Cyber Briefing: 2024.11.14
?? What's going on in the cyber world today?
?Lazarus Group, RustyAttr, macOS, Hamas, WIRTE, Israel, Middle East, Cybersecurity and Infrastructure Security Agency , Known Exploited Vulnerabilities, 比特梵德 , ShrinkLocker Decryptor, OvrC, Cloud Platform, IoT, DemandScience , Yonex , Credential Stuffing, JewishCare NSW , Alberta Innovates , Network Disruptions, Teletama, National Institute of Standards and Technology (NIST) , Apple iCloud, Lawsuit, NatWest , WhatsApp , Facebook Messenger , Staff Ban, US Military Secrets, Ex-Air Guardsman, Social Media, Zero Gravity Labs , AI Operating System, Funding
?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
Threat actors associated with North Korea’s Lazarus Group have been discovered using a new malware, RustyAttr, which targets macOS systems by abusing extended file attributes. Group-IB researchers in Singapore attribute the activity to Lazarus with moderate confidence, identifying overlapping infrastructure and tactics with past campaigns like RustBucket. Extended attributes in macOS store metadata beyond typical file attributes, and this campaign uses them to hide and execute malicious code. By leveraging these attributes, attackers bypass standard detection methods to smuggle malware into compromised systems.
The cyber threat actor WIRTE, linked to Hamas, has expanded its scope from espionage to disruptive attacks, now primarily targeting Israeli organizations. WIRTE, part of the Gaza Cyber Gang, also known as Molerats or TA402, has launched multiple recent campaigns affecting key Israeli sectors, including healthcare and municipal services. The attacks align with current geopolitical conflicts in the Middle East, using the heightened tensions to craft phishing lures and malware that exploit victims’ trust.
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation by cyber attackers. These vulnerabilities span across several widely used software products and pose significant risks to organizational cybersecurity. The vulnerabilities include issues with Atlassian Jira Server and Data Center, Cisco ASA, Metabase, and Microsoft Windows. CISA's ongoing updates to the KEV Catalog underscore the agency's commitment to tracking and addressing high-risk vulnerabilities that could be leveraged in real-world cyberattacks.
Bitdefender has released a free decryptor to help victims recover data encrypted by ShrinkLocker ransomware. The decryptor was developed following a detailed analysis of the malware, which uses Microsoft's BitLocker utility for encryption as part of extortion attacks. First documented in May 2024, ShrinkLocker targets systems in various countries, and Bitdefender's investigation revealed the attack likely began through a compromised contractor's machine.
A security analysis of the OvrC cloud platform has uncovered 10 vulnerabilities that can be exploited to gain remote control over connected devices. These flaws affect a variety of IoT devices such as cameras, routers, and smart power supplies, with potential risks including device hijacking, arbitrary code execution, and unauthorized access. Successful exploitation could enable attackers to bypass firewalls, elevate privileges, and compromise the security of over 500,000 devices using OvrC.
In February 2024, a massive data breach exposed the business contact information of 122 million individuals, stolen from the B2B demand generation platform DemandScience. The data, which included full names, job titles, email addresses, phone numbers, and social media links, was later confirmed to have been taken by a hacker named 'KryptonZambie'. The breach initially went unconfirmed by the company, which denied any evidence of a hack despite reports of stolen data circulating on hacker forums.
Between November 7 and November 8, 2024, the Yonex official online shop experienced a credential stuffing attack that impacted 223 accounts. The attack, which used illegally obtained data to gain unauthorized access, led to the potential exposure of personal information from 53 accounts. This data included sensitive details such as names, addresses, phone numbers, gender, birth dates, purchase history, and partial credit card information. The attack was detected after a customer reported receiving an unexpected order confirmation email, prompting an investigation by Yonex.
JewishCare New South Wales, a healthcare provider supporting the Australian Jewish community, recently disclosed a significant data breach, compromising sensitive information related to clients, staff, volunteers, donors, and suppliers. Discovered on October 28, the incident involved data that varied by individual, potentially including identification details, contact information, financial records, medical data, and legal documents. JewishCare has begun notifying affected individuals and collaborating with cybersecurity experts, the Australian Cyber Security Centre, federal and state police, and the Office of the Australian Information Commissioner to mitigate the breach’s impact.
Alberta Innovates, a Crown corporation dedicated to fostering innovation in Alberta, recently disclosed that it was the target of a cyberattack, resulting in temporary network disruptions. Although officials have not confirmed when the attack began or if sensitive information was compromised, spokesperson Dwayne Brunner stated that all network issues have since been resolved, and a thorough investigation is underway with the support of cybersecurity experts.
Teletama, a Japanese television company, experienced a cyberattack on November 11, 2024, which lasted until the early hours of November 12. Unauthorized access to the company’s server was detected, leading to the potential exposure of personal information submitted by viewers through forms on the site. Approximately 39,000 entries were affected, with compromised data including names, addresses, phone numbers, emails, ages, genders, and comments.
?? Cyber News
The National Institute of Standards and Technology (NIST) announced that it has cleared the backlog of unanalyzed exploited vulnerabilities, with assistance from the Cybersecurity and Infrastructure Security Agency (CISA) and the private sector. However, NIST acknowledged that its initial goal to clear all backlogged vulnerabilities by year-end will not be met, due to issues with data processing systems. The agency is working on developing new systems to better handle incoming vulnerability data and enhance efficiency in the analysis process.
Apple is facing a £3 billion ($3.8 billion) lawsuit in the UK, filed by consumer rights group Which? The lawsuit, which represents around 40 million iCloud users, claims Apple has violated competition laws by giving its cloud storage service preferential treatment, making it difficult for users to choose alternative providers. The lawsuit accuses Apple of encouraging iOS users to rely on iCloud for data storage while limiting their ability to back up their data with third-party services.
NatWest has implemented a ban on the use of WhatsApp, Facebook Messenger, and other unapproved messaging apps for internal staff communication. The move comes in response to growing regulatory concerns over unmonitored and unrecoverable communications, especially in financial institutions where record-keeping is critical. The Financial Conduct Authority (FCA) has been particularly focused on ensuring that all communications are retrievable and compliant with market abuse and misconduct prevention regulations.
Jack Teixeira, a 22-year-old former Air National Guardsman, was sentenced to 15 years in federal prison for leaking highly classified U.S. military intelligence on social media. Teixeira, who held a Top-Secret/Sensitive Compartmented Information security clearance, used his position to access sensitive information about military strategies and troop movements, which he then shared on Discord to impress online acquaintances. Despite multiple warnings, he continued to share hundreds of pages of classified documents, causing significant national security concerns.
Zero Gravity Labs (0G Labs) has secured $290 million in financing to develop the world’s first decentralized artificial intelligence operating system (dAIOS). The funding includes a $40 million seed round backed by prominent investors such as Hack VC, Delphi Digital, OKX Ventures, and Samsung Next, alongside an additional $250 million in liquid assets via a financing agreement. This capital will fuel the creation of a blockchain-based infrastructure designed to support decentralized AI applications, offering benefits like reduced costs and improved handling of large data sets.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: