Cyber Briefing: 2024.04.24. 👉 What’s trending in cybersecurity… | by CyberMaterial | Apr, 2024
👉 What’s trending in cybersecurity today?
North Korea, eScan Antivirus, GuptiMiner, Avast, Wavestealer Malware, CoralRaider Malware, Content Delivery Network, Stealers, Cisco Thalos, Keystrokes, Chinese Keyboard, The Citizen Lab, Electron Framework, Malware, AhnLab Security Intelligence Center, Indiana Water Plant,, CNN, Nothing, Android Authority, El Salvador, Chivo Bitcoin Wallet, Code Leaked, Cointelegraph, Ransomware Attack, Swedish Logistics Firm, E24, Fabricated News Attack, ČTK, U.S. Sanctions, Iran, U.S. Department of the Treasury, AI, Child Exploitation, Thorn, Incubator, Blockchain, TheNewsCrypto, Zero-Day Exploits, Mandiant, CISA, Critical Software, GAO.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
1. North Korean Hackers Exploit eScan Updates
North Korean hackers exploit eScan antivirus updates to deploy GuptiMiner malware, described as “highly sophisticated” by researchers. Avast details the intricate infection chain, including DLL sideloading and evasion tactics targeting specific system configurations and security tools. Despite eScan’s fixes, ongoing infections suggest outdated clients remain vulnerable.
2. Wavestealer Malware Quietly Steals Data
A new malware named “Wavestealer” has been identified as a severe threat for its ability to silently steal sensitive information like login details and credit card numbers. It operates undetected by most antivirus software, using advanced evasion techniques such as polymorphic code that frequently alters its signature. With risks extending from identity theft to significant business data breaches, cybersecurity experts urge updates to antivirus programs, the use of strong passwords, and enabling two-factor authentication to mitigate threats.
3. CoralRaider Malware Spreads Via CDN Cache
Cisco Talos has identified an ongoing malware campaign orchestrated by CoralRaider, a threat actor with suspected Vietnamese origins, leveraging Content Delivery Network (CDN) caches to distribute malware such as CryptBot, LummaC2, and Rhadamanthys since February 2024. The attack involves sophisticated tactics, including phishing emails that lead to booby-trapped links and the use of a PowerShell script to evade User Access Controls and deploy stealer malware. This campaign targets diverse business sectors across multiple countries, employing advanced techniques to evade detection and harvest a wide array of personal and financial information from victims.
4. Cloud Keyboards Expose User Keystrokes
Recent research by Citizen Lab has exposed severe security vulnerabilities in popular cloud-based pinyin keyboard apps that could allow attackers to intercept and decipher user keystrokes. Almost a billion users could be impacted, as flaws were found in apps from major vendors including Baidu, Samsung, and Xiaomi, with Huawei’s app being the only exception. Users are urged to update their apps and opt for keyboard solutions that process data locally to avoid these privacy risks.
5. Hackers Use Electron Framework for Malware
Cybersecurity researchers at ASEC have uncovered a new threat where hackers exploit the Electron Framework’s capabilities to develop cross-platform infostealer malware. This malware, often disguised as legitimate software like TeamViewer, uses Electron’s architecture for stealth and obfuscation, making detection challenging. The hackers package their malicious code in NSIS installers, leveraging Electron’s integration with web technologies and Node.js, to execute harmful scripts and exfiltrate sensitive data like system information, browser histories, and credentials.
6. Russian Hackers Strike Indiana Water Plant
A group known as the Cyber Army of Russia has claimed responsibility for a recent cyberattack on the Tipton Wastewater Treatment Plant in Indiana. Despite the hackers’ claims, Jim Ankrum, the general manager of Tipton Municipal Utilities, confirmed that the facility experienced minimal disruption and remained operational. The incident is part of a series of attacks claimed by the group on U.S. infrastructure, following a similar pattern of targeting essential services, as noted in a recent Mandiant report linking them to other Russian state actors.
7. Nothing Data Breach Resurfaces
The Nothing community is grappling with renewed security concerns as details of a 2022 data breach come to light again, revealing that 2,250 members’ email addresses were compromised. Although no sensitive data like passwords were accessed, the exposure has raised alarms about privacy within the Nothing ecosystem. In response, the UK-based phone manufacturer has enhanced its security measures, yet the incident continues to stir discussions about transparency and user safety.
8. Chivo Bitcoin Wallet Code Leaked by Hackers
The security of El Salvador’s state-operated Bitcoin wallet, Chivo, has been compromised as hackers released its ATM network source code and VPN credentials on the BreachForums platform. The hacker group CiberInteligenciaSV claimed responsibility, declaring that the code was shared freely to expose the government-operated wallet. This incident is part of a series of breaches affecting Chivo, including the massive exposure of personal data of nearly all Salvadoran adults reported earlier in April.
9. Ransomware Hits Swedish Logistics Firm Skanlog
Skanlog, a key logistics provider to Sweden’s Systembolaget, suffered a ransomware attack that incapacitated its entire system, as reported by CEO Mona Zyko. The cyberattack halted distribution operations, potentially leading to a shortage of various drinks, including beers, wines, and spirits, ahead of the weekend. Systembolaget anticipates that about a quarter of its sales volume could be impacted, although they assure that the total supply will not be significantly affected.
10. Fabricated News Breach at Czech News Agency
Yesterday morning, an unknown assailant breached the security of the České noviny website, operated by the Czech News Agency (ČTK), posting fabricated texts about an alleged assassination attempt on Slovak President Petr Pelligrini. Despite the breach, the news service distributed by the Czech News Agency to its clients remained unaffected, providing accurate information to its audience. The agency promptly removed the false news from its website and is collaborating with authorities to address the cyberattack, emphasizing its commitment to maintaining the integrity of its reporting.
11. US Sanctions Iranians for Cyberattacks
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has imposed sanctions on four Iranian nationals linked to a series of cyberattacks targeting American government agencies, defense contractors, and private businesses. These individuals were part of operations orchestrated by the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC), utilizing front companies such as Mehrsam Andisheh Saz Nik (MASN) and Dadeh Afzar Arman (DAA) to conduct their activities. In response to these threats, the U.S. has frozen all stateside assets of the involved parties, prohibited transactions without OFAC approval, and the State Department is offering rewards up to $10 million for information leading to the apprehension of these cybercriminals.
12. AI Firms Join to Combat Child Exploitation
Major AI firms like OpenAI, Microsoft, Google, and Meta have committed to preventing their technologies from being used to create or distribute child sexual abuse material (CSAM). This initiative, driven by Thorn and All Tech Is Human, aims to block the generation of explicit content involving minors and remove existing material from the internet. Amidst growing concerns that generative AI could exacerbate the problem, the companies have pledged to implement robust measures, including selecting training datasets more cautiously and improving content monitoring to protect children effectively.
13. Blockchain and AI Incubator Launches
0G Labs and One Piece Labs have introduced the OPL x 0G incubator, a pioneering program aimed at startups working at the intersection of blockchain and AI. This incubator seeks to explore underdeveloped areas where AI can enhance blockchain applications and vice versa, providing participants with resources like mentorship, network access, and up to $50,000 in grant funding. Set to start on July 1, 2024, the program encourages innovative thinkers to submit ideas that could potentially transform both the crypto and AI landscapes, leveraging 0G’s modular blockchain architecture designed to significantly boost AI task efficiency on blockchain platforms.
14. Zero-Day Exploits Rise in Cyberattack Trends
Mandiant’s M-Trends 2024 Report reveals a significant shift in cyberattack methodologies, with a notable increase in the exploitation of software vulnerabilities, particularly zero-day exploits, which rose by 56% in 2023. These vulnerabilities are heavily targeted by state-sponsored groups and financially motivated cybercriminals for intelligence gathering and financial theft, respectively. The report highlights the evolution in threat actors’ approaches, moving from broad phishing campaigns to more targeted attacks using sophisticated software vulnerabilities, necessitating advanced defensive strategies from organizations.
15. CISA’s Critical Software List
The Cybersecurity and Infrastructure Security Agency (CISA) is set to deliver a crucial list of software products deemed critical for strengthening federal cybersecurity by September 30. This action is a response to the Government Accountability Office’s oversight report, which assesses the progress of implementing a 2021 executive order aimed at enhancing U.S. cyber defenses. The software, categorized as “EO-critical” due to its alignment with the executive order, is selected based on criteria from the National Institute of Standards and Technology and includes capabilities essential for managing system privileges and network protections.
Subscribe and Comment.
Copyright © 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.