Daily Cyber Intel Brief: 12/02/2024
Today: MS Word Doc Attacks — Android Malware Installed 8 Million Times — Microsoft 365 2FA Attacks — Russia Arrests Cybercriminal — New Windows 2012 Zero Day — 2 UK Hospitals Hit by Cyberattacks — New Info on Snowflake Hack
Get the critical updates you need as a cybersecurity professional or business leader without the time drag or hassle.
No one has time to sift through dozens of websites for critical cybersecurity insights. That’s why I developed a better solution-it’s automated, curated, and FREE. Designed for efficiency, I pinpoint the most critical cybersecurity events security professionals and business leaders need to know, and I publish them every business day by 9 AM CT for you.
Subscribe to receive automated notifications and stay ahead of critical developments — NO SPAM, just concise, relevant updates delivered directly to your inbox.
You can connect with me on LinkedIn and join my professional network.
12/02/2024 — New Cybersecurity Updates
Novel phishing campaign uses corrupted Word documents to evade security — A novel phishing attack abuses Microsoft’s Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application. Source
SpyLoan Android malware on Google Play was installed 8 million times. A new set of 15 SpyLoan Android malware apps with over 8 million installs was discovered on Google Play, targeting primarily users from South America, Southeast Asia, and Africa. Source
New Rockstar 2FA phishing service targets Microsoft 365 accounts — A new phishing-as-a-service (PhaaS) platform named ‘Rockstar 2FA’ has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. Source
Russia arrests cybercriminal Wazawaka for ties with ransomware gangs — Russian law enforcement has arrested and indicted notorious ransomware affiliate Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for developing malware and his involvement in several hacking groups. Source
Bologna FC confirms data breach after RansomHub ransomware attack — Bologna Football Club 1909 has confirmed it suffered a ransomware attack after its stolen data was leaked online by the RansomHub extortion group. Source
New Windows Server 2012 zero-day gets free, unofficial patches — Free unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism. Source
8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play — Over a dozen malicious Android apps identified on the Google Play Store that have been collectively downloaded over 8 million times contain malware known as SpyLoan, according to new findings from McAfee Labs. Source
Wanted Russian Hacker Linked to Hive and LockBit Ransomware Arrested — A Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested by law enforcement authorities in the country. According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a decryption key. Source
Phishing-as-a-Service “Rockstar 2FA” Targets Microsoft 365 Users with AiTM Attacks — Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA to steal Microsoft 365 account credentials. Source
Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks — Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. Source
Two UK Hospitals Hit by Cyberattacks, One Postponed Procedures — Alder Hey Children’s Hospital and Wirral University Teaching Hospital have fallen victim to cyberattacks, including one involving ransomware. Source
Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested — Russian authorities have reportedly arrested Mikhail Matveev, who is wanted by the US for ransomware attacks against critical infrastructure. Source
OPPC Breach Impacts 1.7M, US Soldier Suspected in Snowflake Hack, Cloudflare Loses Logs — Noteworthy stories that might have slipped under the radar: OnePoint Patient Care data breach impact doubles, a US soldier may have been involved in the Snowflake hack, Cloudflare lost customer logs. Source
Supply chain technology provider Blue Yonder faces ransomware attack — Blue Yonder, a supply chain technology provider, has faced a ransomware incident. Source
Get notified when I publish new articles so you don’t miss the latest cybersecurity updates. I never share your email address; your subscription only sends you notifications when I publish new articles.
As a Bayesian Cyber Risk Quantification Scientist, I specialize in quantifying cybersecurity risks into measurable, data-driven insights using advanced Bayesian statistics and Bayesian Network modeling. By applying rigorous probabilistic analysis, I help organizations quantify cyber threats in financial terms, prioritize resource allocation, model return on control investments, and make strategic decisions within a complex threat landscape. With thirty years of experience in the financial industry, I bridge compliance and regulatory requirements with actionable, data-driven intelligence, enabling leadership to make higher-resolution decisions and maximize the impact of their investments.
Free Bayesian Primers for Cybersecurity Professionals:
Bayes Theorem Primer — https://timlaytonllc.com/bayesprimer/
Bayesian Network Primer — https://timlaytonllc.com/bnprimer/
Privacy: Tim Layton & Associates, LLC respects your privacy and is committed to protecting your personal information. For more details, please review our Privacy Policy.
Copyright: Copyright © 2024 Tim Layton & Associates, LLC. All rights reserved. All information and content on this website are protected by copyright and may not be reproduced, distributed, or transmitted in any form without prior written permission from Tim Layton & Associates, LLC.
Originally published at https://timlaytonllc.com on December 2, 2024.
