1. AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections
Moscow-based company, Social Design Agency (SDA), is linked to Operation Undercut, a covert campaign aimed at undermining Western support for Ukraine and influencing public opinion in the U.S. since December 2023.
Key Details:
- Tactics: Uses AI-enhanced videos and fake websites impersonating reputable news sources. Targets audiences in Ukraine, Europe, and the U.S.
- Objectives: Discredit Ukraine's leadership and question the effectiveness of Western aid. Shape narratives around the 2024 U.S. elections and geopolitical issues.
- Background: SDA is associated with the Doppelganger campaign, which also spreads disinformation via social media and fake news sites.
- Amplification: Utilizes over 500 social media accounts to spread content and trending hashtags to reach wider audiences.
2. Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks
Microsoft has patched four critical security vulnerabilities affecting itsAI, cloud, and enterprise resource planning (ERP)services, including one that is actively being exploited.
Key Details:
- Critical Vulnerability:CVE-2024-49035 (CVSS score: 8.7): A privilege escalation flaw in partner. microsoft[.]com that allows unauthenticated attackers to elevate their privileges over a network.
- CVE-2024-49038 (CVSS score: 9.3): A cross-site scripting (XSS) vulnerability in Copilot Studio that could enable unauthorized privilege escalation.
- CVE-2024-49052 (CVSS score: 8.2): A missing authentication vulnerability in Microsoft Azure Policy Watch, allowing unauthorized privilege escalation.
- CVE-2024-49053 (CVSS score: 7.6): A spoofing vulnerability in Microsoft Dynamics 365 Sales that could redirect users to malicious sites.
- Response and Recommendations: Most vulnerabilities have been automatically patched through updates to Microsoft Power Apps. Users of Dynamics 365 Sales on Android and iOS are advised to update to version 3.24104.15 to mitigate risks associated with CVE-2024-49053.
3. PM Modi Asks Police to Focus on Digital Arrests and Deep Fakes
Prime Minister Narendra Modi has urged police leadership to transform the challenges posed by digital fraud, cyber-crimes, and artificial intelligence (AI), particularly concerning deep fakes, into opportunities.
Key Details:
- Focus Areas: Addressing the threats from digital frauds and cyber-crimes. Emphasizing the disruptive potential of deep fakes on social and familial relations.
- SMART Policing Initiative: Modi reiterated the need for SMART policing—strategic, meticulous, adaptable, reliable, and transparent. He called for technology to reduce police workload and suggested making police stations the focal point for resource allocation.
- Recent Developments: A high-level committee has been formed by the Ministry of Home Affairs (MHA) to address digital arrests and cyber-crimes. Over 6.69 lakh SIM cards and 1.32 lakh IMEIs linked to suspected cybercrimes have been blocked.
- Financial Impact: Proactive measures by the Indian Cybercrime Coordination Centre (I4C) have saved over ₹3,431 crore through addressing more than 9.94 lakh complaints related to cyber scams.
- Future Plans: Modi suggested holding a national police hackathon to innovate solutions for policing challenges. He emphasized enhancing port security and developing a future action plan in this area.
4. Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks
Cybersecurity researchers are alerting users about a new phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA, which is designed to steal Microsoft 365 credentials through adversary-in-the-middle (AiTM) attacks.
Key Details:
- Attack Methodology: Rockstar 2FA allows attackers to intercept user credentials and session cookies, making even users with multi-factor authentication (MFA) vulnerable. The attack involves directing victims to a fake Microsoft 365 login page, capturing their credentials, and using session cookies for unauthorized access.
- Features of Rockstar 2FA:Bypass two-factor authentication. Harvest 2FA cookies and provide antibot protection. Customizable login page themes that mimic popular services. User-friendly admin panel for tracking phishing campaigns.
- Distribution: Promoted on platforms like ICQ, Telegram, and Mail.ru for a subscription fee of $200 for two weeks or $350 for a month. Email campaigns utilize various lures, including document-sharing notifications and password reset alerts, to gain initial access.
- Legitimate Services Exploited: Phishing links are hosted on trusted platforms like Google Docs, Microsoft OneDrive, and Atlassian Confluence, leveraging the trust associated with these services.
5. Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP
Cybersecurity researchers have disclosed nearly two dozen vulnerabilities in Advantech EKI industrial-grade wireless access points, some of which could be exploited to bypass authentication and execute code with elevated privileges.
Key Details:
- Vulnerability Overview: A total of 20 vulnerabilities identified, with six deemed critical (CVSS score: 9.8).Critical flaws allow unauthenticated remote code execution (RCE) with root privileges, compromising device confidentiality and integrity.
- Critical Vulnerabilities: CVE-2024-50370 to CVE-2024-50374: Improper neutralization of special elements in OS commands. CVE-2024-50375: Missing authentication for critical functions. CVE-2024-50376 (CVSS score: 7.3): Cross-site scripting (XSS) vulnerability that can be exploited in conjunction with other flaws for arbitrary code execution.
- Attack Vectors: LAN/WAN Access: Attackers can interact directly with the access point over the network. Over-the-Air Attacks: Attackers need to be in physical proximity to exploit vulnerabilities using a rogue access point.
- Impact of Exploitation: Attackers could implant backdoors for persistent access, trigger denial-of-service (DoS) conditions, and repurpose infected devices for lateral movement within networks.
- Firmware Updates: Advantech has released firmware updates to address these vulnerabilities: EKI-6333AC-2G and EKI-6333AC-2GD: Update to version 1.6.5.EKI-6333AC-1GPO: Update to version 1.2.2.
Follow us on LinkedIn and Subscribe to our newsletter 📩 for the latest cyber security updates, insightful articles, and exclusive content to help you navigate the ever-changing threat landscape.
Don't forget to check out our Website 🌐 to make your cyberspace safe and secure 🔒, and join our growing community on Instagram 📸 for bite-sized cyber security tips and trends. 💻 🔍
