👉 What’s happening in cybersecurity today?
Advanced Obfuscation, Antivirus, Iran, Political Figures, WhatsApp, Phishing, Versa Director, CISA, Traccar GPS, Code Execution, PEAKLIGHT Downloader, Malicious, Pirated Movies, Windows, Seattle-Tacoma Airport, Critical Systems, Disruption, Polygon, Discord Hack, $150,000 Loss, Malaysia, Rail Services, Prasarana, Breach, City of Pittsburg, Cybersecurity, Incident, Angus Council, Personal Information, Leak, Malaysian Cybersecurity Act, 2024, National Security, Pavel Durov, Arrest, Content Moderation, Netherlands, Watchdog, Fine, Uber, Driver Data, Australia, Cybersecurity Games, University of New South Wales, Zimbabwe, Cybersecurity Training, Public Servants
Listen to the full podcast
🚨 Cyber Alerts
Security researchers have identified a new malware strain that employs advanced obfuscation techniques to evade antivirus detection. Encapsulated in a file named “crypted.bat,” this malware utilizes UTF-16 encoding and various sophisticated methods to conceal its operations, including empty environment variables and dynamic script labels. Upon execution, it establishes persistence through a scheduled task and deploys heavily obfuscated Python code for code injection using process hollowing.
Iranian hackers from the APT42 group have launched a targeted phishing campaign against global political figures using WhatsApp. The campaign, detected and blocked by WhatsApp’s security teams, focused on political and diplomatic officials across Israel, Palestine, Iran, the United States, and the UK. APT42, also known as UNC788 and Mint Sandstorm, is known for its persistent cyber espionage activities, often using basic phishing tactics to steal credentials. In this latest attack, hackers impersonated technical support staff from major tech companies to deceive high-profile individuals.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly discovered vulnerability affecting Versa Director, tracked as CVE-2024-39717, to its Known Exploited Vulnerabilities (KEV) catalog. This medium-severity flaw, with a CVSS score of 6.6, is related to a file upload bug in the “Change Favicon” feature, allowing attackers to upload malicious files disguised as PNG images. Exploitation requires an attacker to authenticate and log in with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges.
Two significant vulnerabilities have been identified in the open-source Traccar GPS tracking system, potentially exposing users to remote code execution attacks. The flaws, tracked as CVE-2024-24809 and CVE-2024-31214, are path traversal issues that could be exploited if guest registration is enabled, a default setting in Traccar 5. The vulnerabilities allow attackers to upload malicious files and execute arbitrary code on the server, compromising the system’s security.
Cybersecurity researchers have identified a new threat involving the PEAKLIGHT downloader, which is used in attacks targeting Windows systems. This malicious downloader is distributed via deceptive shortcuts in ZIP files disguised as pirated movies. Once executed, PEAKLIGHT uses a PowerShell script to retrieve and install further malware, including Lumma Stealer, Hijack Loader, and CryptBot. The attack chain begins with a drive-by download of the infected shortcut file, which connects to a content delivery network (CDN) to fetch and execute the downloader.
💥 Cyber Incidents
On August 24, 2024, Washington’s Seattle-Tacoma International Airport (Sea-Tac) experienced significant disruptions due to a possible cyberattack. The Port of Seattle reported outages affecting critical systems, including websites and phone services, which led to operational delays and passenger inconvenience. Initially described as system outages, the situation was later identified as a potential cyberattack, raising concerns about the security of critical infrastructure. The TSA confirmed that security operations remained unaffected, while the Port of Seattle is working to restore full services.
On August 24, 2024, Polygon’s Discord channel was compromised, leading to a significant financial loss for one user. The breach, which coincided with the platform’s ongoing network upgrade, resulted in a $150,000 loss for a user who interacted with a fraudulent announcement on the channel. Polygon’s Chief Information Security Officer, Mudit Gupta, confirmed the attack and advised users to avoid clicking on any links within the compromised Discord server.
Prasarana, Malaysia’s major rail service operator, has confirmed an internal data breach affecting its systems, but assured the public that rail services remain unaffected. The company reported that unauthorized access was detected and is being actively addressed by its cybersecurity team. According to Prasarana, there has been no disruption to daily operations. The National Cyber Security Agency (NACSA) has acknowledged the incident and is investigating the breach in collaboration with Prasarana to assess the impact and ensure recovery measures are in place.
On August 18, 2024, the City of Pittsburg, California, identified a cybersecurity incident affecting a segment of its computer systems. In response, the city swiftly secured its systems and enlisted external cybersecurity experts to investigate the breach. While the full impact of the incident remains undetermined, officials have assured residents, employees, and partners that they are working diligently to address the situation.
Angus Council in Scotland has issued an apology following a significant data breach involving personal information from its online test system. The breach, which occurred on August 26, 2024, resulted in the release of sensitive data related to the Homes for Ukraine Resettlement program. This information was posted on two closed Facebook groups before the council could disable the link. The council has launched an internal investigation and reported the incident to the Information Commissioner’s Office.
📢 Cyber News
On August 26, 2024, Malaysia’s Cybersecurity Act 2024 officially came into effect, as announced by the Prime Minister’s Office. The Act, which received royal assent from Sultan Ibrahim on June 18, aims to bolster national cyber defenses through new regulations. Key provisions include the establishment of the National Cyber Security Committee (JKSN) and enhanced duties for the Chief Executive of the National Cyber Security Agency (Nacsa). The Act mandates annual cybersecurity risk assessments for National Critical Information Infrastructure (NCII) entities and requires immediate reporting of incidents.
Pavel Durov, the founder and CEO of Telegram, was arrested on August 24, 2024, at France’s Le Bourget airport while disembarking from his private jet. French authorities detained Durov based on allegations related to Telegram’s alleged involvement in drug trafficking, money laundering, and child exploitation due to its purported lack of content moderation. Despite these serious claims, Telegram has asserted that it complies with EU regulations and that it continually improves its moderation practices.
On August 26, 2024, the Dutch Data Protection Authority fined Uber 290 million euros ($324 million) for inadequately protecting European drivers’ data during its transfer to the U.S. The fine stems from Uber’s alleged non-compliance with GDPR regulations, following the invalidation of the Privacy Shield framework in 2020. The authority found that Uber’s data transfers lacked sufficient protection as the company did not use Standard Contractual Clauses after August 2021. Uber disputes the fine, arguing that its practices were compliant during the legal uncertainty period and plans to appeal the decision.
The University of New South Wales (UNSW) will host the Australian Cybersecurity Games from September 2 to September 30, 2024. Organized by SECedu, a collaboration between UNSW Sydney and the Commonwealth Bank, the event brings together top universities from across Australia to tackle real-world cybersecurity challenges. Participants will engage in tasks related to cryptography, network security, and web vulnerabilities, providing a platform to showcase their skills and interact with industry experts.
On August 24, 2024, the Zimbabwean government highlighted its commitment to enhancing national cybersecurity by launching a comprehensive training program for public officials. Held in Harare, the program graduated over 100 officials, focusing on global cybersecurity trends, international security standards, and enterprise data protection. This initiative responds to recent high-profile cyber incidents, including attacks on social media accounts and a major bank’s systems. Supported by Huawei Zimbabwe, the training aims to strengthen the country’s ICT capabilities and secure its digital infrastructure, positioning Zimbabwe as a regional leader in cybersecurity.
Copyright © 2024 CyberMaterial. All Rights Reserved.