Cyber Briefing: 2024.10.25
?? What are the latest cybersecurity alerts, incidents, and news?
Qilin Ransomware, Amazon Web Services (AWS) CDK, Account Takeovers, S3 Buckets, Embargo Ransomware, GitLab , Critical Updates, HTML,?Injection Vulnerability, XSS, 思科 , United Nations , Misconfigured Database, ZircoDATA , Australia, US Government, Crypto Wallets, Georgia, Absentee Voter Website, Arkansas Blue Cross and Blue Shield , Iranian Hackers, 苹果 Bug Bounty, AI Security, Hong Kong, ATMs Scam, Socure , Effectiv (now part of Socure) , Acquisition, Identity Services
?Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
The newly discovered Qilin.B ransomware variant, tracked by cybersecurity firm Halcyon, marks an evolution in ransomware tactics with advanced encryption and evasion techniques. Unlike previous versions, Qilin.B can switch between AES-256-CTR and ChaCha20 encryption, depending on system compatibility, and utilizes RSA-4096 with OAEP padding to protect encryption keys, effectively thwarting decryption without the attacker’s private key.
A recent vulnerability in the Amazon Web Services (AWS) Cloud Development Kit (CDK) has raised concerns over potential account takeovers due to predictable naming conventions for S3 buckets. Discovered by Aqua researchers, the flaw allows attackers to gain administrative access to a target AWS account under specific conditions, enabling full account control.? ?
Researchers have uncovered that Embargo ransomware actors are exploiting Safe Mode to disable security solutions on infected systems. The group, first detected in June 2024, employs two Rust-based tools—MDeployer and MS4Killer—to facilitate their attacks. According to cybersecurity experts at ESET, MDeployer is deployed via a scheduled task to load MS4Killer, which exploits a vulnerable signed driver to compromise security measures. Once security is bypassed, Embargo ransomware encrypts files, appending random six-letter hexadecimal extensions, and drops a ransom note in each affected directory.
GitLab has rolled out critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address a significant HTML injection vulnerability, designated as CVE-2024-8312, which could lead to cross-site scripting (XSS) attacks. The newly patched versions—17.5.1, 17.4.3, and 17.3.6—are crucial for all GitLab CE/EE installations from version 15.10 onward. Discovered by researchers via GitLab’s HackerOne bug bounty program, this vulnerability allows attackers to inject HTML into the Global Search field on a diff view, potentially compromising the integrity and confidentiality of user data.
Cisco has issued urgent updates to address a critical security vulnerability (CVE-2024-20481) in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software, which is currently being actively exploited. The vulnerability affects the Remote Access VPN (RAVPN) service and could lead to a denial-of-service (DoS) condition due to resource exhaustion. Unauthenticated, remote attackers can exploit this flaw by sending a flood of VPN authentication requests, potentially exhausting system resources and disrupting the RAVPN service.
A significant data breach has exposed over 115,000 sensitive documents linked to the United Nations (UN) Trust Fund to End Violence against Women, as uncovered by cybersecurity researcher Jeremiah Fowler. The unsecured database, which contained 228GB of personal information, financial records, and victim testimonies, was left unprotected by passwords or security authentication, making it accessible to anyone online. The leaked data included critical details such as staff names, tax data, victim personal experiences, and organizational financial reports.
In a significant cybersecurity breach, Australia’s Department of Home Affairs has reported the exposure of personal data after a compromise at ZircoDATA, a third-party data management firm. This incident stems from a hack by the Black Basta ransomware gang, which in February claimed to have stolen 395 gigabytes of sensitive data from ZircoDATA. The compromised information potentially includes users' full names, dates of birth, mobile numbers, email addresses, visa details, and driver’s license and passport information.
领英推荐
On October 24, a hacker successfully breached a wallet likely controlled by the United States government, draining approximately $20 million in assets. This wallet contained funds previously seized from the infamous 2016 Bitfinex hack. According to onchain analytics firm Arkham Intelligence, the stolen assets were transferred to a wallet identified by its address beginning with "0x348," which held various cryptocurrencies including USD Coin (USDC), Tether (USDT), aUSDC, and Ether (ETH).
Georgia's absentee voter website was targeted by a foreign cyberattack on October 14, 2024. The cyber team detected a significant increase in attempts to access the portal, which allows voters to request absentee ballots. While the attack slowed the website, it was ultimately unsuccessful due to robust cybersecurity measures in place. Gabriel Sterling, the chief operating officer for the secretary of state’s office, indicated that the attack bore the hallmarks of a foreign entity acting on behalf of a nation-state, though the state's voting systems, which are not connected to the internet, remained secure and unaffected.
Arkansas Blue Cross and Blue Shield is addressing a data breach involving its vendor, Healthmine, which oversees the Blue Wellness Rewards program portal. On August 26, Healthmine identified unauthorized access to its system that led to the illegal redemption of digital gift cards. While the breach exposed sensitive member information, including names, addresses, email addresses, and prescription histories, no financial or Social Security information was compromised.
?? Cyber News
The U.S. Department of State has launched a significant initiative through its Rewards for Justice program, offering up to $10 million for information leading to the identification of members of the Iranian cyber group, Shahid Hemmat, linked to the Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). This group has been implicated in targeted cyberattacks against critical U.S. infrastructure, including water facilities, energy sectors, and manufacturing plants.
During a recent official visit to Guatemala from October 22 to 24, Army General Laura Richardson, the commander of U.S. Southern Command, met with Guatemalan President Bernardo Arévalo and senior defense leaders to strengthen the bilateral security partnership. The discussions focused on collaborative efforts to combat transnational criminal organizations, enhance cybersecurity, and promote human rights. In a significant move, the U.S. donated $12.8 million worth of equipment to the Guatemalan armed forces, which included vehicle parts, boats, communication gear, and personal protection equipment.
Apple has announced a new Bug Bounty Program as part of its preparations for the upcoming launch of Apple Intelligence on October 28. This initiative grants security and privacy researchers access to the company's Private Cloud Compute (PCC), a secure cloud system designed to protect data and applications. Researchers are invited to independently test the PCC's security, contributing to Apple's efforts to enhance public trust in its systems.
In response to escalating scam losses amounting to HK$6.41 billion in the first three quarters of 2024, Hong Kong's Police Chief Raymond Siu announced that bank users will receive pop-up warnings on ATMs by the end of March 2025. This initiative aims to alert users of suspected fraudulent transactions and enhance overall public awareness. The new measures come as the city witnesses a concerning rise in scam incidents, including a significant increase in blackmail cases and the emergence of deepfake technology as a new method of fraud.
Socure has announced its acquisition of Effectiv for $136 million, a strategic move aimed at enhancing its identity verification and onboarding processes. This purchase will allow Socure to leverage Effectiv’s advanced technology, which facilitates enterprise-grade workflows and simplifies complex identity verification tasks. Founded in 2021 and led by former PayPal and Google employee Ravi Sandepudi, Effectiv’s tools will streamline customer experiences throughout the entire lifecycle—from account creation to authentication and transaction monitoring.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: