Cyber Briefing: 2024.09.26
?? What's going on in the cyber world today?
Industrial Control Systems, Credential Harvesting, SloppyLemming, Asia, Sparkling Pisces, KLogExe, FPSpy, Espionage, TeamViewer Vulnerability, Privilege Escalation, Citrix , XenServer , Blockchain, Truflation , Wi-Fi, UK Train Stations, Japan, Sumitomo Mitsui Trust Bank , Ransomware, Austria, ?VP, @SP?, India, YouTuber, Ranveer Allahbadia , BeerBiceps Media World Private Limited , Cybersecurity and Infrastructure Security Agency , US Schools, Federal Trade Commission , AI, Misleading Practices, 谷歌 , Rust Programming Language , Android , Memory Flaws, Mozilla , Tracking, EU, AI Act
?Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
Hackers are increasingly targeting Industrial Control Systems (ICS) and Operational Technology (OT) in critical infrastructure using unsophisticated methods, according to a recent advisory from the Cybersecurity and Infrastructure Security Agency (CISA). Threat actors are exploiting internet-exposed devices by using brute force attacks and default credentials to gain access, impacting sectors such as water and wastewater systems. These attacks, often driven by pro-Russian hacktivist groups, aim to disrupt operations with minimal effort.
Cloudflare has issued a warning about an advanced threat actor known as SloppyLemming, linked to India, which has been targeting South and East Asian entities for espionage and credential harvesting. Active since at least July 2021, SloppyLemming utilizes multiple cloud service providers, including Cloudflare Workers, to conduct its attacks. The group primarily targets government, law enforcement, energy, education, telecommunications, and technology sectors in countries such as Pakistan, Sri Lanka, Bangladesh, China, Nepal, and Indonesia.
The Sparkling Pisces threat group, also known as Kimsuky, THALLIUM, and Velvet Chollima, has been identified as a major player in the realm of cyber-espionage, utilizing newly discovered keylogger malware KLogExe and a backdoor variant named FPSpy. This advanced persistent threat (APT) group is notorious for its sophisticated spear phishing attacks that lure victims into downloading malicious payloads.
TeamViewer has confirmed a critical vulnerability in its Remote client software for Windows that could allow attackers to escalate their privileges on affected systems. Identified as CVE-2024-7479 and CVE-2024-7481, the flaw arises from improper verification of cryptographic signatures in the TeamViewer_service.exe component. This weakness affects multiple versions of the TeamViewer Remote full client and Remote Host products.
Citrix has released a security bulletin outlining critical vulnerabilities in XenServer and Citrix Hypervisor that could be exploited by malicious administrators to crash or render the host system unresponsive. Identified as CVE-2024-45817, CVE-2022-24805, and CVE-2022-24809, these flaws primarily affect XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR. The most significant vulnerability, CVE-2024-45817, allows a malicious admin of a guest virtual machine (VM) to disrupt host operations.
Truflation, a blockchain platform specializing in real-time economic data, has confirmed it was targeted in a malware attack that resulted in estimated losses between $4.95 million and $5.2 million. On September 25, the team detected unusual activity linked to the breach, revealing that hackers stole approximately $3.89 million in Truflation’s native token (TRUF), $1.07 million in Ether, and $236,000 in stablecoins from the company's Ethereum wallets. Fortunately, customer funds remain unaffected, and the project’s staking reserves are secure.
A cyber attack has targeted the public wi-fi systems at 19 railway stations across the UK, displaying alarming messages about terror attacks in Europe. Affected stations include major hubs such as London Euston, Manchester Piccadilly, Liverpool Lime Street, and Birmingham New Street. Network Rail confirmed the incident, stating that the wi-fi service remains down as investigations are underway, with British Transport Police now involved. The service, provided by third-party company Telent, has been suspended during the inquiry, which aims to assess the scope of the breach and restore secure connectivity for commuters.
领英推荐
On September 25, 2024, Japan's Sumitomo Mitsui Trust Bank announced a potential data risk stemming from a ransomware attack on Takano Sogo Consulting Co., Ltd., a firm that provides outsourced services to the bank. While there is currently no confirmed evidence of personal information leakage, the incident raises concerns about the possible exposure of sensitive data related to bank employees, including former staff members, who had entrusted their information to Takano Sogo.
A series of cyberattacks targeted the websites of Austria's two major political parties, the ?VP (People's Party) and SP? (Social Democratic Party), on September 23, 2024. Both parties confirmed that they experienced distributed denial-of-service (DDoS) attacks that temporarily rendered their websites unavailable. While the ?VP's Tyrolean state party was notably affected, the SP? reported similar issues, stating their website was also temporarily offline due to the attacks. Fortunately, both parties confirmed that no data was leaked during the incidents.
Ranveer Allahbadia, the popular Indian YouTuber known for his channels BeerBiceps and his main channel, recently fell victim to a cyberattack that resulted in significant disruptions to his online presence. Hackers gained unauthorized access to both channels, renaming the main channel to "Tesla" and replacing all original content with unauthorized streams featuring notable figures such as Elon Musk and Donald Trump. Despite the distressing situation, Allahbadia responded with humor, posting about his experience on Instagram.
?? Cyber News
The Cybersecurity and Infrastructure Security Agency (CISA) has released a new toolkit aimed at helping K-12 schools respond to the rising threat of anonymous violence. Announced during a two-day school safety summit, the guidance provides key strategies for schools to collaborate with intelligence agencies and law enforcement, enhancing reporting processes to detect potential threats early. CISA Director Jen Easterly highlighted the surge in anonymous threats, including those stemming from recent high-profile school shootings, which often provoke copycat incidents.
The U.S. Federal Trade Commission (FTC) has initiated a crackdown on deceptive practices involving artificial intelligence, filing complaints against several companies accused of misleading consumers with false AI claims. Among the firms targeted is DoNotPay, which allegedly misrepresented its AI capabilities by claiming it could replace human lawyers, offering services that lacked adequate legal oversight. The FTC's campaign, dubbed "Operation AI Comply," aims to address the growing trend of companies using AI to lure customers into fraudulent schemes.
Google has announced a significant reduction in memory vulnerabilities within Android, attributing the 52% drop to its transition to memory-safe programming languages like Rust. Over the past six years, the percentage of memory-safe vulnerabilities discovered in Android has plummeted from 76% to just 24%. This strategic move, part of Google’s secure-by-design initiative, emphasizes the importance of Safe Coding practices for new features, resulting in a more scalable and cost-effective approach to security.
Austrian privacy non-profit noyb has filed a complaint against Mozilla, the maker of Firefox, for enabling a feature called Privacy-Preserving Attribution (PPA) without obtaining explicit user consent. Despite its name, noyb argues that PPA allows Firefox to track user behavior across websites, essentially shifting control of tracking from individual sites to the browser itself. This feature, which is part of Firefox version 128, has drawn comparisons to Google's abandoned Privacy Sandbox project and is similar to Apple's Privacy Preserving Ad Click Attribution.
In a significant move towards responsible artificial intelligence development, over 100 tech companies have voluntarily committed to the European Union's AI Pact, aimed at preparing for the forthcoming AI Act. Notable signatories include OpenAI, Microsoft, and Amazon, while tech giants such as Meta, Apple, Nvidia, and Mistral have notably opted out. The AI Act, which came into effect on August 1, 2024, seeks to regulate AI systems based on their associated risks. Under the pact, participating firms will collaborate on best practices, ensure human oversight, and promote transparency in labeling AI-generated content.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: