Cyber Briefing: 2024.12.03
?? What's the latest in the cyber world today?
US Internal Revenue Service , Holiday Scams, Tax Security, SmokeLoader Malware, Manufacturing, IT Sector, Taiwan, Weaponized Resumes, Employee Attacks, Salesforce Flaw, 微软 Windows, Use-After-Free Vulnerability, ENGlobal , Ransomware Attack, Marin Housing Authority , Signzy , ID Verification, Customer Data, Atrium Health , Data Exposure, Patient Portal, Pi Kappa Phi Fraternity , China, Lidar Technology, Espionage Threat, Malaysia Minister of Communications, Cyber Laws, UK Cybersecurity Risks, Criminal Threats, US AI Guardrails, Medicare Programs, Upwind Security , Cloud Security, AI Tools
?Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
The US Internal Revenue Service (IRS) has issued a warning about holiday scams as the ninth annual National Tax Security Awareness Week begins. Partnering with state agencies, tax professionals, and the private sector, the IRS aims to help taxpayers protect their personal and financial information during the holiday shopping season and the upcoming tax season. Scammers often use sophisticated phishing techniques, such as fake delivery notifications or emails claiming to be from the IRS about refunds or tax bills, to steal sensitive data.
SmokeLoader malware has resurfaced in a campaign targeting manufacturing, healthcare, and IT sectors in Taiwan. Known for its modular design and advanced evasion techniques, SmokeLoader now directly conducts attacks using plugins downloaded from its command-and-control (C2) server. Initially designed to deploy secondary payloads, the malware also supports plugins for data theft, DDoS attacks, and cryptocurrency mining.
In March 2024, a sophisticated cyber attack was detected, beginning with a weaponized resume used to target an employee and ultimately compromising multiple servers. The attack, attributed to the threat group TA4557, involved a malicious job application containing a fake resume with a Windows Shortcut (.lnk) file disguised as a harmless zip archive. Once executed, the malware exploited legitimate system processes, such as the ie4uinit.exe utility, to deploy backdoors like more_eggs and establish a persistent connection with the command-and-control server.?
A critical vulnerability has been discovered in Salesforce applications, posing a significant risk of full account takeovers. The flaw, identified through a penetration test, stems from misconfigurations within Salesforce Communities, particularly impacting the Salesforce Lightning component framework. Attackers can exploit this vulnerability by targeting unauthenticated "Guest Users" who, under certain conditions, may gain unauthorized access to sensitive data. The vulnerability enables attackers to extract personal identifiable information (PII), manipulate data, and reset passwords without proper validation.
A critical use-after-free vulnerability, identified as CVE-2024-38193, has been discovered in the Windows driver afd.sys, specifically affecting the Registered I/O (RIO) extension for Windows sockets. This flaw arises due to a race condition between two functions—AfdRioGetAndCacheBuffer() and AfdRioDereferenceBuffer()—which can be exploited by attackers to access freed memory, leading to privilege escalation. Malicious actors can manipulate buffer registration and deregistration, allowing them to overwrite critical kernel memory and gain NT AUTHORITY\SYSTEM privileges.
ENGlobal Corporation, a major contractor in the energy sector, confirmed a ransomware attack that disrupted its operations. The attack, discovered on November 25, resulted in unauthorized access to the company’s IT system and the encryption of certain data files. In response, ENGlobal restricted employee access to its IT system, focusing only on essential operations. The company has launched an internal investigation and hired external cybersecurity experts to address the issue.
Hackers have stolen nearly $1 million from California's Marin County Housing Authority in one of the largest public fund thefts in the area. The cybercriminals intercepted emails for months, using phishing tactics to trick staff into wiring funds to a fraudulent account. The theft was discovered in September after the Housing Authority had transferred a $3 million loan intended for renovating public housing. The attackers had posed as a trusted vendor, misleading both the Housing Authority and the vendor.
Signzy, a prominent Indian online ID verification firm serving top financial institutions, confirmed a recent cyberattack that compromised its security. The Bengaluru-based startup, which facilitates customer onboarding and KYC services for over 600 financial institutions globally, including major Indian banks, was targeted by an "information stealer malware." While the firm did not specify the extent of the breach, reports suggest that some customer data briefly appeared on a cybercrime forum. Notably, several of Signzy's clients, including PayU and ICICI Bank, have confirmed that they were not affected by the incident.
Atrium Health has issued a public apology after discovering that patient data from its MyAtriumHealth and MyCarolinas portals may have been inadvertently shared with third-party vendors such as Google and Facebook between January 2015 and July 2019. The exposure occurred through internet tracking technologies used on the portal, which have since been disabled. While sensitive information like Social Security numbers and financial details were not involved, personal data such as names, contact information, and medical treatment details may have been exposed.
Pi Kappa Phi Fraternity has confirmed a data security incident that occurred around February 3, 2024, where unauthorized access to its network led to the potential removal of personal information from their system. Following an extensive investigation, the fraternity revealed that certain sensitive data, including Social Security numbers, financial details, and medical information, may have been compromised. The incident was discovered on November 21, 2024, and Pi Kappa Phi has since sent notification letters to impacted individuals.
?? Cyber News
A recent report from the Foundation for Defense of Democracies raises significant concerns about China's growing dominance in the global lidar technology market and its potential national security risks. Lidar, which uses laser pulses to create detailed 3D maps of environments, is now widely used in both civilian and military applications. The report warns that Chinese-made lidar sensors, increasingly found in U.S. infrastructure such as transportation and utility systems, could enable espionage or sabotage by allowing China to access sensitive data or disrupt critical operations.
Malaysian Minister Fahmi Fadzil has introduced two critical pieces of legislation aimed at addressing the increasing threats of online harassment and cybercrimes. The proposed amendments to the Communications and Multimedia (Amendments) Bill 2024 and the Malaysian Communications and Multimedia Commission (MCMC) (Amendment) Bill 2024 were presented in the Dewan Rakyat as part of the MADANI Government's commitment to enhancing cybersecurity and online safety. The amendments focus on updating laws to tackle issues like cyberbullying, online fraud, unsolicited commercial messages, and improving network security.
The UK’s cybersecurity risks are being widely underestimated, according to Richard Horne, the head of the National Cyber Security Centre (NCSC). In his recent address, Horne highlighted the growing gap between the increasing sophistication of cyber threats and the current defenses in place to protect the UK’s infrastructure. He pointed out significant threats from state-backed actors, particularly Russia and China, whose cyber activities are becoming more aggressive and reckless. Horne also stressed that cybercriminals are adapting rapidly, aided by new technologies like AI, increasing both the scale and impact of attacks.
The Centers for Medicare and Medicaid Services (CMS) have proposed new guidelines to ensure that artificial intelligence (AI) tools used in Medicare Advantage plans promote equitable healthcare access. These "guardrails" emphasize existing regulations requiring insurers to prevent discrimination or unnecessary barriers to care, particularly from automated systems like AI-driven prior authorization tools. The proposal aligns with a 2023 executive order from the Biden administration aimed at advancing equity in AI usage across sectors, including healthcare.
Upwind Security, a San Francisco-based cloud security startup, has raised $100 million in Series A funding to advance its innovative approach to addressing cloud vulnerabilities. Led by CEO Amiram Shachar, the company leverages runtime context and AI to streamline threat detection, prioritize critical alerts, and enhance API security within an integrated cloud security stack. The funding will be used to double Upwind’s workforce to 300, with investments in engineering and global customer engagement.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: