Cyber Briefing: 2024.12.26
👉 What's going on in the cyber world today?
Python Packages, Zebo, Cometlogger, User Data Theft, Dark Web, KYC Data, Biometric Information, Apache Corporation , SQL Injection, Traffic Control, IBM AIX, Denial of Service, Dell Technologies , SupportAssist, Japan Airlines Cyberattack, European Space Agency - ESA , Payment Card Data, Theft, Yat Siu , Cryptocurrency Scam, Pittsburgh Regional Transit , Ransomware Attack, Allendale Long-Term Care Home, Health Records Breach, US, China, Semiconductor Trade, Turkey, Crypto, Anti-Money Laundering, Iran, WhatsApp , Google Play Store, South Korea, North Korea, Crypto Heists, National Bureau of Statistics Nigeria , Cybersecurity Training
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
Two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, have been found on PyPI, designed to steal sensitive data, log keystrokes, capture screenshots, and maintain long-term system control. Zebo-0.1.0 uses pynput and ImageGrab for data collection and startup scripts for persistence, while Cometlogger-0.1 targets platforms like Discord and Steam to steal tokens and credentials, employing anti-VM detection and dynamic code injection.
A significant dark web operation has been discovered that targets Know Your Customer (KYC) verification systems by collecting and exploiting genuine identity documents and biometric data. Originating in the LATAM region, the operation involves individuals selling their real identity details, enabling attackers to develop sophisticated techniques for bypassing traditional identity verification methods. These packages, which include authentic documents and corresponding facial images, allow criminals to impersonate legitimate users, undermining existing security measures.
Apache has patched a critical SQL injection vulnerability in its Traffic Control software, tracked as CVE-2024-45387, which was rated 9.9/10 on the CVSS scale due to its severity. The flaw, affecting versions 8.0.1 and below, allows attackers with privileged roles to send specially crafted PUT requests, executing arbitrary SQL commands on the database. Discovered by Yuan Luo of Tencent YunDing Security Lab, the vulnerability could compromise the security of systems using Apache Traffic Control.
IBM has identified vulnerabilities in its AIX operating system that could allow attackers to trigger a Denial of Service (DoS) condition. The flaws, found in the TCP/IP and perfstat kernel extensions, could be exploited by non-privileged local users to disrupt system availability. CVE-2024-47102 is related to improper input validation in the perfstat extension, while CVE-2024-52906 involves a race condition in the TCP/IP extension.
A newly discovered vulnerability in Dell’s SupportAssist software, tracked as CVE-2024-52535, poses a significant risk to affected systems by allowing low-privileged authenticated users to escalate their privileges. This vulnerability, present in versions 4.6.1 and earlier of SupportAssist for Home PCs and 4.5.0 and earlier for Business PCs, stems from a symbolic link attack within the software's remediation component. By exploiting this flaw, attackers can perform unauthorized actions, including the arbitrary deletion of critical system files.
Japan Airlines (JAL) faced significant operational disruptions on December 26, 2024, due to a cyberattack that impacted its internal systems. The attack, detected at 7:24 AM JST, caused malfunctions in communication systems, affecting both domestic and international flights. More than 40 flights were delayed, and ticket sales for same-day departures were temporarily halted. While JAL acted swiftly to address the issue, including shutting down affected routers and restoring systems by afternoon, no customer data was compromised.
The European Space Agency (ESA) official online store was compromised on December 24, 2024, with a malicious script injected into the website’s checkout process. The script generated a fake Stripe payment page, capturing customers’ payment card information as they attempted to complete their purchases. The e-commerce security firm Sansec detected the attack, revealing that the domain used to exfiltrate the stolen data was nearly identical to the legitimate store’s domain but with a different top-level domain (.pics instead of .com).
Recommended by LinkedIn
Yat Siu, the co-founder of Animoca Brands, recently became the latest high-profile target in a series of cyberattacks targeting figures in the cryptocurrency and blockchain space. Siu’s X account was compromised through a phishing attack, allowing hackers to use his profile to promote a fraudulent token, "Animoca Brands (MOCA)," on the Solana-based memecoin platform, Pump.fun. The fake token initially gained attention, briefly surging to a value of over $36,000 before its value quickly collapsed to almost nothing.
Pittsburgh Regional Transit (PRT) in Pennsylvania was hit by a ransomware attack last week that caused significant disruption to its light rail system. Initially suspected to be a computer glitch, the issue was later confirmed as a cyberattack affecting the transit service. PRT immediately launched an investigation, activating its Cyber Incident Response Team, notifying law enforcement, and consulting with third-party cybersecurity experts.
In June 2024, a cybersecurity incident at Allendale Long-Term Care Home in Milton, Ontario, led to a significant privacy breach. The breach, caused by unauthorized access to third-party software, exposed personal health information of residents, including names, health details, and health card numbers. Investigations revealed that electronic health records dating from 2005 to July 2024 may have been compromised. While the home initially reported no personal information was involved, later findings confirmed the breach affected sensitive data.
The Biden administration has initiated a trade investigation into Chinese-made legacy semiconductors, which power everyday goods like automobiles, washing machines, and telecom equipment. The probe, launched by U.S. Trade Representative Katherine Tai, targets China's extensive state-driven efforts to build up domestic chip supply and its impact on American manufacturers. This investigation, conducted under Section 301 of the Trade Act, will focus on protecting U.S. semiconductor producers from what officials describe as unfair competition from Chinese chips offered at artificially lower prices.
Turkey is set to implement stricter cryptocurrency regulations starting February 25, 2025, with a focus on Anti-Money Laundering (AML) measures. Under the new rules, crypto service providers will be required to collect identifying information from users conducting transactions exceeding 15,000 Turkish lira ($425). The aim is to prevent money laundering and terrorism financing through crypto transactions. Providers will also need to verify wallet addresses not previously registered with them, and if they cannot obtain the necessary information, they may categorize the transaction as "risky" and halt it.
Iran has lifted a two-and-a-half-year ban on Meta’s WhatsApp and the Google Play Store, marking a significant step toward easing the country's stringent internet restrictions. The Supreme Council of Cyberspace made the decision after an unanimous vote, signaling a move towards improving internet access in Iran, where over 70% of internet traffic has been filtered. The lifting of the ban aligns with the campaign promises of President Masoud Pezeshkian, who took office in July.
South Korea has sanctioned 15 North Korean individuals, including members of the notorious Lazarus Group, in response to their involvement in major cryptocurrency heists and cyber thefts. These individuals are accused of generating funds for North Korea’s nuclear missile development program, with some agents allegedly working undercover for U.S. and Canadian companies to funnel the proceeds to Pyongyang. This move follows a year in which North Korean hackers stole over $1.3 billion in digital assets, accounting for more than 60% of the total cryptocurrency thefts in 2024.
The National Bureau of Statistics (NBS) Nigeria has allocated N35 million ($22,000) in its 2025 budget for “Capacity Building on Cybersecurity and Data Centre Management.” This move comes in response to a recent cyberattack that compromised the agency’s website on December 18, 2024. The breach raised concerns about the vulnerability of the bureau's digital infrastructure, given its critical role in providing official statistical data for Nigeria.
Subscribe and Comment.
Copyright © 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: