Cyber Briefing: 2024.10.23
?? What's trending in cybersecurity today?
Phishing Campaign, Gophish Framework, PowerRAT, DCRat, Mallox Ransomware, 红帽 , NetworkManager, Root Access, Styra OPA, NTLM Hashes, Callback Phishing Attacks, Hezbollah Hackers, Israel, Hospitals, Disinformation Campaign, Multifactor Authentication, Ohio, Bazetta Township, Ministry of Foreign Affairs of the Russian Federation , BBZ Berufsbildungszentrum Schaffhausen , Activu , Consumer Financial Protection Bureau , Data Empowerment, U.S. Securities and Exchange Commission , SolarWinds , Australian Government, Cyber Resilience, Meta , Facial Recognition, Account Recovery, Socket , Series B, Funding, Open-Source, Security Solutions
?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
A new phishing campaign is targeting Russian-speaking users, utilizing the Gophish framework to deploy remote access trojans (RATs) like DarkCrystal RAT (DCRat) and PowerRAT. The attack begins with malicious emails mimicking services like Yandex Disk or VK, enticing victims to open malware-laced Microsoft Word documents or HTML files. Once the victim enables macros or clicks a link, a multi-stage infection process is triggered, leading to the deployment of either PowerRAT or DCRat, depending on the initial access vector.
A critical flaw in Mallox ransomware has been discovered, allowing victims to recover their encrypted files without paying a ransom. Previously known as TargetCompany, Mallox has undergone several changes, but versions active in 2023 and early 2024 contain a vulnerability in their cryptographic schema. Avast researchers have released a free decryption tool for victims affected by these versions, enabling file recovery without the need for the private ECDH key.
A serious security vulnerability has been identified in Red Hat’s NetworkManager-libreswan plugin, tracked as CVE-2024-9050, which allows local attackers to escalate their privileges and gain root access to Linux systems. This flaw has been assigned a CVSS base score of 7.8, indicating its high severity. The vulnerability arises from the improper sanitization of VPN configurations from unprivileged users, particularly in the leftupdown parameter, which accepts executable commands.
A recently discovered vulnerability in Styra's Open Policy Agent (OPA) has raised serious security concerns, as it could allow remote attackers to leak New Technology LAN Manager (NTLM) hashes. This flaw, tracked as CVE-2024-8260, affects both the command-line interface and the Go software development kit for Windows. The issue arises from improper input validation, potentially enabling an attacker to capture the NTLM credentials of the OPA server's local user account by exploiting Server Message Block (SMB) traffic over port 445.
Callback phishing attacks are evolving into more sophisticated schemes that involve a two-step process of phishing emails followed by deceptive phone calls. Recent incidents highlight the BazarCall method, where victims receive text-based phishing emails urging them to call a fraudulent number that impersonates a legitimate entity, such as Binance. During these calls, attackers manipulate victims into revealing sensitive information or downloading malware.?
Hackers claiming affiliation with Hezbollah have launched a cyber campaign targeting Israeli hospitals, spreading misinformation following the bombing of a hospital in Beirut. They circulated misleading images and posts on social media, falsely alleging that weapons and ammunition were hidden beneath medical facilities in northern Israel, including Assuta and Carmel hospitals. These claims have been widely debunked, as there is no evidence to support such assertions.
Trumbull County Auditor Martha Yoder reported that a disabled security feature led to a significant hacking incident in Bazetta Township in Ohio, resulting in over $100,000 being fraudulently transferred to an unauthorized bank account. The township's fiscal officer had requested that multifactor authentication (MFA) be turned off for their Microsoft Office 365 account, which ultimately allowed hackers to gain access.
领英推荐
The Russian Foreign Ministry has reported experiencing a "large-scale" cyberattack that disrupted its operations, particularly affecting the accessibility of its online resources. Spokeswoman Maria Zakharova confirmed that specialists are actively working to restore the functionality of the ministry's systems, which were targeted in a distributed denial-of-service (DDoS) attack.
On October 2, 2024, the Vocational Training Center (BBZ) in Schaffhausen fell victim to a cyber attack that compromised its IT systems. Cybercriminals utilized encryption malware to block access to several systems, exploiting a security gap in the firewall. The attack was detected on October 3, prompting immediate response efforts from the BBZ's IT specialists and the cantonal administration to contain the breach and restore affected systems.
Activu Corporation recently informed a Maine resident about a data breach that occurred on August 30, 2024, when unauthorized access to its computer network was detected. Following the discovery of suspicious activity, Activu took immediate steps to secure its systems and launched an investigation to assess the extent of the breach. The investigation revealed that an unknown actor accessed certain files containing sensitive information, including names, Social Security numbers, and driver's license details.
?? Cyber News
The Consumer Financial Protection Bureau (CFPB) has officially implemented the Personal Financial Data Rights Rule, a significant regulation aimed at empowering consumers with control over their financial information. This groundbreaking rule requires financial institutions, including banks and credit card companies, to grant consumers access to their personal financial data, facilitating seamless transfers to other service providers. By enhancing transparency and competition, the rule is expected to improve customer experiences and lower costs for financial products.
The U.S. Securities and Exchange Commission (SEC) has charged four companies—Avaya Holdings, Check Point Software, Mimecast, and Unisys Corp—for misleading investors regarding the severity of the 2020 SolarWinds cyber attack. This attack, which compromised the Orion network management system, affected over 30,000 organizations, including government agencies, by allowing threat actors to gain unauthorized access through a malicious software update.
The Albanese government of Australia has launched the Small Business Cyber Resilience Service, providing free, tailored one-on-one assistance to help small business owners navigate cyber incidents and threats. This initiative, part of the 2023–2030 Australian Cyber Security Strategy, is backed by a $60 million investment aimed at enhancing the cyber resilience of small businesses, which are increasingly targeted by cybercriminals due to limited security budgets and knowledge.
Meta, the parent company of Facebook and Instagram, has introduced a new initiative leveraging facial recognition technology to enhance account security and streamline the recovery process for hacked accounts. This innovative method allows users to regain access by recording a short video selfie, which Meta will compare against existing profile pictures to verify identity. In addition to improving account recovery, the technology aims to combat “celeb-bait” scams by automatically checking suspected fraudulent ads against verified celebrity images.
Socket, a San Francisco-based startup focused on open-source security, has successfully raised $40 million in Series B funding to enhance its capabilities in addressing the needs of developers and enterprises. Founded by Feross Aboukhadijeh, a former Stanford lecturer, Socket aims to expand its programming language support, improve application security, and strengthen its software bill of materials (SBOM) offerings.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: