This article discusses several significant cybersecurity incidents, including a DDoS attack on the social media platform X, multiple instances of malware infection, and breaches by foreign hacking groups. Key highlights include record fraud losses reported by the FTC, a patched vulnerability in Apple’s WebKit, and ongoing security challenges with AI-generated code hosting on GitHub. Affected: X, GitHub, Apple, Massachusetts utilities, Allstate, New York State, Android devices, Ivanti, SideWinder, Medusa ransomware.
Keypoints :
- X experienced significant outages due to a claimed DDoS attack by Dark Storm.
- The Federal Trade Commission reported fraud losses hit a record .5 billion in 2024, affecting mainly young adults.
- Apple addressed a critical WebKit vulnerability that was actively exploited.
- Malware hosted on GitHub infected one million devices through illegal streaming sites.
- AI-generated malicious code has been uploaded to GitHub, promoting the installation of malware.
- A LockBit developer has been extradited to the U.S. for cybercrimes.
- Four out of six AI voice cloning companies lack necessary security safeguards.
- RCS messaging protocol plans to incorporate end-to-end encryption in future updates.
- Volt Typhoon hackers breached Massachusetts utilities, maintaining access for over 300 days.
- New York State has sued Allstate for inadequate data protection.
- A new Android malware called “KoSpy” has been discovered.
- GitLab has patched vulnerabilities that allowed unauthorized logins.
- Three Ivanti vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities catalog.
- SideWinder has enhanced its attack toolkit to target military and government organizations.
- The FBI recommends multifactor authentication to combat Medusa ransomware attacks.
- Microsoft released patches for 56 vulnerabilities, with six actively exploited.
MITRE Techniques :
- Execution (T1203): Exploiting vulnerabilities in WebKit to execute malware.
- Credential Access (T1078): AI-written code on GitHub aimed at stealing user credentials through malicious installations.
- Initial Access (T1193): Utilizing phishing techniques through illegal streaming links to distribute malware-hosted GitHub downloads.
- Persistence (T1071): Maintaining access to breached systems at LELWD by exploiting vulnerabilities unnoticed for over 300 days.
- Data Theft (T1041): KoSpy malware targeting Android devices to steal messaging and location data.