Cyber Briefing: 2024.10.24

?? What's going on in the cyber world today?

Deceptive Delight Technique, Jailbreak, AI Models, Prometei Botnet, Cryptojacking Malware, Russia, Rogue RDP, Ukraine Government, Military, Fortinet , FortiManager, Xerox Printers, Remote Access Control, US Analysis, Israel, Iran Attack, Data Leak, Japan Retailer, Slow Village , Landmark Admin , SA-TECH , DMEscripts , Indiana, HIPAA Security Rule, Australian Competition and Consumer Commission, Digital ID, Nigeria, Gombe, Cybersecurity Collaboration, LinkedIn , GDPR Violations, Turkey, Social Media, Access

?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .

?? Cyber Alerts

1. New Deceptive Delight Jailbreaks AI Models

Cybersecurity researchers from Palo Alto Networks Unit 42 have introduced a new adversarial method, dubbed Deceptive Delight, that enables the jailbreak of large language models (LLMs) through interactive conversations. This technique works by subtly inserting harmful instructions between benign prompts, gradually bypassing safety guardrails and causing the model to generate unsafe content. With an attack success rate of 64.6% within three interaction turns, Deceptive Delight poses a significant threat.

2. Prometei Botnet Spreads Cryptojacker Malware

The Prometei botnet, a modular malware first detected in 2020 but believed to have been active since 2016, continues to wreak havoc across the globe, infecting over 10,000 computers in diverse countries such as Brazil, Indonesia, Turkey, and Germany. This Russian-language malware primarily targets unpatched software vulnerabilities, employing well-known exploits like BlueKeep and EternalBlue to gain access to systems and facilitate cryptojacking, primarily mining the Monero cryptocurrency.

3. RDP Files Exploit Used to Target Ukraine

A recent campaign targeting Ukrainian government and military systems has been identified, involving hackers exploiting Remote Desktop Protocol (RDP) configuration files disguised as popular network and security services. The Computer Emergency Response Team of Ukraine (CERT-UA) reported that these malicious phishing emails, which have been active since August 2024, aim to lure victims into opening the RDP files.

4. Critical Flaw in FortiManager Under Attack

Fortinet has issued a critical advisory regarding a severe vulnerability in FortiManager, tracked as CVE-2024-47575, with a CVSS score of 9.8. This vulnerability, also known as FortiJump, stems from a missing authentication flaw in the FortiGate to FortiManager (FGFM) protocol, allowing remote, unauthenticated attackers to execute arbitrary code through specially crafted requests. Affected versions include FortiManager 7.x, 6.x, and several FortiAnalyzer models.

5. Xerox Printers Flaw Enables Remote Takeover

A significant security vulnerability has been identified in multiple Xerox printer models, enabling attackers with administrative access to remotely take control of these devices. Tracked as CVE-2024-6333 and classified with a high severity score of 7.2 on the CVSS scale, the flaw affects various lines, including the EC80xx, AltaLink, VersaLink, and WorkCentre series. The vulnerability arises from insufficient input validation in the IPv4 address field within the printer's "Network Troubleshooting" menu, allowing attackers to inject malicious commands via the tcpdump tool.

?? Cyber Incidents

6. US Analysis of Israel’s Iran Plan Leaked

The United States has initiated an investigation following the leak of classified documents detailing its analysis of Israel's plans to attack Iran. The sensitive documents surfaced on the Telegram channel Middle East Spectator on October 18, 2024, prompting significant concern from the White House. National Security Council spokesperson John Kirby emphasized that such leaks of classified information are unacceptable. While it remains unclear whether the leak resulted from a cyber attack or a direct breach, the documents appear to have markings indicating they were restricted to the Five Eyes alliance.

7. Slow Village Breach Exposes Customer Info

Slow Village Co., Ltd., a Japanese company, recently reported a significant data breach affecting its online shop, attributed to a third-party attacker who exploited vulnerabilities within its payment system. The incident, which occurred between February 4, 2021, and May 28, 2024, resulted in the leak of personal data for 32,345 customers, including potentially 4,494 credit card records. Investigations revealed that the attacker manipulated the payment application and entered 23,466 random number combinations into the credit card input field, though none were successfully processed.

8. Landmark Admin Suffers Major Data Breach

Landmark Admin, LLC, a third-party administrator based in Brownwood, Texas, has reported a significant data security incident that may have compromised the sensitive personal information of individuals associated with their life insurance policies.Preliminary findings indicate that unauthorized access may have exposed various personal details, including names, addresses, Social Security numbers, financial account information, and medical records.

9. SA-TECH Hit With Data Security Incident

Systems Application & Technologies, Inc. (SA-TECH) has reported a recent security incident that may have compromised the personal information of some individuals. Detected on March 26, 2024, the breach involved unauthorized access to certain files between March 20 and March 26, prompting an immediate investigation with cybersecurity specialists. Although the review revealed that sensitive data—including names, Social Security numbers, driver's license numbers, financial account information, passport numbers, health information, and dates of birth—was accessed, SA-TECH has found no evidence of identity theft or fraud.

10. Indiana's DMEscripts Experiences Data Breach

DMEscripts, an e-prescribing platform based in Indianapolis, Indiana, has reported a data breach impacting the protected health information of 9,993 patients. On April 22, 2024, the company identified suspicious activity within an employee's email account, leading to an immediate investigation. Although the investigation revealed unauthorized access to the account, it could not confirm whether any emails were copied or downloaded. The potentially compromised information includes names, dates of birth, medical information, and health insurance details provided by customers.

?? Cyber News

11. White House Reviews Updates to HIPAA Rule

The Department of Health and Human Services (HHS) has submitted proposed updates to the HIPAA Security Rule for White House review, aiming to bolster the cybersecurity of electronic protected health information. These updates, which have been in development for over two decades, seek to enhance protections for HIPAA-regulated organizations amidst growing cybersecurity threats in the healthcare sector. Marissa Gordon-Nguyen, a senior advisor at HHS, indicated that a notice of proposed rulemaking will be published by the end of the year, inviting public comments for 60 days.

12. ACCC Enhances Security as Digital Regulator

The Australian Competition and Consumer Commission (ACCC) is strengthening its cybersecurity measures as it prepares to take on the role of Australia’s Digital ID regulator, effective December 1, 2024. In response to the increased responsibilities associated with the establishment of the National Anti-Scam Centre and the regulatory oversight of Digital ID services, the ACCC has initiated a cybersecurity uplift program. This initiative aims to enhance its compliance and maturity in line with the Australian Cyber Security Centre's Essential 8 and the Protective Security Policy Framework.

13. Gombe Governor Urges Cybersecurity Synergy

Gombe State Governor Muhammadu Inuwa Yahaya has emphasized the need for enhanced collaboration in cybersecurity during the National Cybercrime Summit held at the Presidential Villa in Abuja, Nigeria, on October 22, 2024. Organized by the Economic and Financial Crimes Commission (EFCC) in partnership with the Rule of Law and Anti-Corruption Programme (RoLAC) and the European Union, the summit aimed to develop digital skills as a strategy to combat cybercrime.

14. LinkedIn Fined €310 Million for GDPR Lapses

LinkedIn has been fined €310 million (approximately $335 million) by Ireland’s Data Protection Commission (DPC) for multiple violations of the General Data Protection Regulation (GDPR) related to its tracking ads business. The DPC determined that LinkedIn's methods for processing user data lacked valid legal bases, as the justifications it provided—including “consent,” “legitimate interests,” and “contractual necessity”—were deemed invalid.

15. Turkey Blocks All Social Media Access

In a swift response to a deadly attack on Turkey’s largest defense aerospace company, TUSAS, the Turkish government has blocked access to several major social media platforms, including X, Instagram, Facebook, YouTube, and TikTok. The attack occurred on October 23, 2024, when two assailants opened fire, resulting in five fatalities and injuring 22 others at the Ankara facility, which is operated by the Turkish Armed Forces. Following the incident, authorities imposed a broadcast ban and restricted social media access to curb the dissemination of information and maintain national security.?

Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .