More News:

• Brain Cipher Attack: Targeted Indonesian data centers with malicious activity.

• CapraRAT Variant: A new variant identified, specifically targeting Android users.

• IBM Vulnerabilities: Multiple vulnerabilities discovered, enabling remote code execution and data breaches.

• Polyfill.io Supply Chain Attack: Compromised code affected over 384,000 websites, including major platforms like Hulu and Warner Bros.

• Vishing Scam Arrests: Authorities apprehended 54 suspects in a €2.5 million vishing scam across Spain and Portugal.

• Jenkins Script Console Exploitation: Misconfigurations exploited for crypto mining, highlighting security risks in Jenkins installations.

• Roll20 Data Breach: Unauthorized access to admin accounts exposed user data on the online gaming platform.

• Indonesia Ransomware Attack: Government negligence blamed for a ransomware incident impacting national data centers.

• Taylor Swift Ticket Data Ransom: Hackers leaked ticket barcode data, demanding a $2 million ransom, affecting event security and fan privacy.

Cyber Criminal Chronicles

Europol’s Cybercrime Crackdown: Europol dismantled hundreds of Cobalt Strike servers, crippling cybercriminal operations. Concurrently, Brain Cipher attacked Indonesian data centers, and a new CapraRAT variant targeted Android users. Read more.

IBM Vulnerabilities Discovered: Several vulnerabilities in IBM products were identified, allowing remote code execution, denial of service, and data breaches. Read more.

Polyfill Supply Chain Attack: Two weeks post-attack, Censys reports over 384,000 websites, including Hulu and Warner Bros., still loading compromised Polyfill.io code. Read more | Read more.

Vishing Scam Arrests: Authorities in Spain and Portugal arrested 54 suspects in a €2.5 million vishing scam, where fraudsters posed as bank employees to steal from elderly victims. Read more.

Security Breach Trends

Jenkins Script Console Exploitation: A misconfigured Jenkins Script Console has been exploited by attackers for cryptomining, posing a significant security risk. Proper configuration is essential to prevent these malicious activities. Read more.

Roll20 Data Breach: Online gaming platform Roll20 confirmed unauthorized access to its admin account, exposing user personal information. This breach highlights vulnerabilities in digital platforms' security measures. Read more.

Indonesia Ransomware Attack Update: The group behind the ransomware attack on Indonesia's national data center apologized and provided a free decryption key. Officials had expected permanent data loss due to lack of backups. The incident, blamed on government negligence, led to multiple resignations. Read more | Read more.

Taylor Swift Ticket Data Ransom: Hackers leaked barcode data for 166,000 Taylor Swift Eras Tour tickets and are threatening to release more unless a $2 million ransom is paid. This breach has significant implications for event security and fan privacy. Read more.

Tech Trends & Privacy Protocols

DNS Necessity Debate: The necessity of DNS is questioned, suggesting that users unable to remember IP addresses would struggle to access the internet without it. However, DNS does more than translate hostnames to IPs; it provides an abstraction layer that ensures consistent labeling even as IP addresses change. Read more.

OVHcloud Mitigates Massive DDoS Attack: French cloud computing firm OVHcloud successfully mitigated a record-breaking DDoS attack in April 2024, peaking at 840 million packets per second (Mpps). This surpassed the previous record of 809 Mpps from June 2020, demonstrating OVHcloud's robust defensive capabilities. Read more.

Policy & Governance Perspectives

Russia's VoIP Ban: The FSB has mandated Russian telecom providers to block VoIP calls from foreign IP addresses and local web hosting providers, limiting VoIP calls to those originating from major Russian telcos. This move aims to curb telephony-based scams, where criminals use virtual phone numbers to target Russian citizens. Additional coverage in RBC.

Intellexa Sanctions: A CyberScoop report reveals that US sanctions on the Intellexa surveillance alliance are effectively reducing activity around the group and its Predator spyware. This suggests the sanctions are successfully curbing Intellexa's operations. Read more.

Threat Intelligence Reports

New Botnet Zergeca: Cybersecurity researchers have discovered a sophisticated botnet called Zergeca, capable of launching devastating distributed denial-of-service (DDoS) attacks. Written in Golang, this botnet stands out for its ability to support six different attack vectors, making it a formidable threat to online security. Researchers identified Zergeca, a Golang-based botnet for powerful DDoS attacks with six attack vectors. This versatile botnet poses significant threats by compromising systems for large-scale attacks. Mitigation requires deploying anti-DDoS solutions and monitoring network traffic. Read more: Qianxin

DrWeb has published a report on the Linux version of TgRat, a remote access trojan first spotted in 2022 targeting Windows that used Telegram for C&C communications. DrWeb's report highlights the expansion of TgRat to Linux from its initial Windows targets, using Telegram for command and control. This adaptation poses new threats to Linux environments. Countermeasures include endpoint protection and monitoring Telegram traffic for anomalies. Read more: Dr.Web

Vulnerability Disclosure Digest

Rejetto HFS exploitation: Security firm AhnLab has discovered attacks against Rejetto web file servers. Attackers exploit CVE-2024-23692, injecting malicious HTML to hijack servers, dropping crypto-miners and infostealers. Over 2.3M servers are at risk. Update and secure servers immediately. Read more: AhnLab

Silent 7-Zip patch: The 7-Zip file archiving software has shipped a silent patch in its beta version to fix two vulnerabilities discovered by security researcher Maxim Suhanov. 7-Zip's silent beta patch addresses critical vulnerabilities. Users should update to the latest version to prevent potential exploits. Read more: Openwall

Traeger grill vulnerabilities: Bishop Fox researchers have found a vulnerability in the WiFi controller of Traeger smart cooking grills. The flaw can expose information on all registered grills. Immediate firmware updates are advised to secure devices. Read more: Bishop Fox

WebRTC DoS: Enable Security has found a critical denial-of-service (DoS) vulnerability impacting media servers that support WebRTC and DTLS. This DoS vulnerability can disrupt WebRTC media servers. Implement security patches to mitigate the issue. Read more: Enable Security

Ghostscript vulnerability: Codean's Thomas Rinsma has found a major security flaw (CVE-2024-29510) in the Ghostscript rendering and text processing engine. The format string vulnerability allows code execution, impacting web apps. Update to secure versions immediately. Read more: Codean Labs

Rockwell Automation Flaw: Microsoft has identified two security flaws in Rockwell Automation PanelView Plus, which can be exploited by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition**.** The flaws allow remote code execution and DoS attacks. Patch devices immediately to secure systems. Read more: Microsoft

Advanced Cyber Threats

A China-linked cyber espionage group, Velvet Ant, has been found exploiting a previously unknown vulnerability in Cisco's NX-OS Software, used in its switches, to deliver malware. The flaw, identified as CVE-2024-20399, allows authenticated local attackers to execute arbitrary commands as root on the underlying operating system, posing a significant threat to network security.Read more: https://thehackernews.com/2024/07/chinese-hackers-exploiting-cisco.html

Industry Cyber Solutions

New tool—CSPT: Security firm Doyensec has released CSPT, a Burp extension to detect and exploit Client-Side Path Traversal vulnerabilities. CSPT enhances security testing capabilities by identifying and mitigating path traversal risks in web applications, aiding in proactive defense strategies against such vulnerabilities. Explore CSPT on GitHub for more details. Read more: Doyensec

New tool—EDRPrison: Security firm 3Nails Infosec has launched EDRPrison, a driver designed to block EDR agents from transmitting telemetry data. EDRPrison offers organizations a tool to control data privacy and restrict potentially sensitive information from being sent to EDR vendors. Learn more about EDRPrison's functionalities on GitHub. Read more: 3Nails Infosec