Cyber Briefing: 2024.10.11

Cyber Briefing: 2024.10.11

?? What are the latest cybersecurity alerts, incidents, and news?

Cybersecurity and Infrastructure Security Agency , F5 BIG-IP, Cookies, Airbnb , Booking.com , Phishing, Foxit PDF Reader, VMware NSX, Veeam Software , 富达 , Axis Health Systems , Rhysida Ransomware, Colorado, Nevada County Superintendent of Schools , Internet Shutdown, DeeKay Kwon , Wallet Compromised, Web3, 科沃斯 , Robot Vacuums, US Social Security Administration , Fraud Prevention, Council of the European Union , Cyber Resilience Act, IoT, OpenAI , Shipping Industry, Threat Vectors, Relyance AI , AI Governance, Privacy Compliance



?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .



?? Cyber Alerts


1. CISA Warns of F5 BIG-IP Cookie Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about threat actors exploiting unencrypted persistent cookies in the F5 BIG-IP Local Traffic Manager (LTM) module to conduct network reconnaissance. By leveraging these cookies, malicious actors can identify non-internet-facing devices on the network, potentially exploiting additional vulnerabilities. CISA recommends that organizations configure cookie encryption within the HTTP profile of F5 BIG-IP devices and use F5's BIG-IP iHealth diagnostic tool to identify and address security issues.


2. Scammers Target Airbnb and Booking.com Users

A new campaign by the scam network Telekopye is targeting users of popular booking platforms like Airbnb and Booking.com . This sophisticated operation involves scammers sending phishing emails to users, falsely claiming issues with their bookings and directing them to convincing fake websites. These fraudulent pages closely mimic legitimate platforms and include accurate booking details, making them difficult to detect.


3. Foxit PDF Reader Vulnerability Enables RCE

A critical vulnerability in Foxit PDF Reader, tracked as CVE-2024-28888, could enable attackers to execute arbitrary code on affected systems. With a high CVSS score of 8.8, this memory corruption flaw arises from a use-after-free error related to the handling of checkbox field objects, particularly when JavaScript is enabled. Attackers can exploit this vulnerability by manipulating users into opening malicious PDFs or visiting compromised websites while using the Foxit PDF Reader browser extension.


4. VMware NSX Flaws Enable Root Access

VMware has announced the discovery of multiple vulnerabilities in its NSX product line that could potentially allow attackers to gain root access to enterprise systems. Identified as CVE-2024-38818, CVE-2024-38817, and CVE-2024-38815, these vulnerabilities affect both VMware NSX and VMware Cloud Foundation, which are critical for network virtualization and security services in many organizations. The vulnerabilities range in severity, with a CVSSv3 base score between 4.3 and 6.7. Notably, CVE-2024-38817 involves command injection, enabling malicious actors to execute arbitrary commands with root privileges.


5. Veeam RCE Vulnerability Exploited by Hackers

Hackers are exploiting a critical vulnerability in Veeam Backup & Replication software, identified as CVE-2024-40711, to deploy ransomware on vulnerable systems. This flaw allows unauthenticated remote code execution, giving attackers the ability to gain unauthorized access and install malicious software. In recent attacks, hackers have leveraged this vulnerability to install Fog and Akira ransomware, targeting unpatched systems through compromised VPN gateways.



?? Cyber Incidents


6. Fidelity Investments Suffers Data Breach

Fidelity Investments has reported a data breach impacting the personal information of over 77,000 customers due to unauthorized access to its systems between August 17 and 19, 2024. The Boston-based financial services giant stated that attackers exploited two newly established customer accounts to steal data, although it clarified that no access was gained to actual customer accounts.


7. Axis Health Systems Hit With Ransomware

Axis Health System, a nonprofit healthcare provider in Colorado, has confirmed it was targeted by the notorious Rhysida ransomware group, which is threatening to release sensitive data unless a ransom of 25 Bitcoin (approximately $1.5 million) is paid. Known for employing double extortion tactics, Rhysida has previously attacked other healthcare organizations, highlighting a troubling trend in ransomware targeting the sector.


8. Nevada County Schools Hit by Cyberattack

A cyber attack originating from a compromised computer within the Nevada Joint Union High School District has resulted in a complete shutdown of internet access across schools in Nevada County. Superintendent Dan Frisella confirmed that the attack was traced to a British IP address, although he noted that IP addresses can be easily spoofed. In response to the breach, the district has disabled internet access at its five high school campuses and extended this action to other nearby schools that rely on the district for internet services.


9. Deekay Kwon Loses Life Savings to Cybercrime

Deekay Kwon, a Web3 artist, recently experienced a devastating cybercrime incident, resulting in the loss of all his life savings due to a wallet compromise. Despite his best efforts to secure his assets, including storing his seed phrase as a photo in Google Drive, hackers managed to access his wallets while leaving his NFTs untouched. Kwon suspects that the breach may have originated from a leak of his seed phrase, as he found no evidence of suspicious login activity.


10. Hackers Take Control of Ecovacs Vacuums

A recent investigation by ABC reveals alarming incidents involving Ecovacs Deebot X2 robot vacuums, which have been hacked in multiple U.S. cities. Owners reported that strangers accessed live camera feeds and took control of the devices, using the onboard speakers to yell racial slurs. Some vacuums even exhibited erratic behavior, such as chasing pets around the house. Despite attempts to regain control through password resets and reboots, the disruptions continued.



?? Cyber News


11. SSA Struggles to Modernize Fraud Prevention

The Government Accountability Office (GAO) has warned that the Social Security Administration (SSA) is lagging in modernizing its fraud prevention technology, creating vulnerabilities that could facilitate synthetic identity scams. Launched in June 2020, the Electronic Consent-Based Social Security Number Verification service was designed to combat these scams, which involve fraudsters creating fake identities using a mix of real and fictitious information. However, the GAO report highlighted that the SSA has failed to meet federal guidelines for IT investment planning and has not established performance metrics to evaluate the service's effectiveness.


12. EU Adopts Cyber Resilience Act for IoT

The European Council has officially adopted the Cyber Resilience Act, a significant step towards enhancing cybersecurity standards for connected devices within the European Union. This legislation mandates that manufacturers implement essential cybersecurity measures, including regular vulnerability assessments, timely patch updates, and immediate reporting of actively exploited vulnerabilities to the European Union Agency for Cybersecurity. With a countdown of 36 months before the law takes effect, the act aims to ensure the security of products with digital components throughout their lifecycle.


13. State-Linked Actors Using AI for Campaigns

In the wake of global elections, the mission to harness artificial general intelligence (AGI) for the benefit of humanity faces increasing challenges from state-linked cyber actors who seek to exploit AI models for deceptive purposes. In 2024 alone, over 20 operations have been disrupted that aimed to misuse AI for a variety of harmful activities, including debugging malware, generating misleading articles, and creating fake social media personas. These activities, which have evolved in complexity, reflect a growing trend of sophisticated influence operations on digital platforms.


14. Rising Malicious Activity Threatens Shipping

Marlink's latest global maritime cybersecurity threat report reveals a significant rise in malicious activity targeting the shipping industry, driven by increasingly sophisticated threat vectors. The report, based on data from the first half of 2024, highlights the evolving tactics of cybercriminals, who are leveraging advanced tools to bypass traditional security measures. Key threats identified include phishing attacks that utilize embedded links and QR codes, the distribution of commodity malware like Agent Tesla, and Distributed Denial of Service (DDoS) attacks aimed at disrupting port infrastructure.


15. Relyance AI Secures $32M for Data Governance

Relyance AI, a data governance startup specializing in privacy and AI compliance, has successfully raised $32 million in Series B funding, led by Thomvest Ventures. This investment aims to empower enterprises to navigate complex data processing challenges while adhering to global privacy regulations, including GDPR and HIPAA. Relyance AI’s innovative platform merges privacy and security governance into a unified system, enabling organizations to trust AI-driven data use without incurring costly compliance risks.?



Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .




要查看或添加评论,请登录

CyberMaterial的更多文章

社区洞察

其他会员也浏览了