In today's digital age, staying informed about the latest developments in cybersecurity is crucial. Cyber threats are constantly evolving, and staying ahead of these challenges requires up-to-date knowledge and proactive measures. TCE Cyberwatch is here to provide you with a comprehensive weekly roundup of the most significant cybersecurity news, trends, and insights. Each week, we delve into the latest breaches, emerging threats, advancements in security technology, and critical updates from the cybersecurity world. Whether it's a major data breach affecting millions, a new vulnerability discovered in popular software, or innovative strategies to enhance your defenses, TCE Cyberwatch covers it all. Read on and find out what was the most relevant news in the world of cybersecurity this week.

TCE Cyberwatch: A Weekly Round Up

CISA Issues Urgent Advisories to Patch Critical Flaws in Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued 20 advisories to address vulnerabilities in Industrial Control Systems (ICS). These advisories offer detailed technical information and mitigation strategies for various ICS components. Key vulnerabilities include CVE-2024-33500 in Siemens Mendix Applications, which poses remote exploitation risks due to improper privilege management, and issues in Siemens SIMATIC S7-200 SMART devices that can lead to denial-of-service attacks. Additional affected systems include Siemens TIA Administrator, SCALANCE devices, Fuji Electric’s Tellus Lite, and Rockwell Automation’s FactoryTalk View SE. CISA stresses the importance of timely updates, network access restrictions, and strict adherence to security protocols. Although no public exploits have been identified, CISA recommends proactive measures such as network segmentation and secure remote access to bolster ICS resilience against cyber threats. Read More

Microsoft Vows Security Overhaul After U.S. Report

Microsoft has faced severe criticism over its cybersecurity measures, highlighted by a U.S. Cyber Safety Review Board (CSRB) report detailing multiple security failures. These failures include a July 2023 attack by Chinese actors on senior U.S. officials' email accounts. Despite pledges to prioritize security, issues have been compounded by the flawed rollout of the Windows Recall feature. In a House Committee hearing, Microsoft President Brad Smith acknowledged these failings, accepted responsibility, and outlined plans for improvement. These measures include integrating security into executive bonuses and employee reviews, adding 1,600 security engineers, and expanding senior-level oversight. Microsoft is also addressing all CSRB recommendations and enhancing identity protection, network security, and threat detection. Smith emphasized the ongoing battle against cyberattacks, noting that Microsoft detects nearly 4,000 password-based attacks per second. Read More

Over 300 Fake Paris 2024 Sites Target Olympic Ticket Buyers

As the Paris 2024 Summer Olympics approach, security researchers and officials have identified over 300 fraudulent ticketing sites exploiting legitimate Olympics branding to scam users. One notable site, paris24tickets[.]com, appeared professional and ranked highly in Google search results, misleading users into providing personal and financial information. Proofpoint researchers exposed this site as entirely fraudulent, collecting sensitive data instead of processing ticket orders. The French Gendarmerie Nationale has identified 338 scam sites since March 2023, shutting down 51 and putting 140 on notice. Scammers use ads and targeted emails to attract victims, often offering fake discounts. Captain Etienne Lestrelin advises against buying tickets outside official sources, warning that excessively cheap tickets are likely scams and could involve buyers in criminal activities. Read More

Tesla's $45 Billion Payout: Court Battle Looms Over Coercion Claims

Tesla's efforts to reinstate Elon Musk's $45 billion pay package continue to face legal challenges despite shareholder support. The package was nullified by a Delaware judge due to concerns over board independence. Tesla's chair plans to resubmit the deal to the court, but plaintiffs argue the vote was coerced and legally flawed. Richard Tornetta's lawyer, representing the plaintiffs, claims the new vote does not address the initial issues. Legal experts predict ongoing court battles in Delaware, with possible appeals to the state’s supreme court. They also highlight potential coercion by Musk, who threatened to develop AI and robotics outside Tesla if the vote failed. Future pay deals will be governed by Texas law following Tesla's incorporation move, but existing litigation remains in Delaware. Read More

MFA Failure Exposes Millions: Medibank Fined for Massive Data Breach

A lack of multi-factor authentication (MFA) likely caused the Medibank data breach, exposing the personal data of 9.7 million customers in October 2022. The Australian Information Commissioner’s report revealed that hackers stole an IT service desk operator’s credentials via malware on a home device. The compromised VPN lacked MFA, allowing unauthorized access. Ignored security alerts further enabled the attackers to extract 520GB of sensitive data. Medibank's inadequate cybersecurity measures, highlighted in a 2020 risk assessment, included excessive access privileges and the absence of MFA. This negligence led to legal action by Australia's privacy regulator, with potential fines exceeding AU$2 million. Sanctions and arrests followed for the hackers involved. The breach underscores the critical need for MFA, proper alert management, regular security audits, and employee training. Read More

META Stealer Ups the Ante: Encrypted Builds, Custom Stubs in v5.0 Update

META Stealer v5.0 has launched, introducing advanced features and heightened security for this information-stealing malware. Key improvements include TLS encryption for secure communication between the build and the control panel, similar to updates seen in other top stealers like Lumma and Vidar. The update also offers a new build system for generating unique builds, supported by a "Stub token" currency for creating Runtime stubs, enhancing customization. The "Crypt build" option encrypts builds to evade detection during scans, significantly boosting stealth capabilities. Additionally, the panel's security and licensing systems have been upgraded to minimize disruptions. While previous updates, such as version 4.3 in February 2023, introduced features like enhanced detection cleaning and Telegram integration for build creation, version 5.0 focuses on individualized security and continuous improvement. Read More In this week's edition of TCE Cyberwatch, we've covered critical cybersecurity updates, from CISA's advisories on industrial control systems to Microsoft's pledges for security improvements and the exposure of fraudulent Olympic ticketing sites. As cyber threats continue to evolve, staying informed and proactive is essential. By keeping abreast of the latest news and trends, you can better protect your digital assets and stay ahead in the ongoing battle against cyberattacks. Stay vigilant and informed with TCE Cyberwatch.

This week on TCE Cyberwatch, we report on significant breaches affecting both prominent companies and universities, with thousands of individuals impacted. In addition, TCE Cyberwatch explores the evolving landscape of cybersecurity legality, highlighting Australia's ongoing court case against X. TCE Cyberwatch also delves into advancements in corporate cybersecurity, such as Apple’s upcoming announcement of their very own password management app. Keep reading to find out more!

Akira Ransomware Group Targets Panasonic Australia

The Akira ransomware group has reportedly compromised Panasonic Australia's data, claiming to have exfiltrated sensitive project information and business agreements. The authenticity and full impact of this breach are still unverified. In response, Singapore's Cyber Security Agency (CSA) and Personal Data Protection Commission (PDPC) have advised organizations to report such attacks rather than paying ransoms. This recommendation follows confirmation by law firm Shook Lin & Bok that they paid Akira $1.4 million in Bitcoin. The CSA has warned that paying ransoms does not guarantee data recovery and could potentially encourage further attacks. They recommend implementing robust security measures, including strong password policies, multi-factor authentication, reputable antivirus software, regular vulnerability scans, network segregation, routine backups, incident response exercises, and minimizing data collection. Additionally, the FBI and CISA had previously included Akira in their #StopRansomware campaign, emphasizing the importance of these preventive measures. Read More

Xbox One Kernel Exploit Discovered: Tinkering with Game Script App

An individual known as carrot_c4k3 has discovered a kernel-level exploit for Xbox One consoles using an app called ‘Game Script’ from the Microsoft Store. This exploit is not a jailbreak but allows users to gain control over virtual machine (vm) homebrews without enabling pirated software. The method involves two components: initial code execution in UWP applications and a kernel exploit granting full read/write permissions. A proof of concept has been shared on GitHub, currently limited to UWP apps. The exploit bypasses developer mode fees and modifies game save data but does not alter actual games. It may also allow running simple emulators. However, Microsoft could potentially detect this exploit, so using an offline console is recommended. It is also possible that the exploit has already been patched in the latest firmware update, version 10.0.25398.4478. Read More

Over 8,000 at VIT Bhopal University Potentially Exposed in Data Breach

VIT Bhopal University in India has reportedly experienced a major data breach, impacting more than 8,000 students and faculty members. The breach, first revealed on June 10, 2024, on BreachForums, involves the alleged leak of sensitive information, including unique identification numbers, usernames, full names, email addresses, passwords, and user activation keys. This compromised data could potentially allow unauthorized access to personal and university accounts, raising significant concerns about phishing attacks and other malicious activities. VIT Bhopal, established in 2017 and ranked 65th in India by the National Institutional Ranking Framework, offers programs in engineering, technology, management, and architecture. As of now, the university has not commented on the breach or disclosed the full extent of the compromised data. Read More

Energy Giant Potentially Breached: Hacker Selling Alleged SGCC Data

A hacker named Desec0x claims to have breached the State Grid Corporation of China (SGCC) and is selling the stolen data on BreachForums for $1,000. The data reportedly includes user account information, employee details, and department roles in SQL and XLSX formats. SGCC, the world's largest utility company, serves over 1.1 billion people in China and owns assets in several countries. If confirmed, this breach could have serious implications for SGCC and its stakeholders. Cyberattacks on the energy sector are increasing, with notable incidents in 2023 and 2024 targeting companies like Consol Energy and Petro-Canada. SGCC has not yet confirmed the breach, and its website appears to be unaffected. Read More

Deepfakes Target Australian Politicians in Investment Scams

Australian politicians, including Finance Minister Katy Gallagher and Foreign Minister Penny Wong, have been targeted in AI-generated deepfake investment scam videos. The scam also used images of Nationals senator Bridget McKenzie and former Prime Minister Scott Morrison, among others. These videos, promoted via Facebook ads, falsely depict the politicians endorsing fraudulent investment schemes. Federal Minister Stephen Jones warned that AI could amplify fraud and proposed reforms to make social media companies more accountable. Gallagher stressed that neither she nor other politicians would promote products online, urging people to report such scams. The government is considering measures like mandatory AI image watermarking to combat misuse. Read More

Get Ready to Switch? Apple Unveils Passwords Manager at WWDC

At Apple's Worldwide Developer Conference next week, the company is expected to unveil its own standalone password manager, named Passwords, which will rival apps like 1Password and LastPass. According to Bloomberg News, Passwords will offer features surpassing those of iCloud and Mac Keychain, enabling users to save Wi-Fi passwords, store passkeys, and categorize login credentials. The app is also anticipated to be compatible with Windows machines, though its availability for Android users remains uncertain. Read More

Monti Ransomware Targets West After Conti's Demise

The Monti ransomware group, which bears similarities to the defunct Conti ransomware, has recently changed ownership and shifted its focus towards Western targets. The new owners are revamping its infrastructure for future operations. Recent attacks in the South of France disrupted the Pau-Pyrénées airport, the Pau business school, and a digital campus, compromising sensitive data and raising significant cybersecurity concerns. Monti exploits vulnerabilities like Log4Shell to infiltrate networks, encrypt desktops, and disrupt servers. Analysts believe the group leverages Conti’s leaked data for its operations. The cybersecurity community emphasizes the need for strengthened defenses and collaboration to combat such evolving threats. The Monti group’s activities highlight the critical need for robust cybersecurity measures to protect essential infrastructures.Read More

TCE Cyberwatch: Wrap Up

. Recent events have shown that even large, well-protected companies can fall victim to cyberattacks. Therefore, it's always wise to stay proactive and ensure your defenses are up-to-date. Stay safe, stay informed, and take steps to safeguard your digital security.