Global Cyber Pulse: 29 November 2024

November 29, 2024 | Cybersecurity
By Ashwani Mishra, Editor-Technology, 63SATS

A newly discovered vulnerability in ThinkPad X230 webcams enables hackers to bypass the LED indicator, raising serious privacy concerns. Meanwhile, XT.com, a major cryptocurrency exchange, has suspended withdrawals following a $1.7 million hack, further highlighting cybersecurity challenges.

In the UK, WUTH hospitals have faced significant disruptions due to a cyberattack, forcing manual operations and delays in patient care. Additionally, hackers exploited an npm package, embedding malware to steal sensitive data and mine cryptocurrency.

Stay tuned for the latest updates on the global evolving cyber threats.

Hackers Exploit Webcam Vulnerability: LED Indicator No Longer Reliable

A critical security vulnerability has been uncovered in laptop webcams, specifically targeting ThinkPad X230 models. This flaw allows hackers to access webcams without activating the LED indicator, a feature meant to alert users when their camera is in use.

Andrey Konovalov, a prominent tech engineer, demonstrated a method for bypassing the LED activation by manipulating the webcam’s firmware. This discovery has ignited a heated debate online, especially on platforms like Hacker News.

The issue stems from the camera’s use of USB connectors and specific controllers that enable or disable LEDs independently. These vulnerabilities are prevalent in laptops manufactured around 2012, many of which use firmware-based LED controls.

By analyzing various laptop models, the engineer successfully created firmware that could take over LED controls, proving that many webcams are at risk of covert activation through software manipulation.

Cryptocurrency Exchange XT.com Suspends Withdrawals After $1.7 Million Hack

XT.com, a leading cryptocurrency exchange with a daily trading volume of $3.4 billion, has suspended withdrawals following a suspected $1.7 million security breach.

While XT has not officially confirmed the incident, security firm PeckShield reported that hackers transferred the stolen funds into 461.58 ETH. XT has cited wallet upgrades and maintenance as the reason for suspending withdrawals, stating:

“Due to the wallet upgrade and maintenance, XT has suspended all coin withdrawals. Sorry for the inconvenience caused during the suspension.”

The incident highlights vulnerabilities even in high-profile crypto exchanges, as XT, ranked 20th on CoinMarketCap, supports over 900 cryptocurrencies with substantial daily activity.

UK Healthcare Cyberattack: WUTH Operations Disrupted

Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, has suffered a cyberattack that has significantly disrupted its services. The attack, disclosed on Monday, caused system outages, forcing the hospital to delay appointments and procedures.

Hospitals Impacted

WUTH oversees three major UK hospitals—Arrowe Park, Clatterbridge, and Wirral Women and Children’s Hospital. These facilities, providing essential services like emergency care, critical care, and maternity services, have been forced to revert to manual processes due to IT system shutdowns.

The shift to paper-based operations has led to delays affecting patients and staff alike, with recovery efforts still underway.

Software Supply Chain Attack on npm Registry

Cybersecurity researchers have identified a year-long software supply chain attack targeting the npm package registry. The attack exploited the package @0xengine/xmlrpc, initially published as a legitimate XML-RPC server and client for Node.js in October 2023.

In version 1.3.4, malicious code was introduced to steal sensitive data like SSH keys, bash history, and environment variables every 12 hours. The stolen data was exfiltrated using services like Dropbox and file.io.

Despite its malicious payload, the package remains available on the npm registry, having been downloaded 1,790 times. Researchers emphasize the need for stringent vetting of open-source packages to mitigate such risks.

Black Basta Ransomware Targets Microsoft Teams

The Black Basta ransomware group has escalated its attacks by leveraging Microsoft Teams for advanced social engineering tactics.

Throughout October 2024, the group targeted hundreds of organizations across sectors like finance, technology, and government contractors. Known for its aggressive spam campaigns, Black Basta has been active since April 2022 and continues to evolve its strategies, using trusted platforms like Teams to deceive victims more effectively.

Cybersecurity experts are urging organizations to strengthen defenses against such sophisticated social engineering threats.