cyberlights – week 27/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🚨 Hijacked: How hacked YouTube channels spread scams and malware cybercrime – Cybercriminals hijack YouTube channels to spread scams and malware, targeting viewers and content creators. https://www.welivesecurity.com/en/scams/hijacked-hacked-youtube-channels-scams-malware/
🚓 Police allege 'evil twin' in-flight Wi-Fi used to steal info cybercrime – Australian man charged for creating fake in-flight Wi-Fi network to steal credentials; AFP warns against using public Wi-Fi without precautions. https://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/
📹 San Francisco app livestreams local bars to draw more patrons privacy – 2Night app allows livestreaming of SF bars, raising privacy concerns and backlash from patrons and venue owners. https://sfstandard.com/2024/06/29/2night-live-stream-bars-privacy-concerns/
🏥 LockBit claims cyberattack on Croatia’s largest hospital security news – LockBit ransomware gang targets Croatia's largest hospital; patient data compromised, impacting emergency services and hospital operations. https://therecord.media/lockbit-claims-cyberattack-croatia-hospital
⚠️ 3 million iOS and macOS apps were exposed to potent supply-chain attacks vulnerability – Vulnerabilities in CocoaPods server exposed 3 million iOS and macOS apps to code injection attacks for a decade. https://arstechnica.com/?p=2034866
🔑 The End of Passwords? Embrace the Future with Passkeys. security news – Passkeys offer enhanced security and privacy, along with convenience, as a passwordless authentication solution. https://blog.nviso.eu/2024/07/02/the-end-of-passwords-embrace-the-future-with-passkeys/
🕵️ Fiverr Freelancers Offer to Dox Anyone With Powerful U.S. Data Tool security news – Fiverr freelancers offer doxing services with access to data tool TLOxp https://www.404media.co/fiverr-freelancers-offer-to-dox-anyone-with-powerful-u-s-data-tool-tloxp/
📡 UN urges Russia to ‘immediately’ cease interference in European satellites security news – UN condemns Russian satellite interference, calls for immediate cessation of harmful actions affecting European countries' GPS signals and TV programs. https://therecord.media/un-russia-satellite-interference-europe
🪼 Polish government investigates Russia-linked cyberattack on state news agency security news – Suspicion of Russian involvement in cyberattack on Polish state news agency; aimed at spreading disinformation before European Parliament election. https://securityaffairs.com/165139/intelligence/polish-government-investigating-russia-attack.html
🎒 Alabama Department of Education stops ransomware attack but confirms data stolen data breach – Alabama Department of Education halts ransomware attack but confirms data breach, potential exposure of student and employee information. https://therecord.media/alabama-education-department-data-breach
🔍 Google: AI Potentially Breaking Reality Is a Feature Not a Bug security research – Google researchers co-author a paper detailing real harm caused by generative AI misuse, which can distort reality by producing deceptive content without violating terms of service. It highlights the need for collaboration to address this issue. https://www.404media.co/google-ai-potentially-breaking-reality-is-a-feature-not-a-bug/
⛓️ New ransomware group uses phone calls to pressure victims, researchers say cybercrime – New ransomware group Volcano Demon uses phone calls to intimidate victims, threatens to expose data if ransom is not paid. The group employs a double extortion technique and remains a challenge to track. https://therecord.media/ransomware-group-volcano-demon-lukalocker
🔥 Traeger smokes security bugs threatening grillers' hard work vulnerability – Traeger grills vulnerable to high-severity flaw allowing remote attackers to control temperature or shutdown grill; exploitation could ruin cooking. https://www.theregister.com/2024/07/03/traeger_security_bugs/
☘️ OpenAI’s ChatGPT Mac app was storing conversations in plain text security news – OpenAI's ChatGPT Mac app stored conversations in plain text; fixed after demonstration, highlighting a potential privacy concern. https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text
☎️ Twilio alerts Authy two-factor app users that ‘threat actors’ have their phone numbers security news – Twilio alerts Authy users of phone number leak, warns of phishing attacks. Previous breach affects 163 Twilio and 93 Authy accounts, leading to the unauthorized registration of additional devices. https://www.theverge.com/2024/7/3/24191791/twilio-authy-2fa-app-phone-numbers-hack-data-breach
🛣️ Europol says mobile roaming tech is hampering crimefighters security news – Europol is concerned about SMS home routing that hampers criminal investigations due to privacy-enhancing technologies, specifically service-level encryption, enabling suspects to maintain communication privacy within their home network while roaming. https://www.theregister.com/2024/07/05/europol_home_routing_complaint/
🥷 Hackers stole OpenAI secrets in a 2023 security breach security news – OpenAI faced a security breach in 2023, compromising internal discussions but not source code or customer data. Concerns about AI security and possible cyber espionage linked to nation-state actors raised. https://securityaffairs.com/165349/data-breach/openai-2023-security-breach.html
Some More, For the Curious
⛔ Qualys Security Blog security news – Qualys blog faced unauthorized spam content, investigated, no impact on customer data, production environment, or data exfiltration. https://blog.qualys.com/qualys-insights/2024/07/03/qualys-blog
🌠 Like Shooting Phish in a Barrel security research – Article explores techniques to bypass email link crawlers used by security gateways, including parsers, CAPTCHAs, redirects, browser fingerprinting, and ASN blocking. https://posts.specterops.io/like-shooting-phish-in-a-barrel-926c1905bb4b
🤕 Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769 warning – Threat actors exploit CVE-2024-0769 in D-Link DIR-859 routers for information disclosure. GreyNoise observes attackers collecting account details. https://securityaffairs.com/165045/hacking/d-link-dir-859-actively-exploited.html
⚔️ Sanctioned and exposed, Predator spyware maker group has gone awfully quiet security news – The Predator spyware group, Intellexa, shows decreased activity post sanctions. Observers suggest impact on operations, but caution about potential retooling. https://cyberscoop.com/sanctioned-and-exposed-predator-spyware-maker-group-has-gone-awfully-quiet/
🔒 Emergency patches now available for Juniper Networks routers vulnerability – Emergency patches released for Juniper Networks routers to fix critical authentication bypass vulnerability (CVE-2024-2973). Users urged to apply patches promptly. https://www.theregister.com/2024/07/01/emergency_patches_available_for_juniper/
😓 TeamViewer: Hackers copied employee directory data and encrypted passwords data breach – TeamViewer breach linked to Russian government-backed APT29; employee directory data and encrypted passwords stolen. https://therecord.media/teamviewer-cyberattack-employee-directory-encrypted-passwords
🦇 Exposing FakeBat loader: distribution methods and adversary infrastructure security research – Sekoia presents FakeBat loader distribution using malvertising, software impersonation, fake browser updates, and social engineering schemes. https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/
🍳 Vulnerabilities in PanelView Plus devices could lead to remote code execution vulnerability – Microsoft discovered and disclosed RCE and DoS vulnerabilities in Rockwell Automation PanelView Plus devices. https://www.microsoft.com/en-us/security/blog/2024/07/02/vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution/
🥅 Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers security research – Recorded Future used infostealer logs to detect consumers of child sexual abuse material on the dark web, aiding law enforcement. https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers
🫅 “RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux vulnerability – Critical OpenSSH vulnerability CVE-2024-6387 allows remote code execution with root system rights on Linux based on glibc systems, leading to full system compromise. https://arstechnica.com/?p=2035011
🩹 Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform vulnerability – Splunk fixes 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including high-severity flaws like Remote Code Execution. https://securityaffairs.com/165204/security/splunk-enterprise-and-cloud-platform-flaws.html
💔 Secret Network Access Broker x999xx – Krebs on Security cybercrime – Russian hacker x999xx, a known access broker, trades network access, databases, and stolen data; identified. Acknowledges identity when reached by email and denies interest in harming healthcare institutions. Operates freely in Russia. https://krebsonsecurity.com/2024/07/the-not-so-secret-network-access-broker-x999xx/
🗃️ Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692) security research – A remote execution vulnerability in HTTP File Server (HFS) was used to exploit user systems, install malware, and establish malicious backdoors. https://asec.ahnlab.com/en/67650/
🌍 Europol and pals band together in Cobalt Strike disruption security news – Europol conducted a week-long operation named Operation Morpheus, disrupting nearly 600 IP addresses linked to illegal copies of Cobalt Strike. https://www.theregister.com/2024/07/04/europol_cobalt_strike_crackdown/
😸 Kimsuky Group’s New Backdoor Appears (HappyDoor) security research https://asec.ahnlab.com/en/67660/
🤖 New Golang Zergeca Botnet appeared in the threat landscape malware – New Golang-based Zergeca Botnet emerges, capable of DDoS attacks and additional functionalities like scanning and reverse shell. https://securityaffairs.com/165288/cyber-crime/golang-based-zergeca-botnet.html
🥧 Polyfill.io Supply Chain Attack: Censys detected 384,773 hosts still embedding a polyfill JS script linking to the malicious domain security research – Censys identifies hosts still linking to the malicious polyfill.io domain, affecting major platforms and websites. https://securityaffairs.com/165302/hacking/polyfill-io-supply-chain-attack.html
🪶 Apache fixed a source code disclosure flaw in Apache HTTP Server vulnerability – Apache fixed a source code disclosure vulnerability (CVE-2024-39884) in Apache HTTP Server, urging users to upgrade promptly. https://securityaffairs.com/165422/security/apache-source-code-disclosure-flaw-apache-http-server.html
CISA Corner
🏭 CISA Releases Seven Industrial Control Systems Advisories vulnerability – Johnson Controls, mySCADA, ICONICS, Mitsubishi Electric https://www.cisa.gov/news-events/alerts/2024/07/02/cisa-releases-seven-industrial-control-systems-advisories
🛜 Juniper Networks Releases Security Bulletin for Junos OS: SRX Series vulnerability – Juniper Networks issued a security bulletin for Junos OS: SRX Series to fix a vulnerability leading to denial-of-service. https://www.cisa.gov/news-events/alerts/2024/07/02/juniper-networks-releases-security-bulletin-junos-os-srx-series
⚠️ CISA Adds One Known Exploited Vulnerability to Catalog – Cisco NX-OS warning – CISA added a known exploited vulnerability (CVE-2024-20399) to its catalog, emphasizing the risks and need for prompt mitigation. https://www.cisa.gov/news-events/alerts/2024/07/02/cisa-adds-one-known-exploited-vulnerability-catalog
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.