The Hacker News

"DOJ and FTC sue Tik Tok for violating children's privacy laws."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 03 August 2024, 1321 UTC.

Content and Source:  https://thehackernews.com

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurity journal.net).

 

DOJ and FTC Sue TikTok for Violating Children's Privacy Laws

Aug 03, 2024 Privacy / Data Protection

The U.S. Department of Justice (DoJ), along with the Federal Trade Commission (FTC), filed a lawsuit against popular video-sharing platform TikTok for "flagrantly violating" children's privacy laws in the country. The agencies claimed the company knowingly permitted children to create TikTok accounts and to view and share short-form videos and messages with adults and others on the service. They also accused it of illegally collecting and retaining a wide variety of personal information from these children without notifying or obtaining consent from their parents, in contravention of the Children's Online Privacy Protection Act (COPPA). TikTok's practices also infringed a 2019 consent order between the company and the government in which it pledged to notify parents before collecting children's data and remove videos from users under 13 years old, they added. COPPA requires online platforms to gather, use, or disclose personal information from children unde

Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool

Aug 03, 2024 DDoS Attack / Server Security

Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers. Attack chains entail the exploitation of internet-exposed Jupyter Notebook instances to run wget commands for fetching a ZIP archive hosted on a file-sharing site called Filebin. The ZIP file contains two Java archive (JAR) files, conn.jar and mineping.jar, with the former used to establish connections to a Discord channel and trigger the execution of the mineping.jar package. "This attack aims to consume the resources of the target server by sending a large number of TCP connection requests," Aqua researcher Assaf Morag said . "The results are written to the Discord channel." The attack campaign has bee

The Essential Guide to Secure Workflow Automation for Security Teams

TinesCyber Security / Workflow Automation

Learn how secure workflow automation (including AI-powered) could help solve your team's biggest challenges.

APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack

Aug 02, 2024 Cyber Espionage / Malware

A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and post-compromise tools like ShadowPad and Cobalt Strike. It has been attributed with medium confidence to a prolific hacking group tracked as APT41 . "The ShadowPad malware used in the current campaign exploited an outdated vulnerable version of Microsoft Office IME binary as a loader to load the customized second-stage loader for launching the payload," security researchers Joey Chen, Ashley Shen, and Vitor Ventura said . "The threat actor compromised three hosts in the targeted environment and was able to exfiltrate some documents from the network." Cisco Talos said it discovered the activity in August 2023 after detecting what it described we

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

Aug 02, 2024 Cyber Espionage / Malware

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace . "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published today, attributing it with medium to high level of confidence to APT28 , which is also referred to as BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422. It's worth noting that car-for-sale phishing lure themes have been previously put to use by a different Russian nation-state group called APT29 since July 2023, indicating that APT28 is repurposing successful tactics for its own campaigns. Earlier this May, the threat actor was implicated in a series of campaigns targeting networks across Europe with the HeadLace malware and credential-harvesting web pages. The attacks are characterized by the

Webinar: Discover the All-in-One Cybersecurity Solution for SMBs

Aug 02, 2024

In today's digital battlefield, small and medium businesses (SMBs) face the same cyber threats as large corporations, but with fewer resources. Managed service providers (MSPs) are struggling to keep up with the demand for protection. If your current cybersecurity strategy feels like a house of cards – a complex, costly mess of different vendors and tools – it's time for a change. Introducing the All-in-One Cybersecurity Platform Imagine having all the protection you need in one place, with one easy-to-use interface. That's the power of an All-in-One platform. Join our upcoming webinar to learn how MSPs and SMBs are using these platforms to: Simplify: Reduce costs and complexity by consolidating your security tools. Accelerate: Speed up threat response and focus on growing your business. Scale: Expand your cybersecurity capabilities without breaking the bank. Cynet experts will demonstrate how their All-in-One platform combines a full suite of security featur

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

Aug 02, 2024 Vulnerability / Network Security

Enterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critical vulnerabilities keep affecting these systems and put critical business data at risk.  The SANS Internet Storm Center published a report showing how the open-source ERP framework OFBiz is currently the target of new varieties of the Mirai botnet. As part of its extensive project portfolio, the Apache Foundation supports OFBiz , a Java-based framework for creating ERP (Enterprise Resource Planning) applications. OFBiz appears to be far less prevalent than commercial alternatives. However, just as with any other ERP system, organizations rely on it for sensitive business data, and the security of these ERP systems is critical. In May this year, a critical security update was released f

Webinar: Securing the Modern Workspace: What Enterprises MUST Know about Enterprise Browser Security

Jul 25, 2024Browser Security / Enterprise Security

The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed. Modern cybersecurity requires a new approach based on the protection of the browser itself, which offers both security and frictionless deployment.  In an upcoming live webinar ( Register here ), Or Eshed, CEO of browser security company LayerX, and Christopher Smedberg, Director of Cybersecurity at Advance Publishing, will discuss the challenges facing modern enterprise in the new hybrid-work world, the gaps found in existing security solutions, and a new approach to securing the modern enterprise workspace, which is centered on the browser. The Browser is Where Work Takes Place The browser is the key to the organization's critical assets. It connects all organizational devices, identities, and SaaS and

New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication

Aug 02, 2024 Cyber Attack / Windows Security

Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service ( BITS ) as a command-and-control (C2) mechanism. The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Labs, which made the discovery on June 25, 2024, in connection with a cyber attack targeting an unspecified Foreign Ministry of a South American government. The activity cluster is being tracked under the moniker REF8747. "The most current iteration of the backdoor at the time of this publication has 35 handler functions including keylogging and screen capture capabilities," security researchers Seth Goodwin and Daniel Stepanic said . "In addition, BITSLOTH contains many different features for discovery, enumeration, and command-line execution." It's assessed that the tool – in development since December 2021 – is being used by the threat actors for data gatheri

U.S. Releases High-Profile Russian Hackers in Diplomatic Prisoner Exchange

Aug 02, 2024 Cyber Crime / Hacking News

In a historic prisoner exchange between Belarus, Germany, Norway, Russia, Slovenia, and the U.S., two Russian nationals serving time for cybercrime activities have been freed and repatriated to their country. This includes Roman Valerevich Seleznev and Vladislav Klyushin, who are part of a group of eight people who have been swapped back to Russia in exchange for the release of 16 people who were held in detention, counting four Americans, five Germans and seven Russians citizens who were held as political prisoners. U.S. President Joe Biden called the deal a "feat of diplomacy," adding "some of these women and men have been unjustly held for years." Other nations that played a role in the swap include Poland and Turkey. Among those released from Russia are former U.S. Marine Paul Whelan, Wall Street Journal reporter Evan Gershkovich , Vladimir Kara-Murza, a green-card holder and a prominent critic of Russian president Vladimir Putin, and Russian-American jour

Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware

Aug 02, 2024 Malware / Network Security

Cybersecurity companies are warning about an uptick in the abuse of Clouflare's TryCloudflare free service for malware delivery. The activity, documented by both eSentire and Proofpoint , entails the use of TryCloudflare to create a rate-limited tunnel that acts as a conduit to relay traffic from an attacker-controlled server to a local machine through Cloudflare's infrastructure. Attack chains taking advantage of this technique have been observed delivering a cocktail of malware families such as AsyncRAT, GuLoader, PureLogs Stealer, Remcos RAT, Venom RAT, and XWorm. The initial access vector is a phishing email containing a ZIP archive, which includes a URL shortcut file that leads the message recipient to a Windows shortcut file hosted on a TryCloudflare-proxied WebDAV server. The shortcut file, in turn, executes next-stage batch scripts responsible for retrieving and executing additional Python payloads, while simultaneously displaying a decoy PDF document hosted on

The CyberWire Daily Briefing

"American Hospital Association and Health ISAC issue threat bulletin on ransomware."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.   Accessed on 03 August 2024, 0031 UTC.

Content and Source:  https://thecyberwire.com/newsletters/daily-briefing/13/147.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 V13 | Issue 147 | 8.2.24

Daily Briefing for 08.02.24

SUMMARY

By the CyberWire staff

At a glance.

• American Hospital Association and Health-ISAC issue threat bulletin on ransomware.
• Russian hackers freed in prisoner swap.
• Threat actors abuse TryCloudflare to deliver RATs.

American Hospital Association and Health-ISAC issue threat bulletin on ransomware.

The American Hospital Association (AHA) and Health-ISAC yesterday issued a joint threat bulletin regarding ransomware attacks in the healthcare industry, citing recent attacks against Octapharma, Synnovis, and OneBlood. While these attacks "appear to be unrelated and have been conducted by separate Russian-speaking ransomware groups," the report states that "the unique nature and proximity of these ransomware attacks - targeting aspects of the medical blood supply chain within a relatively short time frame, is concerning."

The AHA and Health-ISAC say "these incidents provide ample reason and impetus for HDOs, hospitals, and health systems to review contingency plans for possible disruption to the blood supply chain and other mission and life-critical medical supplies." The report recommends reviewing single points of failure and incorporating "multiple suppliers of these critical supplies into their supply-chain strategy to create redundancy in the event that one mission-critical supplier becomes inoperable as a result of a cyberattack."

Florida-based OneBlood was hit by ransomware on Wednesday and has issued an urgent call for blood donations. Synnovis, a pathology lab provider in the UK that sustained a ransomware attack in June, doesn't expect to fully recover until early autumn.

SPONSORED BY MWISE

If you're on the front line, we've got your back.

Mark your calendar for mWISE™, the unique cybersecurity conference from Mandiant, now part of Google Cloud. Built by practitioners for practitioners, it runs from September 18–19, 2024 in Denver, Colorado.

What makes mWISE different from other cybersecurity conferences? It’s a targeted event with hands-on learning for frontline practitioners. The intimate setting allows you to make one-on-one connections with leaders in the field. And best of all, it’s focused on learning without the sales pitches.

Russian hackers freed in prisoner swap.

The US government has released two cybercriminals as part of a prisoner swap with Russia, CyberScoop reports. The deal secured the release of sixteen people from Russia, including three American citizens and one American green-card holder. Moscow received eight citizens in exchange, including convicted cybercriminals Vladislav Klyushin and Roman Seleznev. Klyushin had been serving nine years for his role in "an elaborate hack-to-trade scheme that netted approximately $93 million through securities trades based on confidential corporate information stolen from U.S. computer networks." Seleznev was serving fourteen years for his involvement in a $50 million identity theft and credit card fraud operation.

SPONSORED BY BLACKCLOAK

87% of executives use personal devices with zero security.

What’s the easiest way for cybercriminals to get around your company’s defenses? By attacking executives at home. Once executives leave your network, they become easy targets for hijacking, credential theft, and reputational harm. Close the at-home security gap with BlackCloak Concierge Cybersecurity & Privacy™. Award-winning day-and-night protection for executives and their families. Learn more 

Threat actors abuse TryCloudflare to deliver RATs.

Researchers at Proofpoint warn that threat actors are abusing the TryCloudflare free service to distribute malware. The researchers note, "In June and July, nearly all observed campaigns delivered Xworm, but previous campaigns also delivered AsyncRAT, VenomRAT, GuLoader, and Remcos. Some campaigns will lead to multiple different malware payloads, with each unique Python script leading to the installation of a different malware."

Proofpoint adds, "Campaign message volumes range from hundreds to tens of thousands of messages impacting dozens to thousands of organizations globally. In addition to English, researchers observed French, Spanish, and German language lures. Xworm, AsyncRAT, and VenomRAT campaigns are often higher volume than campaigns delivering Remcos or GuLoader. Lure themes vary, but typically include business-relevant topics like invoices, document requests, package deliveries, and taxes."

SPONSORED BY DMV RISING

D.C.’s Premier Gathering of Cybersecurity Visionary Leaders

N2K CyberWire is proud to partner with DMV Rising 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, and provide a unique opportunity to foster new connections and innovative ideas. Join us on September 12, 2024 to experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot. 

Notes.

Today's issue includes events affecting Russia, the United Kingdom, and the United States.

SPONSORED EVENTS

Watch now: Generative AI for Security (Virtual, Jul 15 - Aug 4, 2024) In this AWS and SANS webinar, experts will provide an overview of generative artificial intelligence (AI), things to consider in leveraging generative AI for security, best practices for implementing a phased approach, and diving deeper into Amazon Bedrock. Watch now.

Upcoming Cyber Security Summits (Multiple Cities, Aug 20 - Sep 6, 2024) Join us In-Person and network over breakfast, lunch & a cocktail reception on 8/20 in Detroit, 8/22 in Portland, 8/27 in San Antonio and 9/6 in Chicago! Learn about the latest threats and solutions from The FBI, U.S. DHS/CISA, City of Detroit, City of Chicago & more. Earn CPE/CEU credits with your attendance. Get 50% off admission w/ code CSS24-CYBERWIRE at CyberSecuritySummit.com (Only $125 with code)

Upcoming webinar: Unpacking the 2024 Ransomware Landscape (Virtual, Aug 22, 2024) Join David Bittner and Deepen Desai, Chief Security Officer at Zscaler, on August 22nd for an exclusive deep dive into the latest findings from the Zscaler ThreatLabz 2024 Ransomware Report. In this discussion, we will highlight critical insights into the most targeted industries and regions, uncover the dynamics behind a record ransom payout, discuss emerging ransomware families to watch, and share predictions for the upcoming year. Register now to secure your spot.

DMV Rising, D.C.’s Premier Conference for Cyber Execs. (Virtual and Washington, DC, US, Sep 12, 2024) The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 12, 2024 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.

ISC2 Security Congress 2024 (Virtual / Las Vegas, NV, US, Oct 14 - 16, 2024) Join us at ISC2 Security Congress, October 14-16 in Las Vegas or online. Connect with global cyber experts, hear from four keynote speakers, and participate in one of eight pre-conference workshops. Discover cutting-edge insights and advance your skills in cybersecurity. Don’t miss out!

SELECTED READING

Attacks, Threats, and Vulnerabilities

Hackers abuse free TryCloudflare to deliver remote access malware (BleepingComputer) Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs).

APT41 likely compromised Taiwanese government-affiliated research institute with ShadowPad and Cobalt Strike (Cisco Talos Blog) ShadowPad, widely considered the successor of PlugX, is a modular remote access trojan (RAT) only seen sold to Chinese hacking groups.

"ERIAKOS" Scam Campaign: Detected by Recorded Future’s Payment Fraud Intelligence Team (Recorded Future) Discover how Recorded Future uncovered the ERIAKOS scam campaign with 608 fraudulent e-commerce websites targeting Facebook users.

Legislation, Policy, and Regulation

CISA Names First Chief Artificial Intelligence Officer (CISA) Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced its first CISA Chief Artificial Intelligence Officer, Lisa Einstein. This selection reflects CISA’s commitment to responsibly use AI to advance its cyber defense mission and to support critical infrastructure owners and operators across the United States in the safe and secure development and adoption of AI.

EPA Told to Address Cyber Risks to Water Systems (Infosecurity Magazine) The US Government Accountability Office has told the Environmental Protection Agency to urgently develop a strategy to tackle rising cyber-threats to the water industry

Litigation, Investigation, and Law Enforcement

US releases Russian hackers and spies as part of prisoner swap (The Record) The U.S. sent convicted cybercriminals Roman Seleznev and Vladislav Klyushin to Russia in a prisoner exchange that involved Wall Street Journal reporter Evan Gershkovich and Marine veteran Paul Whelan.

INDUSTRY EVENTS

For a complete running list of events, please visit the Event Tracker.

Events

Unpacking the 2024 Ransomware Landscape: Insights and Strategies from ThreatLabz (Virtual, Aug 22, 2024) This live discussion on the latest findings from the Zscaler ThreatLabz 2024 Ransomware Report highlights the most targeted industries and regions, the dynamics behind a ransom payout, emerging ransomware families, and predictions for 2025. Register now.

SecureWorld Manufacturing & Retail Virtual Conference (Virtual, Aug 28, 2024) Join with cybersecurity professionals for training and information sharing through an interactive online experience. Earn 6 CPE credits learning from nationally recognized industry leaders. The agenda offers 12+ educational presentations, including panel discussions, breakout sessions, and keynotes. Connect with your peers in the Networking Lounge, enter to win prizes, and see demos and resources from top solution vendors in the Exhibitor Hall.

SANS Network Security Las Vegas 2024 (Las Vegas (and virtual), Nevada, USA, Sep 4 - 9, 2024) At SANS Network Security 2024, choose from 41 interactive courses with hands-on labs. Practice your skills and compete against your peers during NetWars Tournaments, and network with your instructor and industry colleagues in real-time. Each course includes electronic and printed books, and several courses align with GIAC certifications!

Jailbreak Brewing Company Security Summit (Laurel, Maryland, USA, Sep 6, 2024) Join some of the world's best security researchers as they talk about disinformation; the misleading and deliberate deception in today's connected world, both from the technical and policy sides at the only computer security event held at a production brewery. Attendance is limited to 150 to keep the Security Summit small and encourage conversation between speakers, attendees, and sponsors. Tickets include breakfast, lunch, and an awesome time to chat with fellow security experts. Come participate in the talks, the conversation, and the beer!

DMV Rising 2024 (Washington, DC, Sep 12, 2024) DMV Rising is D.C.'s premier cybersecurity event, bringing together cybersecurity executives to tackle tough problems, share new insights, and explore innovative solutions emerging in D.C., Maryland, and Virginia.

SPONSOR & SUPPORT

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.