Cyber Briefing: 2024.10.04

Cyber Briefing: 2024.10.04

?? What are the latest cybersecurity alerts, incidents, and news?

WordPress LiteSpeed, Cache Plugin, XSS, Perfctl Malware, Linux Servers, Cryptocurrency, North Korea Hackers, Southeast Asia, VeilShell Backdoor, Key Group, Prince Ransomware, US, UK Royal Mail , Phishing, Universal Music Group , Bloom Hearing Clinic, New Zealand, Michigan, Wayne County Michigan , India, Uttarakhand, Judge Rotenberg Center , Texas Attorney General , TikTok , Child Privacy, Cybersecurity and Infrastructure Security Agency , Zero Trust Implementation, Domains Phishing, Russia, Sellafield Ltd , Nuclear



?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .



?? Cyber Alerts


1. LiteSpeed Cache Plugin Vulnerable to XSS

A critical security flaw in the WordPress LiteSpeed Cache plugin, identified as CVE-2024-47374, has exposed millions of websites to stored cross-site scripting (XSS) attacks. The vulnerability, affecting all versions up to 6.5.0.2, allows malicious actors to inject arbitrary JavaScript code, potentially leading to privilege escalation and site compromise. Exploiting the flaw requires enabling specific Page Optimization settings, such as "CSS Combine" and "Generate UCSS." The issue was addressed in version 6.5.1, released on September 25, 2024.


2. New Perfctl Malware Targets Linux Servers

A new malware campaign has emerged, targeting misconfigured and vulnerable Linux servers with a stealthy malware known as perfctl, aimed at cryptocurrency mining and proxyjacking. Researchers from Aqua Security report that perfctl employs sophisticated evasion techniques, such as becoming dormant when users are logged in and deleting its binary after execution to avoid detection. The malware exploits a vulnerability in Polkit (CVE-2021-4043, also known as PwnKit) to escalate privileges to root and deploy a cryptocurrency miner called perfcc.


3. North Korean Hackers Use VeilShell Backdoor

North Korean hackers affiliated with APT37 have launched a campaign, dubbed SHROUDED#SLEEP, deploying a previously undocumented backdoor and remote access trojan (RAT) called VeilShell to target Cambodia and potentially other Southeast Asian countries. This sophisticated attack involves delivering a ZIP archive containing a Windows shortcut (LNK) file, likely via spear-phishing emails. Once executed, the LNK file triggers PowerShell code to extract malicious components while distracting the user with a seemingly innocuous document.


4. Key Group Targets Russia with Ransomware

The Key Group, a financially motivated ransomware organization, has been actively targeting Russian windows users since its discovery in April 2022. Known for negotiating with victims via Telegram, this group primarily utilizes the Chaos ransomware builder alongside several other variants, including Annabelle, RuRansom, Hakuna Matata, and the latest NoCry variant. By maintaining a GitHub repository for its command and control (C2) infrastructure, the Key Group showcases its adaptability in the cybercrime landscape. Security solutions like Symantec and VMware Carbon Black have identified various malicious indicators associated with the group, employing adaptive, behavior-based, and machine learning techniques to thwart their attacks.


5. Prince Ransomware Campaign Targets US and UK

A new ransomware campaign known as “Prince Ransomware” has emerged, targeting individuals and organizations in both the UK and the US through a sophisticated phishing scam that impersonates the British postal service, Royal Mail. Detected by researchers at Proofpoint in mid-September, this campaign utilizes contact forms on target websites to evade traditional email security measures, allowing attackers to reach multiple recipients. Victims receive messages appearing to originate from a Proton Mail address, leading them to download a ZIP file from Dropbox that ultimately deploys the ransomware.



?? Cyber Incidents


6. Universal Music Group Suffers Data Breach

Universal Music Group (UMG) has disclosed a data breach that occurred on July 15, 2024, affecting the personal information of 680 residents in the United States. The breach was detected following unauthorized activity in one of UMG's internal applications, prompting the company to engage cybersecurity experts for investigation and remediation. According to a filing with the Maine Attorney General’s Office, the exfiltrated data potentially included names and Social Security numbers.


7. Bloom Hearing Clinic Hit by Ransomware

Bloom Hearing Specialists in New Zealand has reported a significant ransomware attack that has compromised sensitive customer data, including bank details, patient records, and insurance information. The breach, which occurred in July and was disclosed in late August, has raised concerns about the potential for fraud and identity theft among affected individuals. Bloom has alerted the authorities, including the police and the Privacy Commissioner, and is actively investigating the incident while taking steps to secure its systems.


8. Ransomware Attack Disrupts Wayne County

Wayne County government in Michigan has suffered a significant cyberattack, resulting in the disruption of various services as hackers demand a ransom. The attack, which was reported on October 3, has led to the county's information technology team investigating the incident in collaboration with cybersecurity partners, including the FBI and Michigan State Police. As a result of the breach, operations at the Wayne County Sheriff’s Office were impacted, preventing jail inmates from being bonded out and defense attorneys from scheduling client visits.


9. Uttarakhand Government Hit by Cyberattack

A severe cyberattack recently hit the government IT systems of Uttarakhand, India, crippling over 90 critical websites, including the Chief Minister's helpline and various essential public services. The attack occurred unexpectedly, leading to a complete shutdown of government operations, affecting both public-facing services and internal functions. Emergency protocols were swiftly activated, and a team of cybersecurity experts was deployed to assess the damage and restore operations.


10. JRC Notifies Individuals of Data Breach

The Judge Rotenberg Educational Center (JRC) in Massachusetts has notified individuals of a data security incident resulting from a ransomware attack on February 13, 2024. Following the attack, JRC engaged cybersecurity experts for a thorough forensic investigation, which confirmed on September 5 that personal information may have been compromised. The affected data could include names, Social Security numbers, driver’s license numbers, medical information, and health insurance details.



?? Cyber News


11. Texas Sues TikTok Over Privacy Violations

The Texas Attorney General's office has filed a lawsuit against TikTok, accusing the popular short video app of violating state laws regarding the protection of children's privacy. Attorney General Ken Paxton claims that TikTok has been sharing sensitive personal information of minors without obtaining parental consent, thereby compromising their online safety. The lawsuit is grounded in the Securing Children Online through Parental Empowerment Act (SCOPE), which mandates that tech companies must not disclose or sell minors' personal identifying information without parental approval.


12. CISA to Evaluate Federal Zero Trust Progress

The Cybersecurity and Infrastructure Security Agency (CISA) is ramping up efforts to evaluate the progress of U.S. federal agencies in implementing zero trust architectures ahead of a critical November deadline. Agencies were required to submit updated implementation plans outlining their strategies for eliminating implicit trust and securing critical assets by September 30, following guidance from the Office of Management and Budget (OMB). CISA’s zero trust initiative lead, Brandy Sanchez, emphasized the agency's goal of fostering collaboration rather than enforcing punitive measures.


13. US Seizes 41 Domains Linked to Russian Scams

The United States has seized 41 internet domains allegedly used by Russian intelligence agents in a sophisticated spear-phishing campaign targeting U.S. government employees. Deputy Attorney General Lisa Monaco stated that these domains were part of a scheme orchestrated by the "Callisto Group," a unit within Russia's Federal Security Service (FSB), which aimed to steal sensitive information by impersonating legitimate email accounts. The campaign not only targeted current and former employees of the Pentagon and State Department but also included U.S.-based companies and members of the intelligence community.


14. Inmates Receive $6.49M Settlement for Breach

CorrectCare has agreed to a $6.49 million settlement following a data breach that exposed sensitive information for nearly 600,000 prison inmates across several states, including Louisiana, Georgia, South Carolina, and California. The breach, attributed to a misconfigured web server, affected inmates who received medical care from January 2012 to July 2022. Under the settlement, eligible class members can claim up to $10,000 for unreimbursed losses linked to the breach, which may include expenses for bank fees and credit monitoring.


15. Sellafield Fined $415K for Security Failures

The Sellafield nuclear waste processing and storage site in the UK has been fined $415,000 (£332,500) by regulators due to significant cybersecurity shortcomings that left its IT systems vulnerable to unauthorized access for several years. The Office for Nuclear Regulation (ONR) reported breaches of the Nuclear Industries Security Regulations from 2019 to 2023, highlighting failures to protect sensitive nuclear information and comply with security plans for annual penetration testing.



Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .




要查看或添加评论,请登录

社区洞察

其他会员也浏览了