Cyber Briefing: 2024.11.21

Cyber Briefing: 2024.11.21

👉 What's going on in the cyber world today?

 Ghost Tap, NFC, Payment Apps, Google Pay , Apple Pay, NodeStealer Malware, facebook ads , Credit Cards, Gabagool, Phishing Campaign, Cloudflare , Security Filters, Kubernetes Vulnerability, Apple Zero-Days, Thailand, The 1 , Ukrainian Intelligence, Russia, MTS Bank, France, Lozère Chamber of Agriculture, Softway Medical Group , Ransomware Attack, Italy, INPS Servizi SpA , Google , Antitrust Lawsuit, Cybersecurity and Infrastructure Security Agency , Software Weaknesses, GitHub Fund, Open Source Security, Scattered Spider Gang, U.S. Department of Justice , N-able , Adlumin , Acquisition



 Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.



🚨 Cyber Alerts


1. NFC Exploited for Mobile Payment Theft

Hackers are exploiting NFC technology in a scheme known as Ghost Tap, enabling them to steal funds from mobile payment services like Google Pay and Apple Pay. The attack involves banking malware or phishing to steal card credentials and one-time passwords, linking stolen cards to payment apps. Using a tool called NFCGate, attackers relay tap-to-pay data to mules who make fraudulent transactions at retail point-of-sale terminals. This method allows cybercriminals to operate globally and anonymously, evading anti-fraud systems by mimicking legitimate transactions.


2. NodeStealer Malware Targets Facebook Ads

NodeStealer, a Python-based malware, has evolved to target Facebook Ads Manager accounts and steal credit card data stored in victims' web browsers. Originally a JavaScript-based threat, NodeStealer now employs sophisticated techniques to harvest sensitive information, including using stolen cookies to generate access tokens through the Facebook Graph API. Researchers at Netskope revealed that attackers use the malware to hijack Facebook accounts for malvertising campaigns, which promote further malware infections.


3. Gabagool Uses Cloudflare to Bypass Security

A sophisticated phishing campaign, dubbed "Gabagool," has been uncovered by the TRAC Labs team, targeting corporate and government employees. This campaign uses Cloudflare's R2 storage service to host malicious content, exploiting the platform's trusted reputation to bypass security filters. The attack begins with phishing emails sent from compromised mailboxes, which contain links redirecting users through multiple file-sharing platforms before landing on a Cloudflare R2 bucket page.


4. Critical Kubernetes Vulnerability Allows RCE

A critical security vulnerability, tracked as CVE-2024-10220, has been discovered in Kubernetes, affecting clusters using the in-tree gitRepo volume to clone repositories into subdirectories. This high-severity flaw, with a CVSS score of 8.1, allows attackers to execute arbitrary commands outside of container boundaries by exploiting the hooks folder in target repositories. The vulnerability impacts Kubernetes versions v1.28.11 to v1.30.2, posing a significant threat to the security of affected clusters. Kubernetes administrators are advised to update to fixed versions (v1.31.0, v1.30.3, v1.29.7, or v1.28.12), or alternatively, use an init container for Git cloning tasks.


5. Apple Patches Actively Exploited Zero-Days

Apple has rolled out urgent security updates to address two zero-day vulnerabilities actively exploited in the wild. The flaws, CVE-2024-44308 and CVE-2024-44309, affect JavaScriptCore and WebKit components, respectively, and could lead to arbitrary code execution and cross-site scripting (XSS) attacks. The vulnerabilities were discovered by Google's Threat Analysis Group and are believed to be exploited in targeted attacks, potentially involving government-backed or mercenary spyware.



💥 Cyber Incidents


6. The 1 Co Suffers Data Breach Affecting 5M

The 1 Co, a retail loyalty program part of Central Group, has issued an apology following a data breach that affected approximately 5 million customers. Despite an initial investigation revealing no flaws in its security systems, the company has expressed deep concern over the incident and is taking immediate action to enhance security measures. The breach has prompted the company to cooperate with both government and private organizations to further assess its systems.


7. Ukrainian Hackers Disrupt Russian MTS Bank

Ukrainian intelligence hackers, reportedly from the Cyber Corps of the Defense Intelligence of Ukraine, have launched a significant cyberattack on Russian MTS Bank. The attack, which began on November 19, 2024, involved a large-scale Distributed Denial of Service (DDoS) assault, leading to widespread disruptions in the bank's services. Users in Russia reported difficulties accessing mobile apps, making transfers, withdrawing cash, and paying for services. The MTS-Business online banking platform was also affected, with some reports of funds being erroneously debited from accounts.


8. Lozère Chamber of Agriculture Hit by Attack

The Lozère Chamber of Agriculture in France fell victim to a cyberattack on Monday, which has severely disrupted its operations. The attack has limited access to the chamber's computer systems, prompting an immediate response from the IT department to investigate the breach's origin. Security analyses are ongoing as officials work to restore normalcy. This incident follows a similar cyberattack last October, which targeted the Normandy Chambers of Agriculture, highlighting a concerning trend in the sector.


9. Cyberattack Exposes Data of 750K Patients

Softway Medical Group has confirmed a cyberattack targeting its MediBoard platform, which is used by hospitals for electronic patient record (EPR) management. The breach, which impacted patient data from French hospitals, was not caused by any software vulnerability or misconfiguration within MediBoard, according to the company. Instead, the compromise occurred due to the use of stolen credentials from the affected hospital.


10. Ransomware Attack Hits Inps Servizi Systems

On November 18, 2024, Inps Servizi, an Italian provider of cumulative contribution data for companies via model F24 to QuAS, fell victim to a ransomware cyberattack. The breach only affected Inps Servizi's internal systems and did not impact the broader operations of QuAS. The compromised data was limited to the total contributions paid by companies and did not include any personal information of individual members.



📢 Cyber News


11. US Seeks to Force Google to Sell Chrome

The U.S. Justice Department, along with a group of states, has escalated its antitrust case against Google by requesting a federal court to force the tech giant to sell its popular Chrome browser. This move follows a ruling in August 2024, where Judge Amit Mehta found that Google had illegally maintained a monopoly over online search. The lawsuit also demands Google either sell Android or be prohibited from making its services mandatory on Android devices. Additionally, the government seeks to stop Google’s paid agreements with Apple and others to be the default search engine.


12. CISA Releases Top 25 Software Weaknesses

The US Cybersecurity and Infrastructure Security Agency (CISA) has released its 2024 list of the Top 25 Most Dangerous Software Weaknesses, developed in collaboration with the Homeland Security Systems Engineering and Development Institute. This list highlights the most commonly exploited vulnerabilities, which cybercriminals use to steal data, disrupt services, and compromise systems. The ranking is based on data from over 31,000 CVE records and identifies critical weaknesses, such as SQL injection, cross-site scripting, and out-of-bounds write errors.


13. GitHub Launches $1.25M Fund for Open Source

GitHub has announced the launch of the GitHub Secure Open Source Fund, with an initial $1.25 million investment aimed at improving the security of 125 open-source projects. This initiative, which is accepting applications until January 7, 2025, offers financial support, security education, certification, mentorship, and access to GitHub's Security Lab. Each project will receive $10,000 in funding and additional resources such as free access to GitHub tools like Copilot and Secret Scanning.


14. Five Members of Scattered Spider Indicted

Five members of the Scattered Spider cybercrime group have been indicted in the U.S. for their role in a multi-million dollar cybercrime operation. The gang used sophisticated social engineering techniques, such as phishing attacks, to target employees at major companies, stealing credentials to access sensitive data, including cryptocurrency accounts. The accused—ranging from 20 to 25 years old and based in the U.S. and U.K.—have been charged with conspiracy to commit wire fraud, identity theft, and other offenses.


15. N-able Acquires Adlumin for $266 Million

N-able has acquired cybersecurity operations vendor Adlumin for up to $266 million, a strategic move aimed at enhancing its IT management platform with cloud-native XDR (Extended Detection and Response) and MDR (Managed Detection and Response) solutions. This acquisition, which brings Adlumin’s advanced threat detection, ransomware prevention, and compliance automation expertise to N-able’s offerings, will help address the growing demand for integrated security solutions.



Subscribe and Comment.

Copyright © 2024 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.




To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics