cyberlights โ week 46/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
Highlight
๐ฆ Einladung ins Fediverse: Mastodon als Alternative zu X, Instagram und Co. privacy โ The article invites readers to consider Mastodon as a privacy-friendly alternative to popular social media platforms like X and Instagram, encouraging sharing and engagement through various channels. https://www.kuketz-blog.de/einladung-ins-fediverse-mastodon-als-alternative-zu-x-instagram-und-co/
๐ก๏ธ Kritische Sicherheitslรผcke in Laravel Framework โ Updates verfรผgbar warning โ The article about a critical vulnerability in Laravel is provided by CERT.at, Austria's Computer Emergency Response Team. https://www.cert.at/de/warnungen/2024/11/kritische-sicherheitslucke-in-laravel-framework-updates-verfugbar
News For All
โ Brauchst du wirklich ein VPN? privacy โ The article explores whether a VPN is necessary for online privacy and security, highlighting both its benefits and limitations in protecting personal data. https://www.kuketz-blog.de/brauchst-du-wirklich-ein-vpn/
๐ผ Hacker erbeuten Firmendaten des Statistischen Bundesamtes data breach โ A hacker group has stolen and is selling sensitive data from Germany's Federal Statistical Office, including contact details and access credentials, raising significant privacy concerns. https://www.golem.de/news/cyberangriff-auf-destatis-hacker-erbeuten-firmendaten-des-statistischen-bundesamtes-2411-190805.html
๐ณ 200,000 SelectBlinds customers have their cards skimmed in malware attack data breach โ SelectBlinds revealed a breach affecting over 206,000 customers due to malware on its checkout page, compromising sensitive information, including credit card details. Users are advised to reset passwords and monitor statements. https://www.bitdefender.com/en-us/blog/hotforsecurity/200-000-selectblinds-customers-card-details-skimmed-malware-attack/
๐ These are the passwords you definitely shouldnโt be using security news โ NordPass released its annual list of the most common passwords, revealing a lack of creativity with '123456' topping the chart. Users are urged to create more secure passwords or consider using passkeys. https://www.theverge.com/2024/11/13/24295543/most-common-passwords-list-2024
๐ต๏ธโโ๏ธ The WIRED Guide to Protecting Yourself From Government Surveillance privacy โ With the potential expansion of government surveillance under a new administration, experts recommend various privacy protections, including encrypted communications, device encryption, and careful management of location and financial data. https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/
๐จ Criminals Exploiting FBI Emergency Data Requests cybercrime โ Cybercriminals have exploited compromised police accounts to impersonate law enforcement and request user data, resulting in unauthorized access to sensitive information from companies. This highlights vulnerabilities in lawful-access mechanisms. https://www.schneier.com/blog/archives/2024/11/criminals-exploiting-fbi-emergency-data-requests.html
๐ 'FYI. A Warrant Isnโt Needed': Secret Service Says You Agreed To Be Tracked With Location Data privacy โ Internal emails reveal the Secret Service's debate on needing warrants for location data from apps, claiming users consented through terms of service, despite concerns over illegal usage of the data. https://www.404media.co/fyi-a-warrant-isnt-needed-secret-service-says-you-agreed-to-be-tracked-with-location-data/
๐ Delta, Amazon confirm vendor breach as dark web posts revive MOVEit leak concerns data breach โ Delta and Amazon confirmed that employee data was stolen from a vendor via a MOVEit vulnerability. The leaked data, including contact information, has reignited concerns about previous breaches tied to the Clop ransomware gang. https://therecord.media/delta-amazon-vendor-breach-confirmed
๐๏ธ ICE Started Ramping Up Its Surveillance Arsenal Immediately After Donald Trump Won privacy โ Immediately following Trump's election, ICE sought contracts to enhance surveillance technologies for monitoring non-citizens awaiting deportation, anticipating a dramatic increase in those under surveillance from 200,000 to over 5 million. https://www.wired.com/story/ice-surveillance-contracts-isap/
๐ฑ Safer with Google: New intelligent, real-time protections on Android to keep you safe security news โ The article discusses Google's latest advancements in online security features aimed at enhancing user safety through intelligent systems and real-time protection mechanisms. https://security.googleblog.com/2024/11/new-real-time-protections-on-Android.html
๐ง These Guys Hacked AirPods to Give Their Grandmas Hearing Aids hacking write-up โ Three technologists in India hacked AirPods Pro 2 to enable hearing aid features by creating a Faraday cage to bypass Apple's location restrictions, allowing their grandmothers to use the technology. https://www.wired.com/story/apple-airpods-hearing-aid-hack/
๐ถ Pregnancy Tracking App โWhat to Expectโ Refuses to Fix Issue that Allows Full Account Takeover privacy โ The 'What to Expect' pregnancy tracking app is neglecting serious vulnerabilities, including one enabling full account takeover, which risks exposing users' sensitive reproductive health information amid rising concerns for privacy and safety. https://www.404media.co/pregnancy-tracking-app-what-to-expect-refuses-to-fix-issue-that-allows-full-account-takeover-2/
๐ฌ An Interview With the Target & Home Depot Hacker โ Krebs on Security cybercrime โ Mikhail Shefel, the identity behind the Rescator alias, discusses his role in the Target and Home Depot breaches, his connections to other hackers, and his current financial struggles following legal issues and arrests. https://krebsonsecurity.com/2024/11/an-interview-with-the-target-home-depot-hacker/
๐ค ShrinkLocker Ransomware: What You Need To Know malware โ ShrinkLocker is a new ransomware that uses VBScript and BitLocker to encrypt victims' files, locking them out without providing a password. It changes drive names to an attacker's contact, but Bitdefender offers a free decryption tool. https://www.tripwire.com/state-of-security/shrinklocker-ransomware-what-you-need-know
๐ฌ Scammers resort to physical Swiss post to spread malware cybercrime โ Switzerland's NCSC warns of a new scam where malware is spread through fake letters mimicking official weather alerts. Recipients are tricked into downloading a malicious app containing the Coper trojan, targeting banking information. https://www.theregister.com/2024/11/16/swiss_malware_qr/
Some More, For the Curious
๐ค Newag admits: Dragon Sector hackers did not modify software in Impuls trains I missed this one a few weeks earlier. security news โ Newag's lawsuit against hackers reveals that while they claim no software modifications were made, they still face questions about intentional software locks in their trains. The truth remains elusive. https://rys.io/en/175.html
๐ฆ A new fileless variant of Remcos RAT observed in the wild malware โ Fortinet has identified a phishing campaign distributing a new variant of Remcos RAT, using an Excel document to exploit vulnerabilities and stealthily execute malware, granting attackers remote access. https://securityaffairs.com/170791/security/a-new-fileless-variant-of-remcos-rat-phishing.html
๐ป North Korean-linked hackers were caught experimenting with new macOS malware malware โ Researchers found North Korean hackers embedding malware in macOS applications using an open-source SDK, capable of bypassing Apple's security. The malware shows ties to cryptocurrency intrusions but its use remains uncertain. https://cyberscoop.com/north-korea-macos-malware-flutter-jamf/
โ๏ธ Exploit code released for RCE attack on Citrix VDI solution vulnerability โ Researchers released a PoC exploit for a vulnerability in Citrix's Virtual Apps and Desktops, allowing remote code execution via HTTP requests. Citrix disputes the claim of unauthenticated access, urging users to apply hotfixes. https://www.theregister.com/2024/11/12/http_citrix_vuln/
๐ง Zero Day Initiative โ The November 2024 Security Update Review security news โ Adobe and Microsoft released significant patches in November, addressing numerous vulnerabilities across various products. Key issues include critical RCE flaws in Windows and multiple critical updates from Adobe. https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review
๐ฅผ Inside the DemandScience by Pure Incubation Data Breach data breach โ The article discusses the DemandScience data breach, revealing how personal data was aggregated and sold. It highlights public concerns about data privacy, expectations of notification, and the implications of data misuse. https://www.troyhunt.com/inside-the-demandscience-by-pure-incubation-data-breach/
๐ A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats security research โ The article analyzes the complex ecosystem of Chinese state-sponsored cyber operations, highlighting the roles of the PLA, MSS, and MPS, along with the involvement of private companies and patriotic hackers in cyber offensives. https://blog.sekoia.io/a-three-beats-waltz-the-ecosystem-behind-chinese-state-sponsored-cyber-threats/
๐ China's Volt Typhoon botnet has re security research โ The Volt Typhoon botnet has resurfaced, using the same infrastructure and techniques to target critical infrastructure in the U.S. and Guam. Despite previous disruptions, it remains a significant threat, exploiting outdated devices. https://securityaffairs.com/170872/apt/volt-typhoon-botnet-has-re-emerged.html
๐ NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely security news โ NIST announced it has cleared a backlog of unanalyzed exploited vulnerabilities with support from CISA and the private sector. However, it will not meet its goal of clearing all vulnerabilities by year-end due to data processing challenges. https://therecord.media/nist-vulnerability-backlog-cleared-cisa
๐ฐ Crimeware and financial predictions for 2025 security news โ Kaspersky's report predicts an increase in AI-powered cyberattacks, supply chain attacks, and financial threats targeting central banks and smartphones in 2025, highlighting evolving tactics in the crimeware landscape. https://securelist.com/ksb-financial-and-crimeware-predictions-2025/114565/
๐ Good Essay on the History of Bad Password Policies security research โ Stuart Schechter discusses the history of ineffective password policies, highlighting mistakes made by Morris and Thompson in assuming that their interventions would lead to strong passwords without adequate testing or metrics. https://www.schneier.com/blog/archives/2024/11/good-essay-on-the-history-of-bad-password-policies.html
๐ NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents security news โ Court documents reveal NSO Group cut off 10 customers for abusing its Pegasus spyware, which exploited WhatsApp vulnerabilities. The revelations raise concerns about NSO's operations and the use of its tools against individuals, including high-profile targets. https://techcrunch.com/2024/11/15/nso-group-admits-cutting-off-10-customers-because-they-abused-its-pegasus-spyware-say-unsealed-court-documents/
๐ชช Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation cyber defense โ Misconfigurations in Active Directory Certificate Services can lead to serious vulnerabilities, enabling attackers to gain unauthorized access and escalate privileges within a domain. https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-fortifying-active-directory-certificate-services-adcs-against-exploitation/
CISA Corner
๐ 2023 Top Routinely Exploited Vulnerabilities security news โ A joint advisory from cybersecurity agencies highlights an increase in zero-day vulnerabilities exploited in 2023, urging software developers and end-users to implement secure practices and timely patching to mitigate risks. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
โ ๏ธ CISA Adds Five Known Exploited Vulnerabilities to Catalog warning โ CISA has included five new vulnerabilities in Atlassian Jira, Cisco ASA, Metabase GeoJSON and Microsoft Windows to its Known Exploited Vulnerabilities Catalog, emphasizing their active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-adds-five-known-exploited-vulnerabilities-catalog โ ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ CISA has included two new vulnerabilities in its Known Exploited Vulnerabilities Catalog: CVE-2024-9463 and CVE-2024-9465, both related to Palo Alto Networks Expedition, highlighting significant risks to federal networks. https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-adds-two-known-exploited-vulnerabilities-catalog
๐ญ CISA Releases Nineteen Industrial Control Systems Advisories vulnerability โ CISA has published nineteen advisories addressing security vulnerabilities in Industrial Control Systems. Siemens, Rockwell, Hitachi, 2N, Elvaco, Baxter https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-releases-nineteen-industrial-control-systems-advisories ๐ญ CISA Releases Five Industrial Control Systems Advisories vulnerability โ CISA has published five advisories detailing security vulnerabilities and exploits related to various Industrial Control Systems. Subnet, Hitachi, Rockwell, Mitsubishi, Snap One https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-releases-five-industrial-control-systems-advisories
๐ Fortinet Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/fortinet-releases-security-updates-multiple-products ๐ก๏ธ Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/adobe-releases-security-updates-multiple-products ๐ Microsoft Releases November 2024 Security Updates https://www.cisa.gov/news-events/alerts/2024/11/12/microsoft-releases-november-2024-security-updates ๐ง Ivanti Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/ivanti-releases-security-updates-multiple-products ๐ Citrix Releases Security Updates for NetScaler and Citrix Session Recording https://www.cisa.gov/news-events/alerts/2024/11/12/citrix-releases-security-updates-netscaler-and-citrix-session-recording
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.