In today’s cybersecurity news…
PyPi package targets MacOS
Researchers from Checkmarx have discovered a malicious package on the Python Package Index (PyPI) focused on Apple macOS systems. Its goal is to steal users’ Google Cloud credentials. The package was named “lr-utils-lib,” and was downloaded 59 times before being taken down. It had been uploaded to the registry in early June 2024. The researchers said that also “found a fake profile on LinkedIn with the name Lucid Zenith that matched the package’s owner and falsely claimed to be the CEO of Apex Companies, suggesting a possible social engineering element to the attack.”
(The Hacker News and Checkmarx)
Columbus, Ohio suffers cyber incident
The city is working to restore its systems following a cyberattack that forced it to sever its connection to the internet. Officials stated that “while its 911 and employee payroll systems remain operational, several resident-facing IT services are dealing with outages that may take time to restore. City employees were unable to send or receive emails, and the 911 service, although operational, had its staff working with pen and paper. No comments were made as to whether a ransom is involved.
Windows July updates come with some BitLocker and Remote connectivity challenges
Microsoft is warning that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates. The company stated on the Windows release health dashboard, “after installing the July 2024 Windows security update, released July 9, you might see a BitLocker recovery screen upon booting your device.” PCs affected by this issue “will be prompted to enter their BitLocker recovery key to unlock the drive, allowing the device to boot normally from the BitLocker recovery screen.
In addition, Microsoft is confirming that these same July security updates are breaking remote desktop connections in “organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. This issue might be an intermittent one, such as repeating every 30 minutes, at which point logon sessions will be lost and users will need to reconnect to the server. Microsoft has provided workarounds until a fix is delivered.
(BleepingComputer and BleepingComputer)
Huge thanks to our sponsor, Dropzone AI
North Korean charged in cyberattacks on U.S. hospitals, military bases, and NASA
A Federal grand jury in Kansas City, Kansas has leveled the indictment against Rim Jong Hyok, accusing him of hacking into U.S. healthcare, military and NASA facilities to steal sensitive information. Rim Jong Hyok lives and works in North Korea and is part of the state-backed Andariel group that we mentioned on Friday. While seeking details on fighter aircraft, missile defense systems, satellite communications, and radar systems the group funds itself in part by laundering the bitcoin ransomware payments through Chinese banks. in some cases withdrawing the cash from an ATM on the Chinese side of the Sino-Korean Friendship Bridge connecting China and North Korea, according to court records. The indictment is unlikely to lead to an arrest but may lead to additional sanctions against the country.
Ukraine launches cyberattack on Russian ATMs
Updating a story we covered on Thursday, the attack, which started on July 23, and described as unprecedented in its scope, affected debit and credit cards of at least 10 major Russian banking organizations, freezing customer credit and debit cards, bank payment systems and mobile applications, causing outages in personal offices, and preventing payments for services like public transport. The attack also disrupted services from Russian mobile and internet popular online messengers and major Russian social networks. The Kyiv Post also states that nation-state hackers gained access to the databases of major banks.
Copyright traps could tell writers if AI has scraped their work
An article in Slashdot, quoting an article in the MIT Review describes a technique developed by a team at Imperial College London, in which pieces of hidden text “allow writers and publishers to subtly mark their work in order to later detect whether it has been used in AI models or not.” This follows a tradition used by mapmakers and dictionary publishers in earlier centuries who would add fake locations to maps or fake words in dictionaries to help detect plagiarism. “The code to generate and detect traps is currently available on GitHub, but the team also intends to build a tool that allows people to generate and insert copyright traps themselves.” The developers admit the technique is not foolproof since these copyright traps could be found and removed, but by increasing their number, it would make complete removal more difficult.
(Slashdot)