👉 What’s happening in cybersecurity today?
TIDRONE Espionage Group, Taiwan, Drone Manufacturers, IBM, Exploits, Denial of Service, RAMBO Attack, RAM, Radiation, Data Theft, Air-Gapped Computers, SpyAgent Malware, OCR, Crypto Wallet, Recovery Keys, Android, GitHub Actions, Typosquatting, Avis, Car Rental, Customer Data, Exposure, Free Russia Foundation, Investigation, Internal Documents, Leak, Merseyside, Taxi Drivers, Personal Info, Highline Public Schools, Ewha Womans University, Student Data, Singapore, Deepfakes Bill, Manipulated Content, FBI, Dark Web, Marketplace, Russia, Kazakhstan, Malta, Ethical Hacking, Legal Reform, Police, Scotland, Employee, Charged, Absolute, Syxsense, Acquisition, Security Enhancement, Vulnerability Management
Listen to the full podcast
🚨 Cyber Alerts
The TIDRONE espionage group, a newly discovered threat actor with likely ties to Chinese-speaking entities, has launched a targeted cyber campaign against Taiwan’s drone manufacturers, primarily focusing on the military supply chain. Active since 2024, the group has deployed custom malware, including CXCLNT and CLNTEND, using tools like UltraVNC for remote access. Trend Micro’s analysis suggests the possibility of a supply chain attack due to the presence of shared enterprise resource planning (ERP) software across victims.
IBM has recently issued a security bulletin detailing critical vulnerabilities in its MQ Operator and Queue Manager container images. These flaws, which affect versions from IBM MQ Operator 2.0.0 to 3.2.3 and IBM MQ Advanced Container Images 9.2.0.1 to 9.4.0.0, could enable attackers to bypass security restrictions and execute denial of service (DoS) attacks. The vulnerabilities include issues that allow unauthorized actions against the queue manager and problems with memory allocation that could cause system crashes.
Researchers have unveiled a new side-channel attack known as “RAMBO” (Radiation of Air-gapped Memory Bus for Offense) that exploits electromagnetic radiation from a device’s RAM to exfiltrate data from air-gapped computers. Despite these systems being isolated from networks to prevent cyber threats, RAMBO allows attackers to steal information by modulating memory access patterns to produce detectable radio signals.
A new strain of Android malware known as SpyAgent is targeting users in South Korea and the U.K. by disguising itself as legitimate apps in banking, government, streaming, and utility sectors. Once installed via deceptive SMS links leading to malicious APK files, SpyAgent requests extensive permissions to access and exfiltrate sensitive data, including contacts, SMS messages, and photos. Its most alarming feature is the use of optical character recognition (OCR) to scan and steal recovery phrases for cryptocurrency wallets.
A recent analysis by Orca has revealed a critical vulnerability in GitHub Actions, a popular CI/CD platform, due to typosquatting. This security flaw allows threat actors to exploit typographical errors in GitHub Actions names to introduce hidden malicious code into developers’ workflows. Attackers can create repositories with names closely resembling legitimate actions, and if developers inadvertently use these misspelled actions, their code can be compromised. This vulnerability enables malicious code execution, which can tamper with source code, steal sensitive information, or introduce backdoors into projects.
💥 Cyber Incidents
Avis Car Rental, a subsidiary of Avis Budget Group, has recently disclosed a significant data breach affecting its customers. The breach, which was detected on August 5, 2024, resulted from unauthorized access to a business application, leading to the exposure of personal information such as names, addresses, driver’s license numbers, financial details, and dates of birth. Avis immediately halted the unauthorized access and engaged external cybersecurity experts to investigate and report the incident to authorities.
The Free Russia Foundation has announced an investigation into a significant data breach following the unauthorized publication of internal documents. On September 5, 2024, Telegram channel SOTA revealed that over 2,500 email chains and more than 13GB of documents from the Free Russia Foundation and the US Russia Foundation were leaked online. The organization is scrutinizing the breach, which it suspects is linked to recent cyberattacks by the Kremlin-affiliated hacker group Coldriver.
Merseyside taxi drivers’ personal information has been inadvertently exposed online due to a flaw in a new Taxi Licensing computer system. The data, which includes full names and home addresses, was visible for potentially five months from April, when the system went live, until the breach was discovered on September 5, 2024. Screen grabs and recordings from Sefton Council’s licensing portal show that the system allowed searches by name and partial postcode, revealing sensitive details.
Highline Public Schools, located south of Seattle, Washington, was compelled to cancel classes on September 9, 2024, due to a significant cyberattack. The district detected unauthorized activity on its technology systems and took immediate action to isolate critical infrastructure to prevent further damage. As all school activities, including athletics and meetings, were affected, the district is collaborating with cybersecurity experts and state and federal authorities to restore and secure its systems.
Police in Seoul are investigating a significant data breach at Ewha Womans University that has compromised the personal information of approximately 80,000 students. The breach involved the exposure of 22 types of sensitive data, including phone numbers, addresses, and resident registration numbers, affecting students who matriculated between 1982 and 2002. The university promptly halted unusual access to its database upon detection but was unable to prevent the data extraction.
📢 Cyber News
On September 9, 2024, Singapore’s Parliament introduced a new Bill aimed at combating digitally manipulated content, including deepfakes, during elections. The proposed Elections (Integrity of Online Advertising) (Amendment) Bill seeks to address both AI-generated and Photoshop-manipulated content that inaccurately portrays candidates. If passed, the Bill will allow candidates to request reviews of misleading content and empower the Returning Officer to issue corrective directives, including takedowns or access restrictions.
The FBI has intensified its crackdown on cybercrime with recent indictments against Alex Khodyrev, a 35-year-old national from Kazakhstan, and Pavel Kublitskii, a 37-year-old Russian, for their roles in managing the dark web marketplace WWH Club. Between 2014 and 2024, Khodyrev and Kublitskii operated WWH Club and its affiliated sites, which facilitated the sale of stolen personal and financial data, as well as provided training for cybercriminals. Their actions included selling stolen credit card information and offering courses on fraud and hacking.
On September 8, 2024, Prime Minister Robert Abela unveiled proposed legal reforms aimed at safeguarding ethical hackers in Malta. Highlighting a significant legislative gap, Abela emphasized the need for clear regulations to define and regulate “white hat” hacking activities. The Malta Digital Innovation Authority has drafted new regulations that will soon be reviewed by the Cabinet and, if approved, will undergo public consultation. The reforms are prompted by recent legal issues faced by students and their lecturer who reported security flaws in the FreeHour app.
Joanna Miller, a former Police Scotland staff member, is set to stand trial at Greenock Sheriff Court after denying 44 charges related to data breaches. Allegedly committed between November 2020 and July 2023, these breaches involve unauthorized access to personal data from Police Scotland’s Crime Management System. Miller is accused of accessing and viewing sensitive crime reports and personal information of police personnel without a legitimate purpose.
Absolute Security has announced the acquisition of Syxsense, a vulnerability management and endpoint security provider. This strategic move aims to bolster Absolute’s cyber resilience platform by integrating Syxsense’s automated patching and remediation capabilities. With Syxsense’s tools, Absolute seeks to enhance its ability to manage and mitigate vulnerabilities, thereby addressing endpoint misconfigurations and improving overall device resilience.
Copyright © 2024 CyberMaterial. All Rights Reserved.