Cybersecurity News Update - 7\/2\/2024

THIS WEEK IN CYBER NEWS

Snowflake Breach

Regarding the huge Snowflake breach - Mandiant has found no evidence that Snowflake's enterprise environment was breached, instead each incident has been traced back to compromised customer credentials, meaning attackers logged in with valid accounts by cracking their authentication - which we'll talk more about in today's deep dive

Wordpress

the largest website platform powering blogs and sites all over the world, is under attack that's spreading malicious Javascript code through multiple plugins that gives attackers administrator rights on websites and fills sites with spam.

Indonesia

where over 200 govt agencies have been impacted by a ransomware attack, and the country is refusing to pay the $8M ransom

Cyber Attackers Turn to Cloud Services to Deploy Malware

Just as companies realize benefits of cloud architecture such as high availability, resiliency, and scalability, threat actors are realizing the benefits as well, moving some operations such as command and control to cloud-based platforms

AI can be hacked

Called "Skeleton Key" it tricks AI into giving unfettered answers on illegal activity such as building bombs, creating malware, and much more.

This happened last week in ChatGPT as I reported last week, but now we know Microsoft, OpenAI, Google, and Meta GenAI models could be convinced to ditch their guardrails, opening the door to obtaining dangerous information

It would be irresponsible of me to disclose the method they use, but it involves revising the prompt to trick the AI into providing the information, and I can confirm that it still works on some of the major AI platforms as of 7/1 evening

MS has fixed theirs apparently by changing or removing the prompts that previously worked

52% of Critical Open Source Projects

are written in Memory Unsafe programming languages like C and C++, the reason this is so scary is 70% of all CVEs (Common Vulnerabilities and Exposures) are related to memory safety issues. CVEs arewhat most security patches are written for, so every time you are applying security patches to a system, it's to fix a CVE. It's recommended to write code in memory safe languages such as Python, C#, Java, Ruby, and there are quite a few others.

Critical ADOdb vulnerabilities fixed in Ubuntu

Ubuntu is a popular Linux OS distribution that has a familair UI or user interface similar to Windows

Poseidon Mac stealer distributed via Google ads

Stealer malware steals or grabs info including VPN and network configs to securely access other networks and collects data - and exfiltrates it to an external source

Federal Reserve breach was not breached

It appears to actually be Evolve Bank - not the Fed

Evolve Bank is used by Shopify for it's Shopify Balance accounts, most store owners were notified of the breach on Thu 6/27

Chinese State Actors Use Ransomware to Conceal Real Intent

Their real intent is spying and collecting info, but also benefit from the possibility of collecting ransom money to fund their operations. We are seeing more of these multi-faceted attacks, but when funded by nation-states the concealment also gives them plausable deniability to claim it wasn't them. “This research highlights the strategic use of ransomware by cyber-espionage actors for financial gain, disruption, or as a tactic for distraction or misattribution. The use of ransomware as part of cyber-espionage activities may result in their misattribution as financially motivated operations,” the study claimed.

Your Phone's 5G Connection is Vulnerable to Bypass, DoS Attacks

Wireless service providers prioritize uptime and lag time, occasionally at the cost of security, allowing attackers to take advantage, steal data, and worse. The Penn State researchers have reported all the vulnerabilities they discovered to their respective mobile vendors, which have all since deployed patches. But a more permanent solution would be to secure 5G authentication.

If you use X, TikTok, LinkedIn, Coinbase, or any of several other hugely popular apps and sites, chances are your personal data and documents have been leaked.

The company responsible for the leak, AU10TIX, is based in a suburb of Tel Aviv and specializes in identity verification via personal documents, biometrics, and more. Its customers include major companies like X, TikTok, LinkedIn, Coinbase, eToro, PayPal, Fiverr, Upwork, Bumble, Uber, and others.