Cyber Briefing: 2024.11.20
?? What's trending in cybersecurity today?
?Ngioweb Botnet, IoT Devices, NSOCKS, XenoRAT, Excel Files, Jupyter Servers, Sports Streaming, Piracy, Ubuntu , Needrestart Package, Root Risks, 甲骨文 Agile PLM, 欧尚 , Finastra , Breach, Client Information, IGT , IT Systems, Disruption, PracticeSuite, Inc. , TEXAN ENT & ALLERGY ASSOCIATES Specialists, Aspen Healthcare Services , Ransomware Attack, US Agencies, China Cyberthreats, Zambia, AI Training, Global Partnerships, Australia, Cyber Security Bill, India, WhatsApp , Fine, Cyera , Series D Funding
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
The Ngioweb botnet, first identified in 2018, has been repurposed to power the NSOCKS residential proxy service, exploiting over 20,000 IoT devices, including routers and smart home equipment. Operated by the threat actor Water Barghest, the botnet infiltrates vulnerable devices using automated scripts and deploys malware, turning them into proxies available for sale. NSOCKS enables users to route traffic through 180 countries, allowing malicious activities like credential stuffing, DDoS attacks, and targeting specific domains such as .gov and .edu.
Threat actors have adopted a new strategy to deploy XenoRAT, an open-source remote access tool, through malicious Excel XLL files, bypassing traditional security measures. Disguised as "Payment Details," these files exploit the Excel-DNA framework to load obfuscated .NET assemblies directly into memory. Upon execution, the malware initiates a multi-stage attack process, including batch file execution, SFX archive deployment, and a decoy PDF display to maintain credibility. Researchers identified the malware communicating with a command-and-control (C2) server in Bulgaria, using advanced techniques like timestamp manipulation and heavy obfuscation to evade detection.
Threat actors are increasingly exploiting misconfigured JupyterLab and Jupyter Notebook instances for sports stream ripping, according to cloud security firm Aqua Security. Jupyter servers, widely used for data science, are often left vulnerable due to common misconfigurations, allowing cybercriminals to gain remote access. In the observed attacks, attackers used the compromised servers to install FFmpeg, a tool for recording and streaming video, to capture live sports broadcasts and illegally redirect the streams to their own servers.
Security researchers from Qualys have uncovered multiple decades-old vulnerabilities in Ubuntu's needrestart package, a tool used to check which services require restarting after shared library updates. The vulnerabilities, present since version 0.8 released in 2014, allow local attackers to escalate privileges and gain root access without user interaction. The flaws, including improper handling of environment variables for Python and Ruby interpreters, as well as issues in the libmodule-scandeps-perl package, can lead to arbitrary code execution.
Oracle has issued a security warning regarding a critical vulnerability (CVE-2024-21287) in the Agile Product Lifecycle Management (PLM) framework, which is actively being exploited in the wild. The flaw, with a CVSS score of 7.5, allows unauthenticated attackers to remotely access and leak sensitive files without the need for a username or password. Discovered by CrowdStrike researchers Joel Snape and Lutz Wolf, the vulnerability poses significant risks, enabling attackers to download files with the same privileges used by the PLM application.
French supermarket chain Auchan has alerted its customers about a recent cyberattack that compromised the personal data of over 500,000 shoppers. The breach specifically affected loyalty program members, exposing sensitive information such as names, email addresses, postal addresses, phone numbers, dates of birth, loyalty card numbers, and family composition details, if provided. However, banking details and passwords were not involved in the attack. In response, Auchan has reassured customers that the breach was quickly contained and additional security measures have been implemented.?
Finastra, a leading financial technology firm, is investigating a data breach that exposed over 400GB of sensitive information from its internal file transfer platform. The breach was detected on November 7, 2024, when suspicious activity was identified on the platform. A cybercriminal, using the alias "abyss0," began selling files allegedly stolen from Finastra’s systems, which reportedly include data from some of its major banking clients. Although the company confirmed that no customer operations were disrupted and that banking credentials were not compromised, the incident has raised serious concerns about the security of financial data.
International Game Technology (IGT), a major operator of slot machines in casinos worldwide, recently reported a cybersecurity incident involving unauthorized access to some of its systems. The breach led to disruptions in portions of the company's internal IT systems and applications. In response, IGT activated its cybersecurity incident response plan and engaged an external advisor to assist in the investigation. While the company has not yet determined the full impact of the breach, certain systems were taken offline as a precautionary measure.
On November 18, 2024, PracticeSuite, Inc. disclosed a data breach affecting patients of Texan ENT Specialists, PLLC, after unauthorized access to sensitive information. The breach, which occurred on October 11, 2024, exposed personal details, including names, Social Security numbers, addresses, dates of birth, phone numbers, email addresses, health insurance information, medical data, and radiological tests. The breach was linked to a cybercriminal accessing a file containing backup records up to March 19, 2024.
On November 18, 2024, Aspen Healthcare Services filed a data breach notice with the Attorney General of Texas, following a ransomware attack that exposed sensitive consumer information. The breach, which occurred after an unauthorized party accessed portions of the company’s IT network, compromised personal data such as names, dates of birth, addresses, insurance IDs, health records, and Social Security numbers. Aspen Healthcare confirmed the attack began on October 22, 2024, and immediately secured its systems while notifying authorities.
?? Cyber News
Cybersecurity experts are urging U.S. federal agencies to ramp up their efforts in combating the growing cyberthreats originating from China. During a Senate Judiciary Committee hearing, experts highlighted the increasing sophistication of cyber-espionage campaigns targeting U.S. critical infrastructure and government officials. They called for enhanced public-private collaboration, more investments in threat intelligence, and stronger defense measures against hacking activities. The hearing follows reports of a broad cyberespionage campaign targeting private communications, attributed to the China-linked hacker group Salt Typhoon.
Zambia is strengthening its cybersecurity capabilities by enhancing training for law enforcement, fostering global partnerships, and leveraging advanced technologies like Artificial Intelligence (AI). At a recent workshop in Lusaka, Technology and Science Minister Felix Mutati emphasized the importance of equipping prosecutors and law enforcement officials with cybercrime-fighting skills, particularly in digital forensics and electronic evidence handling. With over 100,000 cybercrime incidents recorded in 2022 alone, the Zambian government is focusing on proactive measures to safeguard the nation’s digital space.
Australia’s Cyber Security Bill is being pushed for urgent parliamentary approval after receiving strong backing from the parliamentary joint committee on intelligence and security (PJCIS). The bill, introduced by Minister for Cyber Security Tony Burke, aims to enhance national cyber resilience by implementing mandatory ransomware reporting, establishing minimum cybersecurity standards for smart devices, and creating a Cyber Incident Review Board. Minister Burke emphasized the importance of this legislation in responding to evolving cyber threats, with the goal of positioning Australia as a global leader in cybersecurity by 2030.
India's Competition Commission has imposed a $25 million fine on Meta for WhatsApp's controversial 2021 update, which forced users into agreeing to a broad data-sharing policy with other Meta platforms. The regulator found that users were unable to opt out of sharing their data, which violated fair competition laws. In addition to the fine, WhatsApp has been banned from sharing user data for advertising purposes with other Meta platforms for the next five years. Meta plans to appeal the ruling, maintaining that the update was optional and did not affect user privacy.
Data security firm Cyera has successfully raised $300 million in a Series D funding round, bringing its total investments to $760 million since its founding in 2021. The latest funding, led by Accel and Sapphire Ventures, with participation from Sequoia, Redpoint, Coatue, and Georgian, has propelled Cyera's valuation to $3 billion, more than doubling its value since April. The company plans to use the funds to accelerate platform development, expand its R&D, sales, and marketing teams, and strategically acquire solutions that align with its vision for the future of data security.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: