Cyber Briefing: 2024.11.12

Cyber Briefing: 2024.11.12

👉 What's the latest in the cyber world today?

  Microsoft , Visio Files, SharePoint , Phishing, SpyAgent, Android Malware, Cryptocurrency, WPLMS, WordPress Theme, Command Injection, D-Link NAS, XStream, Denial of Service, BinaryStreamDriver, Amazon Breach, Ahold Delhaize Cyberattack, Cox Law Group , Hakuten Corporation , Tor Network, IP Spoofing Attack, World Economic Forum , Anti-Cybercrime Partnerships, The White House , Russia, Ransomware Actors, Healthcare, The Netherlands, Telegram Messenger , Criminal Data, Australia, ANZ , Banking Code, AI, VMware , Free Access, Workstation, Fusion



 Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.



🚨 Cyber Alerts


1. New Phishing Attack Exploits Visio Files

Hackers have unveiled a sophisticated two-step phishing attack that exploits Microsoft Visio files and SharePoint to deceive users and capture credentials. This method begins with emails sent from compromised accounts, often posing as business proposals or purchase orders. These messages contain links to SharePoint-hosted Visio (.vsdx) files, which are widely trusted for creating professional diagrams. Once a user clicks the link, they are directed to a SharePoint page containing the malicious Visio file, which features a “View Document” button that requires users to hold down the Ctrl key while clicking.


2. New SpyAgent Malware Steals Cryptocurrencies

SpyAgent, a new Android malware, is targeting cryptocurrency users by capturing screenshots of sensitive data stored on infected devices. Utilizing Optical Character Recognition (OCR) technology, SpyAgent can extract valuable information, such as cryptocurrency wallet recovery phrases, from images without relying on text-based detection. Distributed outside official app stores via phishing messages, SpyAgent lures users into downloading fake apps, which then capture screenshots of wallet phrases and other personal data.


3. WPLMS WordPress Theme Flaw Exposes RCE

A critical vulnerability in the WPLMS WordPress theme (CVE-2024-10470) exposes websites to Remote Code Execution (RCE) attacks due to an insecure path traversal flaw. Affecting all versions of the WPLMS Learning Management System (LMS) theme up to version 4.962, the vulnerability allows attackers to read and delete arbitrary files on the server, including sensitive files like wp-config.php. This flaw can be exploited without authentication, even if the theme is inactive, and can lead to full server compromise.


4. Critical Flaw Exposes Legacy D-Link Devices

D-Link has issued a warning regarding a critical-severity command injection vulnerability (CVE-2024-10914) affecting several of its discontinued NAS models. The flaw, which has a CVSS score of 9.2, impacts devices such as the DNS-320, DNS-325, and DNS-340L, among others. The vulnerability arises from improper sanitization of the "name" parameter when adding new users, allowing attackers to send malicious HTTP GET requests and inject arbitrary shell commands remotely.


5. High Severity DoS Flaw Affects XStream

A high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2024-47072, has been identified in XStream, a widely used Java library for object serialization. The flaw affects all versions of XStream up to and including 1.4.20 when the BinaryStreamDriver is utilized. This vulnerability allows attackers to trigger a stack overflow by exploiting insecure handling of string value IDs during the deserialization process. As a result, the application crashes, leading to service disruption.



💥 Cyber Incidents


6. Amazon Hit With Third Party Data Breach

Amazon has confirmed a significant data breach, exposing employee information, including email addresses and phone numbers, from over 25 major companies, such as HP, Lenovo, Delta Airlines, and HSBC. The breach is linked to a vulnerability in MOVEit, a file transfer software, identified in mid-2023, which allowed hackers to bypass authentication and access secure data. The exposed data, dating back to May 2023, also includes some organizational structures of employees.


7. Ahold Delhaize Cyberattack Disrupts Brands

Ahold Delhaize, a global leader in grocery and eCommerce services, is currently dealing with a cybersecurity breach affecting its U.S. operations. The attack, which disrupted pharmacy services and eCommerce platforms across several major grocery chains including Food Lion, Hannaford, and Stop & Shop, led to temporary outages of critical services such as pharmacy transactions and online orders. While physical stores remained open, some services were offline for several days.


8. Cox Law Group Suffers Breach Exposing Data

Cox Law Group recently informed its clients about a cybersecurity incident that may have affected personal information. Detected on or around September 18, 2024, suspicious activity prompted the firm to take immediate action to secure its systems. While there is no evidence that any personal data has been used maliciously, the firm is offering free identity monitoring services as a precaution. This includes services such as credit monitoring, fraud consultation, and identity theft restoration through Kroll, a global leader in risk mitigation.


9. Hakuten Suspends Website After Breach

Hakuten, a company based in Japan, has temporarily suspended access to its corporate website after detecting unauthorized access to its server. The breach led to the decision to take the website offline, although the investor relations (IR) site remains accessible, as it is hosted on a separate, unaffected server. The company has apologized for the inconvenience caused to its customers, partners, and stakeholders and is working to investigate the incident.


10. Tor Network Hit by IP Spoofing Attack

In late October 2024, the Tor network experienced a significant IP spoofing attack targeting its non-exit relays. The attack triggered a wave of abuse complaints related to unauthorized port scanning activities, causing some relays to be temporarily taken offline. Despite the inconvenience faced by relay operators, who had to deal with hosting providers blocking or suspending their relays, the overall privacy and security of Tor users were not compromised. The attack was gradually brought under control by November 7, 2024.



📢 Cyber News


11. WEF Unveils Framework to Combat Cybercrime

The World Economic Forum (WEF) has unveiled a new framework aimed at strengthening partnerships to combat cybercrime. Building on the success of operations like LockBit takedown and ‘Trust No One,’ the WEF's framework emphasizes three key pillars for collaboration: incentives for organizations to cooperate, strong governance structures, and the necessary resources to establish and maintain partnerships. The framework advocates for clear missions, peer-to-peer learning, and public recognition to drive participation, alongside flexible governance models to ensure effective collaboration.


12. White House Blasts Russia Over Ransomware

The Biden administration has called out Russia for enabling ransomware actors to target critical sectors, particularly healthcare. During a briefing at the United Nations Security Council, Anne Neuberger, Deputy National Security Adviser, accused Russia of harboring cybercriminals, citing recent attacks like those from BlackCat and LockBit that have hit hospitals globally. The growing threat of ransomware has had devastating impacts on healthcare systems, causing widespread disruptions and delays in medical services.


13. Telegram Hands Criminal Data to Authorities

Telegram has for the first time provided criminal user data to Dutch authorities, marking a significant shift in the platform's previous stance on judicial requests. The Dutch Public Prosecution Service announced that it had obtained data from Telegram for 20 criminal cases, including those related to weapons trafficking, drug trade, and illegal content involving minors. Telegram's cooperation also extended to assisting in the removal of inappropriate content.


14. 7% of ANZ Banking Code is AI Generated

ANZ Banking has revealed that over 7% of the code written by the bank in the past six months has been generated by artificial intelligence (AI). This milestone comes as part of the bank's broader adoption of AI tools, particularly GitHub Copilot, which was incorporated in May 2023. ANZ CEO Shayne Elliott emphasized the bank's strategic use of AI to enhance productivity and improve its technological infrastructure. The bank has invested heavily in AI-driven platforms, contributing to the development of its digital retail services, such as ANZ Plus, and corporate offerings like ANZ Transactive.


15. VMware Makes Workstation and Fusion Free

VMware has announced that its desktop hypervisors, VMware Fusion and VMware Workstation, are now free for everyone, including commercial, educational, and personal use. This change follows VMware's earlier decision in May to make VMware Workstation Pro and Fusion Pro free for personal use, enabling students and home users to set up virtualized test labs and run virtual machines on Windows, Linux, and macOS devices. With this latest update, both products will no longer be available under a paid subscription model, and users can access all the features previously found in the paid versions without cost.



Subscribe and Comment.

Copyright © 2024 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.




To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics