This week on TCE Cyberwatch we’re covering the different data breaches and vulnerabilities faced by different companies. Along with this, the rise of countries using AI and deepfake technology, some consensual and some not, adds depth to the conversation surrounding the security of it all. TCE Cyberwatch aims to bring updates around large-scale and small-scale events to ensure our readers stay updated and stay in the know of cybersecurity news that can impact them. Keep reading to learn about what’s currently trending in the industry.

Dropbox Sign data breached; Customers authentication information Stolen

Dropbox, a popular drive and file sharing service, revealed that they had recently faced a security breach which led to sensitive information being endangered. Specifically, Dropbox Sign, a service used to sign documents, was targeted. The data stolen was of Dropbox Sign users, which had information such as passwords, account settings, names, emails, and other authentication information. Rotation and generation of OAuth tokens and API keys are steps that have been taken by Dropbox to control fallout. Dropbox has assured that “from a technical perspective, Dropbox Sign’s infrastructure is largely separate from other Dropbox services. That said, we thoroughly investigated this risk and believe that this incident was isolated to Dropbox Sign infrastructure, and did not impact any other Dropbox products.” Read More

Cyberattacks on organizations in the UAE claimed by Five Families Alliance member, Stormous Ransomware

Stormous Ransomware has claimed responsibility for cyberattacks that have attacked several UAE entities. A ransomware group linked to the Five Families alliance which is known for targeting the UAE entities, Stormous Ransomware has targeted organisations like the Federal Authority for Nuclear Regulation (FANR); Kids.ae, the government’s digital platform for children; the Telecommunications and Digital Regulatory Authority (TDRA), and more. After announcing alleged responsibility for the attacks, the ransomware group demanded 150 BTCs, which comes to around $6.7 million USD. They had threatened to leak stolen data if the ransom was not paid. The organisations targeted by the group are yet to speak up about the situation and tensions are high due to the insurmountable damage these claims could cause. Read More

Russian bitcoin cybercriminal pleads guilty in the U.S. after arrest in France

Alexander Vinnik, a Russian cybercrime suspect, recently pleaded partially guilty to charges in the U.S. Previously arrested in Greece in 2017 on charges of money laundering of $4 billion through the digital currency bitcoin in France, Vinnik is now set to face a trial in California. Vinnik’s lawyer, Arkady Bukh, predicted that Vinnik could get a prison term of less than 10 years due to the plea bargain. The U.S. Department of Justice accused Vinnik of having "allegedly owned, operated, and administrated BTC-e, a significant cybercrime and online money laundering entity that allowed its users to trade in bitcoin with high levels of anonymity and developed a customer base heavily reliant on criminal activity." Read More

Many Android apps on Google Play store now have vulnerabilities that infiltrate them

Popular Android applications have faced a path traversal-affiliated vulnerability. Called the Dirty Stream attack, it can be exploited by one of these flagged applications leading to overwriting files. The Microsoft Threat Intelligence team stated that, “the implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application's implementation.” The apps who have faced this vulnerability are popular, with 500 million to 1 billion downloads. Exploitation would have led to the attacker having control of the app and being able to access the user’s data, like accounts used. Microsoft is worried about it being a bigger issue and has asked developers to focus on security to protect sensitive information. Read More

Department of Social Welfare, Ladakh, in India, allegedly hacked, but no proof provided

Recently, a threat actor had allegedly hacked the database of the Department of Social Welfare Ladakh, Government of India. Their claims, however, seemed to have no support. No information was disclosed from their side and no breaching of sorts was sensed on the department’s website. However, if the claims are true, the fallout is predicted to be very damaging. Investigations into the claims are currently happening. As no motive or even the authenticity has been confirmed, for the individuals whose data resides in the departments database and national security, it’s important to detect and respond in a swift manner as to preserve the nation’s cyber security. Read More

U.K. military data breach endangers information of current, veteran military personnel

The U.K. military faced a data breach where the information of serving UK military personnel was obtained. The attack was of Ministry of Defence’s payroll system and so information like names and bank details, sometimes addresses, were gathered. The hacker behind it was unknown until now but the Ministry has taken immediate action. The "personal HMRC-style information" of members in the Royal Navy, Army and Royal Air Force was targeted, some current and some past. The Ministry of Defence is currently providing support for the personnel whose information was exfiltrated, and this also requires informing veterans’ organisations. Defence Secretary Grant Shapps is expected to announce a "multi-point plan” when he updates the MPs on the attack. Read More

India’s current election sees deepfakes, Prime Minister Modi calls for arrests of political parties responsible

India’s current Prime Minister Modi has announced that fake videos of him and other leaders making “statements that we have never even thought of”, have been circulating. This election, with its new name of being India’s first AI election, has led to police investigations of opposition parties who have made these videos with Modi calling for arrests. Prior to this, investigations regarding fake videos of Bollywood actors criticising Modi were also taking place. However, in this situation, around nine people have been arrested - six of whom are members of Congress’ social media teams. Five of them have managed to be released on bail, but arrests of higher-ranking social media members have been made. There has been a trending tag #ReleaseArunReddy for Congress national social media co-ordinator, Arun Reddy, who had shared the fake videos.

Germany and Poland accuse Russian Military Service of cyber-attacks

Germany has come out stating that an attack on their Social Democratic Party last year was done by a threat group believed to be linked to Russian Military Services. German Foreign Minister Annalena Baerbock said at a news conference in Australia that APT28, a threat group also known as Fancy Bear, has been “unambiguously” confirmed to have been behind the cyberattack. Additionally, Poland has joined in support of Germany and said that they were targeted by ATP28 too. Poland has not revealed any details about the attack they faced but Germany shares that they are working to rebuild damage faced by it. Baerbock stated that, “it was a state-sponsored Russian cyber-attack on Germany, and this is absolutely intolerable and unacceptable and will have consequences.”

Ukraine unveils new AI-generated foreign ministry spokesperson

Ukraine has just revealed an AI spokesperson who has been generated to deliver official statements for the foreign ministry. The messages being delivered are written by humans, but the AI is set to deliver them, moving animatedly and presenting herself as an individual through introducing herself as Victoria Shi. Victoria is modelled based on a Ukrainian celebrity, Rosalie Nombre, who took part in her development and helped to model the AIs appearance and voice after her. Ukraine’s foreign minister has said that she was developed for “saving time and resources,” along with it being a “technological leap that no diplomatic service in the world has yet made.” Read More

Singapore passes new amendment to their cybersecurity bill which regulates temporary, high-risk attacks

A new amendment to Singapore’s Cybersecurity Law was made by its Parliament to keep up with the country’s evolving critical infrastructure and to adapt to technological advancements. The changes made regulate the Systems of Temporary Cybersecurity Concern (STCC), which encompass systems most vulnerable to attacks in a limited period. This means the Cyber Security Agency of Singapore (CSA) can oversee Entities of Special Cybersecurity Interest (ESCIs), due to their error disposition affecting the nation’s security as a whole. With the country’s defence, public health and safety, foreign relations, and economy in danger, the Bill is set to target critical national systems only, leaving businesses and such as they are. Read More

Eurovision becomes susceptible to cyberattacks as the world’s largest music competition takes place during conflict

The 68th Eurovision Song Contest is being held in Sweden, Malmö, this year due to current tensions surrounding conflicts like Israel and Gaza, and Russia and Ukraine. Security has been tightened as in 2019, hackers had infiltrated the online stream of the semi-finals in Israel by warning a missile strike and showed images of attacks in Tel Aviv, the host city. There are several reports about hackers hijacking the broadcast as over 167 million people tuned in to watch last year. The voting system can also be an issue with the finals coming up, but Malmö’s police chief claims to be more worried about disinformation. The spokesperson for the contest stated that “We are working closely with SVT's security team and the relevant authorities and expert partners to ensure we have the appropriate measures in place to protect from such risks.” Read More

Wrap Up

This week we’ve seen militaries and governments being cyber-attacked and that truly reminds us how interconnected everything is. If big organisations are vulnerable to attacks, then so are we. TCE Cyberwatch hopes that everyone stays vigilant in the current climate of increased cyberattack risks and ensure they stay protected and are on the lookout for any threats which could affect them. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The digital world continues to spin at breakneck speed, and this week's TCE Cyberwatch brings you the latest updates on the ever-present dance between innovation and security. We delve into the exciting possibilities of Artificial Intelligence (AI), from its role in boosting corporate profits to its potential for national security advancements. However, the path to progress is rarely smooth. In TCE Cyberwatch, we also explore the persistent threat of cybercrime, with recent data breaches and malicious hacking attempts serving as reminders of our vulnerabilities. Encouragingly, governments around the world are taking a more proactive stance, implementing stricter regulations and pursuing those who exploit weaknesses in our digital infrastructure. As you'll see, this week's TCE Cyberwatch offers a comprehensive look at the current cybersecurity landscape, highlighting both the challenges and the glimmers of hope for a more secure future.

TCE Cyberwatch: A Weekly Round-Up

Keep reading to ensure your safety and stay up to date with the cyber world.

U.S. Charges Four Iranians with Hacking Government Agencies and Defense Contractors

Four Iranians in the U.S. were accused of alleged allegiance with hacking operations which attacked entities like the U.S. Treasury and State departments, defence contractors, and two New York-based companies. The Treasury Department of the U.S. believes that all four individuals have ties to IRGC front companies. Hossein Harooni, Reza Kazemifar, Komeil Baradaran Salmani, and Alireza Shafie Nasab can face up to five years in prison for computer fraud conspiracy charges and up to 20 years for each count of wire fraud and conspiracy to commit wire fraud. Speaking on the development, Attorney General Merrick Garland stated,“ Criminal activity originating from Iran poses a grave threat to America’s national security and economic stability… These defendants are alleged to have engaged in a coordinated, multi-year hacking campaign.” Read More

Indian Telecom Giant BSNL Suffers Data Breach, Millions Potentially Affected

Bharat Sanchar Nigam Limited (BSNL), a major telecommunications provider owned by the Indian government, faced a data breach a while ago which has resurfaced and been claimed by threat actor ‘Perell’. They released a database which allegedly belongs to BSNL and contains more than 2.9 million records. Perell claims that the stolen data includes sensitive information from BSNL, and that although it claimed to be from BSNL in 2024, it actually comes from around 2023. However, it still raises concerns as it is of a large quantity and contains sensitive information. Read More 

Cybersecurity Giant Darktrace Acquired by Thoma Bravo for $4.6 Billion

Thoma Bravo, a U.S.-based private equity firm, recently acquired the British cybersecurity giant Darktrace for $4.6 billion. This acquisition carries significant implications for both companies and the cybersecurity industry at large. Following the announcement, Darktrace's shares surged by approximately 19%, demonstrating investor confidence in the deal.

Shareholders of Darktrace could now receive $7.75 for each share they hold, marking a 44.3% increase compared to recent stock prices. Darktrace, renowned for its AI-based cybersecurity solutions, has experienced a surge in demand for its services. Read More

Global Operation Shuts Down LabHost, Arrests 37

An online service called Lab Host, operating in 19 countries, which sells phishing kits to cybercriminals, has recently been shut down. It is alleged that they have made almost a million dollars from this activity and have directly and indirectly attacked thousands of people. Lab Host has been in operation since 2021 and provides tools for hackers to create fake websites that deceive people into revealing sensitive information such as email addresses, passwords, and bank details.

Following the shutdown, 37 people were arrested, and London’s police reported that 2,000 users were registered on the site, paying a monthly subscription fee. Lab Host is reported to have obtained 480,000 bank card numbers, 64,000 PIN numbers, and around 1 million passwords. Read More

Big Fines for AT&T, Verizon, T-Mobile in Privacy Scandal

Major phone carriers AT&T, Sprint, T-Mobile, and Verizon have been fined a total of $200 million for illegal data sharing of customer locations with third parties. T-Mobile, AT&T, and Verizon were fined approximately $80 million, $57 million, and $47 million, respectively. These companies sold customer location data to aggregators, who then resold it to third parties.

AT&T had connections with two aggregators, LocationSmart and Zumigo, which were then linked to third-party location-based service providers. According to the FCC, "In total, AT&T sold access to its customers’ location information (directly or indirectly) to 88 third-party entities." Informally, all three phone carriers stated that the program in question ended about five years ago. Read More

UK Cracks Down on Weak Passwords: "Admin123" No Longer an Option

The UK Government is banning weak passwords such as "admin" or "12345" to bolster cybersecurity. The initiative, named the 'UK Product Security and Telecoms Infrastructure (PSTI) Act 2022', mandates that manufacturers, distributors, and importers of products and services for UK consumers adhere to these new rules. Manufacturers and other vendors face significant fines for non-compliance. They could be fined up to £10 million, four percent of their global turnover, or £20,000 per day for ongoing violations. This move signals the government's commitment to tackling cybersecurity issues. Read More

ChatGPT Accused of Privacy Violations and Inaccurate Information

ChatGPT has recently faced criticism from a privacy advocacy group, along with the Austrian data protection authority (DSB), for generating inaccurate information that violates European Union privacy regulations. Noyb, the privacy advocacy group, pointed out that ChatGPT's method of guessing instead of providing accurate information poses problems. They also claim that OpenAI, the company behind the AI, refuses to correct inaccurate responses and is reluctant to share information about its data processing practices. Read More

 Okta Warns of Surge in Password Reuse Attacks

Okta recently issued a warning about a surge in credential stuffing attacks, in which usernames and passwords obtained from previous data breaches and attacks are used to target accounts.

According to Okta, they have "observed an increase in the frequency and scale of credential stuffing attacks targeting online services, facilitated by the broad availability of residential proxy services, lists of previously stolen credentials, and scripting tools."

This spike in credential stuffing attacks is believed to be linked to brute force attacks, as warned by Cisco a few weeks earlier. Cisco had observed a rise in attacks on VPN services, web application authentication interfaces, and others since around March 18. To address this, Okta recommends blocking requests from suspicious services, ensuring the use of secure passwords, implementing multi-factor authentication (MFA), and remaining vigilant in monitoring any suspicious activity. Read More

To Wrap Up

This week's TCE Cyberwatch painted a vivid picture of the ever-evolving cybersecurity landscape. While advancements like AI offer exciting possibilities, they necessitate enhanced security measures to mitigate potential risks. The increasing focus on regulations and enforcement by governments worldwide signifies a collective effort to combat cybercrime.

Remember, staying informed and practicing safe online habits are crucial in protecting yourself from cyber threats.

TCE Cyberwatch remains committed to keeping you informed about the latest cybersecurity developments. By staying vigilant and taking proactive measures, we can navigate the digital age with greater confidence and security.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

This week's TCE Cyberwatch delves into a range of pressing cybersecurity issues impacting the world today. From the rise of malicious AI manipulation in elections to the ever-present threat of data breaches and ransomware attacks, no sector is immune. TCE Cyberwatch explores these concerns and more, along with groundbreaking advancements in the tech industry like Microsoft's new lightweight AI model. Whether you're a seasoned cybersecurity professional or simply someone navigating the digital world, staying informed is crucial.

TCE Cyberwatch Weekly Update

Let's dive into the latest developments and equip ourselves with the knowledge to stay safe online.

Samourai Wallet Founders Sentenced to Prison Over Money Laundering Charges

Samourai Wallet, a popular crypto app founders, Keonne Rodriguez and William Lonergan Hill, were recently arrested with serious charges regarding money laundering and unlicensed money transmitting. The allegations address over $2 billion in transactions and laundering more than $100 million in criminal proceeds. The transactions originated from dark web markets like Silk Road and Hydra Market, and the charges seem to be amounting to a maximum of 20 years in prison for Rodriguez and five years for Hill. Along with this, the company's web servers were seized, and prevention of further downloads of the Samourai mobile app in the U.S. was implemented. Read More

China Cracks Down on Messaging Apps: WhatsApp, Threads Removed from App Store

The Chinese government, pushed by concerns over censorship, recently ordered Apple to remove WhatsApp and Threads from their App Store in China. Reportedly, Telegram and Signal have also been removed. China’s Cyberspace Administration had asked Apple to remove the apps because they apparently contained political content that included negative comments and posts about President Xi Jinping. Apple is known to work alongside the Chinese government's wishes as in 2021, Apple had supposedly agreed to store the personal data of Chinese users in servers accessible by the government. Apple addressed in a statement that, “We are obligated to follow the laws in the countries where we operate, even when we disagree.” Read More

Cybersecurity Nonprofit MITRE Breached by Nation-State Actor

MITRE reports that they have recently been exposed to breaches and cyber threats despite working to safeguard themselves from them. A foreign nation-state threat actor was confirmed on their Networked Experimentation, Research, and Virtualization Environment, or NERVE, network. MITRE immediately took the network offline, making sure to start an investigation to find out the extent of the damages as well as contacting those affected. Jason Providakes, president and CEO, MITRE, shared his response to the incident stating that, “The threats and cyber-attacks are becoming more sophisticated and require increased vigilance and defence approaches. As we have previously, we will share our learnings from this experience to help others and evolve our own practices.” Read More

Google Fires Employees Over Pro-Palestine Protest Against Israeli Contract

Google recently terminated 28 staff members after they had protested against the company’s contract with the Israeli government. The pro-Palestine employees had protested by staging hour-long sit-ins at their offices. In a statement, Google employees’ part of the “No Tech for Apartheid” campaign, revealed that some employees who had not directly participated in the protests had also been fired. Gabriel Schubiner, an ex-Google employee, revealed that he knew of co-workers who had to provide training on how to use Google Cloud directly to Israel’s national intelligence agency and that the contracts were not primarily meant for t civil services and society as claimed, but rather the military. Furthermore, he says that Palestinian and Muslim employees faced “the most intense retaliation bias” when speaking out against the contracts. Read More

Paris Olympics Braces for Cyber Siege: Millions of Hacking Attempts Expected

Paris Olympic organizers are preparing for a hoard of cyberattacks during this year’s events, as officials expect millions of hacking attempts. These attacks could entail minor issues like inconveniencing processes, or major damages that could result in the event being stunted. The organizers are preparing themselves by offering bug bounties to those who can scope out vulnerabilities in systems; Additionally, they are training staff to be able to recognize and respond to phishing scams. While fans and spectators are potential victims, there are also issues with smart equipment like CCTV cameras, alarm systems, badges, etc. The 2021 Tokyo Olympics reportedly faced about 450 million hacking attempts, and this year is predicted to be almost 8 to 12 times that number. Read More

PayPal Appoints Shaun Khalfan as New CISO

PayPal, a famous digital payments company, has recently appointed Shaun Khalfan as their new Senior Vice President and Chief Information Security Officer. Khalfan has over 20 years of experience in information security and risk management, and his presence in the company cements their cybersecurity fields further. PayPal is one step closer to ensuring the security and defence of the company’s digital infrastructure and everyone involved digital assets, data and payments. Khalfan stated, “I am excited to embark on a new challenge as SVP, Chief Information Security Officer at PayPal! I am inspired by the leadership team, growth strategy, and look forward securing a digital company on a global scale.” Read More

AI Deepfakes and Foreign Interference: Challenges in India's Elections

With India currently holding general elections to select members of Parliament, there seem to be a plethora of cybersecurity challenges present. There seems to be a large amount of  AI-generated content and deepfakes by political entities and foreign agents against one another to manipulate the game and cause tensions amongst the public and the politicians. Cybersecurity experts and Industry leaders, such as IBM and McAfee have already predicted a treacherous voting season, but the use of AI generated content adds to the stilted integrity of the election. Foreign interference also seems to be an issue for the Indian voting process. Chinese hackers are an example of those identified to try to manipulate public opinion and influence election outcomes. Read More

Australia Fines Social Media Platform for Refusing to Remove Stabbing Videos

On April 15, a bishop and a priest were stabbed in Sydney, with the entire event being live-streamed.  Graphic footage of the attack has been circulating online, leading to riots and the government calling the stabbing an act of terrorism. Due to this, Australia eSafety Commissioner Julie Inman Grant asked social media companies X and Meta to take down the videos due to the country’s Online Safety Act. Meta abided but X argued that some posts “did not violate X’s rules on violent speech,” and are now being threatened with a fine of AUD 785,000 (USD 500,000) if the posts aren’t taken down. Anthony Albanese, the Australian Prime Minister showed disapproval of Elon Musk and X’s actions by stating, “This isn’t about freedom of expression… Social media has a social responsibility.” Read More

TikTok Faces US Ban: Bill Demands App Sale or Removal Over Security Concerns

Lawmakers in the U.S. recently passed a bill that will ban the app in the country if TikTok’s Chinese owner, ByteDance, refuses to sell their stake in the American business. TikTok’s head of public policy for the U.S. stated that the bill was unconstitutional, going against the First Amendment and that TikTok would fight it in the courts. TikTok has always denied any affiliation with Beijing authorities and them having any access to user data. They have also stated they would always refuse if asked to do so. Yet, TikTok still faces scrutiny and pressure from lawmakers in the US, and other Western politicians including in the UK, over suspicion that users’ data is accessible by the Chinese government. The Bill is now headed toward President Joe Biden, who has stated that “I will sign this bill into law and address the American people as soon as it reaches my desk.” Read More

Tesla Cybertruck Woes Mount with Recalls and Rust

Teslas Cybertrucks have started mass malfunctioning recently, with the company receiving many complaints regarding faulty loose accelerator pedestals. This has led to future orders of the Cybertrucks being canceled as the company asks for their product to be recalled by the US National Highway Traffic Safety Administration (NHTSA). Elon Musk’s claims of the car being bulletproof, and the “best off-road vehicle” are shown to be untrue as users are unable to drive them properly through sand or snow, windows are broken by balls and windshields by hailstorms, rust occurs, along with some peoples cars just stopping to work at all. This doesn’t help Tesla as they currently face low earnings, having to cut staff by 10% globally, amounting to around 14,000 jobs. Read More

U.K. Phone Maker "Nothing" Faces Data Breach

Nothing, a U.K.-based phone manufacturer recently admitted to facing a data breach where 2,250 peoples information and privacy was endangered.  While no sensitive information like passwords seemed to be accessed, user emails themselves being exposed caused concerns surrounding the security of the community members. Nothing traced the breach back to a vulnerability first known from December 2022, and immediately responded and took action against the vulnerability during this event. However, there seems to be no indication that the company reached out to the people affected regarding the situation which causes concerns surrounding communication and transparency. Read More

UnitedHealth Group Pays Ransom After Change Healthcare Data Breach 

After Change Healthcare recently experienced a data breach, UnitedHealth has admitted to paying the ransom to retrieve patient information. The company stated, "A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure." Wired magazine, analyzing forum posts and other sources, estimates that the company likely paid around $22 million.

The breached files, containing health information and personally identifiable information, have the potential to affect a large portion of the U.S. population if not reclaimed by the health group. Consequently, restoring pharmacy software, claims management, etc., along with financial assistance, has been a priority for the company. However, it seems that paying the ransom was the only way they could protect their members and their information from the hackers. Read More

Russian Malware "GooseEgg" Targets Government Networks: Microsoft Sounds Alarm

Microsoft recently discovered a new malware named GooseEgg being used by Russian hackers to gain elevated access, steal credentials, and facilitate lateral movement within compromised networks. The malware is attributed to a group called "Forest Blizzard," believed by the U.S. and U.K. governments to be associated with Unit 26165 of Russia’s military intelligence agency, the GRU.

According to Microsoft, Forest Blizzard has been using GooseEgg since around June 2020. The group has targeted various sectors including state, non-governmental, educational, and transportation institutions in Ukraine, Western Europe, and North America. GooseEgg is deployed after gaining access to a device, enhancing the hackers' capabilities within the network. Read More This week's TCE Cyberwatch has painted a sobering picture of the current cybersecurity landscape. From data breaches and ransomware attacks to government censorship and social media manipulation, no corner of the digital world seems immune. Yet, there's also reason for hope. Advancements in AI offer potential solutions, while increased awareness empowers individuals and organizations to fight back. Stay vigilant, stay informed, and remember – together, we can build a more secure digital future. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The digital landscape continues to be a battleground, with cyber threats evolving and attackers targeting an ever-wider range of victims. This week's TCE Cyberwatch roundup highlights a surge in attacks against governments and national security infrastructure, alongside various other cybersecurity incidents. From a critical vulnerability in firewalls to a data breach impacting the United Nations, this week serves as a reminder of the constant vigilance required in the face of cyberattacks. Let's delve into the details to learn more about these incidents.

TCE Cyberwatch: Weekly Round-Up

Palo Alto Warns: Critical Firewall Flaw Could Lead to Cyberattacks

A new vulnerability named "Kaby Lake" was found in Palo Alto, a cybersecurity firm, Networks' firewall devices potentially exposing them to cyber threats, specifically devices running PAN-OS, the operating system produced for and used by Palo Alto Networks' firewalls. The vulnerability, which allows attackers to execute arbitrary code on affected devices, seems to have no patch released to address the issue and customers are currently being provided temporary fixes. Users are advised to stay informed about security updates from Palo Alto Networks and take necessary precautions to mitigate the risks. Read More

HTW Halts Work to Recover From Data Breach 

Herron Todd White (HTW), an Australian valuation firm is currently dealing with the aftermath of an alleged data breach, causing a pause in new work. Major banks that work with HTW regarding property-related assessments have taken precautionary measures as well.   National Australia Bank and Commonwealth Bank have taken action to suspend HTW from any further commercial and agricultural valuation work due to this breach but allow for residential valuations unaffected by it. The motive behind the attack, whether malicious or a security lapse within HTW’s infrastructure, remains uncertain. Australia has become vigilant against cyberattacks due to past reoccurring incidences and now requires organizations to make a report to the Australian Cyber Security Centre (ACSC) within 12 hours of the attack.  Read More

Cyberattack Disrupts French Municipal Governments, Investigation Underway

Multiple French municipal governments recently experienced a cyberattack, disrupting their operations. Attributed to a group identified as the "Shadow Kill Hackers,” the attack targeted numerous municipalities throughout France. Exploiting vulnerabilities in the computer systems of these municipalities, the attackers gained unauthorized access and disrupted essential services, including emails and administrative functions. The motive behind the attack remains unclear, prompting French authorities, including the National Agency for the Security of Information Systems (ANSSI), to launch an investigation and initiate efforts to restore the affected systems. Read More

Cisco Duo Data Breach Exposes User Information

Recently, Cisco's Duo security product encountered a breach that exposed information related to multi-factor authentication (MFA). The breach, facilitated by a phishing attack through SMS and VOIP, targeted employee details and impacted Duo's MFA service. As a result, usernames, email addresses, and MFA device information were potentially compromised. However, Cisco has reassured users that sensitive information such as passwords or authentication methods remained secure. In response to the incident, Cisco promptly notified affected users and implemented necessary security measures to prevent future breaches. Nevertheless, users are advised to remain vigilant and monitor their accounts for any signs of suspicious activity. Read More

Ransomware Attack Targets UNDP, Stealing HR Data

The United Nations Development Programme (UNDP) recently experienced a cyberattack resulting in the breach of human resources (HR) data. The attack compromised the personal information of current and former employees at a branch in Denmark, including staff contracts and internal documents. UNDP issued a notice acknowledging that they had received a threat intelligence notification indicating that a data extortion actor had stolen certain human resources and procurement information. Taking swift action, UNDP promptly implemented necessary precautions and is currently conducting a comprehensive assessment to determine the nature and extent of the cyberattack. Read More

UnitedHealth Takes $1.6 Billion Hit from Change Healthcare Cyberattack

UnitedHealth Group, one of the largest healthcare companies in the U.S., recently issued a warning about a cyberattack that resulted in a potential financial impact of $1.6 billion. The attack, targeting Change, led to disruptions in payments to doctors and healthcare facilities nationwide, as well as adversely affecting community health centers serving over 30 million impoverished and uninsured patients for a month. UnitedHealth estimates that the hack will reduce profits by $1.15 to $1.35 per share this year but emphasizes that the impact is not as severe as initially anticipated. While the company has not yet disclosed the extent of the personal data breached in the attack, federal law mandates that they do so within 60 days. Read More

Cyberattack Cripples Ukrainian Media Giant 1+1 Media

1+1 Media, a prominent media conglomerate in Ukraine, recently experienced a severe cyberattack targeting its satellite TV channels. In a statement released on Wednesday addressing the cyber assault, the media giant disclosed that 39 channels, including some of its flagship networks, became inaccessible, dealing a significant blow to the country's media infrastructure.

Officials stated that the cyberattack on 1+1 Media coincided with escalated tensions in the region, notably the "cynical attack" on the peaceful city of Chernihiv. The attack involved deliberate efforts to disrupt satellite communications on the Astra 4A 11766 H transponder. Read More

Trust Wallet Warns of $2 Million iMessage Exploit

Trust Wallet, a prominent provider of cryptocurrency wallets, has issued a cautionary notice to Apple users concerning a potential vulnerability in iMessage. The alert arises from reliable information suggesting the existence of a zero-day exploit within the iOS iMessage platform, which is reportedly being sold on the dark web for an exorbitant $2 million.

As per Trust Wallet, this zero-day exploit in iMessage poses a significant risk as it enables hackers to take control of iPhones without any interaction from the device user. Unlike conventional exploits that necessitate clicking on malicious links or downloading infected files, this exploit operates seamlessly, posing a particularly serious threat to high-profile targets. Read More

BreachForums Breached! Rival Hackers Claim User Data

The primary website of the infamous BreachForums, a forum known for data leaks and hacking activities, has been shut down by competing threat actors. The group of threat actors known as R00TK1T, in collaboration with the pro-Russian Cyber Army of Russia, declared that they had breached user data subsequent to the takedown of BreachForums.

Additionally, the hackers behind the BreachForums attack asserted their intention to release a roster containing user details, IP addresses, and email addresses from the forum. Despite the assault, the TOR version of the website remains functional. Read More

Benjamin Ambrose Appointed as CISO at NPCI

Benjamin Ambrose has been appointed as the Chief Information Security Officer (CISO) at the National Payments Corporation of India (NPCI), marking a strategic move aimed at bolstering cybersecurity measures in India's rapidly evolving digital payments sector.

Bringing with him extensive experience gained from notable roles at AWS and Citi, Ambrose offers a seasoned perspective to NPCI's cybersecurity initiatives. Read More

Wrap Up

This week's TCE Cyberwatch roundup paints a sobering picture of the ever-evolving cyber threat landscape. From critical infrastructure vulnerabilities to attacks on international organizations and healthcare providers, no entity seems immune.

However, amidst this complexity, there's a crucial takeaway: vigilance is key. By staying informed about the latest threats, implementing robust security practices, and fostering a culture of cybersecurity awareness, we can all play a vital role in mitigating these risks.

TCE remains committed to keeping you informed about the latest developments in the cybersecurity world. We encourage you to stay tuned for future updates and actively participate in building a more secure digital future.