Cyber Briefing: 2024.11.18
?? What's happening in cybersecurity today?
?DEEPDATA, Malware, Fortinet VPN, Zero-Day, Credential Theft, AI Image Generator, Lumma Stealer, AMOS Infostealer, UK, National Cyber Security Centre ,Black Friday, Cyber Monday, Scams, GeoVision , Mirai Malware, DDoS, TLS Vulnerabilities, Mongoose, Web Server, Library of US Congress, Email Hack, T-Mobile , Telecom Breach, Polter Finance, Thala, Decentralized Finance, Japan, Otsuka Shokai, Microsoft 365 , Philippines-US, Military Intelligence, U.S. Department of Homeland Security , AI Framework, Critical Infrastructure, Hong Kong, Cybersecurity Drill, Tech Against Terrorism , Turkey, Twitch
?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
Cybersecurity researchers have uncovered a sophisticated post-exploitation malware framework called DEEPDATA, developed by the China-linked threat actor BrazenBamboo. The malware exploits an unpatched zero-day vulnerability in Fortinet's FortiClient VPN software for Windows to extract user credentials from memory. DEEPDATA, detailed by Volexity, features a dynamic-link library (DLL) loader, "data.dll," which launches plugins for data exfiltration, including credentials, browser information, and application passwords.
Fake AI video and image generators have been used to spread Lumma Stealer and AMOS information-stealing malware, targeting both Windows and macOS systems. These malware variants are distributed through fake websites impersonating the legitimate EditProAI application, with the Windows version delivering Lumma Stealer and the macOS version pushing AMOS. Both malware types are designed to steal sensitive data, including cryptocurrency wallets, credentials, passwords, credit cards, and browsing history from popular browsers like Google Chrome and Firefox.
The UK's National Cyber Security Centre (NCSC) has issued a warning to consumers about an expected surge in online scams during Black Friday and Cyber Monday sales. Fraudsters often exploit the shopping frenzy by creating fake websites, phishing emails, and fraudulent advertisements to steal money and personal information. The NCSC advises shoppers to remain vigilant by ensuring they only purchase from reputable retailers, avoid deals that seem too good to be true, and use secure payment methods such as credit cards.
A new botnet is exploiting a critical zero-day vulnerability, CVE-2024-11120, in end-of-life GeoVision devices to compromise and recruit them for malicious activities, including DDoS attacks and cryptomining. Discovered by Piotr Kijewski of The Shadowserver Foundation, this flaw allows unauthenticated attackers to inject arbitrary system commands into vulnerable devices. The devices affected by this flaw include various models of GeoVision video servers, DVRs, and license plate recognition systems, many of which are no longer supported and have no security updates.
Nozomi Networks has identified 10 critical vulnerabilities in the Mongoose Web Server Library, specifically in its TLS implementation. These flaws, found in version 7.14, can be exploited by attackers to crash or disrupt devices running the library, which is widely used in embedded systems and IoT devices. The vulnerabilities can lead to memory corruption and denial of service (DoS) by sending maliciously crafted TLS packets. These risks are particularly concerning in environments like healthcare or industrial control systems, where device reliability is crucial.
The Library of Congress has confirmed a cyber breach affecting its IT system, with an adversary gaining unauthorized access to email communications between congressional offices and library staff. The breach, which occurred between January and September 2024, has been referred to law enforcement, though the identity of the attacker remains unknown. The Library of Congress has taken steps to mitigate the vulnerability and prevent future incidents. Notably, the breach did not impact the House or Senate's IT networks, and systems related to the U.S. Copyright Office were unaffected.
T-Mobile has confirmed it was recently targeted in a wave of telecom breaches reportedly conducted by Chinese state-sponsored threat actors known as Salt Typhoon. These attackers have gained access to private communications, call logs, and law enforcement data from various U.S. telecom companies, including AT&T, Verizon, and Lumen. While T-Mobile assures that its systems and data were not significantly impacted and no customer data was accessed or exfiltrated, the breach is part of a broader campaign aimed at stealing communications from senior U.S. government officials and compromising private data.
Polter Finance, a decentralized non-custodial lending and borrowing platform, has paused its operations following a $12 million flash loan hack on November 17. The attack exploited a faulty oracle price on its newly launched SpookySwap (BOO) market, draining the platform's total value locked (TVL). While the platform traced the stolen funds to Binance wallets, Polter Finance has not confirmed the exact nature of the exploit. The platform's founder, known as Whichghost, filed a police report with Singapore authorities and reached out to the hacker via on-chain message, offering negotiation for the return of funds.
On November 16, 2024, Thala Labs, a decentralized finance (DeFi) platform, experienced a security breach that led to the theft of $25.5 million in tokens. In response, the platform collaborated with law enforcement and blockchain experts to identify the hacker and quickly negotiated a $300,000 bounty for the return of the stolen funds. Within six hours, the hacker agreed to the terms, returning the stolen assets. This swift recovery enabled Thala to restore user positions and resume operations, minimizing the impact on its community.
Otsuka Shokai, a Japanese company, has reported a security breach affecting some users of its Microsoft 365 service. Malicious third-party actors gained unauthorized access to accounts with administrator privileges, potentially leading to data deletion or exfiltration, the deletion of accounts in tenant environments, and the use of compromised accounts to send spam emails, which could impact business partners. While the exact method of the breach remains unclear, the company has advised users to enable multi-factor authentication (MFA) for administrator accounts and to implement strong password policies for all users as preventive measures.
?? Cyber News
On November 18, 2024, the Philippines and the United States signed a significant agreement known as the General Security of Military Information Agreement (GSOMIA) at Camp Aguinaldo. This deal establishes a legal framework for enhanced, real-time information sharing and technology cooperation between the two nations. Signed during a visit by US Defense Secretary Lloyd Austin, the agreement is designed to streamline the exchange of classified military information, while ensuring both countries adhere to strict protocols for protecting sensitive data.
The U.S. Department of Homeland Security (DHS) has unveiled a new framework to guide the use of artificial intelligence (AI) in critical infrastructure sectors, including the power grid, water systems, and air travel. Released on November 15, 2024, the guidelines were developed with input from the DHS's Artificial Intelligence Safety and Security Board. The framework urges AI developers to assess the potentially dangerous capabilities of their products, ensure alignment with human-centric values, and prioritize user privacy.
Hong Kong has launched its first-ever 60-hour cybersecurity drill, aimed at strengthening its defenses against rising cyber threats. The drill, organized by the Digital Policy Office in collaboration with multiple stakeholders, including the Hong Kong police force and Hong Kong Internet Registration Corporation, simulates real-world cyberattacks to test the preparedness of government systems. A "red" team of hackers, composed of professionals and students, will simulate various attack methods, while a "blue" defense team from government departments will work to detect and counter the simulated threats in real time.?
The Australian government has launched a groundbreaking 24/7 monitoring initiative aimed at combating terrorist and extremist content online. In partnership with Tech Against Terrorism and the Online Harms Foundation, the government will provide dedicated, global online monitoring capacity to track and report content that promotes violence and terror. This new capability, which will focus on urgent referrals to the eSafety Commissioner, is part of Australia's commitment to the Christchurch Call—a global initiative created after the 2019 Christchurch terrorist attack to curb the spread of extremist content online.
Turkey's Personal Data Protection Board (KVKK) has fined Amazon's gaming platform, Twitch, $58,000 (2 million lira) following a significant data breach. The breach, which exposed 125 GB of data, impacted 35,274 individuals in Turkey. The investigation revealed that Twitch had failed to implement sufficient security measures before the incident and had not conducted adequate risk and threat assessments. The KVKK imposed a fine of 1.75 million lira for security shortcomings and an additional 250,000 lira for failing to report the breach in a timely manner.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: