Cyber Briefing: 2024.11.01
?? What are the latest cybersecurity alerts, incidents, and news?
?Xiū Gǒu, Phishing Kit, RCS Messages, Global Victims, Quad7 Botnet, Compromised Routers, Credential Theft, LottieFiles , Supply Chain Attack, npm Package, Zero-Day Vulnerabilities, PTZOptics Cameras, 海康威视 , Critical Dynamic DNS Vulnerability, Art Gallery of Ontario , Pro-Ukraine Hackers, Sabotage, Parking Enforcement, Russia, San Joaquin County Court, Service Outage, Cryptocurrency Steal, M2 Exchange, Microlise , Fleet Tracking Services, US Small Businesses, 微软 Windows Copilot, Government Sector, Malware Attacks, PLASTIC SURGERY ASSOCIATES OF SOUTH DAKOTA , HIPAA Violations, Bugcrowd
?Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
Researchers have uncovered a new phishing kit named "Xiū gǒu" that has been actively deployed since September 2024 in campaigns across Australia, Japan, Spain, the U.K., and the U.S. This phishing tool, identified by Netcraft, has facilitated over 2,000 phishing websites targeting multiple sectors, including public services, banking, and digital services. By leveraging Cloudflare’s anti-bot and hosting obfuscation capabilities, attackers using Xiū gǒu can bypass common security checks, making it difficult for security teams to detect the fraudulent sites quickly.
Microsoft has revealed a Chinese-led cyberattack involving the Quad7 botnet, also known as CovertNetwork-1658, which uses compromised SOHO routers to conduct password-spray attacks and steal credentials. Quad7, identified by researcher Gi7w0rm, infects routers from brands like TP-Link, ASUS, and Zyxel, where attackers deploy malware enabling remote Telnet access, each device displaying a unique banner based on its type. The malware also sets up SOCKS5 proxies to relay malicious traffic while evading detection, allowing attackers to blend in with legitimate network activity.
LottieFiles has announced that its popular npm package lottie-player was compromised in a supply chain attack, leading the company to release an updated version to mitigate the issue. On October 30, LottieFiles received notifications that unauthorized versions containing malicious code had been pushed to the package repository. These compromised versions prompted users to connect their cryptocurrency wallets, raising concerns about potential fund drainage for those who were using the library through third-party CDNs without pinned versions.
Hackers are exploiting two zero-day vulnerabilities in PTZOptics pan-tilt-zoom cameras widely used in various sectors, including healthcare and government. GreyNoise discovered CVE-2024-8956 and CVE-2024-8957 through its AI-powered threat detection, revealing that attackers can gain unauthorized access to sensitive information and potentially take complete control of the cameras. The vulnerabilities stem from weak authentication and insufficient input sanitization, allowing for command injection and remote code execution, which could lead to serious disruptions in video feeds and security.
A critical security vulnerability has been identified in Hikvision network cameras, which could allow attackers to intercept Dynamic DNS (DDNS) credentials transmitted in cleartext, potentially compromising thousands of devices. This issue primarily affects multiple Hikvision camera models that were operating on firmware versions released before recent security updates. Researchers found that the implementation of DDNS services, particularly DynDNS and NO-IP, involved transmitting credential information unencrypted over HTTP instead of the more secure HTTPS protocol, making these credentials susceptible to interception.
The Art Gallery of Ontario has notified its members about a recent data breach involving its internal server. This incident, which occurred between September 9 and 18, has raised concerns that personal information stored on the gallery’s shared server over the past year may have been accessed by an unidentified third party. While the gallery's operations are reportedly unaffected, the staff emphasized that they are actively investigating the breach with the help of security specialists and legal counsel.
Residents of Tver, Russia, experienced nearly two days of free parking due to what authorities initially labeled a “technical failure” in the city's digital parking payment system. However, the Ukrainian Cyber Alliance, a hacker group, claimed responsibility for the disruption, alleging they had launched a cyberattack on the city’s administrative network. According to a spokesperson for the group, they had wiped out numerous virtual machines, backup storage, and essential services, effectively leaving the city inoperable.
领英推荐
The San Joaquin County Superior Court in California continues to grapple with a cybersecurity incident that disrupted multiple services on Wednesday. Following the attack, officials reported persistent connection issues, leading to the rescheduling of some remote court appearances as they investigate the situation further. Court representatives stated that they took immediate action to contain the incident by isolating their systems from the internet, resulting in a significant portion of their network remaining offline.
In a significant cyberattack, cryptocurrency exchange M2 reported a theft of $13.7 million in digital assets, including Bitcoin, Ethereum, and Solana. Following the incident, M2 assured customers that the situation had been fully resolved and all stolen funds had been restored, emphasizing their commitment to safeguarding user interests. This latest breach highlights the escalating threat of cybercrime in the cryptocurrency sector, which has seen losses of nearly $19 billion from hacking incidents over the past 13 years.
Microlise has been hit by a cyber attack that significantly affected a large portion of its services, disrupting tracking for numerous fleets. The company has engaged external cybersecurity specialists to investigate the incident and is working diligently to restore affected services. Microlise has notified relevant regulators and law enforcement agencies, emphasizing its commitment to data protection and stating that it will inform individuals if personal data is impacted.
?? Cyber News
A significant number of small businesses in the United States are implementing preventative security measures in response to a troubling surge in data breaches, with 81% of these businesses reporting incidents last year, as highlighted by the Identity Theft Resource Center (ITRC). This nonprofit organization gathered data from publicly reported breaches and directly from victims to compile its annual Consumer & Business Impact Report. The findings revealed an eight-percentage-point increase in breaches among organizations with fewer than 500 employees, coupled with a staggering doubling of average financial losses to $500,000 annually.
Microsoft has announced a further delay in the release of its Recall feature for Windows Copilot+ PCs, now scheduled for December instead of the previously anticipated October preview. The company emphasized its commitment to delivering a secure and trusted experience, stating that additional time is needed to refine the feature based on user feedback and privacy concerns. Initially unveiled in May, Recall aims to provide users with a visual timeline of their computing activities, essentially giving their devices a "photographic memory" to help locate information across apps, websites, and documents.
Global threat actors have significantly escalated their attacks on government targets, with SonicWall reporting a staggering 236% year-on-year increase in malware-driven attempts during the first quarter of 2024. This surge comes amid heightened concerns about foreign interference in the upcoming US presidential election, which has led to a 27% annual rise in government-related attacks just prior to the polls. As attackers employ tactics such as Distributed Denial of Service (DDoS), SonicWall warns that the number of recorded attacks is projected to exceed last year’s figures by 32%.
The U.S. Department of Health and Human Services Office for Civil Rights announced a settlement with Plastic Surgery Associates of South Dakota following a ransomware attack that exposed the health information of over 10,200 patients in 2017. The investigation revealed multiple potential violations of the Health Insurance Portability and Accountability Act Security Rule, which mandates that healthcare entities conduct risk assessments and implement necessary security measures. As part of the settlement, the plastic surgery clinic will pay $500,000 and implement a corrective action plan to strengthen its cybersecurity protocols.
Bugcrowd has announced that it has successfully secured $50 million in growth capital from Silicon Valley Bank, aimed at scaling its operations and fueling further innovation. The funding comes after Bugcrowd had previously raised a total of $180 million, including a significant $102 million earlier this year to boost its capabilities. With over 1,200 customers, including prominent organizations like Google and the Pentagon, Bugcrowd is committed to leveraging this investment to enhance its AI-powered platform and maintain its leadership in the crowdsourced security market.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: