Weekly Cybersecurity Report | Week 20, 2024

As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.

Weekly Cybersecurity Report | Week 20, 2024

Information security updates and events from the past week 

1 – A cyber-attack in Kansas City has been shutting down a large part of the municipality’s services for about a month, including some of the cameras placed on the roads and used to investigate accidents, etc. 

Kansas City: 

  • Last week there was a report of a cyber-attack at the Charter School. 
  • In January, the services of the Kansas City Public Transportation System (KCATA) were shut down due to a ransomware attack. 
  • On December 23 Liberty Hospital in Kansas City suffered a widespread cyber-attack. 
  • On January 20, Kansas City City Hall was shut down for several days due to a ransomware attack. 

2 – China stole geopolitical secrets from the Middle East, Africa, and Asia 

A Chinese state-linked threat group has been exfiltrating emails and files from high-level government and military targets across the Middle East, Africa, and Southeast Asia every day since late 2022. 

Operation Diplomatic Specter, an espionage campaign described in a new report by Palo Alto’s Unit 42, targets foreign ministries, military bodies, embassies and more in at least seven countries on three continents. Its goal is to obtain classified and other sensitive information about geopolitical conflicts, diplomatic and economic missions, military operations, political meetings and summits, politicians, and senior military personnel, and above all, embassies and foreign ministries. 

The campaign continues, and the attackers have already demonstrated a willingness to continue spying, even after being exposed and located from compromised networks. 

https://www.darkreading.com/threat-intelligence/china-apt-stole-geopolitical-secrets-from-middle-east-africa-and-asia 

3 – Student data exposed in Western Sydney University data breach 

Western Sydney University (WSU) has notified students and academic staff of a data breach after threat actors breached its Microsoft 365 and SharePoint environment. 

WSU University is an educational institution in Australia that offers a wide range of undergraduate, graduate and research programs across various disciplines. It has 47,000 students and more than 4,500 permanent and seasonal employees and operates on a budget of 600 million dollars (USD). 

In a statement published today on the Western Sydney University website, the university warned that hackers had accessed its Microsoft Office 365 environment, including email accounts and SharePoint files. 

4 – The well-known e-script company MediSecure was hit by a large-scale ransomware data breach 

Australia-based e-prescription provider MediSecure has shut down its website and phone lines following a ransomware attack, allegedly originating from a third-party vendor. 

The incident affected people’s personal and health information, but the extent of this is still unclear currently. 

5 – A spy app was found in the check-in systems of 3 hotels in the USA 

Security researcher Eric Daigle discovered a commercial spyware application, called pcTattletale, in the check-in systems of at least three Wyndham hotels across the US.  

The app is often used by parents to monitor their children’s online activities or by employers to track employee efficiency and internet usage. 

Daigle discovered commercial tracking software in hotel check-in systems while investigating consumer-grade spyware (known as stalkerware).  

pcTattletale is software designed for monitoring and recording activities of computer users.  

The software was used by someone to take screenshots of hotel reservation systems, including guest details. Daigle also discovered a vulnerability in the monitoring software that allows anyone to access the screenshots taken by the app. 

The attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right protection. Cyberone is here to help! Check out our services.