cyberlights – week 37/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.
News For All
🕸️ Google’s dark web monitoring service will soon be free for all users privacy – Google is making its dark web monitoring service available for all users, enhancing privacy protection by alerting individuals to potential leaks of their personal information. https://www.theverge.com/2024/7/9/24194970/google-one-free-dark-web-monitoring
🧞♀️ What You Need to Know About Grok AI and Your Privacy privacy – Grok AI, integrated with X, raises privacy concerns by automatically using user data for training. Users can opt out, but awareness of data sharing settings is crucial for protecting privacy. https://www.wired.com/story/grok-ai-privacy-opt-out/
🚗 Thousands of Avis car rental customers had personal data stolen in cyberattack data breach – Avis has reported a cyberattack affecting nearly 300,000 customers, with stolen data including names, addresses, and driver’s license numbers. The breach raises concerns about data security practices. https://techcrunch.com/2024/09/09/thousands-of-avis-car-rental-customers-had-personal-data-stolen-in-cyberattack/
💳 1.7M potentially pwned by payment services provider breach data breach – Slim CD has notified around 1.7 million customers of a data breach affecting credit card information and personal details, detected nearly a year after the initial intrusion. https://www.theregister.com/2024/09/09/slim_cd_breach/
📢 Ford seeks patent for tech that listens to driver conversations to serve ads privacy – Ford is pursuing a patent for technology that tailors in-car ads by listening to conversations and analyzing vehicle data, raising privacy concerns over data protection measures. https://therecord.media/ford-patent-application-in-vehicle-listening-advertising
1️⃣ WhatsApp 'View Once' could be 'View Whenever' due to a flaw security news – A flaw in WhatsApp's 'View Once' feature allows recipients to bypass privacy controls, enabling media to be saved and shared despite intended restrictions. A fix is reportedly in progress. https://www.theregister.com/2024/09/09/whatsapp_view_once_flaw/
💸 Crypto scams rake in $5.6B a year for lowlifes, FBI says cybercrime – The FBI reports that crypto-related scams cost Americans over $5.6 billion in 2023, with a sharp rise in investment scams targeting older individuals. Victims often lose money to fraudulent schemes and recovery scams. https://www.theregister.com/2024/09/10/crypto_scams_rake_in_56/
🚫 In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram cybercrime – Following the arrest of Telegram's founder, many cybercriminals are abandoning the platform over fears that user data may be shared with authorities, impacting their operations. https://www.404media.co/in-wake-of-durov-arrest-some-cybercriminals-ditch-telegram/
💔 You paid the ransom, and now the decryptor doesn't work security news – Organizations paying ransoms for Hazard ransomware found that the provided decryptor failed to work, highlighting the risks of relying on criminals for data recovery post-breach. https://www.theregister.com/2024/09/11/ransomware_decryptor_not_working/
💵 TD Bank fined $28 million for sharing inaccurate and negative data on customers privacy – TD Bank has been fined $28 million by the CFPB for sharing incorrect negative data about customers, harming their ability to obtain credit and employment. Nearly $8 million will go to affected consumers. https://therecord.media/td-bank-fined-28-million-cfpb-data-sharing
🚨 Stalker Allegedly Created AI Chatbot on NSFW Platform to Dox and Harass Woman cybercrime – A Massachusetts man, James Florence Jr., was arrested for stalking and harassing a professor for seven years, using AI to create fake nudes and chatbots that shared her personal information online. https://www.404media.co/stalker-allegedly-created-ai-chatbot-on-nsfw-platform-to-dox-and-harass-woman/
🏥 Healthcare giant settles patient data theft lawsuit for $65M data breach – Lehigh Valley Health Network will pay $65 million to settle a lawsuit after a ransomware attack by the ALPHV gang exposed sensitive data, including nude photographs of patients. https://www.theregister.com/2024/09/12/lvhn_lawsuit_ransom/
🚔 British teen arrested over cyberattack on London transportation agency security news – A 17-year-old was arrested for a cyberattack on Transport for London, which compromised customer data including names and bank details. The agency continues to address the ongoing security incident. https://cyberscoop.com/british-teen-arrested-over-cyberattack-on-london-transportation-agency/
📺 Vo1d malware infected 1.3M Android malware – The Vo1d malware has infected 1.3 million Android TV boxes across 197 countries, acting as a backdoor to allow secret software installations, primarily targeting devices with outdated OS versions. https://securityaffairs.com/168342/malware/vo1d-android-malware-tv-boxes.html
🚸 Tennessee school district loses $3.4 million to a fake curriculum vendor cybercrime – A Tennessee school district lost $3.36 million after an employee was tricked by a fraudulent email impersonating Pearson, leading to unauthorized wire transfers for online curriculum materials. https://therecord.media/tennessee-school-district-loses-3-million-bec-scam
💰 23andMe agrees to pay $30 million to settle lawsuit over massive data breach data breach – 23andMe will pay $30 million to settle a class-action lawsuit stemming from a 2023 data breach that exposed over 6.9 million customers, particularly targeting users with specific heritage. https://www.theverge.com/2024/9/13/24243986/23andme-settlement-dna-data-breach-lawsuit
🔍 Yubikey Key Vulnerability – How It Affects You vulnerability – Yubico's new vulnerability may allow key extraction but requires physical access and a PIN. Most users are safe, though high-security organizations should reconsider attestation trust. https://fy.blackhats.net.au/blog/2024-09-09-yubikey-key-vulnerability/
Some More, For the Curious
🦁 Predator spyware operation is back with a new infrastructure cybercrime – Researchers report a resurgence of Predator spyware, utilizing new infrastructure to evade detection after U.S. sanctions against its developers. The spyware poses significant risks to high-profile targets. https://securityaffairs.com/168222/intelligence/predator-spyware-new-infrastructure.html
📡 Gap Computers by Spelling Covert Radio Signals from Computer RAM security research – This research reveals how malware can leak sensitive data from air-gapped computers by emitting covert radio signals. https://arxiv.org/abs/2409.02292
🔧 Zero Day Initiative — The September 2024 Security Update Review security news – September updates from Adobe and Microsoft address multiple critical vulnerabilities across various products, including code execution and security feature bypasses, highlighting urgent patching needs. https://www.thezdi.com/blog/2024/9/10/the-september-2024-security-update-review
🛡️ Taking steps that drive resiliency and security for Windows customers security news – At a recent summit, Microsoft and security vendors discussed enhancing Windows endpoint security and resilience, emphasizing collaboration and transparency to combat modern threats effectively. https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/
📊 CISA Releases Analysis of FY23 Risk and Vulnerability Assessments security research – CISA's latest analysis reveals insights from 143 Risk and Vulnerability Assessments, illustrating attack paths and mapping threat actor behaviors to the MITRE ATT&CK® framework. https://www.cisa.gov/news-events/alerts/2024/09/13/cisa-releases-analysis-fy23-risk-and-vulnerability-assessments
©️ New Chrome Zero-Day vulnerability – Microsoft researchers report that North Korean hackers are exploiting a Chrome zero-day vulnerability to steal cryptocurrency, highlighting ongoing security risks. https://www.schneier.com/blog/archives/2024/09/new-chrome-zero-day.html
📍 Rogue WHOIS server gives researcher superpowers no one should ever have security research – Security researcher Benjamin Harris exploited a defunct WHOIS server, gaining the ability to issue counterfeit HTTPS certificates and track emails, raising concerns about misplaced trust in the WHOIS system. https://arstechnica.com/?p=2048683
🔑 As quantum computing threats loom, Microsoft updates its core crypto library security news – Microsoft has updated its SymCrypt library with two new encryption algorithms designed to resist quantum computing attacks, marking the beginning of a major overhaul to enhance cryptographic security. https://arstechnica.com/?p=2049244
🔮 Mastercard buys Recorded Future for $2.65 billion security news – Mastercard has announced its acquisition of cybersecurity firm Recorded Future for $2.65 billion, aiming to enhance its cybersecurity services and threat intelligence capabilities. https://cyberscoop.com/mastercard-buys-recorded-future/
👺 Monitoring High Risk Azure Logins cyber defense – After a potential business email compromise, the SOC investigated high-risk logins via Azure AD Identity Protection, focusing on user behavior and multi-factor authentication to detect compromised accounts. https://www.blackhillsinfosec.com/monitoring-high-risk-azure-logins/
🗣️ Microsoft is building new Windows security features to prevent another CrowdStrike incident security news – Microsoft plans to enhance Windows security features following a CrowdStrike incident that affected millions of systems, aiming to move security vendors out of the Windows kernel for better reliability. https://www.theverge.com/2024/9/12/24242947/microsoft-windows-security-kernel-access-features-crowdstrike
🧱 Fortinet confirms customer data breach data breach – Fortinet has confirmed a data breach affecting less than 0.3% of its customers, with files accessed from a third-party cloud drive, potentially impacting around 1,500 corporate clients. https://techcrunch.com/2024/09/13/fortinet-confirms-customer-data-breach/
⚖️ ‘Terrorgram’ Charges Show US Has Had Tools to Crack Down on Far-Right Terrorism All Along security news – The indictment of two members of the Terrorgram Collective reveals a shift in U.S. law enforcement's approach to far-right terrorism, utilizing a rarely applied legal strategy to address violent extremism and inspire future attacks. https://www.wired.com/story/terrorgram-collective-indictments/
👉 US accuses RT, others of covert arms dealing, global influence operations security news – The U.S. has sanctioned RT for operating a crowdfunding site that allegedly funneled weapons to Russian soldiers, revealing ties to Russian intelligence and efforts to influence global elections. https://cyberscoop.com/rt-arms-dealing-global-influence-operations/
⚓ Port of Seattle refuses to pay Rhysida ransom, warns of data leak cybercrime – The Port of Seattle declined to pay a ransom to the Rhysida ransomware group, which caused disruptions at the airport and seaport, warning of potential data leaks while restoring affected systems. https://therecord.media/seattle-port-rhysida-ransom-refused
💣 A Creative Trick Makes ChatGPT Spit Out Bomb-Making Instructions security research – An artist tricked ChatGPT into providing bomb-making instructions by framing the request within a science-fiction narrative, exploiting the AI's storytelling context to bypass safety restrictions. https://www.wired.com/story/chatgpt-jailbreak-homemade-bomb-instructions/
CISA Corner
⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability – CISA has added three vulnerabilities to its catalog, highlighting risks to federal networks due to active exploitation. Agencies must address these threats to enhance cybersecurity. https://www.cisa.gov/news-events/alerts/2024/09/09/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog vulnerability – CISA has added four new Microsoft vulnerabilities to its catalog, highlighting serious risks due to active exploitation and urging federal agencies to address them promptly. https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA has included a new Ivanti vulnerability in its catalog, emphasizing the significant risks it poses to federal networks due to active exploitation. https://www.cisa.gov/news-events/alerts/2024/09/13/cisa-adds-one-known-exploited-vulnerability-catalog
🏭 CISA Releases Four Industrial Control Systems Advisories warning – CISA has issued four advisories addressing vulnerabilities in Industrial Control Systems, urging users to review them for crucial security information and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-releases-four-industrial-control-systems-advisories
🆙 Citrix Releases Security Updates for Citrix Workspace App for Windows vulnerability – Citrix has issued security updates for its Workspace App for Windows to fix multiple vulnerabilities that could allow attackers to take control of affected systems. https://www.cisa.gov/news-events/alerts/2024/09/10/citrix-releases-security-updates-citrix-workspace-app-windows 🆙 Ivanti Releases Security Updates for Endpoint Manager, Cloud Service Application, and Workspace Control vulnerability – Ivanti has released updates to fix multiple vulnerabilities in its Endpoint Manager and Cloud Service Application, which could potentially allow attackers to take control of affected systems. https://www.cisa.gov/news-events/alerts/2024/09/10/ivanti-releases-security-updates-endpoint-manager-cloud-service-application-and-workspace-control
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.