Cyber Briefing: 2024.10.08

?? What's the latest in the cyber world today?

GoldenJackal, Embassies, Air-Gapped Systems, 高通 , Network Vulnerabilities, Android , October Update, The Netherlands, Traffic Lights, Remote Hacking, U.S. Department of Health and Human Services (HHS) , Trinity Ransomware, American Water Works Association , CASIO COMPUTER CO., LTD , ADT , NoName057, DDoS, Belgium, Websites, Japan, Tokyo Sompo Appraisal, California Law, Deepfakes, U.S. Department of Homeland Security , Election Risks, Department of Administrative Reforms and Public Grievances, Government of India , Cybersecurity Workshop, MITRE , AI Incident, Ukraine, Raccoon Stealer Malware

?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .

?? Cyber Alerts

1. GoldenJackal Targets Embassies Using Malware

GoldenJackal, a covert threat actor, has been linked to cyberattacks targeting embassies and government organizations, focusing on breaching air-gapped systems with advanced malware toolsets. Discovered in 2019 and first detailed by Kaspersky in 2023, GoldenJackal has deployed multiple malware families, including JackalWorm and JackalControl, to infiltrate sensitive networks. Their tactics involve using compromised USB drives to exfiltrate data from isolated systems, with suspected entry points being trojanized software and malicious documents.

2. Qualcomm Urges Patches for Critical Flaws

Qualcomm has issued critical security updates to address nearly two dozen vulnerabilities in both proprietary and open-source components, including one that is actively being exploited. The high-severity vulnerability, tracked as CVE-2024-43047, is a user-after-free bug in the Digital Signal Processor (DSP) Service that could lead to memory corruption, impacting the integrity of high-level operating system (HLOS) memory.

3. Android Update Fixes 26 High-Severity Flaws

Google has launched its October 2024 security update for Android, addressing 26 high-severity vulnerabilities to enhance device security. This update is divided into two parts, with the first part, designated as the 2024-10-01 security patch level, fixing three flaws in the Framework component and four in the System component. Among these vulnerabilities, a critical flaw in the System component could allow remote code execution without requiring additional execution privileges.

4. Traffic Lights Exposed to Remote Hacking

A recent investigation by RTL Nieuws revealed that tens of thousands of Dutch traffic lights are vulnerable to hacking, allowing attackers to remotely control them. This security flaw was identified by ethical hacker Alwin Peppels while examining the system connecting traffic lights to emergency services. The vulnerability poses a significant risk to critical infrastructure, prompting calls for urgent improvements to cybersecurity measures. Road authorities are working on a solution but anticipate that full replacements may not be completed until 2030.

5. Trinity Ransomware Targets Healthcare Sector

The U.S. Department of Health and Human Services (HHS) has issued a warning regarding the emergence of Trinity ransomware, a sophisticated threat targeting healthcare and public health organizations. First identified in May 2024, this ransomware adds the ".trinitylock" extension to encrypted files and is known for its advanced tactics, including phishing and exploiting vulnerabilities for initial access. With at least one U.S. healthcare organization already affected, the HHS emphasizes the urgency of addressing this escalating threat to protect sensitive data and infrastructure.?

?? Cyber Incidents

6. American Water Works Hit With Cyberattack

American Water Works Company, Inc., the largest regulated water and wastewater utility in the U.S., reported a cybersecurity incident on October 3, 2024, affecting its computer networks and systems. The company, which provides services to over 14 million people across 14 states and 18 military installations, quickly activated its incident response protocols upon discovering unauthorized activity. In response, American Water Works disconnected certain systems and engaged third-party cybersecurity experts to assist with containment and investigation, while notifying law enforcement.

7. Casio Confirms Major Cyberattack on Network

Casio Computer Co., Ltd., a leading Japanese electronics manufacturer, has confirmed a significant cybersecurity breach that occurred on October 5, 2023, resulting in unauthorized access to its network and subsequent system failures that disrupted several services. The breach was detected when internal systems experienced unexpected failures, prompting an immediate investigation by the company. In response, Casio reported the incident to relevant authorities and engaged external cybersecurity experts to assess the situation and enhance security measures.

8. ADT Reports New Breach Due to Access Issues

ADT has confirmed a new incident involving a data breach caused by compromised access. This recent security failure highlights vulnerabilities in the company's systems, prompting immediate action to assess the situation and mitigate further risks. The breach adds to a growing list of security challenges faced by organizations, emphasizing the importance of robust cybersecurity measures. ADT is actively investigating the incident while working to reassure customers about the integrity of their data and strengthen defenses against future attacks. For further information, please visit the original article.

9. Pro-Russian Hackers Target Belgian Websites

On October 8, 2024, Belgian municipalities and ports faced a cyber attack orchestrated by the pro-Russian hacker collective NoName057. This incident marked the group's second wave of attacks within two days, targeting various local government websites, including those of Sint-Genesius-Rode and Linkebeek, as well as the ports of Antwerp and Zeebrugge. The Centre for Cybersecurity Belgium (CCB) confirmed that the assaults utilized Distributed Denial of Service (DDoS) tactics, overwhelming servers with excessive requests and rendering them inaccessible to legitimate users.

10. Tokyo Sompo Appraisal Hit by Ransomware

Tokyo Sompo Appraisal Co., Ltd. is currently dealing with the aftermath of a ransomware attack that occurred on August 29, 2024, resulting in unauthorized access to its server and the encryption of critical files. In response, the company swiftly established a task force that includes security experts and legal advisors to assess the damage and implement recovery efforts. As of October 4, the company has reported no confirmed data leaks or unauthorized use of information, but the investigation is still in progress.

?? Cyber News

11. Judge Blocks California's Deepfake Law

A U.S. federal judge has temporarily blocked California's new law aimed at regulating the use of AI-generated deepfakes during elections, citing potential violations of the First Amendment. The law, signed on September 17, mandated online platforms to remove or label manipulated content within a specific timeframe surrounding elections. The ruling stemmed from a lawsuit filed by Chris Kohls, known as "Mr. Reagan," who argued that such restrictions hinder free speech.

12. DHS Warns Election Risks May Extend to 2025

The Department of Homeland Security (DHS) has highlighted ongoing threats to the integrity of the 2024 U.S. election cycle, indicating that foreign adversaries and domestic extremist groups are intensifying their efforts. The agency's annual threat assessment emphasizes concerns about potential violence stemming from sociopolitical tensions and election-related issues. Furthermore, the DHS has identified specific tactics used by adversaries, including misinformation campaigns, which could undermine public confidence in the electoral process and pose significant risks to election personnel and infrastructure.

13. India’s DARPG Hosts Cybersecurity Workshop

The Department of Administrative Reforms and Public Grievances (DARPG) recently organized a workshop on Cybersecurity at the Civil Services Officers' Institute in New Delhi. The event aimed to enhance cybersecurity awareness and strengthen initiatives by the Ministry of Electronics and Information Technology (MeitY) during Special Campaign 4.0. Over 200 senior officials participated, focusing on the current cybersecurity landscape in India and the importance of robust cybersecurity measures for government digital platforms.

14. MITRE Unveils AI Incident Sharing Initiative

MITRE has launched an AI Incident Sharing initiative, designed to enhance the sharing of intelligence on real-world AI incidents among organizations. Collaborating with over 15 partners, this project is part of MITRE's ATLAS framework and aims to foster community awareness about AI-related threats and defenses. By providing a secure platform for the anonymized exchange of incident data, the initiative aims to strengthen collective defenses against potential AI cybersecurity risks as more entities integrate AI technologies into their systems.

15. Ukrainian Pleads Guilty for Raccoon Stealer

Mark Sokolovsky, a Ukrainian national, recently pleaded guilty in U.S. federal court to conspiracy charges related to his involvement in the Raccoon Stealer malware operation. Indicted on multiple charges, Sokolovsky was accused of establishing the technical infrastructure for the malware-as-a-service model. As part of his plea agreement, he agreed to forfeit nearly $24,000 and pay almost $1 million in restitution. This case underscores the ongoing threat posed by malware and the collaborative efforts of law enforcement to combat cybercrime.

Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .