Cyber Briefing: 2024.05.17. 👉 What are the latest cybersecurity… | by CyberMaterial | May, 2024
👉 What are the latest cybersecurity alerts, incidents, and news?
Kimsuky, Linux, GoBear Backdoor, South Korea, Espionage Campaign, Symantec,, ThroughTek, Kalay Vulnerabilities, IoT, Bitdefender, Darkgate, Forcepoint, Norway, VPN,, Norwegian National Security Authority, NSM, Reliaquest, Chicago Fire FC, CTV News, Montreal’s Collège Ahuntsic, Cyberattack, WoodTV, Rockford Public Schools, Ransomware, NRS Healthcare, Bucks radio, Arup Engineering Firm, Scam, Deepfake, US Securities and Exchange Commission, Financial, Texas Attorney General, Car Companies, Harvard, Hacker-Proof Quantum Network, Harvard Gazette, Cybersecurity Infrastructure Security Agency, Encrypted DNS Guidelines, U.S. Department of Justice, North Korea Cyber Scheme.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
1. Kimsuky Deploys Linux GoBear in Korea
The Kimsuky APT group, linked to North Korea’s RGB, is using a Linux version of its GoBear backdoor, named Gomir, to target South Korean organizations. Gomir shares extensive code with the Windows variant GoBear, reimplementing OS-dependent functions for Linux. The campaign leverages trojanized security programs and rogue installers, highlighting software packages as key infection vectors.
2. ThroughTek Kalay Flaws Endanger IoT Devices
Researchers found four major vulnerabilities in the ThroughTek Kalay Platform, affecting 100 million IoT devices. These vulnerabilities can lead to remote code execution and unauthorized root access, compromising security cameras like Roku Indoor Camera SE, Wyze Cam v3, and Owlet Cam. The widespread impact underscores the critical need for improved IoT device security.
3. Darkgate Malware Phishing Threat
Hackers exploit XLSX, HTML, and PDF files in phishing emails, distributing Darkgate malware. Forcepoint researchers expose its sophisticated tactics, posing grave risks to data security. Stay vigilant and implement robust defenses against this persistent threat.
4. Norwegian NCSC Advises SSLVPN Transition
The Norwegian NCSC advises replacing SSLVPN/WebVPN with IPsec by 2025. Critical infrastructure entities should transition by 2024-end. IPsec with IKEv2 is recommended for enhanced security against vulnerabilities.
5. Russia Threatens Operational Technology
Russian state-backed and financially motivated hackers collaborate in cyber operations. Recent attacks on Denmark’s energy sector and Ukraine’s telecom providers demonstrate their sophisticated tactics. Blurred distinctions between criminal and state-sponsored actors complicate defense strategies.
6. Chicago Fire FC Data Breach
Chicago Fire FC confirms a recent data breach, prompting immediate security measures and investigations. Affected individuals are offered credit monitoring services through Cyberscout to safeguard against potential identity theft and fraud. Enrolment instructions have been provided, urging affected parties to monitor accounts and credit reports for any suspicious activity.
7. Collège Ahuntsic Faces Cyberattack
Collège Ahuntsic, situated in Montreal, faced disruption as it closed its doors on Thursday due to concerns over a potential cyberattack. However, the college announced that it would resume its activities on Friday after successfully addressing the situation. A statement posted on the college’s website reassured the community that all computer systems were back to normal following the cyberattack alert, thus prompting the reopening of the college.
8. Michigan Public Schools Hit by Cyberattack
Ransomware attack disrupts Michigan’s Rockford Public Schools’ systems, prompting shutdown of phone and email services. Superintendent assures safety measures in place as FBI investigates overseas-originated hack. Despite challenges, classes proceed traditionally, emphasizing security precautions.
9. NRS Healthcare Supplier Cyber-Attack Alert
Bucks Council notifies residents of a breach in personal data by NRS Healthcare, a major UK health product provider. As investigations continue, affected clients will be contacted directly, urging caution with unexpected communications. NRS Healthcare swiftly responded by taking all systems offline, emphasizing the gravity of cyber threats.
10. Arup Engineering Firm Deepfake Scam
Arup engineering firm falls victim to a sophisticated deepfake scheme, losing $25m in a Hong Kong office transfer. Cybercriminals skillfully impersonated senior management during a convincing video call, leveraging AI-generated imagery and fake voices. Despite the financial setback, Arup maintains business continuity, highlighting the evolving threat landscape of deepfake fraud.
11. US SEC Mandates Data Breach Incident Plans
The Securities and Exchange Commission announces new rules requiring financial firms to have data breach incident plans, impacting various financial institutions like broker-dealers and investment companies. The amendments mandate the development of written policies for detecting and addressing breaches involving customer information, along with procedures for notifying affected customers. The move aims to adapt to the evolving nature of data breaches and enhance investor protection by ensuring timely notification and response.
12. Texas Investigates Car Data Practices
Texas attorney general investigates data privacy practices of major car manufacturers, including Kia, GM, Subaru, and Mitsubishi. The probe raises concerns over potential violations of state laws on deceptive trade practices. Experts suggest this could signal a shift in enforcement ahead of the state’s new comprehensive data privacy law taking effect in July.
13. Harvard’s Quantum Security Network
Harvard physicists create an unhackable network in a race against “Q Day” using entanglement. Quantum mechanics transforms the data transmission paradigm, promising impervious security against interception. Future quantum networks may safeguard sensitive data like never before.
14. CISA Issues DNS Security Guidelines
CISA’s detailed document outlines strategies for government agencies to enhance cybersecurity via encrypted DNS protocols. Aligned with the “zero trust” cybersecurity plan outlined in Memorandum M-22–09, agencies are advised to adopt Protective DNS for outbound DNS resolution. This guidance is crucial for meeting federal requirements and implementing the latest technology tools to safeguard DNS infrastructure.
15. US Justice Charges 5 in Cyber Scheme
Five individuals, including U.S. and Ukrainian nationals, were charged by the U.S. Department of Justice for aiding North Korea’s nuclear program through cyber schemes. Arrests were made in Arizona and Poland, with extradition sought for one suspect. Allegations include identity theft and money laundering, with potential penalties up to 97.5 years in prison.
Subscribe and Comment.
Copyright © 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.
