A Week In Cybersecurity World
This week on TCE Cyberwatch, we report on significant breaches affecting both prominent companies and universities, with thousands of individuals impacted.
In addition, TCE Cyberwatch explores the evolving landscape of cybersecurity legality, highlighting Australia’s ongoing court case against X. TCE Cyberwatch also delves into advancements in corporate cybersecurity, such as Apple’s upcoming announcement of their very own password management app.
Keep reading to find out more!
Akira Ransomware Group Targets Panasonic Australia
The Akira ransomware group has reportedly compromised Panasonic Australia’s data, claiming to have exfiltrated sensitive project information and business agreements. The authenticity and full impact of this breach are still unverified. In response, Singapore’s Cyber Security Agency (CSA) and Personal Data Protection Commission (PDPC) have advised organizations to report such attacks rather than paying ransoms. This recommendation follows confirmation by law firm Shook Lin & Bok that they paid Akira $1.4 million in Bitcoin.
The CSA has warned that paying ransoms does not guarantee data recovery and could potentially encourage further attacks. They recommend implementing robust security measures, including strong password policies, multi-factor authentication, reputable antivirus software, regular vulnerability scans, network segregation, routine backups, incident response exercises, and minimizing data collection.
Additionally, the FBI and CISA had previously included Akira in their #StopRansomware campaign, emphasizing the importance of these preventive measures. Read More
Xbox One Kernel Exploit Discovered: Tinkering with Game Script App
An individual known as carrot_c4k3 has discovered a kernel-level exploit for Xbox One consoles using an app called ‘Game Script’ from the Microsoft Store. This exploit is not a jailbreak but allows users to gain control over virtual machine (vm) homebrews without enabling pirated software. The method involves two components: initial code execution in UWP applications and a kernel exploit granting full read/write permissions.
A proof of concept has been shared on GitHub, currently limited to UWP apps. The exploit bypasses developer mode fees and modifies game save data but does not alter actual games. It may also allow running simple emulators. However, Microsoft could potentially detect this exploit, so using an offline console is recommended. It is also possible that the exploit has already been patched in the latest firmware update, version 10.0.25398.4478. Read More
Over 8,000 at VIT Bhopal University Potentially Exposed in Data Breach
VIT Bhopal University in India has reportedly experienced a major data breach, impacting more than 8,000 students and faculty members. The breach, first revealed on June 10, 2024, on BreachForums, involves the alleged leak of sensitive information, including unique identification numbers, usernames, full names, email addresses, passwords, and user activation keys.
This compromised data could potentially allow unauthorized access to personal and university accounts, raising significant concerns about phishing attacks and other malicious activities. VIT Bhopal, established in 2017 and ranked 65th in India by the National Institutional Ranking Framework, offers programs in engineering, technology, management, and architecture.
As of now, the university has not commented on the breach or disclosed the full extent of the compromised data. Read More
Energy Giant Potentially Breached: Hacker Selling Alleged SGCC Data
A hacker named Desec0x claims to have breached the State Grid Corporation of China (SGCC) and is selling the stolen data on BreachForums for $1,000. The data reportedly includes user account information, employee details, and department roles in SQL and XLSX formats. SGCC, the world’s largest utility company, serves over 1.1 billion people in China and owns assets in several countries.
If confirmed, this breach could have serious implications for SGCC and its stakeholders. Cyberattacks on the energy sector are increasing, with notable incidents in 2023 and 2024 targeting companies like Consol Energy and Petro-Canada. SGCC has not yet confirmed the breach, and its website appears to be unaffected. Read More
Deepfakes Target Australian Politicians in Investment Scams
Australian politicians, including Finance Minister Katy Gallagher and Foreign Minister Penny Wong, have been targeted in AI-generated deepfake investment scam videos. The scam also used images of Nationals senator Bridget McKenzie and former Prime Minister Scott Morrison, among others. These videos, promoted via Facebook ads, falsely depict the politicians endorsing fraudulent investment schemes.
Federal Minister Stephen Jones warned that AI could amplify fraud and proposed reforms to make social media companies more accountable. Gallagher stressed that neither she nor other politicians would promote products online, urging people to report such scams. The government is considering measures like mandatory AI image watermarking to combat misuse. Read More
Get Ready to Switch? Apple Unveils Passwords Manager at WWDC
At Apple’s Worldwide Developer Conference next week, the company is expected to unveil its own standalone password manager, named Passwords, which will rival apps like 1Password and LastPass.
According to Bloomberg News, Passwords will offer features surpassing those of iCloud and Mac Keychain, enabling users to save Wi-Fi passwords, store passkeys, and categorize login credentials. The app is also anticipated to be compatible with Windows machines, though its availability for Android users remains uncertain. Read More
Monti Ransomware Targets West After Conti’s Demise
The Monti ransomware group, which bears similarities to the defunct Conti ransomware, has recently changed ownership and shifted its focus towards Western targets. The new owners are revamping its infrastructure for future operations. Recent attacks in the South of France disrupted the Pau-Pyrénées airport, the Pau business school, and a digital campus, compromising sensitive data and raising significant cybersecurity concerns.
Monti exploits vulnerabilities like Log4Shell to infiltrate networks, encrypt desktops, and disrupt servers. Analysts believe the group leverages Conti’s leaked data for its operations. The cybersecurity community emphasizes the need for strengthened defenses and collaboration to combat such evolving threats. The Monti group’s activities highlight the critical need for robust cybersecurity measures to protect essential infrastructures.Read More
TCE Cyberwatch: Wrap Up
. Recent events have shown that even large, well-protected companies can fall victim to cyberattacks. Therefore, it’s always wise to stay proactive and ensure your defenses are up-to-date. Stay safe, stay informed, and take steps to safeguard your digital security.