cyberlights – week 23/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
Highlight
🔒 Sichere und datenschutzfreundliche Browser: Meine Empfehlungen – Teil 1 privacy – Detailed analysis of browser security and privacy features, recommendations for multiple browsers, focusing on anti-tracking and anti-fingerprinting measures. https://www.kuketz-blog.de/sichere-und-datenschutzfreundliche-browser-meine-empfehlungen-teil-1/
News For All
🐱💻 Germany's Christian Democratic party hit by 'serious' cyberattack cybercrime – Germany's CDU faces 'serious' cyberattack; takes IT systems offline. https://www.reuters.com/technology/cybersecurity/germanys-christian-democratic-party-hit-by-serious-cyberattack-2024-06-01/
📺 Fake Tom Cruise warns of violence at Paris Olympics in pro-Russian info op cybercrime – Pro-Russian groups spread fake violence threats for Paris Olympics. https://cyberscoop.com/russia-tom-cruise-ai-paris-olympics/
ℹ️ Experts found information of European politicians on dark web privacy https://securityaffairs.com/164036/deep-web/info-european-politicians-dark-web.html
💼 5 Reasons Why You Should Use a Password Manager security news – using a password manager is a wise move to secure data. https://www.techrepublic.com/article/5-reasons-why-you-should-use-a-password-manager/
⚕️ Rural hospitals are particularly vulnerable to ransomware, report finds security news – highly susceptible due to limited resources and critical access roles. https://cyberscoop.com/rural-hospital-ransomware-cyber/
👶 Microsoft accused of tracking kids with education software privacy – Noyb requests Austrian data protection authority to investigate Microsoft 365 Education for potential GDPR violations regarding transparency. https://www.theregister.com/2024/06/04/noyb_microsoft_complaint/
⚡ TikTok warns of exploit aimed at 'high-profile accounts' cybercrime – TikTok addresses account takeover campaign targeting high-profile users; malware spreads via direct messages. https://therecord.media/tiktok-exploit-high-profile-accounts
🤖 Zoom CEO envisions AI deepfakes attending meetings in your place security news – Zoom CEO envisions AI-powered digital twins to attend meetings on behalf of individuals. https://arstechnica.com/?p=2028754
🦦 Warning Against Phishing Emails Prompting Execution of Commands via Paste (CTRL+V) malware – Phishing emails distribute HTML files prompting users to run malicious PowerShell commands via pasting (CTRL+V), leading to the execution of the DarkGate malware. https://asec.ahnlab.com/en/66300/
🐡 Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics warning – Mandiant warns of elevated cyber threat risks facing the 2024 Paris Olympics, including cyber espionage, disruptive operations, and financially motivated activity. https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics/
📽️ Cisco addressed Webex flaws used to compromise German government meetings security news – vulnerabilities allowed unauthorized access to meeting information, including topics and participants. https://securityaffairs.com/164173/breaking-news/cisco-webex-flaws-german-government-meetings.html
🏳️🌈 Language app Duolingo removes LGBTQ+ content from Russian platforms security news – in compliance with Roskomnadzor's request, which labels LGBTQ+ advocates as 'extremists' in Russia. https://therecord.media/language-app-duolingo-lgbtq-removes
🎯 Hit by LockBit? The FBI is waiting to help you with over 7,000 decryption keys cybercrime – Victims are encouraged to contact the FBI for help in decrypting their data and to assist in ongoing cybercrime investigations. https://www.tripwire.com/state-of-security/hit-lockbit-fbi-waiting-help-you-over-7000-decryption-keys
🦆 DuckDuckGo offers “anonymous” access to AI chatbots through new service security news – enabling interaction with various language models from OpenAI, Anthropic, Meta, and Mistral, ensuring chats are anonymized and promptly deleted to uphold privacy. https://arstechnica.com/information-technology/2024/06/duckduckgo-offers-anonymous-access-to-ai-chatbots-through-new-service/
😤 AI jailbreaks: What they are and how they can be mitigated security research – AI jailbreaks are techniques that bypass guardrails in AI systems, leading to undesired outcomes; Microsoft outlines the risks, characteristics, and mitigation strategies for AI jailbreaks, emphasizing defense in depth and detection mechanisms to prevent unauthorized data access, content misuse, and system subversion. https://www.microsoft.com/en-us/security/blog/2024/06/04/ai-jailbreaks-what-they-are-and-how-they-can-be-mitigated/
Recall Corner 🥷 Malware can steal data collected by the Windows Recall tool security research – Researchers demonstrated accessing and extracting Recall-captured snapshots stored in an unencrypted database. https://securityaffairs.com/164181/digital-id/malware-steal-data-windows-recall-tool.html
🤷 Microsoft Research chief scientist has no issue with Recall security news – Jaime Teevan, chief scientist at Microsoft Research, dismissed concerns about Microsoft's Recall feature despite privacy and security risks raised by critics; Recall builds an archive of user screenshots and logs activities, stored locally. https://www.theregister.com/2024/06/06/microsoft_research_recall/
🙃 Update on the Recall preview feature for Copilot+ PCs security news – Microsoft provides an update on the Recall feature for Copilot+ PCs. https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/
🧻 Microsoft rolls back ‘dumbest cybersecurity move in a decade’ security news – Microsoft revises Recall feature after severe criticism over privacy concerns; changes include opt-in, biometric enrollment, and enhanced encryption amid backlash from security researchers over potential data exposure in screenshots of users' screens. https://cyberscoop.com/microsoft-rolls-back-dumbest-cybersecurity-move-in-a-decade/
Some More, For the Curious
🦠 PikaBot: a Guide to its Deep Secrets and Operations malware – Detailed analysis of PikaBot malware, including anti-analysis techniques and C2 infrastructure. https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/
👆 Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools security research – Increase in ransomware activity observed in 2023, reliance on legitimate tools for attacks, escalation of extortion tactics, rise of new ransomware families, and common tactics observed. https://cloud.google.com/blog/topics/threat-intelligence/ransomware-attacks-surge-rely-on-public-legitimate-tools/
🙅 Snowflake says there’s no evidence attackers breached its platform to hack Ticketmaster security news – Snowflake denies responsibility for Ticketmaster and Santander breaches; joint statement with CrowdStrike and Mandiant supports claim. https://www.theverge.com/2024/6/3/24170876/snowflake-ticketmaster-santander-data-breach-details
🛋️ Most of the security teams’ work has nothing to do with chasing advanced adversaries security news – Security teams' day-to-day reality involves mundane tasks like communication, cross-functional collaboration, security evangelism, tooling management, and resource planning, contrary to the glamorous portrayal in movies and marketing. https://ventureinsecurity.net/p/most-of-the-security-teams-work-has
💐 Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab security news – sophisticated attack named Operation Triangulation targeted iPhones of Kaspersky employees and Russian diplomats. https://therecord.media/kaspersky-apple-bug-bounty-declined
💭 Shostack + Friends Blog > The Universal Cloud TM security research – Rich Mogull and Chris Farris released 'The Universal Cloud Threat Model' (UCTM), designed to update traditional threat modeling for public cloud operations. https://shostack.org/blog/universal-cloud-threat-model-threat-model-thurs/
👾 New York Times source code compromised via exposed GitHub token data breach – The New York Times' source code and data were leaked on 4chan by an anonymous user who targeted the company's GitHub repositories in January 2024 using an exposed GitHub token, with confirmation from The New York Times that the leaked data is legitimate. https://securityaffairs.com/164280/data-breach/new-york-times-source-code-leaked.html
🧑🌾 What is RansomHub? Looks like a Knight ransomware reboot malware – RansomHub likely Knight ransomware rebrand; exploits ZeroLogon vulnerability. https://www.theregister.com/2024/06/05/ransomhub_knight_reboot/
🚪 Microsoft shows venerable and vulnerable NTLM security protocol the door security news – Microsoft deprecates NTLM protocol, advises switch to Kerberos for security. https://www.theregister.com/2024/06/06/microsoft_deprecates_ntlm/
⚔️ Leveraging Escalation Attacks in Penetration Testing Environments – Part 1 security research – Exploring AD CS vulnerabilities and attacks in penetration testing. https://www.guidepointsecurity.com/blog/leveraging-escalation-attacks-in-penetration-testing-environments-part-1/
💸 Pandabuy was extorted twice by the same threat actor cybercrime – Pandabuy extorted twice by same threat actor after paying ransom. https://securityaffairs.com/164263/cyber-crime/pandabuy-extorted-again.html
🪲 Nasty bug with very simple exploit hits PHP just in time for the weekend vulnerability – Critical PHP vulnerability allows code execution on Windows; urgent action required. https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/
CISA Corner
📢 Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access security news – Snowflake warns of cyber threats targeting accounts, urges vigilance. https://www.cisa.gov/news-events/alerts/2024/06/03/snowflake-recommends-customers-take-steps-prevent-unauthorized-access
💣 CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA adds Oracle WebLogic Server vulnerability to exploited list. https://www.cisa.gov/news-events/alerts/2024/06/03/cisa-adds-one-known-exploited-vulnerability-catalog
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.