Policies
MITRE’s launches news EMB3D framework
MITRE introduces EMB3D, a threat-modeling framework for critical infrastructure embedded devices. It offers a comprehensive understanding of threats and security measures, aligning with a secure-by-design approach to reduce vulnerabilities and enhance device security.
Apple and Google Roll Out Unwanted Tracking Alerts on iOS and Android
Apple and Google have introduced a new feature on iOS and Android to alert users about unwanted location trackers. This rollout targets Bluetooth-enabled accessories with built-in tracking capabilities, aiming to protect privacy from potential harassment. Users receive alerts when such trackers are detected, enabling them to locate and disable them if necessary.
Vulnerabilities
Google Rushes Emergency Fix for New Chrome Zero-Day Exploit
Google swiftly addresses a new high-severity Chrome zero-day bug, CVE-2024-4761, exploited in the wild. This vulnerability in V8 can allow data corruption or code execution. With six zero-days fixed this year, users are urged to update their browsers for security.
Apple Releases Urgent Security Updates for iOS, macOS
Apple has urgently patched code execution vulnerabilities in iPhones, iPads, and macOS. These include a memory corruption flaw in RTKit (CVE-2024-23296) affecting older iPhones, and a logic issue in the Foundation framework (CVE-2024-27789) reported by Mickey Jin. The updates mitigate risks of data breaches and unauthorized access.
Breaches
ESET Discovers Ebury Botnet Malware Compromising 400,000 Linux Servers for Financial Gain
ESET uncovered Ebury botnet malware affecting 400,000 Linux servers since 2009, with 100,000 still compromised by late 2023. The malware, known for financial exploits, engages in spam, web traffic redirection, and credential theft, including cryptocurrency heists. It employs various methods like exploiting vulnerabilities and stealing SSH credentials.
Singing River Health System Ransomware Attack: Impact on 895,000 People
In August 2023, the Singing River Health System was hit by a ransomware attack affecting 895,204 people. The attack impacted three hospitals and several medical facilities, causing significant IT outages. Personal information such as names, addresses, and medical details may have been compromised. The organization is providing credit monitoring and guidance to affected individuals to prevent identity theft and fraud, advising them to stay vigilant and report any suspicious activities.
Santander Data Breach Affects Customers and Employees in Chile, Spain, and Uruguay
Santander Bank reported a data breach affecting customers and employees in Chile, Spain, and Uruguay due to unauthorized access to a third-party provider’s database. The breach contained customer and some former employee information but didn’t compromise transactional or sensitive banking data. The bank assured secure operations and initiated additional fraud prevention measures.
City of Helsinki Faces Major Data Breach Impacting Students, Personnel, and Guardians
The City of Helsinki experienced a significant data breach affecting tens of thousands of students, guardians, and personnel. The breach, under police investigation, exposed usernames, email addresses, personal IDs, addresses, and sensitive information like medical records. The City is implementing security measures and monitoring networks closely to prevent future breaches.
Hacker Scrapes 49 Million Customer Records from Company Servers
A hacker, self-identified as Menelik, orchestrated a massive data breach targeting Dell, extracting data from 49 million customer records over three weeks. Using brute force on the company’s portal and setting up partner accounts, the hacker gained access to sensitive information, including names, addresses, and purchase data. Despite sending alerts to Dell about the vulnerability, the breach remained undetected for weeks, prompting Dell to notify law enforcement and commence an investigation.
Cyber Attacks
Black Basta Ransomware Strikes 500+ Organizations Globally: FBI Issues Advisory
Black Basta ransomware affiliates have hacked 500+ organizations since April 2022, impacting healthcare and critical sectors globally. The FBI, CISA, and others issued a joint advisory with tactics and IOCs. Elliptic and Corvus found a $107 million ransom link to Conti. Mitigation strategies are recommended for critical infrastructure protection.
LLMjacking: Uncovering a Sophisticated Cloud-Hosted AI Model Attack
Researchers discovered ‘LLMjacking,’ a cloud-based attack targeting large language model (LLM) services. Attackers breach vulnerable systems, obtain cloud credentials (e.g., AWS), and access LLM models, notably Claude from Anthropic. They use a Python script to validate keys and a reverse proxy to provide unauthorized LLM access, potentially costing victims over $46,000 daily.
Threat Actors Exploit DNS Tunneling for Tracking and Network Scans
Threat actors have adopted Domain Name System (DNS) tunneling to monitor user activities post-phishing and to conduct network scans for vulnerabilities covertly. DNS tunneling allows encoding data within DNS queries, enabling covert communications. Palo Alto Networks’ Unit 42 discovered two campaigns—TrkCdn and SecShow—utilizing DNS tunneling for victim tracking and network scanning, highlighting the need for organizations to monitor DNS traffic for unusual patterns and limit DNS resolvers to essential queries.
Investigation Launched: Cyberattacks Target British Columbia Government Networks
The Government of British Columbia is investigating multiple cybersecurity incidents impacting government networks. Premier David Eby stated no evidence shows sensitive information was accessed or stolen. Collaborating with Cyber Centre, they aim to determine the extent of the incidents and enhance data security measures. Specific details about the incidents and their detection remain undisclosed.
If this news content is useful to you, please leave your feedback.
Leave a Reply