Podcasts
CyberWire Daily
Ep 2130
The CyberWire Daily Podcast 8.15.24
Ep 2130 | 8.15.24

Weeding out 'worms' for Window's users.

Show Notes
Transcript

Microsoft urges users to patch a critical TCP/IP remote code execution vulnerability. Texas sues GM over the privacy of location and driving data. Google says Iran’s APT42 is responsible for recent phishing attacks targeting presidential campaigns. Doppelgänger struggles to sustain its operations. Sophos X-Ops examines the Mad Liberator extortion gang. Fortra researchers document a potential Blue Screen of Death vulnerability on Windows. China’s Green Cicada Network creates over 5,000 AI-controlled inauthentic X(Twitter) accounts. Kim Dotcom is being extradited to the United States. Our guest is Rui Ribeiro, CEO at JScrambler, to discuss how the extensive use of first and third-party JavaScript is a blessing and a curse. Wireless shifting can really grind your gears.

Today is August 15th, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Microsoft has urges users to patch a critical TCP/IP remote code execution vulnerability. 

Microsoft has urged users to patch a critical TCP/IP remote code execution vulnerability (CVE-2024-38063) that affects all Windows systems with IPv6 enabled. Discovered by Kunlun Lab, this “wormable” flaw could allow remote, unauthenticated attackers to execute arbitrary code by sending specially crafted IPv6 packets. Disabling IPv6 is a temporary mitigation, but Microsoft advises against it due to potential system issues. Given its high likelihood of exploitation, users are strongly advised to install the latest security updates immediately. 

Texas sues GM over the privacy of location and driving data. 

Texas Attorney General Ken Paxton has filed a lawsuit against General Motors, accusing the automaker of violating the privacy rights of millions of Texans by selling their location and driving data. The suit alleges GM misled drivers into sharing data, which was then sold to data brokers and used to influence insurance rates without drivers’ consent. This action marks the first state-level enforcement against an automaker for such data practices. GM is currently reviewing the complaint and has expressed a commitment to consumer privacy.

Google says Iran’s APT42 is responsible for recent phishing attacks targeting presidential campaigns. 

Google’s Threat Analysis Group (TAG) identified APT42, an Iranian-backed group linked to the Islamic Revolutionary Guard, as responsible for recent phishing attacks targeting the Biden-Harris and Trump campaigns. These attacks aimed to compromise the personal email accounts of individuals connected to the campaigns, including former U.S. officials. TAG blocked many of these attempts and reported the activity to law enforcement. APT42 is known for using sophisticated social engineering tactics, such as posing as journalists and event organizers to lure victims. This group’s activities reflect Iran’s efforts to influence political outcomes and support its military objectives. Recent months have seen increased targeting of U.S. and Israeli entities, with APT42 adapting its methods to exploit various platforms like Google Meet, OneDrive, and WhatsApp. Other security firms, including Microsoft, have also reported heightened activity from Iranian threat groups as the 2024 U.S. elections approach.

Doppelgänger struggles to sustain its operations. 

The Russian disinformation network Doppelgänger is struggling to sustain its operations following a crackdown on its infrastructure, triggered by reports that European hosting companies were unknowingly supporting the Kremlin-linked campaign. The Bavarian State Office for the Protection of the Constitution (BayLfV) revealed that Doppelgänger operators hastily backed up systems and secured data after the exposure. Active since May 2022, the network created fake social media profiles, websites, and news portals to spread propaganda across Germany, France, the U.S., Ukraine, and Israel. BayLfV confirmed the network’s Russian ties, noting operations aligned with Moscow’s time zones and holidays.

Palo Alto Networks patches several vulnerabilities. 

Palo Alto Networks has issued patches for several vulnerabilities, including the high-severity CVE-2024-5914, which affects the Cortex XSOAR product. This flaw allows unauthenticated attackers to execute commands within certain configurations. Patches are available starting with version 1.12.33. Additionally, updates were released for Prisma Access Browser, addressing over 30 vulnerabilities in the Chromium-based browser. Two medium-severity flaws were also patched, impacting PAN-OS and the GlobalProtect app. Palo Alto Networks is not aware of any active exploitation of these vulnerabilities.

Sophos X-Ops examines the Mad Liberator extortion gang. 

A report from Sophos X-Ops examines the Mad Liberator extortion gang.  Emerging in mid-2023, the group uses social engineering and the Anydesk remote-access tool to steal data from organizations and demand ransom. Unlike traditional ransomware, it primarily focuses on data exfiltration but may also encrypt files as part of a double-extortion strategy. The group operates a leak site to pressure victims into paying by threatening to release stolen data. Victims are tricked into granting Anydesk access, often believing the request is from legitimate IT staff. The attacks last several hours, with files stolen and ransom notes deployed before the session ends.

Fortra researchers document a potential Blue Screen of Death vulnerability on Windows. 

Research from security firm Forta documents a newly disclosed vulnerability, CVE-2024-6768, that can cause a Blue Screen of Death (BSOD) on Windows 10, 11, and Server 2022, even with all updates installed. This flaw, due to improper input validation, allows attackers with physical access to repeatedly crash the system by manipulating a BLF file. Fortra reported the issue to Microsoft in December 2023, but it was initially dismissed. Fortra published the vulnerability in August 2024 after successfully reproducing the problem. This issue poses a risk of denial of service and data loss.

China’s Green Cicada Network creates over 5,000 AI-controlled inauthentic X(Twitter) accounts. 

CyberCX Intelligence has been tracking the Green Cicada Network, a group of at least 5,000 AI-controlled inauthentic X accounts, likely part of an emerging information operation linked to China. This network primarily amplifies divisive U.S. political issues, with potential intentions to interfere in the upcoming presidential election. The system, associated with Chinese AI research, has shown increasing activity since July 2024 and has been refining its operations to avoid detection. CyberCX warns of the growing use of generative AI in malicious activities and urges organizations to update their threat models accordingly.

Kim Dotcom is being extradited to the United States. 

Kim Dotcom, a German-born internet entrepreneur, is being extradited to the United States to face criminal charges linked to his defunct file-sharing platform, Megaupload. The U.S. Department of Justice accuses Dotcom of enabling widespread piracy, costing entertainment companies over $500 million. After moving to New Zealand in 2010, Dotcom’s Auckland mansion was raided in 2012, following an FBI request. Since then, he has fought extradition while promoting conspiracy theories online. New Zealand’s Justice Minister recently signed the order for his extradition. Two former Megaupload officers have already been sentenced after avoiding extradition through plea deals.

 

Today’s guest is  Rui Ribeiro, JScrambler's CEO, joins us to discuss how the extensive use of first and third-party JavaScript is both a blessing and a curse.

We’ll be right back

 

Wireless shifting can really grind your gears. 

And finally… In the world of professional cycling, where cheating has taken many forms, a new high-tech threat has emerged: gear-shifting sabotage. Researchers recently revealed that hackers could exploit Shimano’s wireless shifting systems to disrupt races by forcing bikes to shift gears at critical moments. The attack is surprisingly simple, requiring only off-the-shelf hardware, and could wreak havoc during events like the Tour de France. While Shimano is rushing to patch the vulnerability, the incident highlights the unintended risks of adding wireless features to everyday tech—including bikes.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.