CyberSecurity updates
2024-12-11 01:08:30 Pacfic

Alleged Russian Interference in Romanian Presidential Election - 3d
Alleged Russian Interference in Romanian Presidential Election

The Romanian presidential election was annulled following allegations of Russian interference, involving 25,000 fake accounts and 85,000 cyberattacks on election systems. The interference involved coordinated disinformation campaigns and social media manipulation. The EU is tightening its control over TikTok as a consequence of this event. The incident highlights the increasing risk of foreign interference in democratic processes using digital platforms and cyberattacks. This shows how election systems can be manipulated to affect the outcome of elections.

BlueAlpha APT Leverages Cloudflare Tunnels for Malware Distribution - 2d
BlueAlpha APT Leverages Cloudflare Tunnels for Malware Distribution

The Russian state-sponsored APT group BlueAlpha is using Cloudflare Tunnels to distribute custom malware, such as GammaDrop and GammaLoad. They employ spearphishing with malicious HTML attachments to evade detection and maintain persistent access to compromised networks. This activity highlights the abuse of trusted infrastructure for malicious purposes.

Blue Yonder Supply Chain Ransomware Attack - 1d
Blue Yonder Supply Chain Ransomware Attack

Blue Yonder, a supply chain software company, suffered a ransomware attack on November 21, 2024. The Termite ransomware group claimed responsibility for the breach, threatening to publish stolen data. The attack impacted several major clients, including Starbucks, BIC, and Morrisons, causing disruptions. Blue Yonder is investigating the incident, and the full extent of the data breach and its impact is still being assessed. This is a significant incident in the supply chain due to the number of large companies impacted.

Critical Vulnerabilities in Industrial Control Systems - 1d
Critical Vulnerabilities in Industrial Control Systems

Multiple critical vulnerabilities have been disclosed impacting various Industrial Control Systems (ICS) products. These vulnerabilities, identified in AutomationDirect’s C-More EA9 Programming Software, Planet Technology’s industrial switch WGS-804HPT, and other products, could enable remote code execution (RCE) and other serious security compromises if exploited. The vulnerabilities highlight the ongoing challenge of securing critical infrastructure against sophisticated cyberattacks. Organizations are urged to apply the necessary mitigations and keep their ICS software updated to prevent attacks and minimize the risk to their operations.

Pegasus Spyware Infections Proliferate Across Devices - 2d

This cluster reports on findings by iVerify regarding the widespread use of Pegasus spyware. The research indicates a broader impact than previously known, affecting not just high-profile individuals but also ordinary users. This underscores the ongoing threat of sophisticated spyware and the need for robust mobile security.

Bootkitty: First UEFI Bootkit Targeting Linux Systems - 12d

ESET researchers discovered Bootkitty, the first UEFI bootkit designed for Linux systems. While appearing to be a proof-of-concept, its existence signals a concerning shift in the UEFI threat landscape, expanding threats beyond traditionally targeted Windows systems. Further research is needed to determine its potential for active exploitation and the extent of its capabilities.

Tor Project needs WebTunnel Bridges - 10d
Tor Project needs WebTunnel Bridges

The Tor Project is seeking volunteers to establish 200 WebTunnel bridges to counter increased online censorship in Russia, which is actively blocking access to Tor and other circumvention tools. This highlights the ongoing struggle for internet freedom and the need for resilient anonymity tools.

Malicious PyPI Crypto Client Steals Wallet Data - 11d
Malicious PyPI Crypto Client Steals Wallet Data

A malicious PyPI package, ‘aiocpa’, disguised as a legitimate cryptocurrency client, was used to steal cryptocurrency wallet information. Attackers used a stealthy approach, publishing their own package instead of typosquatting. The malicious code was obfuscated using Base64 encoding and zlib compression; it exfiltrated sensitive data to a Telegram bot. This highlights the risk of malicious packages in software supply chains.

Cyberattack Disrupts UK Hospital Operations - 10d
Cyberattack Disrupts UK Hospital Operations

A cyberattack caused a major incident at the UK’s Wirral University Teaching Hospital (WUTH), resulting in postponed appointments and procedures and a system outage. The hospital moved to paper-based methods and continues to experience disruptions. This highlights the vulnerability of healthcare systems to cyberattacks and the potential for serious disruption to patient care.

Data Broker Exposes 600,000 Sensitive Files - 11d

A data broker, SL Data Services, exposed 644,869 sensitive files, including background checks, in a publicly accessible cloud storage container. The files contained personal information like names, addresses, phone numbers, and criminal histories. This highlights the risks of data brokers and the need for individuals to protect their personal information.

FSB Uses Trojan App to Monitor Russian Programmer - 3d
FSB Uses Trojan App to Monitor Russian Programmer

The FSB, Russian Federal Security Service, allegedly used a trojanized application to monitor a Russian programmer accused of supporting Ukraine. This highlights the use of sophisticated surveillance techniques by state actors against individuals perceived as threats. The incident underscores the importance of digital security and privacy, especially in high-risk environments. The spyware was hidden in an app that the programmer downloaded.

Chinese Ship Suspected of Severing Undersea Cables in the Baltic Sea - 10d
Chinese Ship Suspected of Severing Undersea Cables in the Baltic Sea

A Chinese commercial vessel, Yi Peng 3, is suspected of intentionally dragging its anchor across the Baltic seabed, severing two critical undersea telecommunications cables between Lithuania, Sweden, Finland, and Germany. Western officials believe that Russia likely orchestrated the incident as an act of sabotage against EU maritime infrastructure. The incident disrupted communications and raised concerns about the vulnerability of undersea cables. The Chinese ship’s actions, involving extended anchor dragging while its transponder was disabled, point to deliberate actions.

Brain Cipher Ransomware Attack on Deloitte UK - 4d

The Brain Cipher ransomware group claimed responsibility for a data breach at Deloitte UK, allegedly exfiltrating over 1 terabyte of sensitive data. The group publicized the breach, highlighting what they deemed elementary security flaws. Deloitte has not yet confirmed the incident or the extent of the data exfiltration.

SmokeLoader Malware Campaign Targets Taiwan - 6d
SmokeLoader Malware Campaign Targets Taiwan

The SmokeLoader malware has been observed in a new campaign targeting Taiwanese companies across various sectors, including manufacturing, healthcare, and IT. Unlike previous campaigns where SmokeLoader acted as a downloader for other malware, this campaign directly executes the attack by downloading and executing malicious plugins from its C2 server. This approach enhances its capability and evasiveness. The malware utilizes social engineering techniques, such as personalized emails with generic content, to enhance its success rate.

Secret Blizzard Espionage Campaign Targeting Storm-0156 - 5d
Secret Blizzard Espionage Campaign Targeting Storm-0156

The Russian state-sponsored group Secret Blizzard has been found to have hijacked the infrastructure of other hacking groups for its operations, with a recent campaign targeting the Pakistan-based espionage cluster Storm-0156 (also known as SideCopy, Transparent Tribe, or APT36). Secret Blizzard’s actions involved installing backdoors, collecting intelligence, and compromising target devices in regions like South Asia and Ukraine. This sophisticated espionage operation highlights the increasing complexity of cyber threats and the ability of nation-state actors to leverage the resources of other groups for their malicious activities.

Godot Game Engine Exploited for Malware Delivery - 13d
Godot Game Engine Exploited for Malware Delivery

Check Point Research discovered a new malware delivery technique using the Godot game engine. Malicious GDScript code within .pck files is used to execute commands and deliver malware, evading detection by most antivirus engines. The GodLoader malware is distributed through a GitHub network, legitimized by ghost accounts. This multi-platform vulnerability affects Windows, macOS, Linux, Android, and iOS and poses a risk to millions of users. This is a new and innovative way to spread malware.