Cyber Briefing: 2024.12.02
👉 What's happening in cybersecurity today?
MediaTek , Bluetooth SIG Chipset, Vulnerability, Android , Kimsuky, Malwareless Phishing, Poison Ivy APT, InputSnatch, Side-Channel Attack, LLMs, Apple Safari, Remote Code Execution, UK Ministry of Defence , Breach, Staff Data, Bologna FC 1909 , RansomHub Attack, Clipper DEX, Withdrawal Flaw, Dewan Farooque Motors Limited , Data Corruption, Spectral Labs , Syntax Flaw, European Union , Cybersecurity Laws, ICPC | International Cable Protection Committee , Submarine Cable Security, Meta , Financial Advertisements, Elon Musk, OpenAI , Antitrust, Russian Hackers, LockBit, Hive Ransomware, US Indictment
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
MediaTek, the world’s second-largest provider of smartphone chipsets, has disclosed a series of critical vulnerabilities in its Bluetooth and other system components, affecting over 1.5 billion active Android devices. The most severe issue, CVE-2024-20125, involves an out-of-bounds write in the vdec component, allowing attackers to achieve local privilege escalation without user interaction on devices running Android 13 and 14.
The North Korean hacking group Kimsuky has advanced its phishing tactics by adopting malwareless techniques designed to evade endpoint detection and response (EDR) systems. According to South Korean researchers, these attacks leverage convincing emails impersonating entities such as financial institutions and public organizations, tricking targets into revealing sensitive information. A notable shift in their operations includes transitioning from Japanese email services to Russian domains, making fraudulent communications harder to detect.
The Poison Ivy APT (Advanced Persistent Threat) group, also known as APT-C-01, has significantly ramped up its cyber operations, targeting defense, government, technology, and education sectors. Active since 2007, this group utilizes sophisticated phishing techniques, including spear phishing and watering hole attacks, to compromise victims. Recent investigations have revealed that Poison Ivy mimics official websites to deceive users into downloading malicious payloads. These payloads deploy the Sliver Remote Access Trojan (RAT), a highly obfuscated malware capable of enabling unauthorized remote access and stealing sensitive information.
A recent study has revealed a concerning side-channel attack, dubbed "InputSnatch," which targets large language models (LLMs) by exploiting timing differences in cache-sharing mechanisms. These optimizations, used by many LLM providers, allow attackers to reconstruct private user queries by measuring response times. The attack utilizes both prefix caching and semantic caching, which inadvertently leak information about user input.
A critical remote code execution (RCE) vulnerability, identified as CVE-2024-44308, has been discovered in Apple Safari, affecting iOS, iPadOS, macOS, and visionOS platforms. The flaw, stemming from a register corruption issue in WebKit’s DFG JIT compiler, allows attackers to execute arbitrary code through maliciously crafted web content. This vulnerability has been actively exploited, particularly targeting Intel-based Mac systems, as reported by Google’s Threat Analysis Group (TAG).
The Ministry of Defence (MoD) has fallen victim to a cyberattack that exposed the login credentials of nearly 600 employees, including military personnel, civilian staff, and defence contractors. The stolen data, leaked onto the dark web, includes sensitive information such as email addresses and passwords for the Defence Gateway portal, which, while not holding classified data, is crucial for internal communications, HR services, and health records. Early investigations suggest the hackers exploited vulnerabilities in personal devices to bypass the platform's multi-factor authentication.
Bologna FC has confirmed it fell victim to a ransomware attack after the RansomHub group leaked stolen data online. The breach, which occurred on November 19, 2024, resulted in the theft of sensitive information, including player medical records, financial data, sponsorship contracts, and transfer strategies. Despite attempts by the attackers to extort the club, the stolen data was ultimately published on the dark web. Bologna FC has warned the public against possessing or sharing the leaked information, as doing so is considered a serious criminal offense.
Clipper, a decentralized exchange (DEX), recently suffered a cyberattack on December 1, 2024, leading to a loss of approximately $450,000. Contrary to early rumors of a private key leak, Clipper confirmed that the breach was due to a vulnerability in its withdrawal functionality on the Optimism and Base pools. The exploit allowed the attacker to manipulate the withdrawal process, withdrawing more funds than initially deposited. Although other chains were targeted, they were not affected.
Dewan Farooque Motors Limited (DFML) recently suffered a cyber-attack that led to the corruption of crucial corporate data and the crashing of its IT servers. The company announced the incident in a notice to the Pakistan Stock Exchange on November 29, 2024, revealing that the attack, caused by malware, forced the postponement of an important board meeting. DFML stated that the restoration of its financial and information systems, including data from the first quarter ending September 30, 2024, would take significant time.
Spectral Labs recently identified a vulnerability in its Syntax platform, which allows users to create on-chain AI agents without coding. The vulnerability, located in the bonding curve, enabled an attacker to steal $200,000 worth of tokens. In response, Spectral Labs temporarily disabled access to Syntax and paused all contracts to prevent further damage. The team has confirmed they are working to resolve the issue and is thoroughly testing the platform before resuming operations. This breach highlights the ongoing security challenges in the crypto and decentralized finance space, as vulnerabilities continue to expose digital assets to theft.
The European Union has adopted two crucial laws as part of its cyber security legislative package to enhance its resilience against cyber threats. The "Cyber Solidarity Act" establishes a pan-European infrastructure of cyber hubs, leveraging advanced technologies like AI and data analytics to share real-time alerts and respond more effectively to cyber incidents. It also introduces a cybersecurity emergency mechanism and a reserve of private sector incident response services.
The United Nations, alongside the International Telecommunication Union (ITU) and the International Cable Protection Committee (ICPC), has established the International Advisory Body for Submarine Cable Resilience. This body aims to bolster the protection of submarine cables, which are crucial for over 99% of global data exchange. The creation of this advisory group follows several recent incidents, including a criminal investigation into damage caused to subsea cables by a Chinese vessel.
Meta is implementing new verification requirements for financial advertisers on its platforms in Australia, aiming to combat fake celebrity investment scams. Starting in February 2025, businesses will need to provide their Australian financial services licence number, while individuals must submit a government-issued ID. These advertisers will also have to verify their business documents and provide a work email address. Meta is responding to increasing pressure to curb scams that use deepfake images of public figures to promote fraudulent investments, with reported losses in 2024 amounting to $135 million.
Elon Musk has filed a motion to block OpenAI from transitioning to a for-profit model, alleging the move violates the terms of his "foundational contributions" to the organization. Musk, who co-founded OpenAI in 2015, claims the shift undermines its original charitable mission and accuses the company, along with Microsoft, of engaging in anti-competitive practices. Through exclusive partnerships, Musk argues that OpenAI and Microsoft now control nearly 70% of the generative AI market, effectively monopolizing the sector.
Mikhail Pavlovich Matveev, a Russian hacker linked to the notorious LockBit and Hive ransomware groups, has been arrested in Russia following U.S. indictments for his involvement in global ransomware attacks. Matveev, known by aliases such as Wazawaka and m1x, allegedly created malicious software to encrypt victims' files and demand ransom for decryption. He has been charged under Russian law for the creation and distribution of computer programs causing harm to information systems.
Subscribe and Comment.
Copyright © 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: