Daily Cyber Intel Brief: 11/28/2024
Today: First Linux Malware Discovered — UK Hospital Postones Procedures After Cyberattack — Godot Game Engine Hacked — Chinese Hackers Breach T-Mobile Network — ProjectSend Flaw Hacked — Zello Hacked — APT-C-60
Get the critical updates you need as a cybersecurity professional or business leader without the time drag or hassle.
No one has time to sift through dozens of websites for critical cybersecurity insights. That’s why I developed a better solution-it’s automated, curated, and FREE. Designed for efficiency, I pinpoint the most critical cybersecurity events security professionals and business leaders need to know, and I publish them every business day by 9 AM CT for you.
Subscribe to receive automated notifications and stay ahead of critical developments — NO SPAM, just concise, relevant updates delivered directly to your inbox.
You can connect with me on LinkedIn and join my professional network.
11/28/2024 — New Cybersecurity Updates
UK hospital network postpones procedures after cyberattack — Major UK healthcare provider Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, has suffered a cyberattack that caused a systems outage leading to postponing appointments and scheduled procedures. Source
Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware — A popular open-source game engine called Godot Engine is being misused as part of a new GodLoader malware campaign, infecting over 17,000 systems since at least June 2024. Source
Hackers abuse popular Godot game engine to infect thousands of PCs — Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months. Source
ProjectSend Vulnerability Exploited in the Wild — VulnCheck warns of widespread exploitation of a year-and-a-half-old ProjectSend vulnerability for which multiple public exploits exist. Source
Hackers exploit ProjectSend flaw to backdoor exposed servers — Threat actors use public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. Source
Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers — A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. Source
Zello asks users to reset passwords after security incident — Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach. Source
Researchers discovered the first UEFI bootkit malware for Linux — The first UEFI bootkit specifically targeting Linux systems has been discovered, marking a shift in stealthy and hard-to-remove bootkit threats that previously focused on Windows. Source
Chinese hackers breached T-Mobile’s routers to scope out network — T-Mobile says the Chinese “Salt Typhoon” hackers who recently compromised its systems as part of a series of telecom breaches first hacked into some of its routers to explore ways to navigate laterally through the network. Source
XMLRPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner — Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems. Source
APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign — The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. Source
T-Mobile Shares More Information on China-Linked Cyberattack — T-Mobile has confirmed being targeted by hackers, likely China’s Salt Typhoon, but reiterated that the attack was blocked. Source
Microsoft Patches Exploited Vulnerability in Partner Network Website — Microsoft informed customers that vulnerabilities affecting cloud, AI, and other services have been patched, including an exploited flaw. Source
Source Code of $3,000-a-Month macOS Malware ‘Banshee Stealer’ Leaked — The Banshee Stealer macOS malware operation emerged earlier this year and reportedly shut down following a source code leak. Source
Get notified when I publish new articles so you don’t miss the latest cybersecurity updates. I never share your email address; your subscription only sends you notifications when I publish new articles.
As a Bayesian Cyber Risk Quantification Scientist, I specialize in quantifying cybersecurity risks into measurable, data-driven insights using advanced Bayesian statistics and Bayesian Network modeling. By applying rigorous probabilistic analysis, I help organizations quantify cyber threats in financial terms, prioritize resource allocation, model return on control investments, and make strategic decisions within a complex threat landscape. With thirty years of experience in the financial industry, I bridge compliance and regulatory requirements with actionable, data-driven intelligence, enabling leadership to make higher-resolution decisions and maximize the impact of their investments.
Free Bayesian Primers for Cybersecurity Professionals:
Bayes Theorem Primer — https://timlaytonllc.com/bayesprimer/
Bayesian Network Primer — https://timlaytonllc.com/bnprimer/
Privacy: Tim Layton & Associates, LLC respects your privacy and is committed to protecting your personal information. For more details, please review our Privacy Policy.
Copyright: Copyright © 2024 Tim Layton & Associates, LLC. All rights reserved. All information and content on this website are protected by copyright and may not be reproduced, distributed, or transmitted in any form without prior written permission from Tim Layton & Associates, LLC.
Originally published at https://timlaytonllc.com on November 28, 2024.
