Cyber-Daily : Adapting Against Cyber Threats: Unmasking New Exploits & Fortifying Defense Strategies
This Newsletter is Curated By: AI || Reviewed By : Avijit || Date: 2023-10-04
Top Cyber Stories Of The Day
1. Linux Vulnerability Exposes Millions to Attack: A vulnerability, dubbed Looney Tunables, has existed since its inception in April 2021, putting countless systems at risk.
2. Group Claims Theft of 2.5 Million Patients’ Data: A group alleges to have stolen health data of 2.5 million patients, raising critical concerns about healthcare sector cybersecurity.
3. Auckland Transport Hit by Ransomware Attack: The city’s official transport website suffers from a DDoS attack linked to a previous ransomware attack by the Medusa gang.
4. Sony Falls Victim to Security Breach: The Ransomed.vc hacking group claims to have compromised Sony’s servers and threatens to divulge sensitive company data.
5. Google to Boost Email Security: Google plans to implement new sender guidelines to augment email security against phishing and malware attacks in 2024.
Today’s Threat Intelligence Reports
Several new threats and vulnerabilities have emerged:
1. ShellTorch Attack: Exposes millions of PyTorch systems to Remote Code Execution (RCE) vulnerabilities.
2. Android October security update: Fixes 54 unique vulnerabilities, including two known to be actively exploited.
3. New zero-day vulnerabilities in Qualcomm’s GPU, DSP drivers: Qualcomm has released patches for three actively exploited zero-days.
4. BlueTooth-controlled gas pumps: Unsecure connections enable control of the pump and free gas dispersal.
5. WS_FTP Vulnerabilities: Attackers are observed actively exploiting security weaknesses in WS_FTP.
6. New malware by Lazarus Group: Security firms warn of harder-to-detect software targeting the crypto industry.
7. Double ransomware attacks: FBI warns of a surge in simultaneous ransomware strikes, causing significant financial losses and operational disruption.
Today’s Breach Bulletins
Several alarming data breaches have been reported recently:
1. Sony: Ransomed.vc alleges a significant breach of Sony’s servers.
2. Patient Data Theft: A group claims the theft of 2.5 million patients’ data.
3. Johnson Controls: Suffered a ransomware attack with potential leakage of Department of Homeland Security information.
4. Motel One: Disclosed a data breach following a ransomware attack, including theft of 150 credit card details.
Security Research, Education & Awareness
Several breakthroughs, studies, and major advancements in the Cybersecurity domain have been noted:
1. OT-IT Convergence Security Risks: BizTech Magazine explores risks associated with IT and OT systems convergence and proposes mitigation strategies.
2. AI and Cybersecurity: Discusses the risks and advantages of large language models in the cloud and the glaring issues of privacy in AI-driven retail security systems.
3. Use of AI in workforce: Addressing the skills gap in the workforce using AI as an educational tool.
4. Access Management Strategies: Investigates the best practices and emerging trends in cybersecurity access management, especially within the medical technology industry.
5. Embedded DDoS defenses in IoT: Emphasizes the importance of agility, configuration, and countermeasures in ensuring IoT security against DDoS attacks.
These research findings provide insightful perspectives and a direct road map for formulating safer and more secure cyber operations.
