Cyber Briefing: 2024.05.15. 👉 What’s trending in cybersecurity… | by CyberMaterial | May, 2024
👉 What’s trending in cybersecurity today?
WaveStealer, Telegram, Discord, Broadcom, Ransomware, WinSCP, PuTTY, Rapid7, Critical Flaw, D-Link, Routers, SSD Secure Disclosure, Linux Servers, Cryptocurrency Theft, ESET, Microsoft, Security Vulnerabilities, Sonne Finance,Cointelegraph, Santander Bank, Customer Data, Employee Data, Sur in English, Northern California City, Second Cyberattack, Statescoop, Singing River Health System, Ransomware Attack, Office of the Maine General Attorney, Belgian Walloon Agriculture Federation, La Libre, Bipartisan Senators, $32B AI Investment, Associated Press, Dutch Court, Tornado Cash, de Rechtspraak, Tor Project, Tor Browser, Privacy, Google, AI-Powered Search, Cointelegraph
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
1. WaveStealer Malware on Messaging Apps
A new malware called WaveStealer is spreading through Telegram and Discord, posing a serious risk to users’ sensitive data as it disguises itself as video game installers. WaveStealer operates as an infostealer, targeting web browsers, cryptocurrency wallets, and credit card numbers, while also capturing screenshots from infected devices to enhance data exfiltration techniques. With its low cost and accessibility on the dark web, WaveStealer presents a significant challenge to digital security, urging users to remain vigilant and utilize robust antivirus software to mitigate the risk of infection.
2. Unveiling the PuTTY Malware Odyssey
In a March 2024 assault, attackers weaponized ads to distribute tainted WinSCP and PuTTY installers, harboring a renamed pythonw.exe hosting a pernicious DLL. Redirects from PuTTY ads led unsuspecting users to a typo-squatted domain, enticing them into downloading a disguised ZIP harboring malware, all while posing as a legitimate help article page to deflect suspicion.
3. D-Link Router Vulnerabilities
The D-Link DIR-X4860 router, boasting Wi-Fi 6 speeds up to 4800 Mbps, is vulnerable to remote unauthenticated command execution, potentially allowing complete device takeovers via the HNAP port. Widely used in Canada and globally supported, the device’s latest firmware harbors flaws enabling attackers to gain root privileges, as per SSD Secure Disclosure’s findings.
4. Ebury’s Linux Server Onslaught
ESET reveals Ebury’s decade-long rampage, infecting 400,000 Linux servers, with nearly 100,000 still compromised by late 2023. The latest tactics reveal a preference for breaching hosting providers, executing supply chain attacks, and exploiting SSH traffic interception to plunder cryptocurrency wallets. Despite law enforcement action, Ebury’s evolving obfuscation techniques and diverse malware modules continue to pose a significant threat to online security.
5. Microsoft Patched 61 Vulnerabilities
Microsoft’s latest Patch Tuesday addresses 61 new security vulnerabilities, including two zero-days actively exploited in the wild. Notably, CVE-2024–30040 and CVE-2024–30051 pose significant risks, potentially allowing attackers to execute arbitrary code and gain SYSTEM privileges respectively. With exploits targeting various Windows components, swift application of patches is crucial to fortify defenses against evolving cyber threats.
6. Sonne Finance Hit by $20M Crypto Theft
Sonne Finance faces a $20 million cryptocurrency drain after a hack detected by Cyvers, prompting a pause in operations and collaboration with cybersecurity experts for investigation. Despite efforts to negotiate the return of stolen funds, the hacker shows reluctance, moving a significant portion to new wallet addresses, initiating token swaps to obscure traceability.
Santander bank confirms hack exposing customer data in Spain, Chile, and Uruguay to cybercriminals, affecting 200,000 employees. Immediate measures implemented to contain the breach, reassuring customers of unaffected operations. Supplier-related breach prompts proactive communication and police involvement, amid heightened cybersecurity scrutiny.
8. Northern California Cyberattack Strikes
St. Helena, California, faces cyberattack; shuts city systems and library as precaution. Collaboration with law enforcement for forensic investigation underway; antivirus system detected suspicious activity early Monday. City’s cloud systems affected; backups in place, but full recovery may take up to 72 hours.
9. Singing River Hit by Ransomware Attack
Singing River Health System, a major Mississippi healthcare provider, faces a staggering impact after a ransomware attack, potentially exposing over 895,000 individuals. Operating multiple hospitals and medical facilities, the breach compromised sensitive data, including Social Security Numbers and medical records, highlighting the urgent need for enhanced cybersecurity measures. With the threat actors leaking substantial data and offering credit monitoring, affected individuals are urged to remain vigilant and safeguard their personal information.
10. Belgian Walloon Agriculture Hacked
The Walloon Federation of Agriculture faces a cyber-attack from hacker group 8Base, initially targeting the Public Service of Wallonia. Despite denial from the Wallonian administration, the agricultural union confirms the breach and is investigating the incident. On the dark web, 8Base claims additional victims, employing ransom tactics to compel payment.
11. US Senators Call for $32B AI Investment
A bipartisan group led by Chuck Schumer recommends $32B over three years for AI development and regulation, stressing the need to seize opportunities and address risks. Despite anticipated legislative challenges, urgent regulation and innovation incentives are deemed essential to navigate the AI landscape effectively.
12. Tornado Cash Co-Founder Sentenced
A Dutch court sentences a Tornado Cash co-founder to over five years in prison for money laundering charges related to the cryptocurrency mixer. Despite the defendant’s claims of offering a legitimate privacy solution, the court holds the founders responsible for enabling criminal activities through inadequate safeguards. The case ignites a global debate on the regulation of privacy tools in the crypto space amid concerns over their potential misuse by malicious actors.
13. Tor Project Releases Tor Browser 13.0.15
Tor Project rolls out significant updates with version 13.0.15, featuring an upgraded Firefox framework and crucial bug fixes.
Notable improvements include enhanced privacy in global private browsing mode and smoother identity resets, ensuring users enjoy heightened anonymity and security.
With backported security fixes and refined authentication processes, Tor Browser continues its mission to offer a secure and user-friendly browsing experience.
14. Google Introduces AI-Powered Search
Google introduces AI Overviews, simplifying information retrieval and enhancing user satisfaction. With customizable language options and multi-step reasoning, Search evolves to meet diverse user needs. Experience the future of information discovery with Google’s groundbreaking features.
15. Million New Tokens Flood Crypto Markets
Since April, crypto markets have witnessed a surge in token creation, with over a million new tokens emerging, predominantly memecoins. Ethereum’s layer-2 network, Base, has seen a significant uptick in activity, fueled by the launch of over 370,000 new tokens, while Solana witnessed the creation of over 640,000 new tokens, predominantly memecoins. Despite concerns about scams and vulnerabilities, memecoins remain a profitable narrative, drawing both criticism and attention within the crypto community.
Subscribe and Comment.
Copyright © 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.