This week on TCE Cyberwatch, we are looking at legal controversies that are now on the rise due to the introduction of new features in AI. Famous actors like Scarlett Johansson face the burnt of it, along with Governments who are getting together to discuss the impact of AI on important world events. Staying informed to know what is going on behind the scenes of things you may be using, watching, or partaking in is important. Vulnerabilities and breaches are constantly being found and occurring. In very common and large companies like Medisecure, it is important to ensure you know if something like that can be on its way to affect you. So, to stay updated, The Cyber Express has compiled the weekly happening in the cybersecurity world in the form of TCE Cyberwatch. Read on to find out what are they:

TCE Cyberwatch: A Weekly Round-Up

AI's Dark Side: Experts Warn of Cybercrime, Election Attacks at Congressional Hearing

At a U.S. congressional hearing on AI misuse, data security and privacy experts discussed AI’s diverse threats, including cybercrime, election interference, and nation-state attacks. The House Committee on Homeland Security announced their aim of incorporating AI into upcoming legislation, and panelists emphasized that AI has empowered cybercriminals, making it crucial to integrate AI into cybersecurity measures. The spokesperson from Palo Alto Networks stressed the need for secure AI development and oversight. Concerns about election security were raised, and the Centre for Democracy and Technology proposed guidelines for responsible AI use, emphasizing proper training data, independent testing, and human rights safeguards. They warned against the hasty deployment of AI, advocating for a careful approach to ensure long-term benefits. Read More

Courtroom Recording Software Hit by Supply Chain Attack, Thousands Potentially Affected

Hackers compromised Justice AV Solutions (JAVS), a widely-used courtroom recording platform, by inserting a backdoor in a software update. JAVS software, installed in over 10,000 locations globally, was affected when hackers replaced the Viewer 8.3.7 software with a compromised file. JAVS responded by removing the affected version from its website, resetting passwords, and auditing its systems. The company assured that current files are malware-free and urged users to verify their software is digitally signed. Cybersecurity firm Rapid7 identified the backdoor as linked to the GateDoor and Rustdoor malware families, often used by the ShadowSyndicate cybercrime group. They advised users to reimage affected systems and reset credentials, as merely uninstalling the software is insufficient. Read More

Australian Regulator Sues Optus Over Massive Data Breach of 10 Million Customers

Australia's media regulator is suing telecom carrier Optus, owned by Singapore Telecommunications, over a massive data breach in September 2022. The breach exposed the personal information of 10 million Australians, including addresses, passports, and phone numbers. Following the breach, Prime Minister Anthony Albanese advocated for stricter privacy laws to ensure companies notify banks quickly in such incidents. The Australian Communications and Media Authority claims Optus failed to protect customer data from unauthorized access. Optus, which has been cooperating with authorities, stated it cannot yet determine potential penalties and plans to defend itself in court. The company has been under scrutiny recently due to a separate 12-hour network blackout affecting over 10 million customers. Read More

Critical WordPress Vulnerabilities: Update Plugins Immediately!

The Cyber Security Agency of Singapore has issued an urgent alert regarding critical vulnerabilities in several WordPress plugins. These vulnerabilities pose significant security risks, potentially allowing unauthorized access and exploitation. To address these issues, security updates have been released. SingCERT has identified nine critical vulnerabilities, including those allowing arbitrary file uploads and SQL injection, and has provided mitigation strategies. Users are strongly advised to update to the latest plugin versions immediately. Additional measures, such as virtual patching, can offer temporary protection. Regular updates and monitoring are essential for safeguarding WordPress websites against potential threats. For more details, users should consult the respective plugin documentation and developer updates. Read More

Ransomware Attack on Spanish Bioenergy Plant Highlights ICS Vulnerabilities

A ransomware attack by the Ransomhub group on the Industrial Control Systems (ICS) of a Spanish bioenergy plant underscores the risks of cyberattacks on critical infrastructure. The attack targeted the SCADA system, crucial for managing the plant's operations, encrypting over 400 GB of data and disrupting essential functions. Organizations must fortify defenses by implementing robust network segmentation, regular software updates, secure remote access, and diligent monitoring. Developing and testing incident response plans are essential to minimize the impact of such attacks. This incident highlights the need for heightened vigilance and proactive measures to protect critical infrastructure from cyber threats. Read More 

Islamabad's Safe City Project Exposed: Hack Highlights Security Failures

Islamabad’s Safe City Authority faced a severe disruption after hackers breached its online system, forcing an immediate shutdown. The project, launched with Chinese financial support, aimed to enhance security with advanced technology, including CCTV cameras and facial recognition. The hack exposed vulnerabilities, as hackers accessed sensitive databases and compromised crucial systems like criminal records and human resources. Despite a firewall alert, the lack of backup servers necessitated a complete shutdown. The breach affected key services, revealing weak security practices, such as simple login credentials and outdated software. The isolated camera management system remained secure. Police confirmed the breach and have taken steps to improve security. The project, controversial due to transparency issues and cost overruns, has faced criticism for not achieving its security goals. Financial difficulties and operational setbacks further marred its effectiveness, and the recent hack has intensified scrutiny of the initiative. Read More 

Massive Data Breach at Pharma Giant Cencora Exposes Millions

The Cencora data breach has impacted more than a dozen pharmaceutical companies, including Novartis and GlaxoSmithKline, leaking personal and health data of hundreds of thousands. Cencora, formerly AmerisourceBergen, and its Lash Group affiliate revealed the breach to the SEC, indicating data exfiltration from its systems. With operations in 50 countries and significant revenue, Cencora did not initially detail the breach's scope but later notifications identified 15 affected companies. At least 542,000 individuals' data, including names, addresses, birthdates, health diagnoses, and prescriptions, were compromised. Despite the breach, no misuse or public disclosure of the data has been reported. The company has offered affected individuals credit monitoring and identity theft protection services and is enhancing its security measures. This incident highlights ongoing vulnerabilities in the healthcare sector, which has seen several recent cyberattacks. Read More

MediSecure Ransomware Breach: 6.5 TB of Patient Data Listed for Sale on Dark Web

MediSecure, an Australian digital prescription service provider, confirmed that data stolen in a recent ransomware attack is for sale on the dark web. The breach, originating from a third-party provider, exposed personal and health information of patients and healthcare providers up to November 2023. The hacker, Ansgar, began selling the data for $50,000 on May 23, claiming to possess 6.5 terabytes of sensitive information. MediSecure alerted the public, urging them not to seek out the stolen data, which includes names, addresses, emails, phone numbers, insurance numbers, prescriptions, and login details. Australia's National Cyber Security Coordinator and police are investigating. MediSecure emphasized that the breach does not affect the Australian healthcare system's ongoing operations or access to medication. They are working to notify affected individuals and assure them of measures to protect against further risks. Read More

OpenAI Backtracks on Voice Assistant After Scarlett Johansson Raises Concerns

OpenAI's new voice assistant debuts with a voice similar to actress Scarlett Johansson's, who expresses shock and anger, as she had previously declined an offer to voice ChatGPT, especially given her role in the 2013 film *Her*. OpenAI's CEO, Sam Altman, seemingly acknowledged this connection in a social media post. Despite OpenAI's claim that the voice belonged to another actress, Johansson's concerns highlight broader tensions between AI and the creative industries. OpenAI has since dropped the controversial voice and is working on tools for content creators to manage their work's use in AI training. The incident underscores the need for stronger legal protections, like the No Fakes Act, to safeguard personal likenesses. Legal experts believe Johansson might have grounds for a lawsuit, referencing similar past cases like Bette Midler's against Ford. As AI technology advances, such legal disputes are expected to increase. Read More

To Wrap Up

Here at TCE, we hope these weekly roundups continue to keep you informed about the latest in the cybersecurity industry. Our coverage not only includes cyberattacks but also developments in the legal aspects of AI, which are becoming increasingly important as technology evolves. We aim to keep you updated on new developments in the industry, including impacts on companies and the general public, such as recent events involving Medicare. Our goal is to ensure everyone stays safe and knows the appropriate responses if affected by these situations.

This week on TCE Cyberwatch, we bring you news of new vulnerabilities that have cropped up, along with threats of cyberattacks and new cybercrime forums that have opened up.  With the U.S. elections around the corner, worries about cyberattacks have become more prevalent. There are also developments in the world of tech this week from other countries like Australia.  TCE Cyberwatch hopes all readers feel informed reading this article and realize the impact of cybercrimes. This recap aims to educate readers on the importance of staying vigilant in the current climate. We will also cover critical vulnerabilities, data breaches, and the evolving tactics of cybercriminals.

TCE Cyberwatch Weekly Update

Explore the newest updates and empower yourself with the information needed with TCE Cyberwatch. 

USDoD announces plans to resurrect BreachForum’s community 

The FBI's takedown of BreachForums, a key cybercrime marketplace, marked a significant victory against cybercrime. However, less than 24 hours later, the cybercriminal known as USDoD announced plans to resurrect the forum’s community.  BreachForums had been central for trading stolen data and hacking tools, and its removal was a major achievement, but USDoD and another administrator, ShinyHunters, claimed that they would revive the site. USDoD vowed to launch a new forum, Breach Nation, with domains breachnation.io and databreached.io, which is set to go live on July 4, 2024. Robust infrastructure, enhanced security, and upgraded memberships to the first 200,000 users were some of the things that were offered. Read More

Generative AI and its impact on the insurance industry 

Generative AI has become a major topic in AI discussions, especially with advanced models like OpenAI’s GPT-4 and Google’s Gemini 1.5 Pro. Bloomberg predicts that the Generative AI market will reach USD 1.3 trillion by 2032, holding potential across industries, but specifically insurance.   In insurance, Generative AI is expected to revolutionize operations, streamline claims by analyzing images and documents, speed up settlements and enhance customer satisfaction, improve decision-making, and reduce errors and cases of fraud through its data analysis capabilities.  Generative AI can also provide tailored recommendations and engage with customers in conversations. While Generative AI offers significant advantages, its adoption must address concerns about data privacy and ethical AI usage. Read More

Kyrgyzstan faces cyberattacks on government entities as mob violence occurs against foreign students 

Bishkek, the capital of Kyrgyzstan, is currently experiencing severe mob violence and cyberattacks. The turmoil began with a viral video showing a fight between Kyrgyz and Egyptian medical students, which led to widespread violence against foreign students. Simultaneously though, Kyrgyzstan is facing severe cyberattacks from various hacktivist groups.   The attackers, calling themselves Team Insane PK, have allegedly attacked multiple governmental platforms, including the Ministry of Agriculture and the Education Portal of the Ministry of Emergency Situations, as well as private entities like Saima Telecom and several universities. Additionally, Silent Cyber Force, another Pakistan-based group, has allegedly targeted Kyrgyzstan’s Ministry of Defence and Ministry of Agriculture. Read More

U.S. election causes worry surrounding several cyberattacks, specifically those of foreign interference 

With the 2024 U.S. elections approaching, foreign interference, particularly through cyberattacks, has intensified. Democratic Senator Mark Warner noted the involvement of both state and non-state actors, including hacktivists and cybercriminals, who find it increasingly easy to disrupt U.S. politics.  The Cybersecurity and Infrastructure Security Agency (CISA) is at the forefront of defending against these threats. CISA Director Jen Easterly emphasized that while election infrastructure is more secure than ever, the threat environment has become more complex, with foreign adversaries and generative AI capabilities posing significant risks. In response, CISA has ramped up its efforts, offering cybersecurity assessments, physical security evaluations, and training sessions to election stakeholders. Read More 

New Vulnerability Llama Drama spotted in Python package widely used by AI application developers 

A critical vulnerability, CVE-2024-34359, dubbed Llama Drama, was recently discovered in a Python package widely used by AI application developers. Discovered by researcher Patrick Peng, the vulnerability affects the llama_cpp_python package, which integrates AI models with Python and is related to the Jinja2 template rendering tool used for generating HTML.  Checkmarx, a cybersecurity firm, explained that the issue arises from llama_cpp_python using Jinja2 for processing model metadata without implementing proper security measures like sandboxing. This oversight enables template injection attacks, allowing for arbitrary code execution on systems using the affected package. More than 6,000 AI models that use llama_cpp_python and Jinja2 are impacted by this.  Read More

Europol investigating a black hat hacker who claims to have stolen classified data from their systems 

Europol is investigating a black hat hacker, IntelBroker, who claims to have stolen classified data from their system. The hacker allegedly accessed classified information, like employee data and source codes, from various branches of Europol, like the Europol Platform for Experts (EPE). IntelBroker posted screenshots as proof and later claimed to have sold the data.  Europol confirmed the incident and assured that no operational data was compromised. The agency has taken initial actions, and the EPE website is temporarily down for maintenance. Additionally, IntelBroker claimed to have hacked Zscaler, a cybersecurity firm, offering to sell access to their systems. Zscaler is investigating but has not found evidence of impact, other than a test environment exposed to the internet, though it's unclear if it was involved in the breach. Read More

Palo Alto Networks' forecast falls short of investor expectations  

Palo Alto Networks' fourth-quarter billings forecast fell short of investor expectations, signaling restrained corporate spending on cybersecurity amid economic uncertainty and persistent inflation. This caution has driven companies to diversify their cybersecurity investments to avoid reliance on a single vendor, leading to a reduced growth outlook for firms like Palo Alto Networks.   The company projected fourth-quarter billings between $3.43 billion and $3.48 billion, aligning closely with analysts' estimates but reflecting broader concerns about slowed growth in the sector. Analysts highlighted the lack of significant positive momentum in the revised forecasts put out by Palo Alto following this. However, the forecasts follow similar cautionary predictions from rivals like Fortinet, which hint at a broader trend of cautious spending in the cybersecurity industry. Read More

Australia passes its first legislation for a national digital ID 

Australia has passed its first legislation for a national digital ID, called myGovID, set to come into effect in November. This eliminates the need for multiple forms of physical ID. Lauren Perry from the UTS Human Technology Institute explains that the digital ID will streamline the cumbersome process of collecting and verifying multiple ID documents. The system acts as an intermediary between the user and organizations requiring identity verification.  Users will interact with organizations through an app, inputting a government-registered number to confirm their identity. Currently, the myGovID app serves this purpose, but private providers like MasterCard or Visa could join the system, enhancing security and reducing fraud risks. Read More

Western Sydney University faces a cybersecurity breach affecting 7,500 individuals. 

Western Sydney University faced a cybersecurity breach that affected around 7,500 individuals. The breach, first identified in January 2024, was traced back to May 2023 and involved unauthorized access to the university’s Microsoft Office 365 platform, including SharePoint files and email accounts., and their Solar Car Laboratory infrastructure.  WSU swiftly shut down its IT network and implemented security measures upon discovering the breach. The university has assured that no ransom demands have been made for the compromised information. The NSW Police and Information and Privacy Commission are helping to investigate the incident. The NSW Supreme Court has issued an injunction to prevent the unauthorized use of the compromised data, highlighting the legal implications of such breaches. Read More

ICO releases warning about data protection risks associated with generative AI for Snapchat 

The UK's Information Commissioner’s Office (ICO) has warned about the data protection risks associated with generative AI. The ICO found that the company that owned Snapchat, Snap, had not adequately assessed the data protection risks for its chatbot, which interacts with Snapchat’s 414 million daily users. The ICO issued a Preliminary Enforcement Notice to Snap-on October 6, highlighting a failure to properly evaluate privacy risks, especially for users aged 13 to 17.   This led to Snap undertaking a comprehensive risk assessment and implementing the necessary steps, which the ICO then deemed to fit data protection laws. Snapchat has integrated prevention of harmful responses from the chatbot and is working on additional tools to give parents more control over their children’s use of 'My AI'. The ICO will continue to monitor Snapchats generative AI developments and enforce compliance to protect public privacy rights. Read More

New malware named GhostEngine to exploit vulnerable drivers and install crypto mining software 

A novel malware campaign dubbed "REF4578" uses a malware called GhostEngine to disable endpoint detection and response (EDR) solutions and install crypto mining software. The malware exploits vulnerable drivers to terminate EDR agents, ensuring the persistence of the XMRig miner, which is used to mine Monero cryptocurrency without detection. The malware also installs a backdoor and includes an EDR agent controller and miner module to tamper with security tools and enable remote command execution via a PowerShell script.  Researchers at Antiy Labs, despite extensive analysis, were unable to identify specific targets or the threat actor behind the campaign. To detect GhostEngine, organizations should monitor for initial suspicious activities such as unusual PowerShell execution, execution from uncommon directories, privilege elevation, and vulnerable driver deployment. Key indicators include abnormal network traffic, DNS lookups pointing to mining pool domains, and specific behavior prevention events like unusual process execution and tampering with Windows Defender. Read More

Wrap Up

The ever-evolving landscape of cybersecurity requires constant vigilance. By staying informed about the latest threats and taking proactive measures, we can minimize the impact of cyberattacks and protect ourselves online.  As always, we can see that there is unrest present everywhere and cybercrimes play a huge role in that. TCE Cyberwatch is committed to keeping you informed about the latest developments in cybersecurity. Stay tuned for more in-depth analysis and actionable advice. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

This week on TCE Cyberwatch, we delve into the recent hackings of major organizations, including the International Baccalaureate, Boeing, and BetterHelp, which have sparked widespread concern online. We also highlight ongoing developments in enhancing cybersecurity measures.

National governments are also grappling with cybersecurity challenges. TCE Cyberwatch examines how these issues have affected countries and the proactive steps organizations are taking to stay ahead in the evolving landscape of cybersecurity. Keep reading for the latest updates.

TCE Cyberwatch: A Weekly Round-Up

IB Denies Exam Leak Rumors, Points to Student Sharing

The International Baccalaureate Organization (IBO) faced allegations of exam paper leaks, but it denied any involvement in a cheating scandal. Instead, the organization acknowledged experiencing a hacking incident, unrelated to the current exam papers circulating online.

The breach was attributed to students sharing exam materials on social media platforms. Concurrently, the IBO detected malicious activity within its computer networks.

The act of students sharing exam content online is commonly known as "time zone cheating," wherein students who have already completed their exams disclose details about the questions before others take the test. Additionally, the malicious activity targeted data from 2018, including employee names, positions, and emails. Screenshots of this leaked information surfaced online. Read More

Boeing Hit by $200 Million Ransomware Attack, Data Leaked

The aeronautical and defense corporation, Boeing, recently confirmed that it had been targeted by the LockBit ransomware gang in October 2023. They also acknowledged receiving a $200 million demand from the attackers to prevent the publication of leaked data. On November 10, approximately 40GB of data was leaked by LockBit, though Boeing has not yet addressed the situation. The ransomware group initially identified Dmitry Yuryevich Khoroshev as the principal administrator and developer behind the LockBit ransomware operation. However, this claim has since been denied by the actual developer. Additionally, Boeing has not announced whether it paid the $200 million extortion demand. Read More

Lenovo Pledges Stronger Cybersecurity with "Secure by Design" Initiative

Lenovo recently joined the Secure by Design pledge initiated by the US Cybersecurity and Infrastructure Security Agency (CISA) to enhance its cybersecurity measures. This announcement was made on May 8th, and the initiative covers various areas including multi-factor authentication and vulnerability reduction. Doug Fisher, Lenovo’s Chief Security Officer, emphasized the importance of industry collaboration in driving meaningful progress and accountability in security. "It’s good for the industry that global technology leaders are able to share best practices," he stated. Many other tech companies have also joined this effort to ensure their security. Read More UK’s AI Safety Institute releases public platform which furthers safety testing on AI models. UK’s AI Safety Institute has recently made its AI testing and evaluation platform available publicly. Inspect, the platform that aims to start more safety tests surrounding AI and ensuring secure models. It works by assessing capabilities of models and then producing a score. It is available to AI enthusiasts, start-up businesses and international governments, as it is released through an open-source licence. Ian Hogarth, the Chair of the AI Safety Institute, has stated that, “We have been inspired by some of the leading open-source AI developers - most notably projects like GPT-NeoX, OLMo or Pythia which all have publicly available training data and OSI-licensed training and evaluation code, model weights, and partially trained checkpoints.” Inspect works by evaluating models in areas such as their autonomous abilities, abilities to reason, and overall core knowledge. Read More 

NASA Names First Chief Artificial Intelligence Officer

NASA announced its first Chief Artificial Intelligence (AI) Officer. David Salvagnini, who previously served as the Chief Data Officer, has now expanded his role to incorporate AI. His responsibilities included developing strategic vision and planning NASA's AI usage in research projects, data analysis, and system development.

NASA Administrator Bill Nelson stated, “Artificial intelligence has been safely used at NASA for decades, and as this technology expanded, it accelerated the pace of discovery.” Salvagnini also worked alongside government agencies, academic institutions, and others in the field to ensure they remained up to date with the AI revolution. Read More. Read More 

DDoS Attacks Target Australia Amidst Ukraine Support

The Cyber Army Russia Reborn launched Distributed Denial of Service (DDoS) attacks targeting prominent Australian companies like Auditco and Wavcabs. While the exact motive remains unclear, the timing suggests a political backlash against Australia's solidarity with Ukraine.

Wavcabs experienced disruptions to its online services, while Auditco encountered technical difficulties believed to be linked to these attacks. Despite the cyber onslaught, Australia remained steadfast in its support for Ukraine, announcing a $100 million aid package comprising military assistance and defense industry support. Read More

British Columbia Thwarts Government Cyberattack, Strengthens Defenses

British Columbia’s government recently confirmed an attempt to infiltrate their information systems. The incidents were identified as “sophisticated cybersecurity incidents” by B.C.’s solicitor-general and public safety minister. There is no current evidence suggesting that personal information, such as health records, was compromised. The government's proactive measures in 2022 played a significant role in detecting the breach.

The government ensured to further secure systems, including requiring government employees to change their passwords. Officials and cybersecurity experts continue to work to ensure sensitive information remains secure and to prevent unauthorized access. The country appears to be using this incident to prepare itself for future cyber threats. Read More

Urgent Chrome Update: Google Patches Sixth Zero-Day of 2024

A new vulnerability in Google Chrome was uncovered, marking their sixth zero-day incident in 2024. Google swiftly released an emergency update to patch the issue, ensuring users' safety. Updates were promptly distributed across Mac, Windows, and Linux platforms.

For those concerned about their security, updating their devices is crucial. Users can navigate to Settings > About Chrome to initiate the update process. While Google has not disclosed specific details about the breach, the urgency conveyed by their release of an "emergency patch" underscores the severity of the situation. Read More

To Wrap Up

Cyberattacks continue to dominate headlines, but this week's TCE Cyberwatch report also reveals positive developments. Governments are taking action, with proactive measures in British Columbia and the UK's AI safety testing platform. Organizations are prioritizing security, as seen in Lenovo's "Secure by Design" initiative.

Individuals play a crucial role too. The recent Google Chrome update reminds us to prioritize software updates. While cyber threats persist, these advancements offer a reason for cautious optimism. By working together, we can build a more secure digital future.

Remember, vigilance is key. Update your software regularly and follow best practices to minimize vulnerabilities. TCE Cyberwatch remains committed to keeping you informed.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

This week on TCE Cyberwatch we’re covering the different data breaches and vulnerabilities faced by different companies. Along with this, the rise of countries using AI and deepfake technology, some consensual and some not, adds depth to the conversation surrounding the security of it all. TCE Cyberwatch aims to bring updates around large-scale and small-scale events to ensure our readers stay updated and stay in the know of cybersecurity news that can impact them. Keep reading to learn about what’s currently trending in the industry.

Dropbox Sign data breached; Customers authentication information Stolen

Dropbox, a popular drive and file sharing service, revealed that they had recently faced a security breach which led to sensitive information being endangered. Specifically, Dropbox Sign, a service used to sign documents, was targeted. The data stolen was of Dropbox Sign users, which had information such as passwords, account settings, names, emails, and other authentication information. Rotation and generation of OAuth tokens and API keys are steps that have been taken by Dropbox to control fallout. Dropbox has assured that “from a technical perspective, Dropbox Sign’s infrastructure is largely separate from other Dropbox services. That said, we thoroughly investigated this risk and believe that this incident was isolated to Dropbox Sign infrastructure, and did not impact any other Dropbox products.” Read More

Cyberattacks on organizations in the UAE claimed by Five Families Alliance member, Stormous Ransomware

Stormous Ransomware has claimed responsibility for cyberattacks that have attacked several UAE entities. A ransomware group linked to the Five Families alliance which is known for targeting the UAE entities, Stormous Ransomware has targeted organisations like the Federal Authority for Nuclear Regulation (FANR); Kids.ae, the government’s digital platform for children; the Telecommunications and Digital Regulatory Authority (TDRA), and more. After announcing alleged responsibility for the attacks, the ransomware group demanded 150 BTCs, which comes to around $6.7 million USD. They had threatened to leak stolen data if the ransom was not paid. The organisations targeted by the group are yet to speak up about the situation and tensions are high due to the insurmountable damage these claims could cause. Read More

Russian bitcoin cybercriminal pleads guilty in the U.S. after arrest in France

Alexander Vinnik, a Russian cybercrime suspect, recently pleaded partially guilty to charges in the U.S. Previously arrested in Greece in 2017 on charges of money laundering of $4 billion through the digital currency bitcoin in France, Vinnik is now set to face a trial in California. Vinnik’s lawyer, Arkady Bukh, predicted that Vinnik could get a prison term of less than 10 years due to the plea bargain. The U.S. Department of Justice accused Vinnik of having "allegedly owned, operated, and administrated BTC-e, a significant cybercrime and online money laundering entity that allowed its users to trade in bitcoin with high levels of anonymity and developed a customer base heavily reliant on criminal activity." Read More

Many Android apps on Google Play store now have vulnerabilities that infiltrate them

Popular Android applications have faced a path traversal-affiliated vulnerability. Called the Dirty Stream attack, it can be exploited by one of these flagged applications leading to overwriting files. The Microsoft Threat Intelligence team stated that, “the implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application's implementation.” The apps who have faced this vulnerability are popular, with 500 million to 1 billion downloads. Exploitation would have led to the attacker having control of the app and being able to access the user’s data, like accounts used. Microsoft is worried about it being a bigger issue and has asked developers to focus on security to protect sensitive information. Read More

Department of Social Welfare, Ladakh, in India, allegedly hacked, but no proof provided

Recently, a threat actor had allegedly hacked the database of the Department of Social Welfare Ladakh, Government of India. Their claims, however, seemed to have no support. No information was disclosed from their side and no breaching of sorts was sensed on the department’s website. However, if the claims are true, the fallout is predicted to be very damaging. Investigations into the claims are currently happening. As no motive or even the authenticity has been confirmed, for the individuals whose data resides in the departments database and national security, it’s important to detect and respond in a swift manner as to preserve the nation’s cyber security. Read More

U.K. military data breach endangers information of current, veteran military personnel

The U.K. military faced a data breach where the information of serving UK military personnel was obtained. The attack was of Ministry of Defence’s payroll system and so information like names and bank details, sometimes addresses, were gathered. The hacker behind it was unknown until now but the Ministry has taken immediate action. The "personal HMRC-style information" of members in the Royal Navy, Army and Royal Air Force was targeted, some current and some past. The Ministry of Defence is currently providing support for the personnel whose information was exfiltrated, and this also requires informing veterans’ organisations. Defence Secretary Grant Shapps is expected to announce a "multi-point plan” when he updates the MPs on the attack. Read More

India’s current election sees deepfakes, Prime Minister Modi calls for arrests of political parties responsible

India’s current Prime Minister Modi has announced that fake videos of him and other leaders making “statements that we have never even thought of”, have been circulating. This election, with its new name of being India’s first AI election, has led to police investigations of opposition parties who have made these videos with Modi calling for arrests. Prior to this, investigations regarding fake videos of Bollywood actors criticising Modi were also taking place. However, in this situation, around nine people have been arrested - six of whom are members of Congress’ social media teams. Five of them have managed to be released on bail, but arrests of higher-ranking social media members have been made. There has been a trending tag #ReleaseArunReddy for Congress national social media co-ordinator, Arun Reddy, who had shared the fake videos.

Germany and Poland accuse Russian Military Service of cyber-attacks

Germany has come out stating that an attack on their Social Democratic Party last year was done by a threat group believed to be linked to Russian Military Services. German Foreign Minister Annalena Baerbock said at a news conference in Australia that APT28, a threat group also known as Fancy Bear, has been “unambiguously” confirmed to have been behind the cyberattack. Additionally, Poland has joined in support of Germany and said that they were targeted by ATP28 too. Poland has not revealed any details about the attack they faced but Germany shares that they are working to rebuild damage faced by it. Baerbock stated that, “it was a state-sponsored Russian cyber-attack on Germany, and this is absolutely intolerable and unacceptable and will have consequences.”

Ukraine unveils new AI-generated foreign ministry spokesperson

Ukraine has just revealed an AI spokesperson who has been generated to deliver official statements for the foreign ministry. The messages being delivered are written by humans, but the AI is set to deliver them, moving animatedly and presenting herself as an individual through introducing herself as Victoria Shi. Victoria is modelled based on a Ukrainian celebrity, Rosalie Nombre, who took part in her development and helped to model the AIs appearance and voice after her. Ukraine’s foreign minister has said that she was developed for “saving time and resources,” along with it being a “technological leap that no diplomatic service in the world has yet made.” Read More

Singapore passes new amendment to their cybersecurity bill which regulates temporary, high-risk attacks

A new amendment to Singapore’s Cybersecurity Law was made by its Parliament to keep up with the country’s evolving critical infrastructure and to adapt to technological advancements. The changes made regulate the Systems of Temporary Cybersecurity Concern (STCC), which encompass systems most vulnerable to attacks in a limited period. This means the Cyber Security Agency of Singapore (CSA) can oversee Entities of Special Cybersecurity Interest (ESCIs), due to their error disposition affecting the nation’s security as a whole. With the country’s defence, public health and safety, foreign relations, and economy in danger, the Bill is set to target critical national systems only, leaving businesses and such as they are. Read More

Eurovision becomes susceptible to cyberattacks as the world’s largest music competition takes place during conflict

The 68th Eurovision Song Contest is being held in Sweden, Malmö, this year due to current tensions surrounding conflicts like Israel and Gaza, and Russia and Ukraine. Security has been tightened as in 2019, hackers had infiltrated the online stream of the semi-finals in Israel by warning a missile strike and showed images of attacks in Tel Aviv, the host city. There are several reports about hackers hijacking the broadcast as over 167 million people tuned in to watch last year. The voting system can also be an issue with the finals coming up, but Malmö’s police chief claims to be more worried about disinformation. The spokesperson for the contest stated that “We are working closely with SVT's security team and the relevant authorities and expert partners to ensure we have the appropriate measures in place to protect from such risks.” Read More

Wrap Up

This week we’ve seen militaries and governments being cyber-attacked and that truly reminds us how interconnected everything is. If big organisations are vulnerable to attacks, then so are we. TCE Cyberwatch hopes that everyone stays vigilant in the current climate of increased cyberattack risks and ensure they stay protected and are on the lookout for any threats which could affect them. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.