Cyber Briefing: 2024.11.15

Cyber Briefing: 2024.11.15

?? What are the latest cybersecurity alerts, incidents, and news?

?Sitting Ducks Attack, Hijacked Domains, Cloaking Scam, AI Fraud, Cryptocurrency, SilkSpecter, Shopping Sites, Credit Card Theft, GitHub CLI, Remote Code Execution, PostgreSQL Flaw, Environment Variables, Hungary, Defense Procurement Agency, Sarcoma Ransomware, Micon Office Furniture , Start-Rite Shoes Ltd , Aschaffenburg Town Hall, , IT Systems, France, Department of Reunion, Critical Infrastructure, CISA, Vietnam, Deepfakes, X, Califoria, Lawsuit, 谷歌 , Political Ads, EU, Bitfinex , Laundering, Silverfort , Rezonate



?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe .



?? Cyber Alerts


1. Sitting Ducks Attack Hijacks 70,000 Domains

Cybersecurity researchers have uncovered a widespread domain hijacking campaign, known as the "Sitting Ducks" attack, impacting approximately 70,000 legitimate domains in the past three months. Leveraging DNS misconfigurations, threat actors seize control of domains by exploiting lame delegations, enabling them to operate phishing schemes, malware distribution, and fraudulent activities. First documented in 2016, this stealthy technique gained renewed attention in 2024 after researchers identified nearly 800,000 vulnerable domains, with attackers using short-term free DNS accounts to rotate control among multiple groups.


2. Google Warns of Rising AI and Crypto Scams

Google has sounded the alarm on the rising prevalence of cloaking scams, AI-driven fraud, and cryptocurrency schemes, emphasizing the growing sophistication of online threats. Cloaking techniques, which mask scam content from moderation systems, are being used to impersonate legitimate sites, luring victims into counterfeit purchases and phishing traps. Fraudsters are also leveraging generative AI to create deepfakes of public figures, facilitating investment fraud and hyper-realistic crypto scams.


3. Fake Websites Used to Steal Credit Cards

A financially motivated Chinese threat actor known as "SilkSpecter" has launched a massive fraud campaign using nearly 4,700 fake shopping websites to steal credit card information from online shoppers in the U.S. and Europe. The fraudulent sites, which impersonate well-known brands like The North Face, IKEA, and Wayfair, appear authentic at first glance, often using top-level domains like .shop and .store. Targeting shoppers seeking Black Friday deals, the sites leverage trusted payment processors like Stripe to collect credit card details.


4. GitHub RCE Vulnerability Exposes Developers

A critical vulnerability in GitHub CLI, identified as CVE-2024-32002, has been discovered, allowing attackers to execute remote code on a user’s system. The flaw affects GitHub CLI versions prior to 2.62.0 and specifically impacts users interacting with Codespaces via commands like gh codespace ssh or gh codespace logs. The vulnerability exploits the way GitHub CLI handles SSH connection details, enabling attackers to inject malicious SSH arguments into connection commands.


5. PostgreSQL Vulnerability Exposes Systems

A critical vulnerability, tracked as CVE-2024-10979, has been discovered in PostgreSQL, a popular open-source database system, allowing unprivileged users to alter environment variables and potentially execute arbitrary code or extract sensitive information. The flaw arises from incorrect control of environment variables in PostgreSQL’s PL/Perl, enabling attackers to modify crucial process environment variables like the PATH variable.?



?? Cyber Incidents


6. Hungary Confirms Hack of Defense Agency

Hungary's defense procurement agency (VBü) was recently targeted in a cyberattack by the international hacker group INC Ransomware. The group, which emerged in 2023 and has previously targeted healthcare, education, and government sectors, claimed to have accessed and encrypted sensitive data. Although the Hungarian Ministry of National Defense has not disclosed whether any military data was compromised, they confirmed that the breach involved information related to military procurement plans.


7. Micon Office National Hit by Ransomware

Micon Office National, an Australian office furniture supplier based in Wollongong, has confirmed a ransomware attack carried out by the Sarcoma ransomware gang. The group claims to have exfiltrated 34 gigabytes of data, including invoices, emails from an Exchange server, and sensitive documents, and is threatening to release the data within 11 days. The company reported that the attack occurred on November 3, 2024, and law enforcement has been informed.


8. Kids' Shoemaker Start-Rite Faces Data Breach

Start-Rite, a children's shoemaker, is grappling with a significant security breach that exposed sensitive customer payment card information. The incident, which occurred between October 14 and November 7, 2024, compromised details such as card numbers, expiry dates, CVV codes, and billing addresses. While the company has removed the malicious third-party code responsible for the breach, affected customers have been advised to contact their banks and monitor their statements for unauthorized transactions.


9. German Town Hall Closed Due to Cyberattack

Germany's Aschaffenburg's town hall and its branch offices are temporarily closed following a targeted hacker attack that disrupted the city's administration. On Thursday, November 14, suspicious access to employee login accounts prompted the city to take all IT systems offline as a precautionary measure. The systems are currently under investigation to assess any potential damage, and employees are unable to access applications or data. Despite the closure, planned events such as the cultural office's events, the inclusive career fair, and the family congress will proceed as scheduled.


10. Department of Reunion Suffers Cyberattack

On November 13, 2024, the Department of Reunion's computer systems were targeted in a cyberattack, leading to a temporary disruption of IT services. The attack was swiftly contained by the department's IT team, who took immediate action to prevent further damage by suspending all external connections. While the breach resulted in a limited data leak, the full extent of the impact remains unclear. A crisis unit was activated to assess the situation, and a police report has been filed. The department has also notified the National Commission for Information Technology and Civil Liberties (CNIL).



?? Cyber News


11. Vietnam Partners With US to Enhance Security

Vietnam's Ministry of Information and Communications, through the Vietnam Authority of Information Security (AIS), has signed a Memorandum of Understanding (MoU) with the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This strategic partnership aims to bolster Vietnam’s cybersecurity defenses, particularly in protecting critical infrastructure from increasing cyber threats. The collaboration emphasizes the shared commitment between the two nations to secure cyberspace, with CISA providing expertise and advanced resources to help Vietnam strengthen its digital security.


12. X Sues to Block California's Deepfake Law

X, the social media platform owned by Elon Musk, has filed a lawsuit to block a new California law aimed at curbing election-related deepfakes. The law, known as Assembly Bill 2655 (AB 2655), mandates that online platforms like X remove or label deepfake content as "inauthentic" 120 days before and after elections. X argues that the law infringes on First Amendment rights, particularly the protection of political speech, and could lead to over-censorship. The platform contends that the law's lack of consequences for improper content removal encourages platforms to censor speech excessively.


13. Google to Halt Political Ads in EU by 2025

Google has announced it will stop serving political advertisements in the European Union starting October 2025 due to the complexities of new regulations. The decision follows the introduction of the EU's Transparency and Targeting of Political Advertising (TTPA), which imposes strict rules on political ads, including requirements for transparency labels, explicit consent for data use, and restrictions on targeting based on sensitive personal data. Google cited operational challenges and legal uncertainties surrounding the broad definition of political advertising in the regulation, which could cover a wide range of issues difficult to identify at scale.


14. Bitfinex Hacker Sentenced to 5 Years

Ilya Lichtenstein, the mastermind behind the 2016 Bitfinex hack, has been sentenced to five years in prison after pleading guilty to laundering over $10.5 billion in stolen Bitcoin. Lichtenstein, along with his wife, Heather Rhiannon Morgan, who also pleaded guilty, was arrested in February 2022. The couple used advanced hacking tools to steal nearly 120,000 bitcoins, which they then laundered through various methods including darknet markets, cryptocurrency exchanges, and mixing services.?


15. Silverfort Acquires Rezonate for Security

Silverfort, a Boston-based identity security startup, has acquired Rezonate, a cloud identity security company, to enhance its protection for both cloud and on-premises environments. This acquisition will consolidate Silverfort’s identity security offerings, allowing for a unified solution that integrates on-premises and cloud identity security. Rezonate, founded by Roy Akerman, a former Israeli cyber defense chief, provides robust security across cloud platforms like AWS, Azure, and SaaS applications.



Subscribe and Comment.

Copyright ? 2024 CyberMaterial . All Rights Reserved.

Follow CyberMaterial on:

LinkedIn , Twitter , Reddit , Instagram , Facebook , YouTube , and Medium .




要查看或添加评论,请登录