Cybersecurity Digest #94: 16/04/2024 – 30/04/2024

Cybersecurity News

  • Cybersecurity experts have discovered a new Android banking trojan named Brokewell. It can capture every event on the device, from touches and information displayed to text input and the applications the user launches.
  • Experts have uncovered a number of vulnerabilities in Chinese cloud-based pinyin keyboard apps. These flaws could be exploited to reveal users’ keystrokes to nefarious actors.
  • Japan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities. One of the plugin’s flaws allows unrestricted file uploads to the server.
  • Users of the CrushFTP enterprise file transfer software have been urged to update to the latest version of the app. This notice follows the discovery of a security flaw that has come under targeted exploitation in the wild.
  • LastPass password manager users have been targeted in a convincing phishing campaign. During the attacks, the hackers used a combination of calls, email and SMS to obtain master passwords from accounts.
  • The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails. These emails are aimed at the employees in the IT department to infect systems with the Anunak backdoor.
  • A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation.

Cybersecurity Blog Posts

  • Keren Elazari, an internationally recognized security analyst, author, and researcher, discussed the hacker mindset and its impact on cybersecurity. She explored the significance of ethical hacking skills in cybersecurity strategies and shared key characteristics that make someone excellent at identifying and preventing cyber threats.
  • Caleb Sima, Chair of CSA AI Security Alliance, discussed how AI empowers security pros, emphasizing its role in enhancing skills and productivity rather than replacing staff. Caleb also shared his thoughts on organization’s cybersecurity maturity regarding AI integration.
  • Carsten Rhod Gregersen, CEO of Nabto, given his recommendations on protection of IP surveillance cameras from Wi-Fi jamming. In his article, author considered how users can ensure their cameras stay online in the face of tech-savvy burglars.
  • Roy Davis, Manager – Vulnerability Management & Bug Bounty at Zoom, discussed the role bug bounty programs play in identifying security vulnerabilities and facilitating collaboration with researchers. He offered advice to organizations, stressing the importance of clear program policies, swift response times, and competitive bounties to attract and retain top bug hunting talent.

Research and Analytics

  • Google released a new report on zero-days documented in 2023 that shows a massive reduction in use-after-free and JavaScript engine exploitation. According to researchers, despite a surge in the discovery of in-the-wild zero-day attacks, security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns.
  • Ransomware actors have had a rough start in 2024 according to statistics from Coveware’s report. It revealed that companies are increasingly refusing to pay extortion demands, leading to a record low of 28% of companies paying ransom in the first quarter of 2024.
  • Pentera has released the results of its third annual industry survey: The State of Pentesting 2024. The report provides a snapshot of how security leaders in enterprises across the globe have adopted security validation strategies across their organizations over the past year.
  • Egress has launched its third Phishing Threat Trends Report 2024, detailing key trends, new data, and threat intelligence insights surrounding phishing attacks. The report explores evolving payloads, AI’s rise in cybercrime, the success of multi-channel attacks, and how secure email gateways are trailing behind in an advancing threat landscape.
  • S. Cybersecurity Job Posting Data Report 2024 conducted by CyberSN highlights a concerning trend that could impact national security: significant declines in job postings for critical cybersecurity roles. The report, a key indicator of the health of the cybersecurity labor market, reveals alarming drops in roles essential for maintaining organizational and national cyber defenses.
  • Stanford University has released its Measuring trends in AI Report. It covers trends such as technical advancements in AI, public perceptions of the technology and the geopolitical dynamics surrounding its development.
  • The Akira ransomware group netted itself $42 million in payments in the last year from over 250 organizations, according to a joint advisory conducted by four leading cybersecurity agencies across Europe and the United States.

Major Cyber Incidents

  • Healthcare service provider Kaiser Permanente has disclosed a data security incident. Information from approximately 13.4 million current and former members and patients has been leaked to third-party trackers.
  • Systembolaget, wine and spirit distribution in Sweden has been disrupted after a logistics company was reportedly the victim of a cyberattack. Experts suggested that the attack was carried out using LockBit 3.0 ransomware.
  • Frontier Communications, an optic-fiber Internet provider, has fallen a victim to a cyberattack by a suspected cybercrime group. As a result, the company had to temporarily shut down its information systems.
  • A ransomware attack on Sunlab Italia has forced its IT systems to be taken offline. A medical diagnostics provider has suspended all its testing services across the country.
  • The MITRE Corporation has been breached by nation-state hackers through two zero-day vulnerabilities. Hackers have managed to perform reconnaissance on the company’s networks by exploiting one of its VPNs.
  • US-based human plasma collector, tester, and supplier Octapharma Plasma have experienced a ransomware attack. The disruption from the cyberattack could possibly affect Octa’s operations globally, especially its European supplies.
  • Cisco Duo’s security team warns that hackers have stolen some customers’ VoIP and SMS logs for multi-factor authentication messages in a cyberattack on their telephony provider.