CyberSecurity Newsletter August 26th 2024
In this week’s news: The Telegram CEO has been arrested, Haliburton hacked, APT group discovered Cisco switch critical, Cthulhu Stealer targets MacOS and Apple, hacker U_SDod reveals identity, US Government sues Georgia Tech, android malware steals relays NFC data, FBI fails NIST CSF and Hackers impersonate banking apps.
French police arrested Pavel Durov, founder and chief executive of Telegram, due to the lack of content moderation that advantaged criminal activity:
https://securityaffairs.com/167556/cyber-crime/police-arrested-telegram-ceo-pavel-durov.html
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Versa Director bug to its Known Exploited Vulnerabilities catalog:
https://securityaffairs.com/167534/hacking/cisa-adds-versa-director-bug-known-exploited-vulnerabilities-catalog.html
Semiconductor manufacturer Microchip Technology announced that its operations were disrupted by a cyberattack. U.S. chipmaker Microchip Technology suffered a cyberattack that disrupted operations at several of its manufacturing plants. The company detected potentially suspicious activity involving its IT infrastructure on August 17, 2024:
https://securityaffairs.com/167369/hacking/cyberattack-disrupted-operations-microchip-technology.html
Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations:
https://thehackernews.com/2024/08/new-android-malware-ngate-steals-nfc.html
An audit from the Department of Justice's Office of the Inspector General (OIG) identified "significant weaknesses" in FBI's inventory management and disposal of electronic storage media containing sensitive and classified information.:
https://www.bleepingcomputer.com/news/security/audit-finds-notable-security-gaps-in-fbis-storage-media-management/
US oil giant Halliburton announced that it was hit by a cyberattack that is affecting operations at its Houston, Texas offices. Halliburton, a major U.S. oil company, announced that a cyberattack hit its IT infrastructure, particularly impacting operations at its Houston offices:
https://securityaffairs.com/167435/hacking/halliburton-cyberattack.html
China-linked APT group Velvet Ant exploited a recently disclosed zero-day in Cisco switches to take over the network appliance.:
https://securityaffairs.com/167423/apt/china-velvet-ant-zero-day-cisco-switches.html
Cato Security found a new info stealer, called Cthulhu Stealer, that targets Apple macOS and steals a wide range of information.:
https://securityaffairs.com/167454/malware/cthulhu-stealer-targets-apple-macos.html
Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). The threat actors used fake apps almost indistinguishable from real banking apps on both iOS and Android. The technique was first disclosed in Poland in July 2023 and later observed in Czechia and other countries like Hungary and Georgia.:
https://securityaffairs.com/167472/cyber-crime/phishing-relies-progressive-web-applications.html
IBM App Connect Enterprise Certified Container operands are vulnerable to priviledge escalation n due to not limiting the unshare command. This bulletin provides patch information to address the reported vulnerability. [CVE-2022-43915]:
https://www.ibm.com/support/pages/node/7166463
Cato Security found a new info stealer, called Cthulhu Stealer, that targets Apple macOS and steals a wide range of information.:
https://securityaffairs.com/167454/malware/cthulhu-stealer-targets-apple-macos.html
Infamous hacker USDoD, linked to major data breaches, reveals his identity as a Brazilian citizen. Discover the implications and how Brazil’s extradition treaty with the US may affect his future.:
https://hackread.com/usdod-hacker-ssn-leak-reveals-brazilian-citizen/
Cybersecurity researchers have uncovered a new stealthy piece of Linux malware that leverages an unconventional technique to achieve persistence on infected systems and hide credit card skimmer code. The malware, attributed to a financially motivated threat actor, has been codenamed sedexp by Aon's Stroz Friedberg incident response services team:
https://thehackernews.com/2024/08/new-linux-malware-sedexp-hides-credit.html
Organisations continue to face attacks exploiting the critical Log4j zero-day vulnerability even though it has been more than two years since the flaw's discovery, SecurityWeek reports. The vulnerability, tagged as CVE-2021-44228, was first reported in November 2021 and led to a global scramble to implement patches. Despite these efforts, the flaw remains a persistent threat due to complex software dependencies that hinder comprehensive patching.:
https://www.scmagazine.com/brief/exploitation-of-log4j-flaw-continues-in-the-wild
The US government has filed a lawsuit against the Georgia Institute of Technology (Georgia Tech) and its affiliate Georgia Tech Research Corporation (GTRC) for alleged cybersecurity violations. The Department of Justice (DoJ) has joined a whistleblower to file a “complaint-in-intervention” against the institutions for “knowingly” failing to implement cybersecurity controls as required by their Department of Defense (DoD) contract.:
https://www.infosecurity-magazine.com/news/georgia-tech-sued-cybersecurity/
Qilin ransomware is evolving, now targeting Google Chrome credentials. Learn how this new tactic expands their attack arsenal and how organizations can protect themselves. Discover mitigation strategies and the importance of robust security measures. Cybersecurity researchers at Sophos have uncovered a concerning development in the Qilin ransomware operation: Credential harvesting through Google Chrome browsers:
https://hackread.com/qilin-ransomware-steals-google-chrome-credentials/
A Russian national was arrested in Argentina for laundering proceeds from illicit actors, including North Korea-linked Lazarus Group. This week, the Argentine Federal Police (PFA) arrested a Russian national for laundering proceeds from illicit actors and seized millions of dollars in assets from his Argentinian-based operation:
https://securityaffairs.com/167485/cyber-crime/russian-national-arrested-laundering-lazarus-funds.html
Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S:
https://thehackernews.com/2024/08/meta-exposes-iranian-hacker-group.html
Sophos researchers investigated a Qilin ransomware attack where operators stole credentials stored in Google Chrome browsers of a limited number of compromised endpoints:
https://securityaffairs.com/167496/cyber-crime/qilin-ransomware-steal-google-chrome-passwords.html
Last week, a team of researchers from three universities identified techniques for poisoning training data sets that could lead to attacks where large language models (LLMs) are manipulated into releasing vulnerable code. Dubbed CodeBreaker, the method creates code samples that are not detected as malicious by static analysis tools but can still be used to poison code-completion AI assistants to suggest vulnerable and exploitable code to developers. The technique refines previous methods of poisoning LLMs, is better at masking malicious and vulnerable code samples, and is capable of effectively inserting backdoors into code during development.:
https://www.darkreading.com/application-security/researchers-turn-code-completion-llms-into-attack-tools
SolarWinds Web Help Desk 12.8.3 Hotfix 2. This hotfix addresses the SolarWinds Web Help Desk Broken Access Control Remote Code Execution vulnerability fixed in WHD 12.8.3 Hotfix 1, as well as fixing the SolarWinds Web Help Desk Hardcoded Credential vulnerability, and restoring the affected product functionality found in WHD 12.8.3 Hotfix 1.:
https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2