2024-01-22 14:35 (EST) - Mortgage lender loanDepot reported a ransomware attack on January 6, compromising personal information of approximately 16.6 million people. The breach also led to a shutdown of several customer and loan servicing systems. Although the systems are regaining functionality, the nature of the stolen data remains undisclosed. loanDepot, having previously suffered a data breach in August 2022, will provide impacted individuals with credit monitoring and identity protection. The stolen data may be used for double-extortion and phishing attacks.

2024-01-22 13:55 (EST) - Unprecedented malware distribution that deploys an XMRig cryptocurrency miner and 9Hits Viewer has been detected. The operation exploits susceptible Docker services and doubles the threat actors income avenues. The attack is suspected to leverage search engines like Shodan to locate potential targets. After invading the servers, two sinister containers are used; one utilizes the 9Hits software to generate credits, and another runs an XMRig miner, heavily exhausting resources. The attacks scale and profitability are undetermined.

2024-01-22 13:54 (EST) - Java and Android applications using public libraries are vulnerable to a novel software supply chain attack method called MavenGate, according to Oversecureds analysis. The threat can hijack project access through domain name purchases and inject malicious code by exploiting loopholes in commonly used build configurations and libraries. Maven-based technologies, widely used for building and managing Java projects, are highly susceptible to such attacks. More than 200 companies, including tech giants like Google and Amazon, have been alerted about this imminent threat.

2024-01-22 13:53 (EST) - In December 2023, media companies and experts in North Korean affairs were targeted by the state-linked cyber threat actor ScarCruft (also known as APT37, InkySquid, RedEyes, Ricochet Chollima, and Ruby Sleet). The group, known for its government and defector attacks, used spear-phishing to spread RokRAT and other backdoors for covert intelligence gathering. A prominent North Korean Affairs expert was recently targeted using a multi-stage malicious Windows shortcut infection strategy. The increase in ScarCrufts activity indicates the groups continued effort to gather strategic intelligence and potential defense strategies.

2024-01-22 13:52 (EST) - Since November 2023, an Iranian cyber espionage group dubbed Mint Sandstorm has targeted high-profile individuals in Middle Eastern affairs based in various global institutions. It successfully employs sophisticated phishing lures to entice downloading of malicious files. The Microsoft Threat Intelligence team identifies Mint Sandstorm as part of the Islamic Revolutionary Guard Corps. New tactics, such as breaching accounts to send emails and using the curl command for connection, reveal increased sophistication in their methods.

2024-01-22 13:52 (EST) - Russian-associated cyber threat actor COLDRIVER has evolved beyond just harvesting credentials, delivering custom malware, SPICA, created in Rust programming language. Googles Threat Analysis Group reported that the attackers use decoy PDF documents to trigger malware infection, targeting numerous sectors from academia to energy facilities since 2019. The U.K and U.S have reported most impact, with notable activities also in other NATO and Russia-neighboring countries. Google stresses that the attack is primarily focused on “high profile individuals in NGOs, former intelligence and military officials, defense, and NATO governments”.

2024-01-22 13:51 (EST) - Cybercriminals are exploiting a patched Windows vulnerability to deploy Phemedrone Stealer, an information stealer tracking web browsers, cryptocurrency wallets, and apps like Telegram, Discord, and Steam. The Stealer, which captures screenshots and system details and sends data to attackers via Telegram or a command-and-control server, effectively circumvents Windows SmartScreen by utilizing discarded hyperlink files and URL shorteners. While the bypass vulnerability was fixed in Microsofts November 2023 updates, threat actors continue to seek methods for exploitation.

2024-01-22 13:48 (EST) - The Pentagon is exploring options for the next phase of military cyber forces, also known as Cyber Command 2.0. Driven by shifts in the threat landscape and advances in technology, this effort involves multiple independent studies and collaborations with combatant commands and services. Key areas of focus include training, organization, and cooperation with allies. The ultimate decision will offer Defense Secretary Lloyd Austin various options for enhancing cyber force generation, retention, readiness, and effectiveness.

2024-01-22 13:47 (EST) - Federal officials stress inter-agency collaboration to address cybersecurity threats in a recent ATARC webinar. Officials highlighted the need for enhanced discussion and cooperation to bridge security gaps caused by limited funds. Luci Holemans (FAA) advocated the sharing of common requirements to leverage resources. Kevin Dorsey (CMS) pushed for best practices promotion. Dr. Tiina Rodrigue (CFPB) identified CISA as the potential facilitator for sharing solutions to advance overall cybersecurity.

2024-01-22 13:47 (EST) - The Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued a joint warning regarding cyber threats from Chinese-manufactured unmanned aircraft systems (drones). The agencies caution these drones potentially expose sensitive information to Chinese authorities, increasing the likelihood of intelligence gathering on US critical infrastructure and exposing intellectual property. Recommendations for mitigating risk include secure design, domestic manufacturing, and adherence to cybersecurity protocols.

2024-01-22 13:46 (EST) - Rep. Nancy Mace criticized the Office of Personnel Management (OPM) for its languid progress in implementing the AI in Government Act of 2020. She argued that OPM’s delay in identifying AI talent gaps federally hinders the workforces AI readiness. Despite OPM’s tardy compliance to the legislation, proposals to boost the federal AI workforce include skill-based hiring for the 700,000 open cyber roles and the reinforcement of non-degree programs, which scholars assert offer broad access and scalable solutions.

2024-01-22 13:46 (EST) - Congressional witnesses urged for the DHSs Cyber Safety Review Board (CSRB) to become an independent entity with transparent processes for board member selection and investigation choices. Improving these areas would support the CSRBs mandate to investigate cybersecurity incidents and provide preventative guidance. Concerns were raised about potential conflicts of interest and the need for transparent selection criteria for investigations. As the CSRB is considered for federal law integration, these issues are critical to ensure its effectiveness and trustworthiness.

2024-01-22 13:45 (EST) - Cyber-criminals accessed personal information from approximately 7,300 individuals during an August cyber-attack at Carnegie Mellon University. Suspected data includes names, social security numbers and birth dates. The breach was quickly neutralized by the universitys InfoSec office and no evidence of fraudulent use has been found. Following a thorough investigation, affected individuals were recently notified and provided with Experian credit monitoring services. Nationwide, the education sector suffered 2,700 similar breaches in the last 20 years, leading to 32 million compromised records.

2024-01-22 13:44 (EST) - Cybersecurity remains the top concern for district technology leaders as schools increasingly become cyber attack targets. District leaders adopting good online habits through continuous cybersecurity training for staff and students is key to prevention. Response plans should include notifications, mitigation and recovery strategies, and the ability to revert to non-technology teaching during tech disruptions. Effective communication is crucial, both in explaining the importance of cybersecurity and post-attack responses, to maintain credibility and trust.

2024-01-22 13:43 (EST) - The Defense Department is enforcing stricter phases of Cybersecurity Maturity Model Certification (CMMC) 2.0 to bolster cybersecurity practices among Defense Industrial Base (DIB) partners. Companies, regardless of size, will have to assure compliance with cybersecurity mandates pertaining to handling classified information. The new approach simplifies self-assessment compliance, prioritizes the protection of DoD information, and heightens cooperation against cyber threats. Although seemingly cost-effective, smaller contractors need to comprehend the legal and financial consequences of non-compliance, carefully plan for cybersecurity investments, and build compliance costs into budgets to avoid future profit erosion.

2024-01-22 13:43 (EST) - Congress is considering changes to the Cyber Safety Review Board (CSRB), including enhancing its independence and transparency, and potentially granting it subpoena powers. Established by President Biden under a 2021 cybersecurity executive order, the CSRB investigates major cyber incidents. It currently comprises industry professionals and federal officials, leading to calls for full-time, independent investigators due to potential conflicts of interest. Despite differing views on its composition, theres general agreement the CSRB should have subpoena powers, provided modifications are made to its current operations.

2024-01-22 13:42 (EST) - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive to close two major cybersecurity vulnerabilities discovered by software firm Ivanti in its widely used products. Federal agencies are expected to take immediate action and implement Ivantis recommended mitigation. The vulnerabilities allow an attacker to infiltrate networks, perform data exfiltration, and obtain long-term system access. Ivanti discovered these flaws on January 10, and they indicate a significant risk to federal cybersecurity.

2024-01-22 13:41 (EST) - The Russia-backed threat group ColdRiver is now using a custom backdoor malware called “Spica”, a significant shift in their usual tactics. Previously reliant on impersonation and long-con phishing attacks, this group targets NGOs, former intelligence officers, and NATO governments for cyber espionage. The Spica malware, delivered through a deceptive decryption utility link within PDF documents, allows ColdRiver to execute commands, steal cookies, upload/download files, and exfiltrate data. This evolution intensifies concerns as election season approaches.

2024-01-22 13:40 (EST) - Cyberattackers are exploiting vulnerable Docker services to deploy a fresh payload using 9hits Traffic Exchange; a tool that artificially inflates webpage views. These attackers aim to gain credits on the platform, which are then exchanged for traffic sent to their chosen website via the automated 9hits viewer app. This illicit activity essentially steals compute resources without an organizations consent - an alarming new use of gray-area traffic-generation tools.

2024-01-22 13:40 (EST) - Despite Australias assertive cybersecurity efforts, including investing in its Cyber Security Strategy 2020 and updating the Essential Eight Maturity Model, cyber incidents persist. Critics argue that the current model inadequately addresses cloud and software-as-a-service (SaaS) security, focusing excessively on on-premises networks. To protect modern digital footprints, the Essential Eight should incorporate directives for configuration management, identity security, third-party app integration management, and resource control.