👉 What’s going on in the cyber world today?
Qualcomm, LTE Network Vulnerability, AI, Invoice Attacks, Cisco ASA, Chrome, Phishing, Remcos RAT, UAC-0050, Radiant Capital, Orange Spain, Mandiant, MOVEit Transfer, Crunchbase, Windows 11, MacOS Malware, XGold, Dark Web, LastPass, Ransomware.
🚨 Cyber Alerts
1. Critical LTE Flaw in Qualcomm Chips
Qualcomm disclosed a critical vulnerability on New Year’s Day that would allow remote attacks via malicious voice calls over LTE networks. The January 2024 security bulletin lists a total of 26 vulnerabilities, including four critical vulnerabilities, affecting Qualcomm chipsets. Patches have already been made available to original equipment manufacturers (OEMs) whose devices use Qualcomm chips, including those in the popular Snapdragon series. The most severe bug, tracked as CVE-2023-33025, has a CVSS score of 9.8, involving a classic buffer overflow flaw causing memory corruption during Voice-over-LTE (VoLTE) calls.
2. GXC Team Unleashes AI Invoice Tool
Cybercriminals, known as “GXC Team,” have unveiled an AI-powered tool, “Business Invoice Swapper,” for creating fraudulent invoices to facilitate wire fraud and Business Email Compromise (BEC). The tool, available on the Dark Web, is offered on a rental basis with subscription plans starting from $2,000 per week or a one-time fee of $15,000 for unlimited access. The AI-driven tool identifies compromised emails, alters banking information in invoices, and targets victims predominantly in the U.K. and EU countries, highlighting the growing sophistication of cybercrime using artificial intelligence.
3. Cisco ASA Vulnerability for Sale
A threat actor named “xc7d2f4” is allegedly selling a remote command injection vulnerability for Cisco ASA, affecting all 55XX series devices. Cisco ASA, known for combining firewall, antivirus, intrusion prevention, and VPN capabilities, is widely used for securing networks and data centers. The sale of this vulnerability on the dark web raises concerns about potential unauthorized access, takeover of critical infrastructure, and the broader impact on affected organizations, including financial losses and reputational damage.
4. Google Chrome Update Enhances Security
Google has rolled out an update to its Chrome browser, reaching version 120.0.6099.199 on Mac and Linux, and 120.0.6099.199/200 on Windows. The Extended Stable channel has also seen updates for both Mac and Windows. This release incorporates crucial security fixes, including addressing issues like use-after-free vulnerabilities in ANGLE and WebAudio, as well as a heap buffer overflow in ANGLE. The company appreciates external researchers’ contributions and emphasizes ongoing internal security efforts through audits, fuzzing, and other initiatives, reaffirming its commitment to enhancing browser safety.
5. UAC-0050’s Advanced Phishing with Remcos RAT
The UAC-0050 threat actor is employing innovative phishing tactics to deploy the Remcos RAT, a well-known malware for remote surveillance and control. Uptycs security researchers revealed the group’s latest strategy, integrating a pipe method for interprocess communication, showcasing their adaptability. Operating since 2020, UAC-0050 historically targets Ukrainian and Polish entities through social engineering campaigns, with its recent activities involving at least three phishing waves and the deployment of the Meduza Stealer information stealer in one attack.
6. Radiant Capital Halts Markets After Exploit
Radiant Capital has temporarily suspended lending and borrowing markets on Arbitrum following a multimillion-dollar exploit on one of its new USD Coin (USDC) markets. Multiple blockchain security firms reported a flash loan attack on January 3, revealing that the hacker exploited a time window during the activation of a new market and relied on a known rounding issue in the current Compound/Aave codebase. The attacker manipulated the index parameter, causing a cumulative precision error and leading to a loss of 1,900 Ethereum (about $4.5 million). Radiant Capital confirmed the incident and assured users that no current funds were at risk, with further details to be provided in a postmortem after resolving the issue.
7. Orange Spain’s Internet Outage
Orange Spain faced an internet outage after a hacker breached the company’s RIPE account, manipulating BGP routing and RPKI configuration. BGP, handling internet traffic routing, relies on trust, making it susceptible to hijacking. The hacker, known as ‘Snow,’ altered Orange Spain’s AS number and enabled an invalid RPKI configuration, disrupting IP addresses’ proper announcement. While services are being restored, the incident underscores the importance of securing BGP through measures like RPKI to prevent such cyber threats.
8. Mandiant Account Hit by Crypto Scam
Cybersecurity firm Mandiant, a Google Cloud subsidiary, faced a security breach on its social media account, lasting over six hours. The attacker, impersonating the Phantom crypto wallet, promoted a fake website promising free $PHNTM tokens through a fraudulent airdrop, attempting to drain cryptocurrency wallets of unsuspecting users. While Mandiant has restored control over its account, the incident highlights the ongoing challenges of social engineering and phishing attacks targeting both individuals and reputable cybersecurity entities.
9. Barrick Gold Faces Massive Data Breach
Barrick Gold, the world’s second-largest gold mining company, faces the fallout of the MOVEit Transfer bug, exposing the personal details of thousands. The breach occurred during a MOVEit Transfer attack between May 28th and June 2nd, 2023, but Barrick discovered the extent of the data exposure in a review on December 20th. The breach exposed sensitive information, including Social Security numbers, impacting 2,761 individuals, posing identity theft risks and adding Barrick Gold to the list of over 2,700 affected organizations by the Cl0p ransomware cartel.
10. Alleged Crunchbase Data Breach
An undisclosed hacker exposes extensive data on 3.1 million companies and 1.2 million users from Crunchbase, heightening concerns about potential misuse, including large-scale phishing attacks and social engineering. The leaked information includes contacts, social media details, locations, and hierarchical data, posing serious risks to individuals and organizations. While the extent of the breach is emphasized by a downloadable CSV file on the dark web, Crunchbase has not officially confirmed or denied the breach, leaving the claims unverified.
📢 Cyber News
11. Microsoft Unveils AI Key for Copilot
Microsoft has introduced an AI key, marking the biggest change in its keyboards in three decades. The key grants access to Copilot, an AI tool powered by Microsoft’s investment in OpenAI, offering users assistance with tasks like searching, writing emails, and image creation. This transformative addition aims to simplify and amplify the user experience on new Windows 11 PCs, reflecting a significant shift in keyboard technology.
12. Surge in macOS Malware in 2023
Security researcher Patrick Wardle reports a 50% increase in new macOS malware families in 2023, totaling 21. The findings encompass various threats, including ransomware like the Mac version of LockBit and Turtle, showcasing cybercriminals’ continued interest in targeting Apple devices. Information stealers, notably PureLand, Realst, and others, were prevalent, highlighting a concerning rise in threats against macOS users.
13. Surge in Fake X Gold Accounts Poses Risks
A surge of fake or stolen X Gold accounts has inundated marketplaces and forums on both the surface web and the dark web over the past year, according to CloudSEK. Threat actors have employed various techniques to forge or steal X Gold accounts since the introduction of Elon Musk’s verified accounts program in December 2022. The report reveals that cybercriminals use methods like manually creating fake accounts, brute-forcing existing accounts, and using malware to harvest credentials. The dark web prices for these fake or stolen accounts range from $0.30 for a new X account without a checkmark to around $500 for a Gold account, posing risks such as phishing campaigns and reputation damage for the compromised owners.
14. LastPass 12-Character Master Password Rule
LastPass has reinforced its security measures by requiring all users to have a complex master password with a minimum of 12 characters. Despite having this requirement since 2018, users previously had the option to use a weaker password. In addition to the new master password rules, LastPass will now check new or updated passwords against a database of leaked credentials from the dark web to ensure they don’t match compromised accounts, enhancing overall account security.
15. Ransomware Surge in US in 2023
The U.S. has experienced a significant rise in confirmed ransomware attacks, increasing from 220 in 2022 to 321 in 2023, according to a report by Emsisoft. The data reveals a 60% surge in attacks on hospital systems, an 82% increase in K-12 school district victims, and a 48% rise in post-secondary schools. The report highlights the escalating impact of ransomware, emphasizing the need for enhanced cybersecurity measures across various sectors to mitigate the growing threat.
Copyright © 2024 CyberMaterial. All Rights Reserved.
