Cyber ​​Briefing: 2024.04.24. 👉 Trends in cyber security are… | By Cybermaterial | April 2024

Seen it for the first time? Please subscribe to the channel.

1. North Korean hackers exploit eScan update

North Korean hackers exploit the eScan antivirus update to deploy GuptiMiner malware, which researchers describe as “very sophisticated.” Avast details complex infection chains, including DLL sideloading and evasion tactics that target specific system configurations and security tools. Despite eScan fixes, ongoing infections suggest that older clients are still vulnerable.

2. Wavestealer malware silently steals data

A new malware named 'Wavestealer' is recognized as a serious threat due to its ability to silently steal sensitive information such as login details and credit card numbers. The virus uses advanced evasion techniques, such as polymorphic code that frequently changes its signature, to operate undetected by most antivirus software. Risks range from identity theft to major business data breaches, so cybersecurity professionals need to update their antivirus programs, use strong passwords, and enable two-factor authentication to reduce the threat. is recommended.

3. CoralRaider malware spreads via CDN cache

Since February 2024, Cisco Talos has been involved in an ongoing attack orchestrated by CoralRaider, an actor suspected of Vietnamese origin, leveraging content delivery network (CDN) caches to distribute malware such as CryptBot, LummaC2, and Rhadamanthys. malware campaigns were identified. This attack includes advanced tactics such as: These include phishing emails that lead to booby-trapped links and the stealer's use of PowerShell scripts to deploy his malware by bypassing user access controls. The campaign targets diverse business sectors across multiple countries and utilizes sophisticated techniques to evade detection and collect a wide range of personal and financial information from victims.

Four. Cloud keyboard exposes user keystrokes

A recent investigation by Citizen Lab revealed a critical security vulnerability in the popular cloud-based Pinyin keyboard app that could allow attackers to intercept and decode users' keystrokes. Ta. Almost a billion users could be affected after flaws were found in apps from major vendors including Baidu, Samsung, and Xiaomi, with Huawei's app being the only exception. To avoid these privacy risks, users should update their apps and choose keyboard solutions that process data locally.

Five. Hackers use Electron Framework for malware

ASEC cybersecurity researchers have discovered a new threat in which hackers are exploiting the capabilities of the Electron Framework to develop cross-platform information-stealing malware. This malware often disguises itself as legitimate software such as TeamViewer and uses Electron's architecture for stealth and obfuscation, making it difficult to detect. Hackers leveraged Electron and his web technologies and his Node.js integration to package malicious code into his NSIS installer, run harmful scripts, and steal system information, browser history, and credentials. leak sensitive data such as

6. Russian hackers attack Indiana water facility

A group known as the Russian Cyber ​​Army has claimed responsibility for a recent cyberattack on the Tipton Wastewater Treatment Plant in Indiana. Despite the hackers' claims, Jim Ankrum, general manager of Tipton Municipal Utilities, confirmed that the facility remained operational with minimal disruption. The incident is part of a series of attacks on U.S. infrastructure that the group claims has tied critical services to other Russian state actors, as noted in a recent Mandiant report. A similar pattern was used to target critical services.

7. Data breaches will never surface again

The Nothing community is grappling with new security concerns as details of the 2022 data breach have once again emerged, revealing that 2,250 members' email addresses were compromised. Although no sensitive data such as passwords was accessed, the disclosure raised privacy concerns within the Nothing ecosystem. In response, the UK-based mobile phone manufacturer has tightened its security measures, but the incident still sparks debate over transparency and user safety.

8. Chivo Bitcoin wallet code leaked by hackers

The security of El Salvador's state-run Bitcoin wallet Chivo has been compromised after hackers published the ATM network's source code and VPN credentials on the BreachForums platform. Hacker group CiberInteligenciaSV claimed responsibility, declaring that the code was freely shared to expose government-run wallets. The incident is part of a series of breaches affecting Cibo, including a major leak of the personal data of nearly all Salvadoran adults reported in early April.

9. Ransomware hits Swedish logistics company Skanlog

Skanlog, Sweden's Systembolaget's main logistics provider, suffered a ransomware attack that crippled its entire system, CEO Mona Zyko reported. A cyberattack has halted distribution operations, potentially leading to shortages of beer, wine, spirits and other beverages ahead of the weekend. Systembolaget has assured that total supply will not be significantly affected, but expects that around a quarter of sales volumes may be affected.

Ten. Czech news agency fake report

Yesterday morning, unknown assailants compromised the security of the website “Ceske Noviny'' run by the Czech News Agency (ČTK) and posted fabricated texts about an alleged assassination attempt on Slovak President Petr Pelligrini. Despite the breach, the news services delivered by Czech News Agency to its clients remained unaffected and provided accurate information to its viewers. The agency immediately removes false news from its website, works with authorities to combat cyberattacks, and emphasizes its commitment to maintaining the integrity of its reporting.

11. US sanctions Iranians over cyber attack

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions on four Iranians in connection with a series of cyberattacks targeting U.S. government agencies, defense contractors, and private companies. These individuals are part of an operation organized by the Iranian Islamic Revolutionary Guards Corps Cyber ​​Electronics Corps (IRGC-CEC), which has teamed up with Mehrsam Andisheh Saz Nik (MASN) and Dadeh Afzaar to carry out the operation.・Used front companies such as Alman (DAA). In response to these threats, the United States has frozen all state assets of those involved, prohibited transactions without OFAC approval, and the State Department is offering up to $10 million for information leading to the arrest of these cybercriminals. offers incentives.

12. AI companies join the fight against child exploitation

Leading AI companies, including OpenAI, Microsoft, Google, and Meta, are committed to preventing their technology from being used to create or distribute child sexual abuse material (CSAM). The initiative, led by Thorn and All Tech Is Human, aims to stop the production of explicit content involving minors and remove existing content from the internet. Amid growing concerns that generative AI could make the problem worse, the companies have announced that they will continue to implement powerful initiatives, including more carefully selecting training datasets and improving content monitoring to effectively protect children. He promised to take appropriate measures.

13. Launch of blockchain and AI incubator

0G Labs and One Piece Labs have introduced the OPL x 0G Incubator, a pioneering program for startups operating at the intersection of blockchain and AI. The incubator aims to explore untapped areas where AI can power blockchain applications and vice versa, and provides participants with resources such as mentorship, network access, and grants of up to $50,000. Masu. Scheduled to launch on July 1, 2024, the program will leverage 0G's modular blockchain architecture, designed to significantly improve the efficiency of AI tasks on blockchain platforms, to integrate cryptocurrencies and AI. We encourage innovative thinkers to submit ideas that have the potential to transform both situations.

14. The rise of zero-day exploits in cyberattack trends

Mandiant's M-Trends 2024 report reveals a significant shift in cyberattack techniques, with software vulnerability exploitation, particularly zero-day exploits, on the rise with a notable increase of 56% in 2023. These vulnerabilities are heavily targeted by state-sponsored groups and organizations. They are financially motivated cybercriminals who aim to collect information and steal money, respectively. This report explores the evolution of threat actors' approaches, moving from widespread phishing campaigns to more targeted attacks leveraging advanced software vulnerabilities, requiring organizations to have advanced defense strategies. It's highlighted.

15. CISA Critical Software List

The Cybersecurity and Infrastructure Security Agency (CISA) plans to submit by September 30 a critical list of software products deemed critical to strengthening the federal government's cybersecurity. The measure is in response to the Government Audit Office's monitoring report assessing progress in implementing the policy in 2021. Executive order aimed at strengthening U.S. cyber defenses. This software is classified as “EO-Critical” for consistency with the Executive Order and was selected based on National Institute of Standards and Technology standards to provide essential functionality for managing system privileges and network protection. It contains.

Please subscribe and comment.

Copyright © 2024 Cybermaterial. All rights reserved.

Follow Cybermaterial:

LinkedIn, twitterReddit, Instagram, Facebook, YouTube, Medium.