This week on TCE Cyberwatch, we bring you news of new vulnerabilities that have cropped up, along with threats of cyberattacks and new cybercrime forums that have opened up.
With the U.S. elections around the corner, worries about cyberattacks have become more prevalent. There are also developments in the world of tech this week from other countries like Australia.
TCE Cyberwatch hopes all readers feel informed reading this article and realize the impact of cybercrimes. This recap aims to educate readers on the importance of staying vigilant in the current climate. We will also cover critical vulnerabilities, data breaches, and the evolving tactics of cybercriminals.
TCE Cyberwatch Weekly Update
Explore the newest updates and empower yourself with the information needed with TCE Cyberwatch.
USDoD announces plans to resurrect BreachForum’s community
The FBI’s takedown of BreachForums, a key cybercrime marketplace, marked a significant victory against cybercrime. However, less than 24 hours later, the cybercriminal known as USDoD announced plans to resurrect the forum’s community.
BreachForums had been central for trading stolen data and hacking tools, and its removal was a major achievement, but USDoD and another administrator, ShinyHunters, claimed that they would revive the site.
USDoD vowed to launch a new forum, Breach Nation, with domains breachnation.io and databreached.io, which is set to go live on July 4, 2024. Robust infrastructure, enhanced security, and upgraded memberships to the first 200,000 users were some of the things that were offered. Read More
Generative AI and its impact on the insurance industry
Generative AI has become a major topic in AI discussions, especially with advanced models like OpenAI’s GPT-4 and Google’s Gemini 1.5 Pro. Bloomberg predicts that the Generative AI market will reach USD 1.3 trillion by 2032, holding potential across industries, but specifically insurance.
In insurance, Generative AI is expected to revolutionize operations, streamline claims by analyzing images and documents, speed up settlements and enhance customer satisfaction, improve decision-making, and reduce errors and cases of fraud through its data analysis capabilities.
Generative AI can also provide tailored recommendations and engage with customers in conversations. While Generative AI offers significant advantages, its adoption must address concerns about data privacy and ethical AI usage. Read More
Kyrgyzstan faces cyberattacks on government entities as mob violence occurs against foreign students
Bishkek, the capital of Kyrgyzstan, is currently experiencing severe mob violence and cyberattacks. The turmoil began with a viral video showing a fight between Kyrgyz and Egyptian medical students, which led to widespread violence against foreign students. Simultaneously though, Kyrgyzstan is facing severe cyberattacks from various hacktivist groups.
The attackers, calling themselves Team Insane PK, have allegedly attacked multiple governmental platforms, including the Ministry of Agriculture and the Education Portal of the Ministry of Emergency Situations, as well as private entities like Saima Telecom and several universities.
Additionally, Silent Cyber Force, another Pakistan-based group, has allegedly targeted Kyrgyzstan’s Ministry of Defence and Ministry of Agriculture. Read More
U.S. election causes worry surrounding several cyberattacks, specifically those of foreign interference
With the 2024 U.S. elections approaching, foreign interference, particularly through cyberattacks, has intensified. Democratic Senator Mark Warner noted the involvement of both state and non-state actors, including hacktivists and cybercriminals, who find it increasingly easy to disrupt U.S. politics.
The Cybersecurity and Infrastructure Security Agency (CISA) is at the forefront of defending against these threats. CISA Director Jen Easterly emphasized that while election infrastructure is more secure than ever, the threat environment has become more complex, with foreign adversaries and generative AI capabilities posing significant risks.
In response, CISA has ramped up its efforts, offering cybersecurity assessments, physical security evaluations, and training sessions to election stakeholders. Read More
New Vulnerability Llama Drama spotted in Python package widely used by AI application developers
A critical vulnerability, CVE-2024-34359, dubbed Llama Drama, was recently discovered in a Python package widely used by AI application developers. Discovered by researcher Patrick Peng, the vulnerability affects the llama_cpp_python package, which integrates AI models with Python and is related to the Jinja2 template rendering tool used for generating HTML.
Checkmarx, a cybersecurity firm, explained that the issue arises from llama_cpp_python using Jinja2 for processing model metadata without implementing proper security measures like sandboxing.
This oversight enables template injection attacks, allowing for arbitrary code execution on systems using the affected package. More than 6,000 AI models that use llama_cpp_python and Jinja2 are impacted by this. Read More
Europol investigating a black hat hacker who claims to have stolen classified data from their systems
Europol is investigating a black hat hacker, IntelBroker, who claims to have stolen classified data from their system. The hacker allegedly accessed classified information, like employee data and source codes, from various branches of Europol, like the Europol Platform for Experts (EPE). IntelBroker posted screenshots as proof and later claimed to have sold the data.
Europol confirmed the incident and assured that no operational data was compromised. The agency has taken initial actions, and the EPE website is temporarily down for maintenance. Additionally, IntelBroker claimed to have hacked Zscaler, a cybersecurity firm, offering to sell access to their systems. Zscaler is investigating but has not found evidence of impact, other than a test environment exposed to the internet, though it’s unclear if it was involved in the breach. Read More
Palo Alto Networks’ forecast falls short of investor expectations
Palo Alto Networks’ fourth-quarter billings forecast fell short of investor expectations, signaling restrained corporate spending on cybersecurity amid economic uncertainty and persistent inflation. This caution has driven companies to diversify their cybersecurity investments to avoid reliance on a single vendor, leading to a reduced growth outlook for firms like Palo Alto Networks.
The company projected fourth-quarter billings between $3.43 billion and $3.48 billion, aligning closely with analysts’ estimates but reflecting broader concerns about slowed growth in the sector. Analysts highlighted the lack of significant positive momentum in the revised forecasts put out by Palo Alto following this. However, the forecasts follow similar cautionary predictions from rivals like Fortinet, which hint at a broader trend of cautious spending in the cybersecurity industry. Read More
Australia passes its first legislation for a national digital ID
Australia has passed its first legislation for a national digital ID, called myGovID, set to come into effect in November. This eliminates the need for multiple forms of physical ID. Lauren Perry from the UTS Human Technology Institute explains that the digital ID will streamline the cumbersome process of collecting and verifying multiple ID documents. The system acts as an intermediary between the user and organizations requiring identity verification.
Users will interact with organizations through an app, inputting a government-registered number to confirm their identity. Currently, the myGovID app serves this purpose, but private providers like MasterCard or Visa could join the system, enhancing security and reducing fraud risks. Read More
Western Sydney University faces a cybersecurity breach affecting 7,500 individuals.
Western Sydney University faced a cybersecurity breach that affected around 7,500 individuals. The breach, first identified in January 2024, was traced back to May 2023 and involved unauthorized access to the university’s Microsoft Office 365 platform, including SharePoint files and email accounts., and their Solar Car Laboratory infrastructure.
WSU swiftly shut down its IT network and implemented security measures upon discovering the breach. The university has assured that no ransom demands have been made for the compromised information. The NSW Police and Information and Privacy Commission are helping to investigate the incident.
The NSW Supreme Court has issued an injunction to prevent the unauthorized use of the compromised data, highlighting the legal implications of such breaches. Read More
ICO releases warning about data protection risks associated with generative AI for Snapchat
The UK’s Information Commissioner’s Office (ICO) has warned about the data protection risks associated with generative AI. The ICO found that the company that owned Snapchat, Snap, had not adequately assessed the data protection risks for its chatbot, which interacts with Snapchat’s 414 million daily users. The ICO issued a Preliminary Enforcement Notice to Snap-on October 6, highlighting a failure to properly evaluate privacy risks, especially for users aged 13 to 17.
This led to Snap undertaking a comprehensive risk assessment and implementing the necessary steps, which the ICO then deemed to fit data protection laws. Snapchat has integrated prevention of harmful responses from the chatbot and is working on additional tools to give parents more control over their children’s use of ‘My AI’. The ICO will continue to monitor Snapchats generative AI developments and enforce compliance to protect public privacy rights. Read More
New malware named GhostEngine to exploit vulnerable drivers and install crypto mining software
A novel malware campaign dubbed “REF4578” uses a malware called GhostEngine to disable endpoint detection and response (EDR) solutions and install crypto mining software. The malware exploits vulnerable drivers to terminate EDR agents, ensuring the persistence of the XMRig miner, which is used to mine Monero cryptocurrency without detection.
The malware also installs a backdoor and includes an EDR agent controller and miner module to tamper with security tools and enable remote command execution via a PowerShell script.
Researchers at Antiy Labs, despite extensive analysis, were unable to identify specific targets or the threat actor behind the campaign. To detect GhostEngine, organizations should monitor for initial suspicious activities such as unusual PowerShell execution, execution from uncommon directories, privilege elevation, and vulnerable driver deployment. Key indicators include abnormal network traffic, DNS lookups pointing to mining pool domains, and specific behavior prevention events like unusual process execution and tampering with Windows Defender. Read More
Wrap Up
The ever-evolving landscape of cybersecurity requires constant vigilance. By staying informed about the latest threats and taking proactive measures, we can minimize the impact of cyberattacks and protect ourselves online.
As always, we can see that there is unrest present everywhere and cybercrimes play a huge role in that. TCE Cyberwatch is committed to keeping you informed about the latest developments in cybersecurity. Stay tuned for more in-depth analysis and actionable advice.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
