cyberlights – week 30/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🧑💻 Double Dipping Cheat Developer Gets Caught Red-Handed security research – EvolvedAim cheat developer includes information stealer, targeting Escape From Tarkov players, double-dipping into profits, and causing significant damage. https://www.cyberark.com/resources/threat-research-blog/double-dipping-cheat-developer-gets-caught-red-handed
🔂 Anyone can Access Deleted and Private Repository Data on GitHub security research – GitHub exposes deleted and private repository data, posing security risks through Cross Fork Object Reference (CFOR) vulnerability. https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
👻 A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub security research – A network of 3,000 'ghost' accounts on GitHub spreading ransomware and info stealers using fake likes and shares. https://www.wired.com/story/github-malware-spreading-network-stargazer-goblin/
🗳️ Understanding the Election Cybersecurity Landscape cyber defense – Complex election cybersecurity landscape includes diverse targets, tactics, and actors; understanding essential for safeguarding democracy. https://www.greynoise.io/blog/understanding-the-election-cybersecurity-landscape
💰 Oracle coughs up $115M to make privacy case go away privacy – Oracle settles $115 million class action lawsuit over alleged misuse of user data, promising privacy improvements. https://www.theregister.com/2024/07/22/oracle_settles_privacy_case/
📲 Telegram 0-day allowed sending malicious APKs disguised as videos security news – ESET discovers Telegram Android zero-day exploit EvilVideo, allowing attackers to send malicious APKs disguised as videos. https://securityaffairs.com/166042/hacking/evilvideo-telegram-android-zero-day.html
🎲 Chinese ‘cybercrime syndicate’ behind gambling sites advertised at European sporting events cybercrime – Infoblox uncovers Chinese cybercrime syndicate Vigorish Viper behind illegal global gambling network connected to human trafficking and cyber fraud. https://therecord.media/chinese-cybercrime-syndicate-gambling-football-europe
🍪 Google abandons plan to drop third-party cookies in Chrome privacy – Google opting for user choice between Privacy Sandbox and cookies amidst concerns of competitive distortion. https://www.theregister.com/2024/07/23/google_cookies_third_party_continue/
📲 iOS 17: Von einem iPhone kontaktierte Domains privacy https://www.kuketz-blog.de/ios-17-von-einem-iphone-kontaktierte-domains/
🥶 Simple ‘FrostyGoop’ malware responsible for turning off Ukrainians’ heat in January attack security research – Simple but impactful FrostyGoop malware uses Modbus protocol to disrupt heating in Ukrainian apartment buildings, showcasing attackers' focus on critical infrastructure. https://cyberscoop.com/frostygoop-ics-malware-dragos-ukraine/
💥 Inside the 78 minutes that took down millions of Windows machines security news – A faulty update by cybersecurity company CrowdStrike caused global Windows crashes, affecting millions of machines due to a driver flaw. Prospects to avoid such tech disasters involve enabling intelligent boot logic and limiting third-party kernel access. https://www.theverge.com/2024/7/23/24204196/crowdstrike-windows-bsod-faulty-update-microsoft-responses
🪼 AI-Powered Voice Spoofing for Next-Gen Vishing Attacks security research – AI-powered voice cloning advancements enable more realistic vishing attacks, posing significant security risks. Mandiant Red Team incorporated AI voice spoofing in testing, showcasing attackers' potential to exploit this technique for initial access, lateral movement, and privilege escalation. Security defenses must adapt through identifying inconsistencies, source verification, and implementing audio protection measures. https://cloud.google.com/blog/topics/threat-intelligence/ai-powered-voice-spoofing-vishing-attacks/
🤑 TracFone to pay $16 million to settle FCC cyber and privacy investigation security news – TracFone Wireless, owned by Verizon, will pay a $16 million fine to settle an FCC investigation into data breaches caused by API vulnerabilities. The breaches exposed customer data, leading to privacy compromises, necessitating improved API security measures and overall information security protocols. https://therecord.media/tracfone-16-million-to-settle-fcc-investigation
🗺️ Friendly Domain Registry “.top” Put on Notice security news – ICANN has issued a warning to the .top domain registry, expressing concerns over its failure to address phishing reports and suspend abusive domains, with reports showing .top domains were popular choices for phishing websites. https://krebsonsecurity.com/2024/07/phish-friendly-domain-registry-top-put-on-notice/
🎰 Philippines to end online casinos, maybe scams too cybercrime – The Philippines aims to shut down online gambling providers embroiled in crimes like tax evasion and human trafficking. Despite economic benefits, the industry faces international pressure due to illicit activities such as scams and exploitation. https://www.theregister.com/2024/07/24/phillipines_bans_online_gambling_operators/
🦸 Google's reCAPTCHA v2 just labor exploitation, boffins say security research – Researchers criticize Google's reCAPTCHA v2, suggesting it exploits human labor without providing significant security benefits, raising concerns about information harvesting and user experience. https://www.theregister.com/2024/07/24/googles_recaptchav2_labor/
🚸 School in hot water over facial recognition in canteen privacy – ICO reprimands a UK school for introducing facial recognition for canteen payments without proper assessments, consent, or consultation, highlighting the importance of data protection in new technologies at educational institutions. https://www.theregister.com/2024/07/24/essex_school_facial_recognition/
🧪 CrowdStrike blames test software for taking down 8.5 million Windows machines security news – CrowdStrike attributes the issue that caused 8.5 million Windows machines to crash to a bug in their test software that failed to properly validate a content update, leading to detailed post-incident corrective measures for improved testing and deployment processes. https://www.theverge.com/2024/7/24/24205020/crowdstrike-test-software-bug-windows-bsod-issue
🍆 SEXi / APT Inc Ransomware – What You Need To Know cybercrime – The SEXi ransomware group targets VMware ESXi servers, encrypting virtual machine-related files and demanding high ransoms. Victims' files are appended with '.SEXi' and a ransom note named SEXi.txt is left. No known weaknesses exist for data recovery. Protection includes updating systems, disabling default accounts, and using strong, unique passwords. https://www.tripwire.com/state-of-security/sexi-apt-inc-ransomware-what-you-need-know
🎮 LummaC2 Malware Abusing the Game Platform 'Steam' security research – LummaC2 malware disguised as illegal programs uses SEO poisoning and abuse of Steam to acquire C2 domains, targeting wallets, browsers, extensions, and more. https://asec.ahnlab.com/en/68309/
Some More, For the Curious
🔭 Astronomers discover technique to spot AI fakes using galaxy-measurement tools security research – University of Hull researchers use astronomy tools to detect AI-generated deepfake images by analyzing eye reflections for inconsistencies. https://arstechnica.com/information-technology/2024/07/astronomers-discover-technique-to-spot-ai-fakes-using-galaxy-measurement-tools/
🙋♂️ Ransomware takedowns leave crims scrambling for stability security news – Europol reports ransomware landscape fragmentation post RaaS disruptions, with criminals adapting by working independently or developing own payloads. https://www.theregister.com/2024/07/22/europol_says_ransomware_takedowns_make/
⛔ DDoS-for-hire site DigitalStress taken down by police, suspected owner arrested cybercrime – DDoS-for-hire site DigitalStress taken down by police, data collected from users, suspected owner arrested in Northern Ireland. https://www.bitdefender.com/blog/hotforsecurity/ddos-for-hire-site-digitalstress-taken-down-by-police-suspected-owner-arrested/
💼 Cyber firm KnowBe4 hired a fake IT worker from North Korea security news – KnowBe4 discovered a North Korean threat actor posing as a remote IT worker through an elaborate deception involving stolen identities and AI-augmented imagery, prompting an investigation and alerting authorities as part of the response. https://cyberscoop.com/cyber-firm-knowbe4-hired-a-fake-it-worker-from-north-korea/
🏝️ Unfashionably secure: why we use isolated VMs cyber defense – Canary's security architecture relies on isolated VMs for complete customer data separation, safeguarding against unauthorized access and ensuring individual tenant privacy, despite operational drawbacks. https://blog.thinkst.com/2024/07/unfashionably-secure-why-we-use-isolated-vms.html
🥼 Build a Home Lab: Equipment, Tools, and Tips cyber defense – Building a home lab with virtual machines allows for experimentation and learning in a safe environment, emphasizing the importance of commitment over expensive equipment. Fundamental components include network setup, virtual machines, and physical hardware, and key considerations include VM options, equipment needs, and backup strategies. https://www.blackhillsinfosec.com/build-a-home-lab-equipment-tools-and-tips/
🪖 North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs cybercrime – North Korea's Andariel cyber group targets aerospace, nuclear, and defense industries for espionage, using ransomware to fund operations. Known for sophisticated reconnaissance, custom and commodity malware, system manipulation, credential theft, lateral movement, and data exfiltration. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a
🌊 Zero Day Initiative — Multiple Vulnerabilities in the Deep Sea Electronics DSE855 security research – ZDI reported multiple vulnerabilities in Deep Sea Electronics DSE855, prompting no response from the vendor and leading to zero-day disclosure in June. Lack of authentication in configuration backup allowed unauthorized access. https://www.thezdi.com/blog/2024/7/25/multiple-vulnerabilities-in-the-deep-sea-electronics-dse855
🔐 Secure Boot is completely broken on 200+ models from 5 big device makers vulnerability – Cryptographic key underpinning Secure Boot compromised in 2022, allowing an unlimited bypass on over 200 device models from major manufacturers. Serious doubts raised about the integrity of Secure Boot. https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/
🗣️ Microsoft calls for Windows changes and resilience after CrowdStrike outage security news – Microsoft calls for Windows changes for resilience after CrowdStrike outage, considering restricting kernel access for security vendors. https://www.theverge.com/2024/7/26/24206719/microsoft-windows-changes-crowdstrike-kernel-driver
💉 French authorities launch disinfection operation to eradicate PlugX malware from infected hostss security news – French authorities and Europol conduct a 'disinfection operation' against PlugX malware, addressing espionage activities with insights from cybersecurity firm. https://securityaffairs.com/166213/cyber-crime/plugx-malware-disinfection-operation.html
CISA Corner
🧑🏭 CISA Releases Four Industrial Control Systems Advisories vulnerability – CISA issues advisories on current ICS security issues for National Instruments and Hitachi products https://www.cisa.gov/news-events/alerts/2024/07/23/cisa-releases-four-industrial-control-systems-advisories vulnerability – CISA issued advisories for Siemens SICAM and Positron Broadcast Signal Processor. https://www.cisa.gov/news-events/alerts/2024/07/25/cisa-releases-two-industrial-control-systems-advisories
⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog vulnerability – CISA adds two known exploited vulnerabilities to its catalog: CVE-2012-4792 affecting Microsoft Internet Explorer and CVE-2024-39891 affecting Twilio Authy. https://www.cisa.gov/news-events/alerts/2024/07/23/cisa-adds-two-known-exploited-vulnerabilities-catalog
🔒 ISC Releases Security Advisories for BIND 9 security news – ISC released BIND 9 security advisories addressing vulnerabilities that can lead to denial-of-service attacks. https://www.cisa.gov/news-events/alerts/2024/07/24/isc-releases-security-advisories-bind-9
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.