Cyber Briefing: 2024.10.04
?? What are the latest cybersecurity alerts, incidents, and news?
WordPress LiteSpeed, Cache Plugin, XSS, Perfctl Malware, Linux Servers, Cryptocurrency, North Korea Hackers, Southeast Asia, VeilShell Backdoor, Key Group, Prince Ransomware, US, UK Royal Mail , Phishing, Universal Music Group , Bloom Hearing Clinic, New Zealand, Michigan, Wayne County Michigan , India, Uttarakhand, Judge Rotenberg Center , Texas Attorney General , TikTok , Child Privacy, Cybersecurity and Infrastructure Security Agency , Zero Trust Implementation, Domains Phishing, Russia, Sellafield Ltd , Nuclear
?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
A critical security flaw in the WordPress LiteSpeed Cache plugin, identified as CVE-2024-47374, has exposed millions of websites to stored cross-site scripting (XSS) attacks. The vulnerability, affecting all versions up to 6.5.0.2, allows malicious actors to inject arbitrary JavaScript code, potentially leading to privilege escalation and site compromise. Exploiting the flaw requires enabling specific Page Optimization settings, such as "CSS Combine" and "Generate UCSS." The issue was addressed in version 6.5.1, released on September 25, 2024.
A new malware campaign has emerged, targeting misconfigured and vulnerable Linux servers with a stealthy malware known as perfctl, aimed at cryptocurrency mining and proxyjacking. Researchers from Aqua Security report that perfctl employs sophisticated evasion techniques, such as becoming dormant when users are logged in and deleting its binary after execution to avoid detection. The malware exploits a vulnerability in Polkit (CVE-2021-4043, also known as PwnKit) to escalate privileges to root and deploy a cryptocurrency miner called perfcc.
North Korean hackers affiliated with APT37 have launched a campaign, dubbed SHROUDED#SLEEP, deploying a previously undocumented backdoor and remote access trojan (RAT) called VeilShell to target Cambodia and potentially other Southeast Asian countries. This sophisticated attack involves delivering a ZIP archive containing a Windows shortcut (LNK) file, likely via spear-phishing emails. Once executed, the LNK file triggers PowerShell code to extract malicious components while distracting the user with a seemingly innocuous document.
The Key Group, a financially motivated ransomware organization, has been actively targeting Russian windows users since its discovery in April 2022. Known for negotiating with victims via Telegram, this group primarily utilizes the Chaos ransomware builder alongside several other variants, including Annabelle, RuRansom, Hakuna Matata, and the latest NoCry variant. By maintaining a GitHub repository for its command and control (C2) infrastructure, the Key Group showcases its adaptability in the cybercrime landscape. Security solutions like Symantec and VMware Carbon Black have identified various malicious indicators associated with the group, employing adaptive, behavior-based, and machine learning techniques to thwart their attacks.
A new ransomware campaign known as “Prince Ransomware” has emerged, targeting individuals and organizations in both the UK and the US through a sophisticated phishing scam that impersonates the British postal service, Royal Mail. Detected by researchers at Proofpoint in mid-September, this campaign utilizes contact forms on target websites to evade traditional email security measures, allowing attackers to reach multiple recipients. Victims receive messages appearing to originate from a Proton Mail address, leading them to download a ZIP file from Dropbox that ultimately deploys the ransomware.
Universal Music Group (UMG) has disclosed a data breach that occurred on July 15, 2024, affecting the personal information of 680 residents in the United States. The breach was detected following unauthorized activity in one of UMG's internal applications, prompting the company to engage cybersecurity experts for investigation and remediation. According to a filing with the Maine Attorney General’s Office, the exfiltrated data potentially included names and Social Security numbers.
Bloom Hearing Specialists in New Zealand has reported a significant ransomware attack that has compromised sensitive customer data, including bank details, patient records, and insurance information. The breach, which occurred in July and was disclosed in late August, has raised concerns about the potential for fraud and identity theft among affected individuals. Bloom has alerted the authorities, including the police and the Privacy Commissioner, and is actively investigating the incident while taking steps to secure its systems.
Wayne County government in Michigan has suffered a significant cyberattack, resulting in the disruption of various services as hackers demand a ransom. The attack, which was reported on October 3, has led to the county's information technology team investigating the incident in collaboration with cybersecurity partners, including the FBI and Michigan State Police. As a result of the breach, operations at the Wayne County Sheriff’s Office were impacted, preventing jail inmates from being bonded out and defense attorneys from scheduling client visits.
A severe cyberattack recently hit the government IT systems of Uttarakhand, India, crippling over 90 critical websites, including the Chief Minister's helpline and various essential public services. The attack occurred unexpectedly, leading to a complete shutdown of government operations, affecting both public-facing services and internal functions. Emergency protocols were swiftly activated, and a team of cybersecurity experts was deployed to assess the damage and restore operations.
The Judge Rotenberg Educational Center (JRC) in Massachusetts has notified individuals of a data security incident resulting from a ransomware attack on February 13, 2024. Following the attack, JRC engaged cybersecurity experts for a thorough forensic investigation, which confirmed on September 5 that personal information may have been compromised. The affected data could include names, Social Security numbers, driver’s license numbers, medical information, and health insurance details.
?? Cyber News
The Texas Attorney General's office has filed a lawsuit against TikTok, accusing the popular short video app of violating state laws regarding the protection of children's privacy. Attorney General Ken Paxton claims that TikTok has been sharing sensitive personal information of minors without obtaining parental consent, thereby compromising their online safety. The lawsuit is grounded in the Securing Children Online through Parental Empowerment Act (SCOPE), which mandates that tech companies must not disclose or sell minors' personal identifying information without parental approval.
The Cybersecurity and Infrastructure Security Agency (CISA) is ramping up efforts to evaluate the progress of U.S. federal agencies in implementing zero trust architectures ahead of a critical November deadline. Agencies were required to submit updated implementation plans outlining their strategies for eliminating implicit trust and securing critical assets by September 30, following guidance from the Office of Management and Budget (OMB). CISA’s zero trust initiative lead, Brandy Sanchez, emphasized the agency's goal of fostering collaboration rather than enforcing punitive measures.
The United States has seized 41 internet domains allegedly used by Russian intelligence agents in a sophisticated spear-phishing campaign targeting U.S. government employees. Deputy Attorney General Lisa Monaco stated that these domains were part of a scheme orchestrated by the "Callisto Group," a unit within Russia's Federal Security Service (FSB), which aimed to steal sensitive information by impersonating legitimate email accounts. The campaign not only targeted current and former employees of the Pentagon and State Department but also included U.S.-based companies and members of the intelligence community.
CorrectCare has agreed to a $6.49 million settlement following a data breach that exposed sensitive information for nearly 600,000 prison inmates across several states, including Louisiana, Georgia, South Carolina, and California. The breach, attributed to a misconfigured web server, affected inmates who received medical care from January 2012 to July 2022. Under the settlement, eligible class members can claim up to $10,000 for unreimbursed losses linked to the breach, which may include expenses for bank fees and credit monitoring.
The Sellafield nuclear waste processing and storage site in the UK has been fined $415,000 (£332,500) by regulators due to significant cybersecurity shortcomings that left its IT systems vulnerable to unauthorized access for several years. The Office for Nuclear Regulation (ONR) reported breaches of the Nuclear Industries Security Regulations from 2019 to 2023, highlighting failures to protect sensitive nuclear information and comply with security plans for annual penetration testing.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: