Major Incidents or Breaches

  • McLaren Health Care reported a data breach impacting 743,000 patients following a July 2024 attack by the INC ransomware gang.
  • Nucor, North America’s largest steel producer, confirmed data theft in a recent cyber incident.
  • A database containing 184 million plaintext passwords from platforms including Facebook and Google was discovered exposed online without encryption or protection.

Newly Discovered Vulnerabilities

  • Citrix released patches for critical vulnerabilities in NetScaler ADC and Gateway appliances, urging customers to update to prevent exploitation.
  • A Windows LNK flaw was exploited by the XDigo malware in attacks against Eastern European government entities.
  • Scanning activity targeting Ichano AtHome IP Cameras was observed, indicating potential exploitation attempts.

Notable Threat Actor Activity

  • The China-linked Salt Typhoon group exploited a critical Cisco vulnerability to breach Canadian telecommunications firms, as confirmed by the Canadian Centre for Cyber Security and the FBI.
  • Russian state-sponsored APT28 used Signal chats to deliver two new malware strains, BeardShell and SlimAgent, in attacks targeting Ukrainian government entities.
  • Pro-Iranian hackers and hacktivists are assessed as likely to escalate cyberattacks against U.S. networks following recent U.S. airstrikes on Iranian nuclear sites, according to warnings from the U.S. Department of Homeland Security.
  • Four REvil ransomware members arrested in Russia in 2022 were released after serving time for carding and malware distribution charges.
  • Attackers exploited misconfigured Docker APIs and used Tor for anonymity in a cryptocurrency theft campaign, resembling tactics previously used by the Commando Cat actor.
  • Telegram purged Chinese crypto scam markets from its platform, but these markets quickly re-emerged under new branding.

Trends, Tools, or Tactics of Interest

  • SparkKitty, a new Trojan spyware for iOS and Android, was found distributed via the App Store, Google Play, and untrusted websites. It steals images, including cryptocurrency wallet seed phrases, from device galleries.
  • The XDigo malware, written in Go, was used in targeted attacks on Eastern European governments, leveraging the Windows LNK flaw for initial access.
  • A new jailbreaking technique, “Echo Chamber,” enables attackers to bypass guardrails in large language models (LLMs) like OpenAI and Google Gemini, prompting the generation of harmful content.
  • Attackers are increasingly using encrypted messaging apps (e.g., Signal) for malware delivery in targeted campaigns.
  • Google announced new multi-layered defences for its generative AI systems to address risks such as indirect prompt injection attacks.
  • SOCs are exploring AI-enabled workflow automation to address analyst burnout and improve operational efficiency.

Regulatory or Policy Developments Affecting the Security Industry

  • The U.S. Department of Homeland Security and FBI issued advisories regarding increased cyber threats from Iranian and pro-Iranian actors in response to geopolitical events.
  • The Canadian Centre for Cyber Security released guidance following state-sponsored intrusions into national telecom infrastructure via Cisco vulnerabilities.