Cyber Briefing: 2024.12.09
?? What's happening in cybersecurity today?
Ultralytics AI, PyPI Library, Cryptocurrency Miner, Fake Video Apps, Data Theft, Web3 Professionals, QNAP Systems Flaws, Bitcoin Inc. , Lightning Network , Transaction-Relay Jamming, Qlik Sense, Remote Code Execution, Cardano Foundation , X Account, Scam Tokens, Croatia, Port of Rijeka / Luka Rijeka d.d. , Sensitive Data, Kurita Water Industries Ltd , Ransomware Attack, Groupe Vidymed Healthcare, KidZania Tokyo, Personal Records, US Cyber Force, 2025 NDAA, Russia Interference, Romania Presidential Election, Indian Government, Cyberattacks, 苹果 , Child Sexual Abuse Material, Detection, Brooklyn District Attorney's Office , Fraud, NFT Sites
?Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
The Ultralytics AI library, a widely used Python package, was recently compromised in a supply chain attack, with versions 8.3.41 and 8.3.42 found to contain malicious code delivering a cryptocurrency miner. The attack exploited a GitHub Actions script injection vulnerability, enabling unauthorized modifications to the build environment after code review. The malicious payload, identified as an XMRig miner, caused spikes in CPU usage on macOS and Linux systems. The breach was traced to a GitHub account, "openimbot," which exploited flaws in the deployment workflow.
Cybersecurity researchers have uncovered a new scam campaign targeting Web3 professionals, where hackers use fake video conferencing apps to deliver an information stealer called Realst. The attackers set up fraudulent companies that use AI-generated content to appear legitimate, reaching out to targets via Telegram with offers of investment opportunities. Victims are then prompted to download meeting apps from deceptive sites with names like Meeten and Clusee. Once installed, the malware steals sensitive data, including cryptocurrency wallet information, banking credentials, and browser cookies, and sends it to remote servers.
QNAP Systems has recently disclosed multiple critical vulnerabilities affecting its QTS and QuTS hero operating systems, identified during the Pwn2Own 2024 competition. The vulnerabilities, which include improper authentication, certificate validation flaws, command injection, and URL encoding issues, could allow remote attackers to compromise system security or execute arbitrary commands. These vulnerabilities affect QTS versions 5.1.x and 5.2.x, as well as QuTS hero versions h5.1.x and h5.2.x. QNAP has released updates to address these vulnerabilities, urging users to update their systems promptly to ensure protection against potential exploitation.
A recently discovered vulnerability, CVE-2024-55563, has exposed a critical flaw in the Bitcoin network’s transaction-relay mechanism, posing a threat to the stability of the Lightning Network. This "transaction-relay jamming attack" allows malicious actors to flood Bitcoin full nodes with a high volume of junk transactions, overwhelming their ability to process legitimate transactions. The vulnerability has two main attack vectors: the High-Overflow Attack, which disrupts lower-fee transactions by injecting high-fee ones, and the Low-Overflow Attack, which targets node limits, causing the loss of legitimate transactions.
Qlik Sense for Windows has been found to have multiple critical vulnerabilities that could lead to remote code execution (RCE), potentially allowing attackers to gain control of affected servers. These vulnerabilities, discovered during Qlik's internal security testing, primarily affect various versions of Qlik Sense Enterprise for Windows, including those from May 2023 to May 2024. If exploited, attackers could execute unauthorized commands, compromising system integrity and confidentiality.
On December 8, 2024, the Cardano Foundation's X account was hacked, with the attacker posting fraudulent content, including links promoting a fake "ADAsol" token and misleading claims about the Cardano network ceasing support for ADA, its native cryptocurrency. The scam led to a surge in trading volume for ADAsol, generating around $500,000 before the token crashed by 99%. Cardano founder Charles Hoskinson confirmed the breach, and the fraudulent posts were swiftly removed. While the compromised X account has been targeted, the Cardano ecosystem itself remains unaffected.
The Port of Rijeka in Croatia was recently targeted by a cyberattack, resulting in the theft of sensitive data, including financial records, personal information, employment contracts, and non-disclosure agreements. The attack, which took place over the weekend, was attributed to a ransomware group, though the Port has not paid the ransom demand. CEO Du?ko Grabovac reassured the public that despite the breach, the port's systems are fully functional, thanks to a robust backup system that allowed for the recovery of all stolen data.
领英推荐
Kurita America Inc. (KAI), a subsidiary of Kurita Water Industries Ltd., was hit by a ransomware attack on November 29, 2024, leading to the encryption of multiple servers. The breach potentially exposed sensitive data related to customers, business partners, and employees. Upon detecting unauthorized access, the company swiftly isolated the compromised servers to contain the damage. While the full scope of the attack is under investigation, Kurita America has not yet confirmed any specific instances of data leakage.
Vidymed, a healthcare group with centers in Lausanne and épalinges, Switzerland, was targeted by a cyberattack on December 7, 2024. The attack prompted immediate action, with the company cutting off all IT services to prevent data leaks. Medical staff temporarily resorted to pen and paper for patient records while consultations continued as usual. A crisis unit involving Vidymed’s management, the cantonal health authorities, and cybersecurity intervention teams was established due to the potential impact on the Vaud healthcare system.
KidZania Tokyo, a popular children’s theme park in Japan, has experienced a data breach that exposed 24,644 personal records. The breach, discovered on October 16, 2024, resulted from unauthorized access to the park's website. The compromised data includes names, email addresses, phone numbers, and home addresses of individuals who made reservations before October 17, 2024. KCJ Group, the operator of KidZania Tokyo, has acknowledged the breach and is currently investigating the extent of the damage.
?? Cyber News
The proposal to establish a dedicated U.S. Cyber Force as a separate military branch has been significantly watered down in the final version of the 2025 National Defense Authorization Act (NDAA). Initially, there were calls for an independent study to assess the feasibility of creating a U.S. Cyber Force, but much of this language has been removed. Instead, the legislation now mandates an evaluation of various organizational models for cyber forces within the Armed Forces, shifting away from the original focus on a distinct cyber branch.
In a historic move, Romania's Constitutional Court annulled the results of the first round of its presidential election due to alleged Russian interference, which had used TikTok to promote a candidate. The court's decision, which voided the second-round vote scheduled for December 8, 2024, cited the need to ensure the fairness of the electoral process. The decision followed the release of declassified documents, revealing a pro-Russian campaign through a network of 25,000 TikTok accounts.
In recent years, India has witnessed a staggering 138% increase in cyberattacks targeting government entities, with incidents rising from 85,797 in 2019 to 204,844 in 2023. This surge, highlighted in a report presented to the Rajya Sabha, underscores the growing threat to India’s cybersecurity infrastructure. The Ministry of Electronics and Information Technology, through the Indian Computer Emergency Response Team (CERT-In), has been actively working to counter these attacks. Measures such as the appointment of Chief Information Security Officers (CISOs) in central ministries and the establishment of the National Critical Information Infrastructure Protection Centre (NCIIPC) aim to bolster defenses.
Apple is facing a lawsuit over its decision to abandon plans for a system designed to scan iCloud photos for child sexual abuse material (CSAM). Initially announced in 2021, the system was intended to use digital signatures from organizations like the National Center for Missing and Exploited Children to detect and prevent the spread of CSAM on its platform. However, the company reversed its course after privacy advocates raised concerns that the system could be used as a backdoor for government surveillance.
The Brooklyn District Attorney's office has taken action against a network of fraudulent NFT marketplace websites, shutting down 40 of them after an 85-year-old artist lost $135,000 to a scam. The victim was tricked by a scammer posing as an art dealer on LinkedIn, who convinced him to mint his artwork on a fake NFT marketplace resembling OpenSea. After being told he had made a $300,000 profit, the artist was then asked to pay a $135,000 fee to access it, which he funded by liquidating his retirement savings, credit card payments, and loans. Upon realizing the scam, the artist was left devastated, both emotionally and financially.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: