Cyber Briefing: 2024.06.19. 👉 What’s trending in cybersecurity… | by CyberMaterial | Jun, 2024

First time seeing this? Please subscribe.

1. Void Arachne’s Chinese Malware Campaign

A hacking group called Void Arachne is targeting Chinese-speaking users with a malware campaign disguised as legitimate software installers. The malware steals user data, grants remote access to attackers, and avoids detection by targeting specific antivirus software. Users should be cautious when downloading software and only download from trusted sources.

2. Phishing Platform Targets Microsoft 365

A new and sophisticated phishing-as-a-service (PhaaS) platform, dubbed ONNX Store, has emerged, targeting Microsoft 365 accounts within financial institutions through a novel approach involving QR codes embedded in PDF attachments. This platform represents a notable evolution in phishing tactics, leveraging the guise of legitimate communication channels to infiltrate corporate networks and compromise sensitive data. ONNX Store’s operational framework bears striking resemblance to the previously identified Caffeine phishing kit, attributed to the Arabic-speaking threat actor MRxC0DER, indicating a potentially orchestrated campaign with wide-ranging implications.

3. Fake Software Delivers Double Malware Threat

Cybercriminals distribute malware disguised as popular software, luring users into downloading Trojanized applications. The hidden malware loader launches Vidar Stealer, stealing browser passwords and deploying additional malicious payloads. Caution when downloading software and avoiding suspicious emails is crucial to thwart such attacks.

4. Mailcow Flaws Enable Email Server Takeover

Two vulnerabilities in Mailcow’s open-source mail server suite, CVE-2024–30270 and CVE-2024–31204, could allow malicious actors to execute arbitrary code. The flaws, affecting versions before 2024–04, were disclosed by SonarSource and involve path traversal and cross-site scripting. Exploiting these vulnerabilities could enable attackers to hijack admin sessions and execute commands on the server.

5. Fake App Targets Crypto Users with Malware

Insikt Group observed a malicious campaign using Vortax, a fake virtual meeting app, to target cryptocurrency users. Vortax, posing as a legitimate software, delivers three infostealers, including the rare macOS-targeting AMOS, to steal sensitive information. The campaign, likely run by the threat actor “markopolo,” represents a significant threat to both Windows and macOS users.

6. AMD Probes Data Breach Claim by IntelBroker

AMD is investigating a potential data breach after the hacker group IntelBroker claimed to have stolen company databases. The stolen data allegedly includes information on future AMD products, spec sheets, and databases covering employee and customer information. To substantiate their claims, IntelBroker posted screenshots showing corporate email addresses and internal phone numbers of AMD employees. However, the employee information appears outdated, and no customer data has been posted yet. IntelBroker is seeking to sell the stolen data for cryptocurrency and has a history of selling data from other high-profile breaches.

7. Maxicare Security Breach Affects 13K Members

Maxicare has reported a security breach involving unauthorized access to personal information. The incident affects about 13,000 members, less than 1% of Maxicare’s total membership, and pertains to booking requests through Lab@Home, a third-party provider. Maxicare assures no sensitive medical data was exposed and that their main systems remain unaffected.

8. Hacker Gang Leaks Kansas City Police Data

The BlackSuit ransomware group has leaked sensitive data stolen from the Kansas City, Kansas Police Department (KCKPD) after failed ransom negotiations. The leaked information includes case reports, a fingerprint database, and employee data. BlackSuit, previously known as Royal and Conti, has targeted 58 organizations in 2024, showcasing their aggressive tactics to coerce victims into paying ransoms.

9. Hawaii Transit Hit by Ransomware Attack

Hawaii’s Oahu Transit Services (OTS), which runs TheBus and TheHandi-Van in Honolulu, is experiencing a network outage due to a ransomware attack by the DragonForce group from Malaysia. The attack has taken down OTS’s websites and real-time transit apps, causing potential delays in service. This incident follows a previous ransomware attack on OTS in December 2021 and highlights ongoing cybersecurity threats to critical infrastructure.

10. Sandhar Technologies Faces Cyber Incident

Sandhar Technologies experienced a slight drop in its stock value following reports of a cyber-incident affecting some of its systems. The company swiftly responded to the situation, deploying cybersecurity experts and implementing necessary protocols to mitigate any potential impact. Despite the incident, Sandhar Technologies assured stakeholders that no confidential data breach occurred and that its operations remain unaffected.

11. US FTC’s TikTok Privacy Complaint

The US Federal Trade Commission referred a complaint against TikTok to the DOJ, alleging potential violations of data privacy laws. The investigation stems from a review following a 2019 settlement with Musical.ly over illegal data collection from children. While the details of the complaint are not yet public, concerns revolve around privacy practices and potential deception regarding data access.

12. IMF Proposes Green Tax on AI

The International Monetary Fund (IMF) recommends governments impose a green tax on AI-related carbon emissions and excess profits to address environmental and economic impacts. Generative AI’s rapid development and high energy consumption are projected to significantly increase carbon emissions from data centers. The IMF suggests alternative taxation on capital income and excess profits to mitigate job losses and wealth inequality caused by AI automation.

13. Microsoft Enhances Encryption Transparency

Microsoft has published a white paper detailing its double key encryption methods for securing customer data, following pressure from Germany’s Federal Office for Information Security (BSI). The disclosure comes after BSI invoked a legal clause demanding comprehensive information on Microsoft’s encryption practices. This move is part of BSI’s ongoing investigation into security measures following a 2023 hack attributed to a Chinese threat actor, raising concerns about Microsoft’s security protocols.

14. US Indonesia Maritime Cybersecurity Exercise

The United States and Indonesia conducted their first port-focused cybersecurity exercise in Surabaya, aiming to enhance maritime cyber resilience against potential attacks. The event included simulations of major cyber incidents and ransomware attacks, with participation from various government and private sector representatives. This exercise is part of ongoing efforts to strengthen security cooperation between the two nations, particularly in safeguarding critical maritime infrastructure.

15. Email Social Engineering Attacks Rise

In 2023, 92% of organizations experienced an average of six credential compromises due to email-based social engineering attacks, according to a Barracuda report. The majority of these attacks were scamming and phishing, but there was also a significant increase in conversation hijacking and business email compromise. The report highlights the evolving tactics of attackers, including the use of legitimate services and QR codes to bypass traditional security measures.

Subscribe and Comment.

Copyright © 2024 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.