Today’s Top Cyber Intelligence Highlights — June 14, 2024
1. New Apple iPhone App Challenges Password Elimination
Apple’s latest iPhone app aims to manage all user logins, highlighting the ongoing struggle to eliminate passwords. Despite predictions of their demise, passwords remain a staple in online security. Read more
2. NetSPI Acquires Hubble
NetSPI has acquired Hubble, adding Cyber Asset Attack Surface Management (CAASM) to its portfolio, complementing its existing Internal External Attack Surface Management (IEASM) capabilities. Read more
3. KnowBe4 Launches Risk & Insurance Partner Program
KnowBe4 has introduced a new program aimed at enhancing risk management and insurance solutions for businesses. Read more
4. MPs Criticize Government Over Cyberattack Transparency
Canadian MPs have expressed frustration over being kept in the dark about cyberattacks targeting their emails, calling the lack of communication unacceptable. Read more
5. AI and Smart Technology Privacy Tips
Experts provide simple tips to protect privacy as AI and smart technology become increasingly integrated into daily life. Read more
6. New Cross-Platform Malware ‘Noodle RAT’
Chinese-speaking threat actors have been using a new cross-platform malware, Noodle RAT, for espionage and cybercrime. Read more
7. Google Pixel Firmware Zero-Day Exploit
Google has warned of a zero-day exploit in Pixel Firmware, identified as CVE-2024–32896, which allows privilege escalation. Read more
8. PhantomLoader Distributes SSLoad Malware
Cybercriminals are using PhantomLoader to distribute SSLoad malware, which evades detection by modifying legitimate DLL files. Read more
9. Leidos Wins $738 Million Air Force Contract
Leidos has secured a $738 million contract to provide IT and cybersecurity support to the U.S. Air Force. Read more
10. Backblaze Partners with Coalition
Backblaze has partnered with Coalition to enhance cyber risk protection and compliance for businesses. Read more
11. Microsoft Under Fire for Security Lapses
Microsoft President Brad Smith will testify before Congress regarding security failures that led to major cyberattacks by Russian and Chinese hackers. Read more
12. New Attack Technique ‘Sleepy Pickle’
The ‘Sleepy Pickle’ attack targets machine learning models by exploiting the Pickle format, posing significant supply chain risks. Read more
13. Microsoft Whistleblower Claims Profit Over Security
A whistleblower alleges that Microsoft prioritized profit over security, leaving systems vulnerable to Russian hacks. Read more
14. Snowflake to Close Cyberattack Probe
Snowflake Inc. plans to conclude its investigation into a cyberattack that affected 165 customers. Read more
15. AI Chatbot Outsmarts Scammers
An AI chatbot experiment successfully captured bank account details from scammers, showcasing AI’s potential in cybersecurity. Read more
16. North Korea’s Moonstone Sleet Expands Malicious Code Distribution
The Moonstone Sleet threat actor has enhanced its capabilities to disrupt the software supply chain using public registries. Read more
17. Critical RCE Bug in Ivanti Endpoint Manager
A proof-of-concept exploit has emerged for a critical remote code execution vulnerability in Ivanti Endpoint Manager. Read more
18. Microsoft Grilled Over Security Failures
Microsoft’s President Brad Smith faced tough questions on Capitol Hill regarding security lapses that led to government system hacks. Read more
19. Malware Campaign Uses Discord Emojis
A new malware campaign uses Discord emojis for command and control instructions, adding a quirky twist to cyber threats. Read more
20. Bank of Baroda Ordered to Return Cyber Fraud Funds
The High Court has ordered Bank of Baroda to return Rs 76 lakh lost in a cyber fraud case. Read more
21. Building a Security Culture
Creating a proactive cybersecurity culture involves prioritizing people’s needs, weaknesses, and skills. Read more
22. Ukraine Police Arrest Ransomware Suspect
Ukrainian police have arrested a suspect linked to the LockBit and Conti ransomware groups. Read more
23. Pakistani Hacking Team Spies on Indian Government
The Celestial Force hacking team from Pakistan has been conducting cyber espionage against Indian government and defense organizations. Read more
24. Pakistani Malware Campaign Targets Multiple Platforms
A malware campaign linked to Pakistan, known as Operation Celestial Force, targets Windows, Android, and macOS systems. Read more
25. A2 Hosting Enhances DDoS Protection
A2 Hosting has expanded its commitment to DDoS protection through a renewed agreement with Corero Network Security. Read more
26. Climb Global Solutions Partners with Flashpoint
Climb Global Solutions has partnered with Flashpoint to provide enhanced threat solutions. Read more
27. NHS Ransomware Attack Causes Blood Shortages
A ransomware attack on the NHS has led to blood shortages and delayed operations, prompting an urgent call for donations. Read more
28. Building Cybercrime Empires
Strong partnerships between industry and law enforcement are crucial to dismantling cybercrime groups before they grow. Read more
29. Arid Viper’s Mobile Espionage Campaign
The Arid Viper threat actor is using trojanized Android apps to deliver spyware, targeting users through fake apps. Read more
30. Snowflake-linked Attacks Test Cloud Security
Recent attacks on Snowflake customers highlight the challenges of shared responsibility in cloud security. Read more
31. UK Cyberattack Aftermath: Blood Shortages
London hospitals are experiencing blood shortages and delayed operations following a cyberattack, calling for medical student assistance. Read more
32. Facebook Marketplace Scam Unraveled
A Melbourne woman has been charged for an online scam involving high-end fashion items, affecting at least 20 victims. Read more
33. SaaS Security Gains Importance
Supply chain cyber-attacks are driving tighter cybersecurity regulations, particularly in the financial sector, with other industries expected to follow. Read more
34. Mumbai Teen Thwarts Cyber Fraud
A 13-year-old girl in Mumbai foiled a cyber fraud attempt by quickly responding to fake money transfer alerts on her mother’s phone. Read more
This article provides a comprehensive overview of the most significant cyber intelligence updates from the past 24 hours.
Dr. Fahim K Sufi is a cyber intelligence solution architect who has worked for several Defence and Federal Government entities. He also serves as editorial board member for multiple international journals. He has published more than 70 peer reviewed research articled for international journals, and conferences.
[1] Fahim Sufi, A New Time Series Dataset for Cyber-Threat Correlation, Regression and Neural-Network-Based Forecasting, Information, Vol. 15, No, 4, 199; https://doi.org/10.3390/info15040199, 2024
[2] Fahim Sufi, Open-source cyber intelligence research through PESTEL framework: Present and future impact, Societal Impacts (Elsevier), Vol. 3, №100047, https://doi.org/10.1016/j.socimp.2024.100047, 2024
[3] Fahim Sufi, A global cyber-threat intelligence system with artificial intelligence and convolutional neural network, Decision Analytics Journal (Elsevier), Vol. 9, №100364, https://doi.org/10.1016/j.dajour.2023.100364, 2023
[4] Fahim Sufi, Social Media Analytics on Russia–Ukraine Cyber War with Natural Language Processing: Perspectives and Challenges, Information, Vol. 14, №9, PP. 485, 2023
[5] Fahim Sufi, Novel Application of Open-Source Cyber Intelligence, Electronics, Vol. 12, №17, PP. 3610, https://doi.org/10.3390/info14090485, 2023
[6] Fahim Sufi, A New AI-Based Semantic Cyber Intelligence Agent, Future Internet, Vol. 15, №7, PP. 231, https://doi.org/10.3390/fi15070231, 2023
[7] Fahim Sufi, A New Social Media-Driven Cyber Threat Intelligence, Electronics, Vol. 12. №5, PP. 1242, https://doi.org/10.3390/electronics12051242, 2023 (IF: 2.690)
[8] F. Sufi and I. Khalil, “A New Feature Detection Mechanism and Its Application in Secured ECG Transmission with Noise Masking”, Journal of Medical Systems (Springer), Volume 33, Issue2 (April 2009), Page 121–132, (http://dx.doi.org/10.1007/s10916-008-9172-6)
[9] F. Sufi and I. Khalil, “Enforcing Secured ECG Transmission for Realtime Telemonitoring: A Joint Encoding, Compression, Encryption Mechanism”, Security and Communication Networks, Wiley InterScience Vol. 1, №5, 2008, pp. 389–405
[10] F. Sufi, F. Han, I. Khalil, J. Hu, A chaos-based encryption technique to protect ECG packets for time critical telecardiology applications, Security and Communication Networks, Volume 4, Issue 5, pp. 515–524, 2011 (May), (http://dx.doi.org/10.1002/sec.226)