Cyber Briefing: 2024.12.27
👉 What are the latest cybersecurity alerts, incidents, and news?
FICORA, Kaiten Botnet, D-Link, Vulnerabilities, Global Attacks, OtterCookie Malware, Job Offers, Palo Alto Networks, PAN-OS, DoS Vulnerability, Windows 11, Installation Media Bug, Apache, Remote Code Execution, MINA Library, Volkswagen, Data Leak, Vehicle Information, Owners, ChatGPT, Sora, Outage, American Addiction Centers, Data Breach, Individuals, Postman, Leak, API Keys, Tokens, Cyberhaven, Chrome, Extension, Compromised, Sensitive Data, UN, Global Treaty, Cybercrime Prevention, Finland, Russia, Involvement, Undersea Cables, Scottish Rail Network, Cybersecurity Threats, Nightsleeper, Healthcare Cyberattacks Surge, Optiv, ChatGPT, Search Feature, Misleading Summaries
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
🚨 Cyber Alerts
1. Kaiten Botnet Exploits D-Link Router Flaws
Cybersecurity researchers have uncovered a surge in attacks leveraging decade-old vulnerabilities in D-Link routers, enabling the deployment of two botnets: FICORA, a Mirai variant, and CAPSAICIN, a Kaiten variant. These botnets exploit weaknesses in the Home Network Administration Protocol (HNAP) interface, including vulnerabilities like CVE-2015–2051, CVE-2019–10891, CVE-2022–37056, and CVE-2024–33112. FICORA employs downloader scripts to deliver malicious payloads and conduct DDoS attacks via UDP, TCP, and DNS protocols.
2. OtterCookie Malware Targets Developers
A new malware called OtterCookie has been discovered as part of the Contagious Interview campaign, which targets software developers with fake job offers. Active since December 2022, the campaign, attributed to North Korean threat actors, now uses OtterCookie alongside previously known malware like BeaverTail. Delivered through Node.js projects or npm packages from platforms like GitHub and Bitbucket, OtterCookie establishes communication with a command-and-control (C2) server to perform data theft operations.
3. Palo Alto Releases Patch for PAN-OS DoS Flaw
Palo Alto Networks has issued a critical security update to address a high-severity denial-of-service (DoS) vulnerability in PAN-OS, tracked as CVE-2024–3393. The flaw affects PAN-OS versions 10.X and 11.X, as well as Prisma Access running certain versions of PAN-OS, and could be exploited by unauthenticated attackers to send malicious packets through the firewall’s data plane, triggering a reboot and potentially placing the device into maintenance mode.
4. Windows 11 Install Media Bug Blocks Updates
Microsoft has acknowledged a bug affecting Windows 11, version 24H2, when using installation media such as CD or USB drives. The issue causes the operating system to become unable to accept subsequent security updates if the media includes security patches released between October 8 and November 12, 2024. The problem does not affect updates installed through Windows Update or the Microsoft Update Catalog. Microsoft recommends that users experiencing this issue install the December 2024 security update to avoid future complications.
5. Apache Fixes RCE Flaw in MINA Library
A critical vulnerability (CVE-2024–52046) has been discovered in Apache MINA, a widely used networking library, potentially allowing attackers to execute remote code. The flaw lies in the insecure deserialization process of the ObjectSerializationDecoder component, which can be exploited by injecting malicious serialized data. This vulnerability affects versions 2.0 to 2.2.3 of Apache MINA. To mitigate the risk, the Apache MINA team has released updates (2.0.27, 2.1.10, and 2.2.4) that address the issue by enforcing stricter validation of incoming serialized data.
💥 Cyber Incidents
6. Volkswagen Leak Exposes Vehicle Information
Volkswagen recently experienced a significant data breach involving sensitive information from approximately 800,000 electric vehicles. The incident, caused by a misconfiguration in the systems of Cariad, Volkswagen’s software subsidiary, exposed detailed data on Amazon Cloud for several months. Among the compromised data were precise GPS coordinates, revealing vehicle locations and movement patterns, which were linked to the owners’ identities.
7. ChatGPT and Sora Suffers Second Outage
ChatGPT, Sora, and OpenAI’s developer-facing API faced a significant outage on December 26, 2024, which lasted over four hours, from 11 a.m. PT to 3:16 p.m. PT. During this period, users were unable to access ChatGPT and Sora, with error messages displayed on attempts to connect. OpenAI identified the outage as being caused by an issue with one of its upstream providers, although specific details were not disclosed. The disruption marks the second major outage for OpenAI’s services this month, following a similar incident two weeks ago, which was attributed to a malfunctioning telemetry service.
8. American Addiction Centers Hit With Breach
In September 2024, American Addiction Centers (AAC) experienced a cyberattack that exposed the personal and health-related data of 422,424 individuals. The breach, which occurred between September 23 and 26, compromised sensitive information such as Social Security numbers, health insurance details, and personal contact data. While treatment and payment card information were not affected, the attack has raised concerns about identity theft, though no fraud has been linked to the breach.
9. Postman Suffers Leak Exposing Credentials
Postman, a popular API development platform, recently faced a significant data leak that exposed sensitive credentials, including API keys, tokens, and other secrets. Security researchers discovered that misconfigured sharing settings and inadequate access controls in Postman workspaces allowed sensitive data to be publicly accessible. Developers, unaware of the risks, stored confidential information directly within environment files, which led to unauthorized access to cloud resources, payment gateways, and third-party APIs.
10. Cyberhaven Chrome Extension Suffers Attack
On December 24, 2024, Cyberhaven faced a targeted attack when an attacker gained access to an employee’s account and uploaded a malicious version of the Cyberhaven Chrome extension (version 24.10.4) to the Chrome Web Store. The compromised extension was capable of exfiltrating sensitive information, including authenticated sessions and cookies, to the attacker’s domain. The breach was detected on December 25, 2024, and the malicious package was removed within an hour. Cyberhaven urged users to update their extensions, revoke passwords, rotate API tokens, and review logs for signs of malicious activity.
📢 Cyber News
11. UN Adopts Landmark Global Cybercrime Treaty
The United Nations has adopted a historic treaty to combat cybercrime, marking a significant step toward strengthening international collaboration in tackling digital threats. The legally binding agreement, finalized after five years of negotiations, establishes a framework for cross-border evidence exchange, victim protection, and crime prevention. It emphasizes safeguarding human rights online while providing tools for nations to combat online child exploitation, scams, and financial crimes.
12. Finland Suspects Russia in Cable Damage
On December 25, 2024, Finland launched an investigation into potential Russian involvement in the damage of multiple undersea cables connecting Finland and Estonia. This incident, which occurred on Christmas Day, involved two undersea power cables and four data cables, including significant disruptions to electricity and telecommunications connections. Finnish authorities suspect that a Russian vessel from its shadow fleet, possibly seeking to avoid sanctions, was behind the damage.
13. Scottish Rail Vulnerable to Security Risks
Scotland’s rail network is facing significant cybersecurity challenges as it transitions from mechanical to digitally-controlled signalling systems. Network Rail officials have expressed concerns over the lack of preparedness, particularly in light of a recent cyberattack on Transport for London (TfL) in September. This attack, which devastated TfL’s systems and caused disruptions to services, including payment channels, highlighted the vulnerabilities in the sector. With rising cybersecurity threats, the Scottish rail network is at risk, as many of its communications technologies are not secure enough to withstand similar attacks.
14. Healthcare Cyberattacks Set Record in 2024
In 2024, the healthcare sector witnessed an unprecedented surge in cyberattacks, breaking records with over 677 major data breaches impacting more than 182 million individuals. The most significant event was the Change Healthcare ransomware attack, which compromised the data of 100 million Americans and caused severe disruptions to the healthcare ecosystem. Hacking incidents were the primary breach type, affecting vast numbers of individuals, while vendor-related incidents also accounted for a significant portion of the breaches.
15. ChatGPT Search Feature Can Mislead Users
Research reveals that ChatGPT’s newly launched search feature can be manipulated into generating misleading content. Designed to streamline browsing by summarizing web pages, including reviews, ChatGPT Search can be tricked into ignoring negative feedback and offering overly positive summaries. By inserting hidden text into websites, users can even make the tool produce malicious code. While hidden text manipulation has been a known risk for large language models, this is the first time it has been demonstrated with a live AI-powered search product.
Subscribe and Comment.
Copyright © 2024 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.
