware variants are designed to steal sensitive banking information, browser-stored data, and credentials. The attackers employ various methods, including exploiting vulnerabilities, using malicious AutoIt scripts, and DLL hijacking, where a legitimate GoToMeeting application executable is abused to inject malicious DLL files.
In September 2024, a critical vulnerability in Azure API Management (APIM) was discovered, allowing users with Reader-level access to escalate their privileges to Contributor-level. This flaw, identified by Binary Security, is rooted in the Azure Resource Manager (ARM) API and permits unauthorized users to read, modify, and delete APIM configurations through the Direct Management API. Attackers could exploit this by accessing specific ARM API endpoints to retrieve admin keys, which could then be used to generate SharedAccessSignatures.
In September 2024, a critical vulnerability in Apple's Vision Pro mixed reality headset was uncovered, revealing how attackers could exploit the flaw to infer text entered via the device’s virtual keyboard. Known as GAZEploit (CVE-2024-40865), this attack allowed malicious actors to analyze eye movements of a virtual avatar to reconstruct keystrokes. By leveraging the gaze-controlled text entry feature, attackers could remotely capture and analyze avatar video to infer sensitive information, including passwords.
A new scam targeting Mac users has been discovered, where fake AppleCare+ support sites deceive victims into paying money. Scammers use Google ads to direct users to fraudulent customer service pages hosted on GitHub, which mimic Apple's branding. Once users call the toll-free number provided on these fake sites, they are connected to scammers who impersonate Apple representatives. These fraudsters then use social engineering tactics to extract money and personal information.
Docker has recently patched two critical vulnerabilities in Docker Desktop that could allow attackers to execute remote code. Identified as CVE-2024-8695 and CVE-2024-8696, these flaws involve handling malicious extension descriptions and URLs, respectively. Exploiting these vulnerabilities could grant unauthorized access to host systems. Docker addressed these issues in version 4.34.2, and users are strongly advised to update their installations promptly to mitigate these risks.
Kawasaki Motors Europe is recovering from a significant cyberattack claimed by the notorious ransomware group Ransomhub. The attack, which disrupted operations over the past week, led to the temporary isolation of the company’s servers as a precaution. Despite the attack, Kawasaki's IT team and cybersecurity experts managed to restore over 90% of server functionality by the start of this week. The group claimed to have stolen 487 gigabytes of data, but business operations have resumed, including dealings with motor vehicle dealers and suppliers.
The French pension insurance company CNAV has reported a significant data breach involving approximately 370,000 individuals. The stolen data, which includes personal details such as addresses and social security numbers, is largely outdated, with some records belonging to deceased individuals. Importantly, no sensitive financial information, such as banking details or payment records, was compromised. The breach occurred through the Social Action Partners Portal, used by social welfare providers.
领英推荐
Neymar's X account was hacked on September 13, 2024, leading to widespread confusion among fans. The breach falsely announced that the Brazilian football star had signed a ten-game contract with FC Schalke 04, with the deal purportedly sponsored by cryptocurrency firm Solana. This misleading information was posted on both Neymar’s official X account and Schalke’s X account, creating a false buzz in the football community before being swiftly removed.
Radio Geretsried in Germany is currently only broadcasting an emergency tape following a severe cyberattack that took place on the night of September 15, 2024. Unknown attackers from Russia targeted the station’s core broadcasting systems, encrypting all music files and demanding a substantial ransom. The station's management and the board of Bürgernetz Isar-Loisach e.V. are working diligently to address the situation. Efforts are underway to recover and reinstall the affected systems, but the resolution is expected to take until the middle of the week.
Belgian clothing retailer Lolaliza has confirmed a significant cyberattack on its IT systems, which occurred on September 13, 2024. The attack, attributed to external malicious actors, compromised both customer and company data, including staff information. Despite the breach, which has led to unauthorized access to some databases, the company is actively working with cybersecurity experts to resolve the issue and restore normal operations. Lolaliza’s physical stores and online shop remain open, and the company is notifying affected customers while prioritizing data protection and system restoration.
?? Cyber News
The U.S. government has imposed new sanctions on Russian state media, particularly targeting RT (Russia Today), for covertly funding military support and conducting influence operations related to the conflict in Ukraine. The sanctions, announced by Secretary of State Antony Blinken, address allegations that RT orchestrated a fundraising campaign to supply the Russian military with equipment such as drones and radio gear. In addition to funding military operations, RT was accused of running disinformation campaigns across Europe, Africa, and the Americas.
A new congressional report has raised alarms about the cybersecurity risks posed by Shanghai Zhenhua Heavy Industries Company (ZPMC), a major Chinese state-owned crane manufacturer. Dominating the global market with nearly 80% of the U.S. ship-to-shore crane market, ZPMC is flagged for potentially compromising national security. The report highlights concerns that Beijing could exploit ZPMC’s advanced port infrastructure to disrupt U.S. maritime supply chains, especially in light of China's strategic investments and mandated backdoor access to its technology.
New statistics from the Office of the Australian Information Commissioner (OAIC) reveal that Australia has experienced the highest number of data breaches in three and a half years. In the first half of 2024, the OAIC recorded 527 notifications, marking a significant increase of nine percent compared to the previous six-month period. The surge in breaches, largely driven by malicious attacks and cyber incidents, highlights a critical gap in privacy and security measures. Notably, the MediSecure breach affected approximately 12.9 million Australians, underscoring the severe impact of these incidents.
After a regulatory pause, Meta is set to resume its AI training in the UK following extensive discussions with the Information Commissioner’s Office (ICO). The tech giant has updated its approach to enhance transparency, incorporating user feedback to simplify its objection process. Meta aims to tailor its AI models using public content from UK users to better reflect British culture. Despite these adjustments, the ICO has yet to grant formal approval, underscoring ongoing privacy concerns. This move reflects Meta’s broader strategy to balance innovation with regulatory compliance amid evolving data protection standards.
23andMe has agreed to pay $30 million to settle a class-action lawsuit following a 2023 data breach that exposed the personal and genetic information of 6.4 million customers. The breach, caused by credential-stuffing attacks, led to hackers gaining access to sensitive data, including health reports and raw genotype information, some of which was later leaked on dark web forums. As part of the settlement, 23andMe will strengthen its security measures, implementing mandatory two-factor authentication, enhanced defenses against cyberattacks, and regular cybersecurity audits. Despite the settlement, the company denies any wrongdoing or liability.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: