Start of the Week Cybersecurity Digest: 26 Aug 2024

OIG has FBI Concerns, Meta takes action against malicious Iranian Accounts, and Telegram CEO arrested

Author

Greg
August 26, 2024

The Cybersecurity Digest Newsletter

Date: 26 Aug 2024

Happy Monday! I hope you all had a great weekend. Here is your Monday Cybersecurity Digest to kickstart your week!

Thank you to everyone who has subscribed to the newsletter so far! If you enjoy the content, I ask that you please share it with someone you know who would benefit from the information that this Newsletter provides! The more subscribers the newsletter gets the easier it will be to continue to provide this FREE resource!

In addition to this newsletter, we have a weekly podcast which will be published on Mondays that recaps the top stories from the previous week.

**Please note that Blue Article Titles and words in sections are links directing to source material. Additionally, if the background is too dark for text on mobile, try turning off your phones dark mode.

Notable News

In a recent report from the Office of the Inspector General they had cited some concerns surrounding the FBI’s Inventory Management and Disposition Procedures of Electronic Storage Media. Key Findings include:

  1. The FBI does not adequately track or account for electronic storage media

  2. The FBI fails to consistently label electronic storage mediat with the appropriate classification levels

  3. Insufficient physical security was observed at the facility that physically houses the media.

For more information check out the full OIG report above!

Meta discusses a recent disruption of a social engineering campaign on WhatsApp, attributed to the Iranian threat actor APT42. This campaign targeted political and diplomatic officials in several countries, including the US and the UK, by posing as technical support from major tech companies. The vigilance of users in reporting suspicious messages helped block the malicious activity, and there is no evidence of compromised accounts. The article emphasizes the importance of staying vigilant, especially ahead of the US election, and encourages public figures to use privacy and security settings and report suspicious activities.

HackRead discusses the revelation of the infamous hacker known as USDoD, who has identified himself as Luan G, a 33-year-old Brazilian citizen. Luan G is responsible for several high-profile data breaches, including leaking over 3.2 billion Social Security Numbers and breaching the FBI’s InfraGard platform. He was doxed by CrowdStrike after leaking a significant list of Indicators of Compromise from the company. Luan G has expressed his intention to leave the cybercrime world and contribute positively to Brazil..

Telegram CEO, Pavel Durov, was arrested at Bourget airport near Paris Saturday evening. He was arrested due to having a warrant out for his arrest in France as part of a preliminary investigation claiming that the application allows criminal activity to go undeterred.

The American Radio Relay League (ARRL) confirmed it paid a $1 million ransom to obtain a decryptor after a ransomware attack in May. The attack, attributed to the Embargo ransomware gang, encrypted ARRL’s systems, affecting 150 employees. Despite initial containment efforts, ARRL decided to pay the ransom to restore its systems, with most costs covered by insurance.

Recent Research

A stealthy Linux malware named ‘sedexp’ has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework. Discovered by Stroz Friedberg, the malware creates reverse shells for remote access and hides in plain sight by exploiting udev rules. It mimics legitimate system processes and employs memory manipulation techniques to conceal its presence.

This research from Unit42 takes a look at the changing tactics of the group behind the ShinyHunters ransomware.

If you are unaware of how AI can be leveraged in cyber attacks this article is worth checking out!

Prevalent Patches

There is nothing worth noting since our last newsletter! A great way to start the week!

CISA Corner

Since our last newsletter being published on Friday, CISA has added one new vulnerability to its Known Exploited Vulnerability (KEV) catalog. Here is more information about the vulnerability:

CVE-2024-39717 Versa Director Dangerous File Type Upload

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in. Severity: HIGH Exploitation Status: Versa Networks is aware of one confirmed customer reported instance where this vulnerability was exploited because the Firewall guidelines which were published in 2015 & 2017 were not implemented by that customer. This non-implementation resulted in the bad actor being able to exploit this vulnerability without using the GUI. In our testing (not exhaustive, as not all numerical versions of major browsers were tested) the malicious file does not get executed on the client. There are reports of others based on backbone telemetry observations of a 3rd party provider, however these are unconfirmed to date.

Conclusion:

Thank you for reading this edition of the Cybersecurity Digest Newsletter. If you enjoyed this newsletter please share with someone you know who would benefit from this information.

For previous newsletters, announcements, and links please check out our full website

Until next time, Stay Secure!

Reply

or to participate.