Cyber Briefing: 2024.11.04
?? What's happening in cybersecurity today?
Microsoft Azure , Black Screen, Phishing, OpenAI , ChatGPT , Payment Alerts, 联发科技 , 谷歌 , AI Tool, Zero-Day, SQLite Cloud , Typosquating , npm Packages, Wiz Khalifa, X Account Hacked, Memecoin, HOUSING AUTHORITY OF THE CITY OF LOS ANGELES , Cactus Ransomware, South East Technological University , Portsmouth City Council , DDoS, Memorial Hospital and Manor , Canada-India Tensions, Cyber Adversary, Japan, Cybersecurity? Bill, Australia-Philippines, Cyber Boot Program, Snap Inc. , UK, Online Grooming, Malaysian Ministries, Cyber Attacks
?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
Microsoft recently alerted Azure Virtual Desktop (AVD) users to potential black screen issues that can last up to 30 minutes during login, following the installation of the Windows 10 July 2024 preview update (KB5040525). This problem, which primarily affects enterprise users, arises from a deadlock between the Azure Active Directory (AAD) broker and the AppX Deployment Service (AppxSvc), impacting users’ access to backend services and causing single sign-on (SSO) failures, particularly in Office applications such as Outlook and Teams.
Barracuda Networks has detected a large-scale phishing campaign that impersonates OpenAI, aiming to steal credentials from ChatGPT users worldwide. The attackers are sending phishing emails that falsely claim to be from "OpenAI Payments," notifying recipients of unsuccessful subscription payments and urging them to click a link to update their payment information. Over 1,000 of these emails have been traced back to a single domain, "topmarinelogistics.com ," which, while appearing legitimate, is used to facilitate the attack.
Recent security bulletins have revealed critical vulnerabilities in MediaTek smartphone chipsets that could allow attackers to escalate privileges and gain unauthorized access to affected devices. These vulnerabilities impact various Android versions, specifically 12, 12L, 13, and 14, and are linked to multiple components of MediaTek's architecture. Two notable vulnerabilities include CVE-2024-20104, a high-severity out-of-bounds write issue in the DA component affecting chipsets like MT6781 and MT6789, and CVE-2024-20106, a type confusion flaw in the m4u component that impacts chipsets such as MT6739 and MT6765.?
Google has announced the discovery of a zero-day vulnerability in the widely used SQLite open-source database engine, identified through its AI-assisted framework, Big Sleep. This marks a significant milestone as it is touted as the first real-world vulnerability uncovered by an artificial intelligence agent. The vulnerability involves a stack buffer underflow, which can lead to application crashes or arbitrary code execution. Google reported that the flaw was discovered in a development branch of SQLite and has been addressed as of early October 2024, prior to any official release.
A recent investigation has unveiled over 280 malicious typosquat packages targeting JavaScript developers within the npm (Node Package Manager) ecosystem. Initiated in late October 2024, this sophisticated attack specifically aimed at developers utilizing popular libraries such as Puppeteer and Ethers.js. The campaign began with stealthy test publications, including a package named daun124wdsa8, which masqueraded as a legitimate tool.?
Rapper Wiz Khalifa’s X account was reportedly hacked on November 3, 2024, leading to the promotion of a fraudulent memecoin called “WIZ” to his 35.7 million followers. The hackers claimed that Khalifa was collaborating with their team to launch the token for crypto fans. Initially, the WIZ memecoin saw a surge in value, reaching a peak market capitalization of $3.4 million shortly after its launch on the Solana-based memecoin platform, pump.fun . However, this hype was short-lived, as the token's value quickly plummeted to below $10,000 within an hour, primarily due to early holders cashing out.
The Housing Authority of the City of Los Angeles (HACLA) has confirmed a cyberattack on its IT network, following claims from the Cactus ransomware gang. HACLA, which oversees over 32,000 public housing units and serves low-income families, acknowledged the incident and has engaged external forensic IT specialists to investigate the breach. While specific details regarding the timing of the attack and the potential exposure of sensitive data remain undisclosed, the Cactus ransomware group alleges to have stolen 891 GB of files, including personal identifiable information, financial documents, and corporate correspondence.
A cyberattack targeting the Information Technology (IT) systems at South East Technology University (SETU) in Ireland has raised alarms, prompting immediate action from the college’s IT team. The attack, which occurred on Friday at the Waterford campus, has so far shown no evidence of compromised data or information. Simon Woodworth, a lecturer at Cork University Business School, emphasized the importance of containing the breach to prevent it from spreading to other campuses, particularly Carlow.
Portsmouth City Council has confirmed that its website was taken offline following a distributed denial-of-service (DDoS) attack attributed to the hacker group NoName057(16). The attack reportedly affected over a dozen local authorities across the UK, including Bournemouth, Christchurch & Poole, Medway, Exeter, and Burnley. Portsmouth City Council assured residents that their personal data was not compromised and that council services remained unaffected. The council's IT team worked swiftly to restore the website, which was back online within two hours.
Memorial Hospital and Manor in Bainbridge, Georgia, fell victim to a ransomware attack that compromised its Electronic Health Record (EHR) system, a significant disruption to its operations. The breach was detected early Saturday morning, prompting the hospital staff to implement contingency measures by reverting to paper-based processes to continue providing care. While this temporary solution allows the hospital to maintain some level of service, it may lead to longer wait times for patients seeking treatment.
?? Cyber News
In a significant escalation of diplomatic tensions, the Canadian government has officially designated India as a "cyber adversary," placing it alongside China, Russia, Iran, and North Korea in its latest National Cyber Threat Assessment for 2025-2026. Released by the Canadian Centre for Cyber Security, the report cites concerns over India's cyber capabilities and alleged espionage activities. Canada accuses India of leveraging its cyber program to further national security interests, including espionage against Canadian networks.?
The Japanese government's plans to introduce a bill aimed at enhancing cybersecurity capabilities have been postponed due to political uncertainty following the recent general election. Initially scheduled for submission during an extraordinary parliament session, the bill sought to implement "active cyber defense," which would allow the government to monitor and respond to potential cyberattacks on critical infrastructure.
Australia and the Philippines have announced a partnership to launch a "Cyber Boot Program," aimed at enhancing the cybersecurity capabilities of the Philippines. The initiative seeks to bolster the country's defenses against cyber threats by raising awareness and imparting technical skills necessary for organizations and companies to effectively prepare for and respond to cyberattacks. According to Professor Helge Janicke from the Australian Cyber Security Cooperative Research Centre, the program will include awareness initiatives and war gaming exercises to help participants better understand potential cyber threats and appropriate responses.
Online grooming crimes against children have surged to alarming levels, with Snapchat emerging as the most prevalent platform for offenders, according to a recent report by the National Society for the Prevention of Cruelty to Children (NSPCC) in the UK. Over the past six years, cases of “Sexual Communication with a Child” have skyrocketed by 89%, with nearly half of these incidents occurring on Snapchat. The report highlights that girls represent 81% of the victims, and even primary school-aged children are targeted, with the youngest victim reported being just five years old. ?
In 2023, Malaysia's ministries experienced a staggering 1,547 cyber attacks, highlighting the growing threat to the country's digital infrastructure. According to the Prime Minister's Department, all incidents were successfully detected and mitigated through the diligent efforts of the National Cyber Security Agency (Nacsa) and the National Security Council (NSC). Minister in the Prime Minister's Department Dr. Zaliha Mustafa confirmed that the government is committed to enhancing the cybersecurity posture of its agencies by implementing advanced antivirus solutions and establishing a robust Multi-Factor Authentication (MFA) system.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: