Friday, June 14th, 2024
Cybersecurity Week in Review (14/06/24)
Semiconductor giants Nvidia and Arm warn of new flaws in their graphics processors
The major semiconductor companies Arm and Nvidia are urging customers to apply patches for a series of new vulnerabilities in their products.
The U.K.-based Arm warned on Friday about an actively exploited zero-day flaw in its Mali GPU Kernel Driver — software that helps the operating system communicate with the Mali graphics processor.
The vulnerability, tracked as CVE-2024-4610, can lead to “improper GPU memory processing operations,” potentially causing security issues such as crashes, data corruption, or unauthorized access to sensitive information.
Source: https://therecord.media/nvidia-arm-semiconductor-flaws-patches
Police arrest Conti and LockBit ransomware crypter specialist
The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself.
The investigation was backed by information shared by the Dutch police who responded to a ransomware attack on a Dutch multinational, followed by data-theft extortion.
The Ukrainian police reported that the arrested individual was a specialist in developing custom crypters for packing the ransomware payloads into what appeared as safe files, making them FUD (fully undetectable) to evade detection by the popular antivirus products.
Microsoft, Google pledge ‘low cost’ cybersecurity services to rural hospitals
Rural hospitals will gain access to cybersecurity services at reduced prices thanks to a new initiative led by Microsoft, Google and the White House.
The Biden administration said on Monday Google will provide endpoint security advice to rural hospitals and nonprofit organizations at no cost and a “pool of funding to support software migration.” Google will also launch a pilot program with rural hospitals to develop a package of security capabilities that fits each hospital’s needs.
Source: https://therecord.media/microsoft-google-rural-hospital-cybersecurity
Quantum is coming — and bringing new cybersecurity threats with it
The quantum-computing revolution is upon us — a paradigm shift in computing power that harnesses the laws of quantum mechanics to solve problems far too complex for today’s classical digital computers.
There is little time to lose for organizations to gain a deeper understanding of the risks quantum may pose to their operations and security. For every organization that holds and processes data, they should consider the lifetime value of the data that they use, and the impact of that data being used or misrepresented by bad actors.
As quantum emerges and organizations continue to explore and discover both its game-changing advantages and threats, new legislation and regulations are in the works. The National Institute of Standards and Technology (NIST) in December 2023 released two draft publications to guide organizations aiming to redefine their capabilities and combat potential quantum-based attacks.
Source: https://kpmg.com/dp/en/home/insights/2024/04/quantum-and-cybersecurity.html
Black Basta ransomware gang linked to Windows zero-day attacks
The Black Basta ransomware operation is suspected of exploiting a Windows privilege escalation vulnerability (CVE-2024-26169) as a zero-day before a fix was made available.
The flaw is a high-severity issue (CVSS v3.1: 7.8) in the Windows Error Reporting Service, allowing attackers to elevate their privileges to SYSTEM.
Microsoft fixed the flaw on March 12, 2024, via its monthly Patch Tuesday updates, while its status on the vendor’s page shows no active exploitation.
New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers
Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE.
The backdoor comes with capabilities to fingerprint infected machines, capture screenshots, and drop more malicious programs. The company is tracking the activity under the name REF6127.
A crucial component of the campaign is the use of compromised infrastructure to host the initial phishing URL, which is then used to redirect victims to the appropriate landing page.
Source: https://thehackernews.com/2024/06/new-phishing-campaign-deploys.html
GitHub Paid Out Over $4 Million via Bug Bounty Program
GitHub’s bug bounty program passed the $4 million milestone in 2023, when it also paid out the highest single reward to date, $75,000. The amount was awarded for a vulnerability that allowed access to the environment variables of a production container. The discovery of the flaw prompted GitHub to rotate credentials.
In 2023, the total payout amount exceeded $850,000. It’s worth noting that GitHub’s annual payout has exceeded $800,000 since 2021. In addition to rewarding regular vulnerability reports, the company also ran several private bounty engagements last year with members of its VIP program.
Source: https://www.securityweek.com/github-paid-out-over-4-million-via-bug-bounty-program/
RansomHub Brings Scattered Spider Into Its RaaS Fold
Last spring’s spectacular implosion of mainstay ransomware-as-a-service (RaaS) operation BlackCat/AlphV left its affiliates burned — gamed out of millions they were owed for past scams and left without infrastructure to support their future cybercrime aspirations. What ensued was a recruiting war for the best affiliates into the RaaS groups left standing.
The RansomHub RaaS group appears to have scored a major victory by attracting the Scattered Spider threat group into its affiliate ranks, according to new research from GuidePoint Security. A detailed analysis reveals that Scattered Spider, a notoriously aggressive threat group behind the 2023 ransomware attacks on Caesars Entertainment and MGM Resorts, has been carrying out ransomware attacks using RansomHub starting earlier this year.
Source:https://www.darkreading.com/threat-intelligence/ransomhub-brings-scattered-spider-into-its-raas-fold
Mandiant finds “significant volume” of data stolen from Snowflake environments
Mandiant said in a blog post that the threat actor – which it calls UNC5537 – is “suspected to have stolen a significant volume of records from Snowflake customer environments.”
The incident response firm said that UNC5337 likely assembled a list of credentials for Snowflake environments “by accessing a variety of different sources of infostealer logs” both on the internet and dark web.
Infostealer malware is a type of trojan used to gain information from systems. Mandiant said the stolen Snowflake credentials “were primarily obtained from multiple infostealer malware campaigns that infected non-Snowflake owned systems”.
Cyber incident forces Cleveland to shut down city hall
Cleveland shut its city hall Monday as officials investigate a cyber incident affecting some systems. Only essential staff will be at city hall on Monday, and all of the affected systems will remain offline until they get a “better understanding of the situation.”
With nearly 400,000 residents, Cleveland becomes the latest large American city to shut down services following a cyber incident.
In a statement to Recorded Future News, a city spokesperson would not say what systems were shut down due to the incident but confirmed that police, fire and emergency medical services are still functioning, as is the 911 dispatch center. Systems controlling the local ports and public utilities are also not affected.
Source: https://therecord.media/cyber-incident-cleveland-city-hall-shutdown
Contact Us
The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.