Overview of Current Cybersecurity Events

Welcome to this edition of Cyber Briefing, where we keep you updated on the most significant cybersecurity events, advisories, and alerts happening every weekday. New to this briefing? We encourage you to subscribe for important updates! 🚨 Cyber Alerts

1. OpenCart Vulnerability Discovered

A security expert, known by the handle "0xbro," identified a Static Code Injection vulnerability affecting OpenCart versions 4.0.0.0 to 4.0.2.3. This flaw allows for unauthorized data manipulation within crucial files. Despite responsibly reporting the issue, the researcher received an unprofessional response from OpenCart's administrator, Daniel Kerr, raising red flags about the company's security protocols.

2. Critical Security Flaws in ownCloud

ownCloud has alerted its users about three serious vulnerabilities that could lead to data breaches and unauthorized file changes. These flaws involve the potential for sensitive data leaks, bypassing WebDAV API authentication, and failing to validate subdomains. Users are urged to apply fixes, disable certain features, and update their credentials to enhance security. Meanwhile, a critical remote code execution vulnerability in CrushFTP has been discovered, allowing unverified attackers to access files and execute programs without authentication.

3. Surge in Phishing Attacks Ahead of Black Friday

Researchers have reported a notable increase in phishing emails targeting consumers ahead of Black Friday and Cyber Monday. These emails often impersonate well-known brands and employ various deceptive tactics, including realistic templates and social engineering strategies to trick recipients into revealing sensitive information or clicking on harmful links. Users are advised to carefully verify offers and utilize strong anti-phishing and anti-malware protections in both personal and professional settings.

4. Malicious Chrome Extensions Targeting Brazil

A malicious Google Chrome extension named "ParaSiteSnatcher" has been uncovered, showcasing a sophisticated mechanism for extracting highly sensitive information by monitoring and manipulating various data sources. This extension exploits the Chrome Browser API to capture significant information from POST requests, especially those that contain financial data, before the HTTP connection is established. Specifically targeting Latin American users, particularly in Brazil, ParaSiteSnatcher aims at major financial institutions like Banco do Brasil and Caixa Econômica Federal, extracting transaction-related data, Brazilian Tax IDs, and Microsoft account cookies.

This video briefing from August 27, 2024, delves into the latest cyber threat intelligence, highlighting key vulnerabilities and incidents in the cybersecurity landscape.

Cyber Incidents on the Rise

5. Ransomware Attack on China Energy Engineering

The Rhysida ransomware group has claimed responsibility for breaching China Energy Engineering Corporation, threatening to auction off stolen data for 50 BTC. Their attack methods, as highlighted in FBI-CISA advisories, include exploiting vulnerabilities like Zerologon and employing off-the-shelf tools.

6. Cyber Incident at Vanderbilt Medical Center

Vanderbilt University Medical Center is currently investigating a cybersecurity incident after a database was compromised, leading to its appearance on the Meow ransomware gang's leak site. Although the hospital has confirmed the breach, initial assessments indicate that no sensitive personal or protected information was exposed. This incident raises questions about the evolving tactics used by cybercriminals.

7. Cyber Av3ngers Breach Aliquippa Water Authority

The Municipal Water Authority of Aliquippa reported a successful cyberattack by the Iranian-backed group Cyber Av3ngers, which gained access to one of their booster stations. Despite the breach, officials have assured that the integrity of the drinking water supply remains unaffected.

8. KyberSwap Suffers $55 Million Theft

KyberSwap, a decentralized exchange, was targeted in a sophisticated cyberattack on November 22, resulting in a loss of approximately $55 million in user funds due to a vulnerability in its Elastic smart contracts. The company has since halted deposits, initiated an investigation, and is negotiating with attackers, offering a 10% bounty for the recovery of the stolen funds.

9. General Electric Investigates Data Breach

General Electric is looking into claims of a cyberattack and data theft reported by a threat actor known as IntelBroker, who allegedly breached GE's development environment and leaked sensitive data, including military-related information from DARPA. While GE is aware of the claims, the breach remains unverified.

10. BlackCat's Re-Encryption of Henry Schein

Henry Schein, Inc., has experienced a cybersecurity incident that disrupted its operations. Initially, the AlphV (BlackCat) group claimed responsibility, impacting its dental and medical distribution processes. Although efforts to restore systems are underway, BlackCat's re-encryption of their platforms has led to ongoing issues with their e-commerce applications.

Cyber News Highlights

11. Broadcom's Acquisition of VMware Moves Forward

Broadcom has successfully navigated all regulatory hurdles for its $69 billion acquisition of VMware, with plans to finalize the deal this Wednesday following approval from China. This acquisition represents a strategic effort by Broadcom to enhance its position in the cloud technology sector.

12. Toronto Library Systems Affected Until 2024

Following a cyberattack in late October, the Toronto Public Library continues to struggle with system restorations, which are now expected to extend until 2024. While some services will gradually resume from January, the library is prioritizing the enhancement of its network security.

13. Pentagon's AI Initiative Raises Concerns

The Pentagon's Replicator initiative aims to deploy thousands of AI-enabled autonomous vehicles by 2026, raising ethical questions surrounding the use of fully autonomous lethal weapons. While advancements in military AI technology offer benefits in surveillance and maintenance, they also present significant operational challenges.

14. EU Commission Faces Criticism Over Spyware Regulation

European lawmakers have expressed frustration with the European Commission for its failure to act on recommendations aimed at tightening regulations on spyware within the EU. The commission has yet to implement the PEGA Committee's proposals for stricter export controls and limitations on spyware usage.

15. New AI Guidelines from CISA and UK NCSC

CISA and the UK NCSC have collaborated to release comprehensive guidelines for the secure development of AI systems, highlighting essential recommendations for stakeholders involved in AI. This significant publication promotes Secure by Design principles, emphasizing transparency, accountability, and prioritizing security in AI system development.

In this video briefing, Cyber Briefing for 2024.09.18 discusses the latest developments in cybersecurity, including emerging threats and recommended practices.

Subscribe and Join the Conversation.

Copyright © 2023 CyberMaterial. All Rights Reserved.

Stay connected with CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.