📰wrzlbrmpft's cyberlights💥

cyberlights – week 50/2024

December 15, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

🛡️ Microsoft Recall screenshots credit cards and Social Security numbers, even with the “sensitive information” filter enabled privacy – Microsoft's Recall feature, designed to capture screenshots, fails to adequately filter sensitive information like credit card numbers and Social Security numbers, raising privacy concerns despite encryption efforts. https://www.tomshardware.com/software/windows/microsoft-recall-screenshots-credit-cards-and-social-security-numbers-even-with-the-sensitive-information-filter-enabled

🏡 OpenWrt supply chain attack scare prompts urgent upgrades vulnerability – OpenWrt users are urged to upgrade their firmware to mitigate a potential supply chain attack involving command injection and weak hash vulnerabilities that could allow attackers to serve malicious images. https://www.theregister.com/2024/12/09/openwrt_firmware_vulnerabilities/

🔒 WhatsApp patches View Once flaw exposing vanishing media security news – WhatsApp has fixed a vulnerability in its View Once feature, which allowed disappearing media to be accessed through web clients and rogue browser extensions, undermining user privacy. https://www.theregister.com/2024/12/10/whatsapp_view_once/

🛡️ EU cybersecurity rules for smart devices enter into force security news – The EU's Cyber Resilience Act has come into effect, imposing security obligations on manufacturers of connected devices, requiring them to provide updates and ensure compliance by December 2027. https://techcrunch.com/2024/12/10/eu-cybersecurity-rules-for-smart-devices-enter-into-force/

💰 3AM Ransomware: What You Need To Know malware – 3AM is a ransomware group that exfiltrates and encrypts data, using Rust for speed. Notably linked to LockBit, it threatens victims with data leaks unless a ransom is paid. https://www.tripwire.com/state-of-security/3am-ransomware-what-you-need-know

🚨 Location Data Firm Offers to Help Cops Track Targets via Doctor Visits privacy – Fog Data Science is proposing to assist police in tracking individuals by using location data linked to their doctors' offices, raising privacy concerns amidst increasing surveillance of healthcare visits. https://www.404media.co/location-data-firm-offers-to-help-cops-track-targets-via-doctor-visits/

💸 French internet operator fined $53 million for unsolicited ads and tracking users without consent privacy – France's CNIL fined Orange S.A. $53 million for sending unsolicited ads and tracking users without consent, violating data protection laws, despite the company claiming the practices were standard. https://therecord.media/french-internet-operator-fined-53-million-unsolicited-ads-tracking

🎄 Network security best practices for the holidays security news – As cyber threats rise during the holidays, ensure your network is secure by updating infrastructure, shutting down non-essential systems, and implementing multi-factor authentication to protect against attacks. https://news.sophos.com/en-us/2024/12/10/network-security-best-practices-for-the-holidays/

🔑 How easily access cards can be cloned and why your PACS might be vulnerable hacking write-up – Access cards can be easily cloned due to vulnerabilities in Physical Access Control Systems (PACS). Proper configuration and secure tokens are essential to protect against cloning threats. https://www.pentestpartners.com/security-blog/how-easily-access-cards-can-be-cloned-and-why-your-pacs-might-be-vulnerable/

👍 Patch Tuesday, December 2024 Edition security news – Microsoft patched at least 70 security vulnerabilities, including a zero-day exploit (CVE-2024-49138) in the Windows CLFS driver that allows attackers to gain system privileges. Users are urged to update systems. https://krebsonsecurity.com/2024/12/patch-tuesday-december-2024-edition/

💵 How Cryptocurrency Turns to Cash in Russian Banks – Krebs on Security cybercrime – Research reveals that a Canadian firm, Cryptomus, acts as a payment processor for Russian cryptocurrency exchanges, enabling cash conversion for cybercrime services and evasion of sanctions against Russia. https://krebsonsecurity.com/2024/12/how-cryptocurrency-turns-to-cash-in-russian-banks/

🚫 Mozilla removing Do Not Track option from Firefox 135 privacy – Mozilla will remove the Do Not Track feature from Firefox 135 due to its ineffectiveness, directing users to utilize the Global Privacy Control instead, which aims to enhance online privacy. https://www.theregister.com/2024/12/12/firefox_do_not_track/

🛑 27 DDoS-For-Hire Services Disrupted In Run-Up To Holiday Season cybercrime – Operation PowerOFF, involving law enforcement from 15 countries, has disrupted 27 DDoS-for-hire services ahead of the holiday season, arresting several individuals and aiming to deter cybercriminal activity. https://www.tripwire.com/state-of-security/27-ddos-hire-services-disrupted-run-holiday-season

🚙 Researchers find security flaws in Skoda cars that may let hackers remotely track them vulnerability – Security researchers identified 12 vulnerabilities in Skoda Superb III's infotainment system that could allow hackers to track vehicles and execute malicious code via Bluetooth without authentication. https://techcrunch.com/2024/12/12/researchers-find-security-flaws-in-skoda-cars-that-may-let-hackers-remotely-track-them/

🔝 The Top Ten List of Why You Got Hacked This Year (2023/2024) security news – An analysis of penetration testing findings reveals the top reasons for security breaches, including lack of firewall restrictions, weak protocols, outdated web applications, social engineering, and poor password policies. https://www.blackhillsinfosec.com/top-ten-list-of-why-you-got-hacked-this-year-2023-2024/

📦 Critical WordPress plugin vulnerability under active exploit threatens thousands vulnerability – A critical vulnerability (CVE-2024-11972) in the Hunk Companion WordPress plugin, affecting over 10,000 sites, is actively exploited for unauthenticated code execution, with only 12% of users having applied the patch. https://arstechnica.com/security/2024/12/thousands-of-sites-remain-unpatched-against-actively-exploited-wordpress-plugin-bug/

🪙 Cleo urges customers to ‘immediately’ apply new patch as researchers discover new malware vulnerability – Cleo has urged users to apply a new patch for a critical vulnerability in its file sharing products, following reports of ongoing exploitation and the discovery of a new malware family, Malichus. https://therecord.media/cleo-urges-customers-to-immediately-patch-systems-after-exploitation

💰 Game-like ‘task scams’ stole more than $220 million in six months cybercrime – The FTC warns about game-like online job scams that have stolen over $220 million in six months, accounting for 40% of scam reports this year. Victims are often tricked into paying scammers under false promises of income. https://www.theverge.com/2024/12/13/24320391/ftc-task-scams-spotlight-warning

🔑 The Simple Math Behind Public Key Cryptography security news – Public key cryptography uses a pair of keys—one public and one private—to secure communications, relying on mathematical trapdoor functions that are easy to compute one way but difficult to reverse, ensuring data security against unauthorized access. https://www.wired.com/story/how-public-key-cryptography-really-works-using-only-simple-math/

Some More, For the Curious

🔒 Mitigating NTLM Relay Attacks by Default cyber defense – Microsoft has enhanced security by enabling Extended Protection for Authentication (EPA) by default in Exchange Server and other services to combat NTLM relay attacks, protecting users' identities. https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/

⚠️ Cleo Harmony, VLTrader, and LexiCom – RCE via Arbitrary File Write (CVE-2024-50623) vulnerability – A zero-day exploit in Cleo's file transfer software allows attackers to execute remote code via arbitrary file write. Patched versions still vulnerable; urgent updates are needed. https://labs.watchtowr.com/cleo-cve-2024-50623/

💻 Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows malware – A new cross-platform malware named Meeten targets crypto users via AI-generated scams, stealing sensitive information from macOS and Windows systems through deceptive downloads. https://www.cadosecurity.com/blog/meeten-malware-threat

🎭 Malicious Maven Package Impersonating 'XZ for Java' Library ... security research – A malicious Maven package impersonating the legitimate XZ for Java library introduces a backdoor for remote command execution, posing significant risks to Java applications and supply chains. https://socket.dev/blog/malicious-maven-package-impersonating-xz-for-java-library

🚨 Stark gestiegenes Aufkommen an Microsoft Remote Desktop Protokoll (RDP) Scanning warning – A significant surge in Microsoft Remote Desktop Protocol (RDP) scanning has been observed, particularly targeting port 1098. It's advised to restrict RDP access to enhance security. https://www.cert.at/de/aktuelles/2024/12/stark-gestiegenes-aufkommen-an-microsoft-remote-desktop-protokoll-rdp-scanning

💥 AMD’s trusted execution environment blown wide open by new BadRAM attack vulnerability – Researchers revealed the BadRAM attack, which exploits vulnerabilities in AMD's Secure Encrypted Virtualization, allowing physical access to bypass protections and compromise sensitive data in virtual machines. https://arstechnica.com/information-technology/2024/12/new-badram-attack-neuters-security-assurances-in-amd-epyc-processors/

🔧 Ivanti fixed a maximum severity vulnerability in its CSA solution vulnerability – Ivanti addressed a critical authentication bypass vulnerability (CVE-2024-11639) in its Cloud Services Appliance, allowing remote attackers to gain administrative access. Additional SQL injection vulnerabilities were also fixed in version 5.0.3. https://securityaffairs.com/171850/breaking-news/ivanti-maximum-severity-flaw-csa-solution.html

📊 Latest round of MITRE ATT&CK evaluations put cybersecurity products through rigors of ransomware security news – MITRE's latest ATT&CK evaluations assessed 19 vendors against ransomware tactics, revealing disparities in detection rates and false positives. The inclusion of macOS threats highlighted evolving security challenges. https://cyberscoop.com/mitre-attack-evaluations-ransomware-macos/

👁️ Researchers uncover Chinese spyware used to target Android devices security research – Researchers at Lookout revealed EagleMsgSpy, a Chinese spyware tool used by law enforcement to collect extensive data from Android devices, including messages and location information, potentially posing risks to travelers. https://techcrunch.com/2024/12/11/researchers-uncover-chinese-spyware-used-to-target-android-devices/

🤞 The evolution and abuse of proxy networks cybercrime – Proxy networks have evolved from privacy tools like VPNs and TOR to being exploited by cybercriminals and state-sponsored actors for malicious activities, including DDoS attacks and espionage, posing challenges for defenders. https://blog.talosintelligence.com/the-evolution-and-abuse-of-proxy-networks/

🔍 Zero Day Initiative — SolarWinds Access Rights Manager: One Vulnerability to LPE Them All vulnerability – Research revealed multiple vulnerabilities in SolarWinds Access Rights Manager, including pre-auth arbitrary file deletion that could allow attackers to escalate privileges remotely on Windows machines, particularly if using a Domain Admin account. https://www.thezdi.com/blog/2024/12/11/solarwinds-access-rights-manager-one-vulnerability-to-lpe-them-all

🔒 Google says its breakthrough quantum chip can’t break modern cryptography security news – Google's Willow quantum chip, while powerful, is not capable of breaking modern cryptography. Experts estimate it will take millions of qubits and at least a decade to potentially crack RSA encryption. https://www.theverge.com/2024/12/12/24319879/google-willow-cant-break-rsa-cryptography

📊 Common Vulnerability Scoring System (CVSS) security news – The Common Vulnerability Scoring System (CVSS) is a standardized framework used to assess the severity of software vulnerabilities, providing a numerical score to help organizations prioritize their responses. https://vulncheck.com/blog/common-vulnerability-scoring-system

⛓️‍💥 Ultralytics Supply-Chain Attack security research – A supply-chain attack on the Ultralytics AI library led to a malicious version being published on PyPI, which downloaded a coinminer. Experts recommend improving security configurations for package publishers. https://www.schneier.com/blog/archives/2024/12/ultralytics-supply-chain-attack.html

🔍 XRefer: The Gemini-Assisted Binary Navigator security research – Mandiant introduces XRefer, a tool designed to assist malware analysts by providing cluster-based navigation and context-aware views for understanding complex binaries, enhancing efficiency in reverse engineering. https://cloud.google.com/blog/topics/threat-intelligence/xrefer-gemini-assisted-binary-navigator/

⛳ German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox malware – BSI has disrupted a botnet of 30,000 infected devices running BadBox malware, blocking communication and preventing further exploitation. Outdated Android versions are at risk. https://securityaffairs.com/171968/malware/bsi-sinkholed-badbox-botnet.html

CISA Corner

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-49138, a heap-based buffer overflow vulnerability in Microsoft Windows CLFS Driver, to its Known Exploited Vulnerabilities Catalog due to active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/12/10/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-50623, an unrestricted file upload vulnerability affecting Cleo products, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, highlighting significant risks for federal agencies. https://www.cisa.gov/news-events/alerts/2024/12/13/cisa-adds-one-known-exploited-vulnerability-catalog

🔒 Microsoft Releases December 2024 Security Updates security news – Microsoft has issued security updates for various products to fix vulnerabilities that could allow cyber attackers to take control of affected systems. Users are urged to apply the updates promptly. https://www.cisa.gov/news-events/alerts/2024/12/10/microsoft-releases-december-2024-security-updates 🔒 Ivanti Releases Security Updates for Multiple Products security news – Ivanti has issued security updates for several products, including Ivanti Cloud Service Application and Ivanti Connect Secure, urging users to review advisories and apply necessary updates. https://www.cisa.gov/news-events/alerts/2024/12/10/ivanti-releases-security-updates-multiple-products 🔒 Adobe Releases Security Updates for Multiple Products security news – Adobe has issued security updates for several products, including Acrobat and Illustrator, to fix vulnerabilities that could allow cyber attackers to take control of affected systems. https://www.cisa.gov/news-events/alerts/2024/12/10/adobe-releases-security-updates-multiple-products 🔒 Apple Releases Security Updates for Multiple Products security news – Apple has issued security updates for various products to fix vulnerabilities that could allow cyber attackers to take control of affected systems. Users are urged to review advisories and apply updates promptly. https://www.cisa.gov/news-events/alerts/2024/12/12/apple-releases-security-updates-multiple-products

⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA has issued seven advisories on ICS vulnerabilities, including products from MOBATIME, Schneider Electric, National Instruments, and Rockwell Automation, urging users to review for mitigations. https://www.cisa.gov/news-events/alerts/2024/12/10/cisa-releases-seven-industrial-control-systems-advisories ⚙️ CISA Releases Ten Industrial Control Systems Advisories vulnerability – CISA has published ten advisories addressing vulnerabilities in various Siemens Industrial Control Systems, urging users to review the advisories for technical details and necessary mitigations. https://www.cisa.gov/news-events/alerts/2024/12/12/cisa-releases-ten-industrial-control-systems-advisories

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 49/2024

December 8, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

🤖 How threat actors can use generative artificial intelligence? cybercrime – Generative AI is increasingly exploited by cybercriminals for phishing, deepfakes, and disinformation campaigns, posing significant risks in cybersecurity. https://securityaffairs.com/171582/uncategorized/how-threat-actors-can-use-generative-artificial-intelligence.html

🔍 Are You Being Tracked by an AirTag? Here’s How to Check privacy – To check for unwanted AirTag tracking, iPhone users should enable notifications and scan for unknown devices, while Android users can use the Tracker Detect app. If found, remove the battery and contact authorities if necessary. https://www.wired.com/story/how-to-find-airtags/

🪧 Indian online ID verification firm Signzy confirms security incident data breach – Signzy, a major online ID verification provider, confirmed a cyberattack impacting its services for financial institutions. Although some client data was briefly visible online, many customers report no data compromise. https://techcrunch.com/2024/12/02/indian-online-id-verification-firm-signzy-confirms-security-incident/

📳 Small number of vulnerabilities patched in last Android security update of 2024 security news – Google's December 2024 Android Security Bulletin addresses several vulnerabilities, including a high-severity flaw (CVE-2024-43767) allowing remote code execution. Patches are provided to partners for various Android components. https://cyberscoop.com/android-security-update-december-2024/

🚫 Certain names make ChatGPT grind to a halt, and we know why security research – ChatGPT encounters issues when certain names are mentioned due to hard-coded filters, likely stemming from past defamation lawsuits. This can hinder user experience and raise concerns about adversarial attacks. https://arstechnica.com/information-technology/2024/12/certain-names-make-chatgpt-grind-to-a-halt-and-we-know-why/

👯 Apple patents system for identifying people when facial scans aren’t enough privacy – Apple's newly approved patent describes a system that enhances facial recognition with body characteristics like gait and clothing to identify individuals even in unclear video feeds. https://therecord.media/apple-patent-body-recognition-biometrics

💼 Xerox, Nokia, BofA, Morgan Stanley's employees data dumped data breach – A massive data breach linked to the MOVEit vulnerability has exposed personal data of hundreds of thousands of employees from companies like Xerox, Nokia, Bank of America, and Morgan Stanley, posing risks for social engineering attacks. https://www.theregister.com/2024/12/03/760k_xerox_nokia_bofa_morgan/

🛑 Data brokers may be banned from selling your social security number privacy – The CFPB proposes a rule to limit data brokers from selling sensitive personal information, including Social Security numbers, requiring compliance with the Fair Credit Reporting Act and explicit consumer consent for data sharing. https://www.theverge.com/2024/12/3/24311498/cfpb-rule-data-brokers-social-security-number-fico-score

⬆️ North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets cybercrime – North Korean hackers are using false identities to pose as remote IT workers and venture capitalists to steal cryptocurrency and sensitive information, employing sophisticated tactics to infiltrate unsuspecting companies. https://www.bitdefender.com/en-us/blog/hotforsecurity/north-korean-hackers-masquerade-as-remote-it-workers-and-venture-capitalists-to-steal-crypto-and-secrets

🔗 Why Phishers Love New TLDs Like .shop, .top and .xyz cybercrime – Phishing attacks surged nearly 40% due to new generic top-level domains (gTLDs) like .shop and .xyz, which offer cheap registration and minimal verification, making them attractive to scammers. New research highlights the need for stricter regulations. https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/

📊 Your Bluesky Posts Are Probably In A Bunch of Datasets Now privacy – Bluesky posts are being scraped into large datasets for machine learning, sparking controversy over consent and privacy. Multiple datasets, including one with 298 million posts, have emerged, raising ethical and legal concerns. https://www.404media.co/bluesky-posts-machine-learning-ai-datasets-hugging-face/

🚗 ‘A Total Meltdown’: Black Friday Zipcar Outage Strands Customers in Random Places security news – A Zipcar outage on Black Friday stranded customers nationwide, locking them out of rented cars and leading to surprise charges. The company attributed the issue to increased site traffic and SMS service problems. https://www.404media.co/a-total-meltdown-black-friday-zipcar-outage-strands-customers-in-random-places/

🌐 Finland says latest fiber-optic cable break was an accident, not sabotage security news – Finland's police confirmed that the recent damage to two fiber-optic cables was accidental, caused by excavation work, not sabotage. The incident led to a major internet outage affecting 6,000 customers and 100 businesses. https://therecord.media/finland-sweden-cable-accident-not-malicious

🚫 Two data brokers banned from selling ‘sensitive’ location data by the FTC privacy – The FTC has banned Gravy Analytics and Mobilewalla from selling sensitive location data, citing violations that put millions of Americans at risk by enabling tracking to sensitive sites. The companies must comply with strict data handling regulations. https://www.theverge.com/2024/12/3/24312313/ftc-bans-sensitive-location-data-brokers-gravy-analytics-venntel-mobilewalla

💬 Eurocops red pill the Matrix 'secure' criminal chat systems cybercrime – French and Dutch police have dismantled the Matrix chat app, a secure messaging tool for criminals, after infiltrating its servers. The operation yielded 2.3 million messages related to criminal activities and resulted in multiple arrests. https://www.theregister.com/2024/12/04/eurocop_crack_matrix/

💻 Tech Support Scams Exploit Google Ads to Target Users cybercrime – Cybercriminals are using Google Ads for tech support scams, manipulating search results to display malicious ads impersonating legitimate companies like PayPal and Netflix. https://www.tripwire.com/state-of-security/tech-support-scams-exploit-google-ads-target-users

🗳️ AI and the 2024 Elections security news – In the unprecedented 2024 elections, AI played a significant role, with both beneficial and harmful applications observed. While AI-assisted campaigns helped connect with voters, misinformation and deepfakes raised concerns about electoral integrity. https://www.schneier.com/blog/archives/2024/12/ai-and-the-2024-elections.html

🔒 U.S. Offered $10M for Hacker Just Arrested by Russia cybercrime – Mikhail Matveev, known as 'Wazawaka,' was arrested by Russian authorities after being indicted by the U.S. for ransomware activities. The arrest raises questions about motivations behind the move, with experts suggesting it could be linked to local corruption and financial pressures. https://krebsonsecurity.com/2024/12/u-s-offered-10m-for-hacker-just-arrested-by-russia/

🎭 Deepfake YouTube Ads of Celebrities Promise to Get You ‘Rock Hard’ security news – YouTube ran ads featuring deepfaked celebrities like Schwarzenegger and Stallone promoting erectile dysfunction supplements. These misleading ads, using AI-generated voices, have been removed after being flagged for false endorsements. https://www.404media.co/deepfake-youtube-ads-of-celebrities-promise-to-get-you-rock-hard/

🚔 Authorities shut down Crimenetwork, the Germany's largest crime marketplace cybercrime – German authorities have dismantled Crimenetwork, the largest German-speaking underground marketplace for illegal goods, arresting an administrator and seizing €1 million in assets. The platform facilitated extensive criminal activities since 2012. https://securityaffairs.com/171658/cyber-crime/german-authorities-shut-down-crimenetwork.html

🫥 US officials recommend encrypted messaging to evade hackers in telecom networks security news – FBI and CISA officials advise Americans to use encrypted messaging apps to protect communications from hackers linked to the Chinese group Salt Typhoon, who may still access U.S. telecom networks. https://www.theverge.com/2024/12/4/24313187/encrypted-apps-salt-typhoon-hack-telecom-fbi-cisa

🔍 $1 phone scanner finds seven Pegasus spyware infections privacy – iVerify's $1 diagnostic tool detected seven instances of Pegasus spyware among 2,500 scans, indicating a broader scope of spyware use beyond just targeting activists. The findings challenge the narrative that commercial spyware is only used against a select few. https://arstechnica.com/security/2024/12/1-phone-scanner-finds-seven-pegasus-spyware-infections/

🔑 Your AI clone could target your family, but there’s a simple defense security news – The FBI advises families to establish a secret word or phrase to verify identity and protect against AI voice-cloning scams, as criminals increasingly use AI to impersonate loved ones for fraud. https://arstechnica.com/ai/2024/12/your-ai-clone-could-target-your-family-but-theres-a-simple-defense/

Some More, For the Curious

🤦‍♂️ New era of slop security reports for open source security news – An increase in low-quality security reports from AI tools burdens open source maintainers, leading to burnout and confusion. Better reporting practices are needed to protect valuable contributors. https://sethmlarson.dev/slop-security-reports

💰 Supply Chain Attack Detected in Solana's web3.js Library security research – Versions 1.95.6 and 1.95.7 of the @solana/web3.js library were compromised to steal private keys, risking users' cryptocurrency wallets. Developers are urged to audit and secure their projects immediately. https://socket.dev/blog/supply-chain-attack-solana-web3-js-library

🥚 The Curious Case of an Egg-Cellent Resume security research – A campaign by TA4557/FIN6 exploited resumes to install malware and access servers. The attack involved multiple tactics, including credential theft and lateral movement, using various malicious tools. https://thedfirreport.com/2024/12/02/the-curious-case-of-an-egg-cellent-resume/

🥴 Exploit Intelligence this is part of a post series. take a look at the others! 😉 cyber defense – The article discusses the significance of exploit intelligence in cybersecurity, highlighting the need for organizations to stay informed about vulnerabilities and emerging threats to enhance their defense strategies. https://vulncheck.com/blog/exploit-intelligence

🃏 ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches cyber defense – This article outlines essential strategies for securing Industrial Control Systems against cyber threats found in their card game, emphasizing isolation and comprehensive security practices to mitigate risks. https://www.blackhillsinfosec.com/mitigations-to-scenarios-found-in-ics-ot-backdoors-and-breaches/

🌉 Tor Project needs 200 WebTunnel bridges more to bypass Russia' censorship privacy – The Tor Project aims to deploy 200 new WebTunnel bridges by year-end to combat increasing censorship in Russia, where government actions have made existing bridges less accessible. https://securityaffairs.com/171601/digital-id/tor-project-needs-200-webtunnel-bridges.html

🛡️ Building Cyber Resilience Against Ransomware Attacks cyber defense – Ransomware attacks are on the rise, costing organizations an average of $5.24 million. This article outlines a framework for building resilience against ransomware, emphasizing the need for effective response, sustainability, and recovery strategies. https://blog.nviso.eu/2024/12/03/building-cyber-resilience-against-ransomware-attacks/

🔌 Zero Day Initiative — Detailing the Attack Surfaces of the WolfBox E40 EV Charger hacking write-up – The WolfBox E40 EV charger has been analyzed for potential vulnerabilities, revealing attack surfaces via its mobile app and hardware components. The firmware extraction process highlights risks associated with its communications module and embedded OS. https://www.thezdi.com/blog/2024/12/2/detailing-the-attack-surfaces-of-the-wolfbox-e40-ev-charger

📊 Linux Foundation report highlights the true state of open source libraries in production apps security news – The Linux Foundation's Census III report reveals insights on open source libraries in production, emphasizing the rise of Rust for memory safety and ongoing reliance on Python 2, which raises security risks. https://techcrunch.com/2024/12/04/linux-foundation-report-highlights-the-true-state-of-open-source-libraries-in-production-apps/

🔧 Veeam addressed critical Service Provider Console (VSPC) bug vulnerability – Veeam fixed a critical vulnerability (CVE-2024-42448) in its Service Provider Console that could allow remote code execution. Organizations are urged to upgrade to version 8.1.0.21999 to mitigate this and another related vulnerability. https://securityaffairs.com/171651/security/veeam-addressed-critical-service-provider-console-vspc-flaw.html

🏝️ (QR) Coding My Way Out of Here: C2 in Browser Isolation Environments cyber defense – Mandiant reveals a technique to bypass browser isolation using QR codes for command-and-control (C2) communication, highlighting vulnerabilities in browser isolation technologies while recommending continued use as a defense measure against web threats. https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/

🌶️ White House: Chinese telecom hacks have been in motion for years security news – A White House official revealed that the Salt Typhoon hack, linked to Chinese state-sponsored actors, has impacted eight U.S. telecom companies and has been ongoing for two years, posing risks to communications and requiring urgent cybersecurity measures. https://cyberscoop.com/salt-typhoon-national-security-council-chinese-spying/

🏁 RACE Conditions in Modern Web Applications security research – RACE conditions, where simultaneous processes lead to unpredictable outcomes, remain a security concern in web applications. Recent research highlights new methods to exploit these vulnerabilities, emphasizing the need for proactive mitigation strategies in application development. https://www.guidepointsecurity.com/blog/race-conditions-in-modern-web-applications/

🧫 Analyzing the vulnerability landscape in Q3 2024 security news – Q3 2024 saw an increase in vulnerabilities in Windows and Linux, with notable exploits affecting systems like WinRAR and Microsoft Office. Experts emphasize the importance of timely patching and monitoring to mitigate risks. https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/

CISA Corner

🔒 CISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications Providers security news – CISA, alongside the NSA, FBI, and international partners, issued guidance to enhance security following a cyber espionage campaign by a PRC-affiliated threat actor targeting global telecommunications networks. https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-and-partners-release-joint-guidance-prc-affiliated-threat-actor-compromising-networks-global

🔒 Cisco Releases Security Updates for NX-OS Software vulnerability – Cisco has issued security updates for NX-OS software to fix a vulnerability that could allow cybercriminals to gain control of affected systems. Users are advised to review the advisory and apply updates promptly. https://www.cisa.gov/news-events/alerts/2024/12/05/cisco-releases-security-updates-nx-os-software

⚙️ CISA Releases Eight Industrial Control Systems Advisories vulnerability – On December 3, 2024, CISA issued eight advisories addressing vulnerabilities in various Industrial Control Systems, urging users and administrators to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-releases-eight-industrial-control-systems-advisories ⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – On December 5, 2024, CISA issued two advisories addressing security vulnerabilities in Industrial Control Systems: AutomationDirect C-More EA9 Programming Software and Planet Technology Planet WGS-804HPT, urging users to review them for mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/12/05/cisa-releases-two-industrial-control-systems-advisories

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, urging users to address these risks to federal networks. The vulnerabilities include CVE-2023-45727, CVE-2024-11680, and CVE-2024-11667. https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-51378, a vulnerability in CyberPanel related to incorrect default permissions, to its Known Exploited Vulnerabilities Catalog, highlighting the need for Federal agencies to remediate this risk promptly. https://www.cisa.gov/news-events/alerts/2024/12/04/cisa-adds-one-known-exploited-vulnerability-catalog

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 48/2024

December 1, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

📦 Vorsicht vor gefälschten Paketbenachrichtigungen warning – Kriminelle nutzen die Black Friday Zeit, um gefälschte Paketbenachrichtigungen zu versenden, die Nutzer zur Zahlung von angeblichen Versandkosten verleiten und sie in Abofallen locken. https://www.watchlist-internet.at/news/falsche-paketbenachrichtigungen/

🧱 Google blocked 1000 pro China websites from services security news – Google has blocked over 1,000 sites linked to a network promoting pro-China narratives, exposing coordinated disinformation tactics that blur the lines between authentic and fake news. https://www.theregister.com/2024/11/25/google_beijing_propaganda/

📦 Supply chain vendor Blue Yonder succumbs to ransomware cybercrime – Blue Yonder has suffered a ransomware attack, disrupting services and affecting customers like Starbucks and UK retailers, who are struggling to maintain supply chain operations. https://www.theregister.com/2024/11/26/blue_yonder_ransomware/

📞 Malware linked to Salt Typhoon used to hack telcos around the world security news – Salt Typhoon, a sophisticated Chinese APT group, has exploited various vulnerabilities to infiltrate telecom companies globally, using advanced malware and tactics for cyber-espionage. https://cyberscoop.com/salt-typhoon-us-telecom-hack-earth-estries-trend-micro-report/

🔧 Weekend QNAP, Veritas bugs hit patch pipelines vulnerability – QNAP patched 24 vulnerabilities in its products, including critical flaws in Notes Station 3, while Veritas faces delays in addressing seven critical vulnerabilities in its Enterprise Vault software. https://www.theregister.com/2024/11/26/qnap_veritas_vulnerabilities/

🚔 Emergency Vehicle Lights Can Screw Up a Car’s Automated Driving System security research – Research reveals that emergency vehicle lights can disrupt camera-based automated driving systems, causing them to misidentify objects and potentially leading to accidents, highlighting vulnerabilities in AI driving tech. https://www.wired.com/story/emergency-vehicle-lights-can-screw-up-a-cars-automated-driving-system/

🚫 Steam Removes Oct 7 Game at Request of UK Counter-Terrorism Unit security news – Valve removed the game 'Fursan al-Aqsa' from Steam in the UK at the request of the Counter-Terrorism Internet Referral Unit, citing concerns over its portrayal of violence related to the Israel-Palestine conflict. https://www.404media.co/steam-removes-oct-7-game-at-request-of-uk-counter-terrorism-unit/

🔓 Canadian privacy regulators publish details of medical testing company’s data breach data breach – A court ruling has allowed the public release of a report detailing a 2019 data breach at LifeLabs, exposing millions of Canadians' health data and revealing inadequate security measures. https://therecord.media/canadian-privacy-regulators-publish-life-labs-investigation

🦠 Russia-linked hackers exploited Firefox and Windows bugs in 'widespread' hacking campaign security research – RomCom, a Russian-linked hacking group, exploited zero-day vulnerabilities in Firefox and Windows to deploy malware via a 'zero-click' exploit, targeting users in Europe and North America. https://techcrunch.com/2024/11/26/russia-linked-hackers-exploited-firefox-and-windows-zero-day-bugs-in-widespread-hacking-campaign/

🤫 US alleges man is cybercrook with distaste for opsec cybercrime – Nicholas Kloster, 31, is accused of a cybercrime spree in Missouri, including unauthorized access and damage to computers, showing a blatant disregard for operational security. https://www.theregister.com/2024/11/26/kansas_city_cybercrime_charges/

📊 Someone Made a Dataset of One Million Bluesky Posts for 'Machine Learning Research' privacy – A dataset of one million public Bluesky posts was released for machine learning research but was later removed by its creator, citing violations of transparency and consent principles. https://www.404media.co/someone-made-a-dataset-of-one-million-bluesky-posts-for-machine-learning-research/

👔 NSO Group Spies on People on Behalf of Governments privacy – NSO Group, known for selling Pegasus spyware, reportedly operates the spyware on behalf of governments, revealing that they install and extract data from targeted devices themselves. https://www.schneier.com/blog/archives/2024/11/nso-group-spies-on-people-on-behalf-of-governments.html

⚖️ Judge rejects data brokers’ bid to throw out case brought by law enforcement officers privacy – A federal judge denied data brokers' motion to dismiss a lawsuit by New Jersey law enforcement officers under Daniel's Law, which protects their personal information from being disclosed online. https://therecord.media/judge-rejects-bid-to-throw-out-data-broker-police-privacy-case

🎮 Russian Disinformation Campaign Spreads Lies About Ukraine's ‘Stalker 2’ security news- A Russian disinformation campaign falsely claims that the Ukrainian game Stalker 2 is used for military enlistment and data collection, aiming to undermine the game's significance amidst the ongoing conflict. https://www.404media.co/stalker2-disinformation/

📳 T-Mobile says telco hackers had 'no access' to customer call and text message logs data breach – T-Mobile stated that hackers did not access customer calls, texts, or voicemails during a cyberattack linked to the China-backed group Salt Typhoon, while emphasizing their robust cybersecurity measures. https://techcrunch.com/2024/11/27/t-mobile-says-telco-hackers-had-no-access-to-customer-call-and-text-message-logs/

🚢 Investigators think a Chinese ship purposefully cut critical data cables security news – European investigators allege a Chinese ship intentionally dragged its anchor to sever two critical data cables, potentially linked to Russian intelligence, while the Kremlin denies involvement. https://techcrunch.com/2024/11/27/investigators-think-a-chinese-ship-purposefully-cut-critical-data-cables/

💻 Mimic Ransomware: What You Need To Know malware – Mimic ransomware, first identified in 2022, encrypts files and may exfiltrate data, leveraging the legitimate 'Everything' tool for quick file access. Infected files have a '.QUIETPLACE' extension, and a new variant called Elpaco has emerged, targeting systems via RDP. https://www.tripwire.com/state-of-security/mimic-ransomware-what-you-need-know

⚽ Italian football club Bologna FC says company data stolen during ransomware attack data breach – Bologna FC confirmed a ransomware attack by RansomHub, resulting in the theft of 200GB of sensitive data, including financial documents and player medical records, which may be leaked online. https://therecord.media/italian-football-club-blogna-fc-ransomware

📱 15 SpyLoan Android apps found on Google play had over 8 million installs malware – McAfee identified 15 SpyLoan apps on Google Play with over 8 million installs, exploiting users through deceptive tactics to collect sensitive data and leading to extortion and harassment. https://securityaffairs.com/171553/cyber-crime/15-spyloan-android-apps-on-google-play.html

Some More, For the Curious

🤦‍♂️ Malicious NPM Package Exploits React Native Documentation Example security research – A malicious npm package mimicked official React Native documentation, tricking developers and highlighting vulnerabilities in supply chain security. Vigilance is essential to prevent such attacks. https://checkmarx.com/blog/malicious-npm-package-exploits-react-native-documentation-example/

🗳️ Security Analysis of the MERGE Voting Protocol security research – The MERGE voting protocol, intended for internet voting, is criticized for its fundamental flaws and the impracticality of ensuring trustworthy elections without significant legal and administrative reforms. https://www.schneier.com/blog/archives/2024/11/security-analysis-of-the-merge-voting-protocol.html

🎮 The Exploitation of Gaming Engines: A New Dimension in Cybercrime cybercrime – Cybercriminals exploit Godot Engine to distribute malware undetected, infecting over 17,000 machines. This new trend poses significant risks to developers and gamers alike. https://blog.checkpoint.com/research/the-exploitation-of-gaming-engines-a-new-dimension-in-cybercrime/

🚨 Malware campaign abused flawed Avast Anti security research – Threat actors exploited a vulnerable Avast Anti-Rootkit driver to gain kernel-level access, disable security tools, and compromise systems, highlighting the risks of flawed drivers in malware campaigns. https://securityaffairs.com/171340/hacking/avast-anti-rootkit-driver-abused-malware-campaign.html

🛡️ Zyxel firewalls targeted in recent ransomware attacks vulnerability – Zyxel warns that a ransomware group is exploiting a patched command injection vulnerability in its firewalls, allowing attackers to execute OS commands if certain conditions are met. https://securityaffairs.com/171382/cyber-crime/zyxel-firewall-ransomware-attacks.html

🔑 BitLocker Security: Are Your Keys Truly Safe? hacking write-up – BitLocker's security relies on the TPM, but its default configuration may expose vulnerabilities. Without additional authentication, attackers can sniff the TPM bus and access encryption keys, compromising data. https://blog.nviso.eu/2024/11/26/wake-up-and-smell-the-bitlocker-keys/

🧑‍💻 The source code of Banshee Stealer leaked online malware – Banshee Stealer, a macOS malware for stealing sensitive data, has had its source code leaked on GitHub, leading to the shutdown of its operations by the developers. https://securityaffairs.com/171423/malware/the-source-code-of-banshee-stealer-leaked-online.html

📄 The Four Question Framework for Threat Modeling security research – Shostack + Associates has released a free whitepaper on the Four Question Framework for Threat Modeling, emphasizing the importance of consistent phrasing to maintain nuance and intent in security discussions. https://shostack.org/blog/four-question-frame/

⚠️ ProjectSend critical flaw actively exploited in the wild, experts warn vulnerability – A critical vulnerability in ProjectSend (CVE-2024-11680) is being actively exploited, allowing unauthorized access and webshell uploads. Many instances remain unpatched, raising significant security concerns. https://securityaffairs.com/171494/hacking/projectsend-critical-flaw-actively-exploited.html

🏇 Race Condition Attacks against LLMs security research – New attacks against LLMs include 'Flowbreaking,' which disrupts guardrails, and 'Second Thoughts,' where LLMs retract sensitive content if a user interrupts the response. These exploit vulnerabilities in the surrounding application architecture. https://www.schneier.com/blog/archives/2024/11/race-condition-attacks-against-llms.html

🔒 Zabbix urges upgrades after SQL injection bug disclosure vulnerability – Zabbix warns of a critical SQL injection vulnerability (CVE-2024-42327) affecting multiple product versions, potentially allowing full system compromise. Users are urged to upgrade to the latest versions for protection. https://www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/

🐱 Code found online exploits LogoFAIL to install Bootkitty Linux backdoor malware – Malicious code exploiting the LogoFAIL vulnerability can hijack the boot process of certain Linux devices from manufacturers like Acer and HP, allowing installation of the Bootkitty backdoor without user interaction. https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/

CISA Corner

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2023-28461, a vulnerability in Array Networks, to its catalog due to active exploitation, underscoring the need for federal agencies to address known vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/11/25/cisa-adds-one-known-exploited-vulnerability-catalog

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 47/2024

November 24, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

Highlight

⚠️ PSA: You shouldn't upload your medical images to AI chatbots privacy – Users are cautioned against uploading private medical images to AI chatbots like Grok, as it risks exposing sensitive data, which may be used to train models and shared without clear protections. https://techcrunch.com/2024/11/19/psa-you-shouldnt-upload-your-medical-images-to-ai-chatbots/

News For All

🌟 These alternatives to popular apps can help reclaim your online life from billionaires and surveillance privacy – Explore privacy-focused alternatives to popular apps that empower you to control your data, avoiding surveillance and monetization by big tech companies. https://techcrunch.com/2024/11/24/these-alternatives-to-popular-apps-can-help-reclaim-your-online-life-from-billionaires-and-surveillance/

🕵️‍♀️ Women In Russian-Speaking Cybercrime: Mythical Creatures or Significant Members of Underground? cybercrime – This article explores the underrepresented roles of women in Russian-speaking cybercrime, revealing their contributions, challenges, and evolving dynamics amid geopolitical tensions, highlighting both historical and contemporary insights. https://www.sans.org/blog/women-in-russian-speaking-cybercrime-mythical-creatures-or-significant-members-of-underground

🎶 Spotify abused to promote pirated software and game cheats cybercrime – Threat actors are exploiting Spotify playlists and podcasts to promote pirated software and game cheats, leveraging Spotify's SEO benefits to drive traffic to malicious sites. https://www.bleepingcomputer.com/news/security/spotify-abused-to-promote-pirated-software-and-game-cheats/

🦠 Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden malware – A malvertising campaign on Facebook disguised as Bitwarden updates spreads malware through fake ads, tricking users into installing malicious Chrome extensions that exploit business accounts. https://hackread.com/facebook-malvertising-malware-via-fake-bitwarden/

⚠️ Really Simple Security plugin flaw impacts 4M+ WordPress sites vulnerability – A critical vulnerability (CVE-2024-10924) in the Really Simple Security plugin affects over 4 million WordPress sites, allowing attackers to bypass authentication and gain full admin access. A fix has been released. https://securityaffairs.com/171100/hacking/really-simple-security-plugin-flaw-affects-4m-sites.html

💻 Ransomware gang Akira leaks unprecedented number of victims’ data in one day cybercrime – The Akira ransomware gang leaked a record 35 victims' data in one day, showcasing their aggressive tactics. This marks a significant surge in their operations since emerging in 2023. https://therecord.media/akira-ransomware-group-publishes-unprecedented-leak-data

🚨 Alleged Russian Phobos ransomware administrator extradited to U.S., in custody cybercrime – Evgenii Ptitsyn, a Russian alleged Phobos ransomware administrator, has been extradited to the U.S. after extorting over $16 million from more than 1,000 victims worldwide, facing multiple charges. https://cyberscoop.com/alleged-russian-phobos-ransomware-administrator-extradited-to-u-s-in-custody/

🛒 Scammer Black Friday offers: Online shopping threats and dark web sales security news – Kaspersky's report highlights the surge in online shopping-related cyber threats, including phishing attacks, fake mobile apps, and banking trojans, emphasizing the risks during Black Friday and the role of the dark web in selling stolen data. https://securelist.com/black-friday-report-2024/114589/

🔒 Microsoft beefs up Windows security with new recovery and patching features security news – In response to the CrowdStrike outage, Microsoft announced enhancements to Windows security, including Quick Machine Recovery, kernel mode changes for antivirus, and Administrator Protection for user permissions, aimed at improving system resilience and recovery. https://techcrunch.com/2024/11/19/microsoft-beefs-up-windows-security/

⚖️ German court says victims of massive Facebook data breach can be compensated data breach – A German court ruled that victims of the 2021 Facebook data breach can claim €100 ($105) in compensation, acknowledging non-material damage due to loss of control over personal data, despite no financial loss evidence. https://therecord.media/german-court-says-victims-facebook-breach-compensation

🌍 Niantic uses Pokémon Go player data to build AI navigation system security news – Niantic is developing a 'Large Geospatial Model' for AI navigation, using visual scans from Pokémon Go and Scaniverse players, leveraging over 10 million scanned locations worldwide to enhance augmented reality applications. https://arstechnica.com/ai/2024/11/niantic-uses-pokemon-go-player-data-to-build-ai-navigation-system/

📍 Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany security news – A report reveals that a data broker is selling detailed location data of US military and intelligence personnel in Germany, raising national security concerns as this information can be exploited for espionage and other malicious activities. https://www.wired.com/story/phone-data-us-soldiers-spies-nuclear-germany/

📺 Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events security research – Threat actors exploit misconfigured JupyterLab and Jupyter Notebook servers to hijack environments for illegal sports streaming, using tools like ffmpeg to capture and redistribute broadcasts, posing significant risks to organizations. https://securityaffairs.com/171193/cyber-crime/misconfigured-jupyterlab-and-jupyter-notebooks-illegal-live-sports-streaming.html

📱 Malicious QR Codes: How big of a problem is it, really? security news – Malicious QR codes exploit weaknesses in anti-spam filters, with around 60% of emails containing QR codes being spam. Security experts recommend caution when scanning QR codes, as they can lead to phishing or malware sites. https://blog.talosintelligence.com/malicious_qr_codes/

🚸 UK says a new law banning social media for under-16s is 'on the table' security news – The UK government is considering a ban on social media for under-16s to protect children's wellbeing, with a new study announced to assess social media's impact. The proposal aligns with the upcoming Online Safety Act aimed at enhancing online safety for children. https://therecord.media/britain-social-media-ban-children-proposal

🏥 750,000 Patients' Medical Records Exposed After Data Breach at French data breach – A cyber attack on a French hospital exposed the medical records of over 750,000 patients, with the hacker claiming access to data from multiple healthcare facilities. The breach was linked to stolen login credentials for the Mediboard system. https://www.tripwire.com/state-of-security/750000-patients-medical-records-exposed-after-data-breach-french-hospital

💰 DeliveryHero subsidiary fined \$5.2 million for tracking drivers’ geolocation privacy – Italy's data privacy regulator fined Foodinho S.r.l. €5 million ($5.2 million) for illegally tracking drivers' geolocation, including outside working hours, and sharing data with third parties without consent. The company is also prohibited from using biometric data for identity verification. https://therecord.media/deliveryhero-subsidiary-fined-5-million-geolocation-data

🐖 Meta cracks down on millions of accounts it tied to pig-butchering scams security news – Meta has removed millions of accounts linked to pig-butchering scams, a fraudulent scheme costing victims billions. The crackdown aims to protect users from organized crime. https://cyberscoop.com/meta-cracks-down-on-millions-of-accounts-it-tied-to-pig-butchering-scams/

🎉 Hackers break into Andrew Tate’s online ‘university,’ steal user data and flood chats with emojis data breach – Hackers accessed data of nearly 800,000 users from Andrew Tate's online course, leaking emails and private chats while disrupting chats. https://techcrunch.com/2024/11/21/hackers-break-into-andrew-tates-online-university-steal-user-data-and-flood-chats-with-emojis/

Some More, For the Curious

🔓 BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA security research – BrazenBamboo exploits a zero-day vulnerability in FortiClient to extract user VPN credentials using their DEEPDATA malware, highlighting the ongoing threat of credential theft. https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/

🔒 What To Use Instead of PGP security research – The article argues against using PGP for secure communications, recommending better alternatives like Sigstore, SSH signatures, Magic Wormhole, and Signal for various use cases, emphasizing modern tools over outdated methods. https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

🛡️ Inside the Threat: A Behind-the-Scenes Look at Stopping an Active Intrusion cyber defense – This article details a proactive investigation into an active intrusion, showcasing how early detection, vigilant employees, and layered security measures thwarted a potentially devastating ransomware attack. https://sec-consult.com/blog/detail/inside-the-threat-a-behind-the-scenes-look-at-stopping-an-active-intrusion/

📝 Azure Detection Engineering: Log idiosyncrasies you should know about cyber defense – This article discusses various inconsistencies and intricacies in Azure logs, including schema, IP addresses, user-agent fields, and UUID formatting, offering insights for better monitoring and detection in Azure environments. https://tracebit.com/blog/azure-detection-engineering-log-idiosyncrasies-you-should-know-about

🔍 CVE-2024-10524 Wget Zero Day Vulnerability vulnerability – A zero-day vulnerability (CVE-2024-10524) in Wget allows attackers to exploit shorthand HTTP URLs, potentially leading to phishing, SSRF, and MiTM attacks. A patch has been released in version 1.25.0. https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/

⚠️ Critical 9.8-rated VMware vCenter RCE bug under exploit security news – Two VMware vCenter vulnerabilities, CVE-2024-38812 and CVE-2024-38813, have been confirmed exploited in the wild, including a critical RCE flaw rated 9.8. Urgent fixes are required. https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/

🎈 Microsoft announces its own Black Hat-like hacking event with big rewards for AI security security news – Microsoft is launching Zero Day Quest, a major hacking event aimed at discovering cloud and AI security flaws, offering $4 million in rewards. The event emphasizes collaboration with security researchers and aims to enhance industry-wide security practices. https://www.theverge.com/2024/11/19/24299999/microsoft-zero-day-quest-hacking-event-ai-cloud-security

🩶 Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock privacy – Leaked documents reveal that Graykey, a law enforcement tool for unlocking phones, can only access partial data from modern iPhones running iOS 18 and iOS 18.0.1, highlighting the ongoing battle between forensics tools and phone security. https://www.404media.co/leaked-documents-show-what-phones-secretive-tech-graykey-can-unlock-2/

🛠️ Botnet serving as ‘backbone’ of malicious proxy network taken offline security research – The ngioweb botnet, a key player in malicious proxy services, has been dismantled by security experts. This botnet, primarily composed of compromised IoT devices and routers, facilitated various cybercrimes, including DDoS attacks and credential stuffing. https://cyberscoop.com/proxy-services-cybercrime-ngioweb-botnet-nsocks/

🔒 Fintech giant Finastra confirms it's investigating a data breach data breach – Finastra is investigating a data breach involving its internal Secure File Transfer Platform after a hacker claimed to sell 400GB of stolen data from the company’s banking clients. Initial evidence suggests compromised credentials. https://techcrunch.com/2024/11/20/fintech-giant-finastra-confirms-its-investigating-a-data-breach/

🖇️ D-Link says replace vulnerable routers or risk pwnage vulnerability – D-Link has advised users of older VPN router models to replace them due to a serious unauthenticated remote code execution vulnerability. The company will not issue patches for affected devices, which have reached end of life, and is offering a discount on a new model. https://www.theregister.com/2024/11/20/dlink_rip_replace_router/

🔒 A new ‘ultra-secure’ phone carrier says it can make you harder to track security news – Cape, a new privacy-focused phone carrier, aims to protect users' data by minimizing personal information collection and offering a pre-configured Android phone with enhanced security features, targeting high-risk individuals. https://www.theverge.com/2024/11/21/24302416/cape-ultra-secure-phone-data-collection-tracking

🎛️ Finding Access Control Vulnerabilities with Autorize cyber defense – This article discusses how to identify access control vulnerabilities using Autorize, focusing on vertical and horizontal access control issues in web applications, and highlights the importance of proper session management and user permissions. https://www.blackhillsinfosec.com/finding-access-control-vulnerabilities-with-autorize/

🏘️ Spies hack Wi-Fi networks in far-off land to launch attack on target next door security research – Russian hackers linked to Fancy Bear executed a 'Nearest Neighbor Attack' by compromising a nearby Wi-Fi-enabled device to access a high-value target's network, exploiting credential weaknesses without needing physical proximity. https://arstechnica.com/security/2024/11/spies-hack-wi-fi-networks-in-far-off-land-to-launch-attack-on-target-next-door/

😱 'Alarming' security bugs lay low in Linux's needrestart utility for 10 years vulnerability – Five critical vulnerabilities in the needrestart utility allow local attackers to gain root access, posing severe risks to system security. Immediate updates are urged. https://www.theregister.com/2024/11/21/qualys_needrestart_linux_vulnerabilities/

CISA Corner

🔍 Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization security research – CISA conducted a red team assessment revealing critical vulnerabilities in a US critical infrastructure organization, highlighting issues with insufficient technical controls, lack of staff training, and ineffective monitoring that allowed attackers to exploit systems. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, including command injection and authentication bypass flaws in Kemp LoadMaster and Palo Alto Networks PAN-OS, urging users to review related security bulletins. https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has added two vulnerabilities, CVE-2024-38812 and CVE-2024-38813, related to VMware vCenter Server, to its Known Exploited Vulnerabilities Catalog, highlighting significant risks for federal agencies and the need for prompt remediation. https://www.cisa.gov/news-events/alerts/2024/11/20/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, including code execution and XSS vulnerabilities in Apple products and an incorrect authorization flaw in Oracle PLM, highlighting significant risks for federal agencies. https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-adds-three-known-exploited-vulnerabilities-catalog

⚙️ CISA Releases One Industrial Control Systems Advisory vulnerability – CISA issued an advisory (ICSA-24-324-01) on November 19, 2024, regarding vulnerabilities in Mitsubishi Electric's MELSEC iQ-F Series. Users are urged to review the advisory for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/11/19/cisa-releases-one-industrial-control-systems-advisory ⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA has released seven advisories on November 21, 2024, addressing security issues and vulnerabilities in various Industrial Control Systems, including products from Automated Logic and Schneider Electric. https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-releases-seven-industrial-control-systems-advisories

🔒 Apple Releases Security Updates for Multiple Products security news – Apple has released security updates to fix vulnerabilities in various products, warning that cyber threat actors could exploit these flaws to gain control of affected systems. Users are urged to apply the updates. https://www.cisa.gov/news-events/alerts/2024/11/20/apple-releases-security-updates-multiple-products

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 46/2024

November 18, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

Highlight

🐦 Einladung ins Fediverse: Mastodon als Alternative zu X, Instagram und Co. privacy – The article invites readers to consider Mastodon as a privacy-friendly alternative to popular social media platforms like X and Instagram, encouraging sharing and engagement through various channels. https://www.kuketz-blog.de/einladung-ins-fediverse-mastodon-als-alternative-zu-x-instagram-und-co/

🛡️ Kritische Sicherheitslücke in Laravel Framework – Updates verfügbar warning – The article about a critical vulnerability in Laravel is provided by CERT.at, Austria's Computer Emergency Response Team. https://www.cert.at/de/warnungen/2024/11/kritische-sicherheitslucke-in-laravel-framework-updates-verfugbar

News For All

❓ Brauchst du wirklich ein VPN? privacy – The article explores whether a VPN is necessary for online privacy and security, highlighting both its benefits and limitations in protecting personal data. https://www.kuketz-blog.de/brauchst-du-wirklich-ein-vpn/

💼 Hacker erbeuten Firmendaten des Statistischen Bundesamtes data breach – A hacker group has stolen and is selling sensitive data from Germany's Federal Statistical Office, including contact details and access credentials, raising significant privacy concerns. https://www.golem.de/news/cyberangriff-auf-destatis-hacker-erbeuten-firmendaten-des-statistischen-bundesamtes-2411-190805.html

💳 200,000 SelectBlinds customers have their cards skimmed in malware attack data breach – SelectBlinds revealed a breach affecting over 206,000 customers due to malware on its checkout page, compromising sensitive information, including credit card details. Users are advised to reset passwords and monitor statements. https://www.bitdefender.com/en-us/blog/hotforsecurity/200-000-selectblinds-customers-card-details-skimmed-malware-attack/

🔑 These are the passwords you definitely shouldn’t be using security news – NordPass released its annual list of the most common passwords, revealing a lack of creativity with '123456' topping the chart. Users are urged to create more secure passwords or consider using passkeys. https://www.theverge.com/2024/11/13/24295543/most-common-passwords-list-2024

🕵️‍♀️ The WIRED Guide to Protecting Yourself From Government Surveillance privacy – With the potential expansion of government surveillance under a new administration, experts recommend various privacy protections, including encrypted communications, device encryption, and careful management of location and financial data. https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/

🚨 Criminals Exploiting FBI Emergency Data Requests cybercrime – Cybercriminals have exploited compromised police accounts to impersonate law enforcement and request user data, resulting in unauthorized access to sensitive information from companies. This highlights vulnerabilities in lawful-access mechanisms. https://www.schneier.com/blog/archives/2024/11/criminals-exploiting-fbi-emergency-data-requests.html

📃 'FYI. A Warrant Isn’t Needed': Secret Service Says You Agreed To Be Tracked With Location Data privacy – Internal emails reveal the Secret Service's debate on needing warrants for location data from apps, claiming users consented through terms of service, despite concerns over illegal usage of the data. https://www.404media.co/fyi-a-warrant-isnt-needed-secret-service-says-you-agreed-to-be-tracked-with-location-data/

🔓 Delta, Amazon confirm vendor breach as dark web posts revive MOVEit leak concerns data breach – Delta and Amazon confirmed that employee data was stolen from a vendor via a MOVEit vulnerability. The leaked data, including contact information, has reignited concerns about previous breaches tied to the Clop ransomware gang. https://therecord.media/delta-amazon-vendor-breach-confirmed

👁️ ICE Started Ramping Up Its Surveillance Arsenal Immediately After Donald Trump Won privacy – Immediately following Trump's election, ICE sought contracts to enhance surveillance technologies for monitoring non-citizens awaiting deportation, anticipating a dramatic increase in those under surveillance from 200,000 to over 5 million. https://www.wired.com/story/ice-surveillance-contracts-isap/

📱 Safer with Google: New intelligent, real-time protections on Android to keep you safe security news – The article discusses Google's latest advancements in online security features aimed at enhancing user safety through intelligent systems and real-time protection mechanisms. https://security.googleblog.com/2024/11/new-real-time-protections-on-Android.html

🎧 These Guys Hacked AirPods to Give Their Grandmas Hearing Aids hacking write-up – Three technologists in India hacked AirPods Pro 2 to enable hearing aid features by creating a Faraday cage to bypass Apple's location restrictions, allowing their grandmothers to use the technology. https://www.wired.com/story/apple-airpods-hearing-aid-hack/

👶 Pregnancy Tracking App ‘What to Expect’ Refuses to Fix Issue that Allows Full Account Takeover privacy – The 'What to Expect' pregnancy tracking app is neglecting serious vulnerabilities, including one enabling full account takeover, which risks exposing users' sensitive reproductive health information amid rising concerns for privacy and safety. https://www.404media.co/pregnancy-tracking-app-what-to-expect-refuses-to-fix-issue-that-allows-full-account-takeover-2/

💬 An Interview With the Target & Home Depot Hacker – Krebs on Security cybercrime – Mikhail Shefel, the identity behind the Rescator alias, discusses his role in the Target and Home Depot breaches, his connections to other hackers, and his current financial struggles following legal issues and arrests. https://krebsonsecurity.com/2024/11/an-interview-with-the-target-home-depot-hacker/

🤏 ShrinkLocker Ransomware: What You Need To Know malware – ShrinkLocker is a new ransomware that uses VBScript and BitLocker to encrypt victims' files, locking them out without providing a password. It changes drive names to an attacker's contact, but Bitdefender offers a free decryption tool. https://www.tripwire.com/state-of-security/shrinklocker-ransomware-what-you-need-know

📬 Scammers resort to physical Swiss post to spread malware cybercrime – Switzerland's NCSC warns of a new scam where malware is spread through fake letters mimicking official weather alerts. Recipients are tricked into downloading a malicious app containing the Coper trojan, targeting banking information. https://www.theregister.com/2024/11/16/swiss_malware_qr/

Some More, For the Curious

🤔 Newag admits: Dragon Sector hackers did not modify software in Impuls trains I missed this one a few weeks earlier. security news – Newag's lawsuit against hackers reveals that while they claim no software modifications were made, they still face questions about intentional software locks in their trains. The truth remains elusive. https://rys.io/en/175.html

🦠 A new fileless variant of Remcos RAT observed in the wild malware – Fortinet has identified a phishing campaign distributing a new variant of Remcos RAT, using an Excel document to exploit vulnerabilities and stealthily execute malware, granting attackers remote access. https://securityaffairs.com/170791/security/a-new-fileless-variant-of-remcos-rat-phishing.html

💻 North Korean-linked hackers were caught experimenting with new macOS malware malware – Researchers found North Korean hackers embedding malware in macOS applications using an open-source SDK, capable of bypassing Apple's security. The malware shows ties to cryptocurrency intrusions but its use remains uncertain. https://cyberscoop.com/north-korea-macos-malware-flutter-jamf/

⚙️ Exploit code released for RCE attack on Citrix VDI solution vulnerability – Researchers released a PoC exploit for a vulnerability in Citrix's Virtual Apps and Desktops, allowing remote code execution via HTTP requests. Citrix disputes the claim of unauthenticated access, urging users to apply hotfixes. https://www.theregister.com/2024/11/12/http_citrix_vuln/

🔧 Zero Day Initiative — The November 2024 Security Update Review security news – Adobe and Microsoft released significant patches in November, addressing numerous vulnerabilities across various products. Key issues include critical RCE flaws in Windows and multiple critical updates from Adobe. https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review

🥼 Inside the DemandScience by Pure Incubation Data Breach data breach – The article discusses the DemandScience data breach, revealing how personal data was aggregated and sold. It highlights public concerns about data privacy, expectations of notification, and the implications of data misuse. https://www.troyhunt.com/inside-the-demandscience-by-pure-incubation-data-breach/

🌐 A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats security research – The article analyzes the complex ecosystem of Chinese state-sponsored cyber operations, highlighting the roles of the PLA, MSS, and MPS, along with the involvement of private companies and patriotic hackers in cyber offensives. https://blog.sekoia.io/a-three-beats-waltz-the-ecosystem-behind-chinese-state-sponsored-cyber-threats/

🔗 China's Volt Typhoon botnet has re security research – The Volt Typhoon botnet has resurfaced, using the same infrastructure and techniques to target critical infrastructure in the U.S. and Guam. Despite previous disruptions, it remains a significant threat, exploiting outdated devices. https://securityaffairs.com/170872/apt/volt-typhoon-botnet-has-re-emerged.html

📉 NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely security news – NIST announced it has cleared a backlog of unanalyzed exploited vulnerabilities with support from CISA and the private sector. However, it will not meet its goal of clearing all vulnerabilities by year-end due to data processing challenges. https://therecord.media/nist-vulnerability-backlog-cleared-cisa

💰 Crimeware and financial predictions for 2025 security news – Kaspersky's report predicts an increase in AI-powered cyberattacks, supply chain attacks, and financial threats targeting central banks and smartphones in 2025, highlighting evolving tactics in the crimeware landscape. https://securelist.com/ksb-financial-and-crimeware-predictions-2025/114565/

🔑 Good Essay on the History of Bad Password Policies security research – Stuart Schechter discusses the history of ineffective password policies, highlighting mistakes made by Morris and Thompson in assuming that their interventions would lead to strong passwords without adequate testing or metrics. https://www.schneier.com/blog/archives/2024/11/good-essay-on-the-history-of-bad-password-policies.html

🔍 NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents security news – Court documents reveal NSO Group cut off 10 customers for abusing its Pegasus spyware, which exploited WhatsApp vulnerabilities. The revelations raise concerns about NSO's operations and the use of its tools against individuals, including high-profile targets. https://techcrunch.com/2024/11/15/nso-group-admits-cutting-off-10-customers-because-they-abused-its-pegasus-spyware-say-unsealed-court-documents/

🪪 Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation cyber defense – Misconfigurations in Active Directory Certificate Services can lead to serious vulnerabilities, enabling attackers to gain unauthorized access and escalate privileges within a domain. https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-fortifying-active-directory-certificate-services-adcs-against-exploitation/

CISA Corner

🔒 2023 Top Routinely Exploited Vulnerabilities security news – A joint advisory from cybersecurity agencies highlights an increase in zero-day vulnerabilities exploited in 2023, urging software developers and end-users to implement secure practices and timely patching to mitigate risks. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

⚠️ CISA Adds Five Known Exploited Vulnerabilities to Catalog warning – CISA has included five new vulnerabilities in Atlassian Jira, Cisco ASA, Metabase GeoJSON and Microsoft Windows to its Known Exploited Vulnerabilities Catalog, emphasizing their active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-adds-five-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has included two new vulnerabilities in its Known Exploited Vulnerabilities Catalog: CVE-2024-9463 and CVE-2024-9465, both related to Palo Alto Networks Expedition, highlighting significant risks to federal networks. https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-adds-two-known-exploited-vulnerabilities-catalog

🏭 CISA Releases Nineteen Industrial Control Systems Advisories vulnerability – CISA has published nineteen advisories addressing security vulnerabilities in Industrial Control Systems. Siemens, Rockwell, Hitachi, 2N, Elvaco, Baxter https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-releases-nineteen-industrial-control-systems-advisories 🏭 CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA has published five advisories detailing security vulnerabilities and exploits related to various Industrial Control Systems. Subnet, Hitachi, Rockwell, Mitsubishi, Snap One https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-releases-five-industrial-control-systems-advisories

🔒 Fortinet Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/fortinet-releases-security-updates-multiple-products 🛡️ Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/adobe-releases-security-updates-multiple-products 🔐 Microsoft Releases November 2024 Security Updates https://www.cisa.gov/news-events/alerts/2024/11/12/microsoft-releases-november-2024-security-updates 🔧 Ivanti Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/ivanti-releases-security-updates-multiple-products 🔒 Citrix Releases Security Updates for NetScaler and Citrix Session Recording https://www.cisa.gov/news-events/alerts/2024/11/12/citrix-releases-security-updates-netscaler-and-citrix-session-recording

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 45/2024

November 10, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

🦹 Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies cybercrime – A complex hacking ecosystem fueled by infostealer malware is behind major breaches, as hackers exploit stolen credentials from pirated software. https://www.wired.com/story/inside-the-massive-crime-industry-thats-hacking-billion-dollar-companies/

🏆 Valorant is winning the war against PC gaming cheaters security news – Riot Games' Vanguard anti-cheat system has significantly reduced cheating in Valorant by employing advanced detection methods. https://www.theverge.com/2024/11/4/24283482/valorant-is-winning-the-war-against-pc-gaming-cheaters

🎫 Hacker suspected in massive Ticketmaster, AT&T breaches arrested in Canada cybercrime – Canadian authorities arrested a man suspected of breaching around 165 companies, including Ticketmaster and AT&T, by exploiting Snowflake's cloud storage with stolen credentials. https://www.theverge.com/2024/11/5/24288654/alleged-snowflake-hacker-arrested-ticketmaster-att-data-breaches

📉 Mozilla Foundation lays off 30% staff, drops advocacy division security news – The Mozilla Foundation has laid off 30% of its staff, eliminating its advocacy and global programs divisions to streamline operations and focus on its mission amidst significant changes in the tech landscape. https://techcrunch.com/2024/11/05/mozilla-foundation-lays-off-30-staff-drops-advocacy-division/

💸 South Korean authorities fine Meta $15.6 million for sharing user data with advertisers privacy – South Korea fined Meta $15.6 million for sharing sensitive data of 980,000 Facebook users with advertisers without consent, violating the Personal Information Protection Act. https://therecord.media/facebook-south-korea-privacy-regulator-fine

🐍 ToxicPanda Android banking trojan targets Europe and LATAM malware – The ToxicPanda Android banking trojan has infected over 1,500 devices, targeting banks in Europe and Latin America. It employs On-Device Fraud techniques to bypass security measures, indicating a potential shift in attack strategies by Chinese-speaking threat actors. https://securityaffairs.com/170605/malware/toxicpanda-android-malware-targets-italy.html

👮‍♂️ Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs cybercrime – Interpol's Operation Synergia resulted in 41 arrests and the takedown of over 22,000 malicious IP addresses linked to cybercrime, preventing numerous phishing and ransomware attacks worldwide. https://therecord.media/interpol-operation-arrests-takedowns

🕺 Canada ordered ByteDance to shut down TikTok operations in the country over security concerns privacy – Canada has ordered ByteDance to dissolve TikTok Technology Canada due to security concerns, though Canadians can still access the app. The decision follows a national security review amid ongoing scrutiny of TikTok's data practices. https://securityaffairs.com/170653/security/canada-ordered-bytedance-to-shut-down-tiktok-operations.html

💽 Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices vulnerability – Synology patched a critical vulnerability (CVE-2024-10443) in DiskStation and BeePhotos NAS devices that allowed remote code execution without user interaction, affecting millions. Users are urged to apply updates immediately. https://securityaffairs.com/170602/hacking/synology-fixed-critical-bug-in-diskstation-and-beephotos-nas.html

🦠 SteelFox Trojan imitates popular products to drop stealer and miner malware security research – The SteelFox Trojan, disguised as software activators, spreads via torrent and forum posts, stealing sensitive data and mining cryptocurrency. It targets popular applications like AutoCAD and Foxit PDF Editor, employing sophisticated techniques to evade detection. https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/

🚫 Major Ukrainian university bans Telegram to reduce cyberthreats security news – Taras Shevchenko National University of Kyiv has banned Telegram for official communications, citing security concerns over Russian access to user data. The ban follows similar restrictions for state officials, prompting discussions about alternative communication platforms. https://therecord.media/ukraine-university-bans-telegram

🧢 How early-stage companies can go beyond cybersecurity basics cyber defense – To combat evolving cyber threats, early-stage companies should adopt a proactive cybersecurity strategy that transcends basic compliance, focusing on risk management, layered security, employee training, and incident response planning. https://cyberscoop.com/cybersecurity-for-startups-early-stage-companies/

🧪 What Is Penetration Testing? security news – Penetration testing simulates attacks to identify vulnerabilities within an organization's security systems. By employing various techniques, it helps organizations strengthen defenses, comply with regulations, and improve incident response capabilities. https://www.blackhillsinfosec.com/what-is-penetration-testing/

🎮 Hacker says they banned ‘thousands’ of Call of Duty gamers by abusing anti-cheat flaw security news – A hacker named Vizor exploited a flaw in Activision's Ricochet anti-cheat system to falsely ban thousands of Call of Duty players by sending messages containing specific strings. https://techcrunch.com/2024/11/07/hacker-says-they-banned-thousands-of-call-of-duty-gamers-by-abusing-anti-cheat-flaw/

🚗 Zero Day Initiative — Multiple Vulnerabilities in the Mazda In vulnerability – Multiple vulnerabilities in the Mazda Connect CMU system allow physical attackers to exploit insufficient input sanitization via USB devices, enabling arbitrary code execution with root privileges, posing significant security risks. https://www.thezdi.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system

🔒 A new iOS 18 security feature makes it harder for police to unlock iPhones privacy – iOS 18 introduces an inactivity timer that reboots iPhones after four days of inactivity, entering a more secure state that complicates police access to locked devices and limits data extraction capabilities. https://www.theverge.com/2024/11/9/24292092/ios-18-security-inactivity-reboot-police-complain-unlocking-iphone-difficult

Some More, For the Curious

🐰 Fortinet FortiGate CVE-2024-23113 – A Super Complex Vulnerability In A Super Secure Appliance In 2024 vulnerability – A Format String vulnerability in Fortinet's FortiGate SSLVPN devices allows remote code execution. https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/

🔀 A look at the latest post-quantum signature standardization candidates security research – NIST advances 14 post-quantum signature schemes for cybersecurity, highlighting their need to resist quantum attacks. The migration to these standards poses challenges, particularly regarding performance and data overhead in TLS connections. https://blog.cloudflare.com/another-look-at-pq-signatures

🎟️ Strengthening Local Admin Security in Windows 11 with Local Administrator Protection security news – Windows 11's new Local Administrator Protection feature enhances security by providing just-in-time admin privileges, reducing exposure to malware and minimizing risks associated with local admin rights. https://call4cloud.nl/local-administrator-protection-privilege-protection/

🦘 Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems security research – The SANS report highlights rising attacks on ICS/OT systems, primarily through IT network vulnerabilities, with non-ransomware incidents outnumbering ransomware. https://www.darkreading.com/ics-ot-security/attackers-breach-network-provider-ot-ics-network

💼 Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale security research – Cybercriminals are exploiting DocuSign's APIs to send realistic fake invoices using genuine accounts, bypassing traditional phishing defenses. https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/

🤖 AIs Discovering Vulnerabilities security research – Research into AI capabilities for discovering software vulnerabilities is advancing, with tools like ZeroPath uncovering critical flaws missed by traditional methods. https://www.schneier.com/blog/archives/2024/11/ais-discovering-vulnerabilities.html

🔍 Typosquat campaign impersonates 287+ popular npm packages cybercrime – A new typosquatting campaign targets developers by publishing malicious npm packages that mimic legitimate ones, utilizing Ethereum smart contracts for command-and-control. https://www.theregister.com/2024/11/05/typosquatting_npm_campaign/

💰 Schneider Electric reports cyberattack, its third incident in 18 months *security news – Schneider Electric confirmed a cyberattack involving unauthorized access to its project tracking platform, with the HellCat ransomware group demanding a $150,000 ransom in baguettes after claiming to steal over 40GB of data.* https://cyberscoop.com/schneider-electric-energy-ransomware-hellcat/

🔐 Abusing Intune Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments security research – Mandiant's Red Team demonstrated how attackers can exploit Intune permissions to achieve lateral movement and privilege escalation within Microsoft Entra ID. https://cloud.google.com/blog/topics/threat-intelligence/abusing-intune-permissions-entra-id-environments/

💯 Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw vulnerability – Cisco has issued a critical alert for CVE-2024-20418, a vulnerability in its Ultra-Reliable Wireless Backhaul systems that allows remote attackers to gain admin access via crafted HTTP requests, necessitating immediate patching. https://www.theregister.com/2024/11/07/cisco_uiws_flaw/

🤖 AI Industry is Trying to Subvert the Definition of “Open Source AI” security news – The Open Source Initiative's new definition of 'open source AI' has sparked controversy for permitting secretive practices in training data, raising concerns about true transparency in AI development. Critics argue for a clear distinction between 'open source' and 'open weights' models. https://www.schneier.com/blog/archives/2024/11/ai-industry-is-trying-to-subvert-the-definition-of-open-source-ai.html

🚔 FBI says hackers are sending fraudulent police data requests to tech giants to steal people's private information security news – The FBI warns that hackers are exploiting compromised government email addresses to submit fraudulent emergency data requests, enabling them to steal private user information from tech companies like Apple and Meta. https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/

🏜️ Palo Alto Networks warns of potential RCE in PAN vulnerability – Palo Alto Networks alerts customers to a potential remote code execution vulnerability in PAN-OS management interface, urging them to restrict access and follow security best practices to mitigate risks. https://securityaffairs.com/170697/security/palo-alto-networks-warns-potential-pan-os-rce.html

📇 Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks security research – This guide emphasizes the importance of limiting high-privilege accounts and monitoring for unusual replication requests to defend against DCSync attacks on Active Directory. https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-securing-active-directory-against-dcsync-attacks/

🤖 With 2FA Enabled: NPM Package lottie-player Taken Over by Attackers security research – Attackers exploited a leaked automation token to inject malicious code into popular NPM package versions, highlighting vulnerabilities in software supply chains and 2FA limitations. https://checkmarx.com/blog/with-2fa-enabled-npm-package-lottie-player-taken-over-by-attackers/

CISA Corner

⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has added two vulnerabilities affecting PTZOptics cameras to its Known Exploited Vulnerabilities Catalog, highlighting the risks of OS command injection and authentication bypass to federal networks. https://www.cisa.gov/news-events/alerts/2024/11/04/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog warning – CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, including privilege escalation and authentication flaws, highlighting significant risks for federal agencies that must address these vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/11/07/cisa-adds-four-known-exploited-vulnerabilities-catalog

⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA issued three advisories on November 7, 2024, addressing security vulnerabilities in Beckhoff Automation, Delta Electronics, and Bosch Rexroth ICS products, urging users to review for technical details and mitigations. https://www.cisa.gov/news-events/alerts/2024/11/07/cisa-releases-three-industrial-control-systems-advisories

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 44/2024

November 3, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

🎭 Massive hack-for-hire scandal rocks Italian political elites cybercrime – A hack-for-hire scheme exposed sensitive data of top Italian politicians, raising serious concerns about democracy and privacy. Investigations have led to arrests and calls for stronger security measures. https://www.politico.eu/article/hacking-scandal-italy-matteo-renzi-sergio-mattarella-equalize-nunzio-samuele-calamucci/

💻 Black Basta affiliates used Microsoft Teams in recent attacks security research – Black Basta ransomware affiliates are now using Microsoft Teams to impersonate IT support, tricking employees into granting access and spreading malware through malicious QR codes. https://securityaffairs.com/170311/cyber-crime/black-basta-ransomware-microsoft-teams.html

🔓 Free, France’s second-largest telecoms company, confirms being hit by cyberattack data breach – Free confirmed a cyberattack that compromised personal data of subscribers, with over 19 million potentially affected. The company has reported the breach and is enhancing security measures. https://therecord.media/france-telecom-free-cyberattack

🤖 Hospitals adopt error-prone AI transcription tools despite warnings security news – OpenAI's Whisper tool is generating fabricated medical transcripts, raising serious concerns for patient care. Despite warnings, many healthcare providers are using it, risking accuracy in critical situations. https://arstechnica.com/ai/2024/10/hospitals-adopt-error-prone-ai-transcription-tools-despite-warnings/

📚 Die digitale Bildung unter der Lupe: Eine Analyse von Schul- und Lern-Apps privacy – The article examines school and learning apps, focusing on their effectiveness and privacy implications. It emphasizes the need for scrutiny in digital education tools to protect user data. https://www.kuketz-blog.de/die-digitale-bildung-unter-der-lupe-eine-analyse-von-schul-und-lern-apps/

🏃‍♂️ Macron's bodyguards show his location by sharing Strava data privacy – An investigation revealed that President Macron's bodyguards inadvertently shared their locations on Strava, exposing sensitive information about his whereabouts and security arrangements. https://www.theregister.com/2024/10/29/macron_location_strava/

🏡 QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024 vulnerability – QNAP patched a critical zero-day vulnerability (CVE-2024-50388) exploited at Pwn2Own Ireland 2024, allowing remote code execution on TS-464 NAS devices. The flaw was quickly addressed following the demonstration. https://securityaffairs.com/170386/uncategorized/qnap-fixed-zero-day-cve-2024-50388-pwn2own-ireland-2024.html

🦠 Malware campaign expands its use of fake CAPTCHAs malware – A new malware campaign utilizes fake CAPTCHAs to deliver Lumma and Amadey malware, targeting users on various websites. Clicking the CAPTCHA triggers malicious code, leading to data theft and browser credential extraction. https://therecord.media/fake-captcha-malware-campaign-lumma-amadey

🤬 Google CEO says over 25% of new Google code is generated by AI security news – Google's CEO announced that AI now generates over 25% of new code at the company, aiding developers' productivity. While AI tools are popular, concerns about bugs and security remain. Comment: I can't express how scary this sounds to me. https://arstechnica.com/ai/2024/10/google-ceo-says-over-25-of-new-google-code-is-generated-by-ai/

🎢 Windows Themes 0-day opens door to NTLM credential theft vulnerability – A zero-day vulnerability in Windows Themes allows attackers to steal NTLM credentials by tricking users into handling malicious theme files. A free micropatch from Acros Security is available while awaiting a Microsoft fix. https://www.theregister.com/2024/10/30/zeroday_windows_themes/

📞 New version of Android malware FakeCall redirects bank calls to scammers cybercrime – The updated FakeCall malware for Android redirects bank calls to scammers, stealing sensitive information and funds. It mimics the Android dialer, tricking users into granting it default call handler permissions. https://securityaffairs.com/170410/malware/fakecall-malware-intercepts-outgoing-bank-calls.html

🛒 Satori Threat Intelligence Alert: Phish ’n’ Ships Fakes Online Shops to Steal Money and Credit Card Information cybercrime – Satori uncovered a fraud operation, Phish ’n’ Ships, exploiting fake online shops to steal credit card information. The scheme, which has affected hundreds of thousands of consumers, uses infected websites to redirect users to counterfeit stores, resulting in significant financial losses. https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-phish-n-ships-fakes-online-shops-to-steal-money-and-credit-card-information

🎣 Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files security research – Midnight Blizzard, a Russian threat actor, is executing a spear-phishing campaign targeting government and academic sectors using signed RDP files to redirect victims to actor-controlled servers for intelligence collection. https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/

🍽️ Fired Disney worker accused of hacking into restaurant menus, replacing them with Windings and false peanut allergy information security news – A former Disney employee allegedly hacked the restaurant menu system, changing fonts to Wingdings and removing allergy info, risking safety. He faces multiple charges, including a denial-of-service attack on Disney staff. https://www.bitdefender.com/en-us/blog/hotforsecurity/fired-disney-worker-hacking-restaurant-menus-replacing-false-peanut-allergy/

🛎️ Booking.com Phishers May Leave You With Reservations cybercrime – A spear-phishing campaign targeting Booking.com users exploits stolen credentials from hotel partners, allowing scammers to send fraudulent messages. Booking.com is enhancing security measures, including mandatory 2FA, but threats persist as cybercriminals adapt. https://krebsonsecurity.com/2024/11/booking-com-phishers-may-leave-you-with-reservations/

Some More, For the Curious

👮‍♀️ Law Enforcement Deanonymizes Tor Users security news – German police have managed to deanonymize several Tor users by monitoring known relays and applying timing analysis, raising concerns about the effectiveness of Tor's anonymity. https://www.schneier.com/blog/archives/2024/10/law-enforcement-deanonymizes-tor-users.html

🔐 Five Eyes tell tech startups to take infosec seriously cyber defense – The Five Eyes nations have issued security principles for tech startups to combat threats like IP theft. They emphasize understanding risks, securing products, and managing partnerships as essential practices. https://www.theregister.com/2024/10/29/five_eyes_secure_innovation_campaign/

🦠 Fog and Akira ransomware attacks exploit SonicWall VPN flaw warning – Fog and Akira ransomware groups are exploiting a critical SonicWall VPN vulnerability (CVE-2024-40766) to breach corporate networks, emphasizing the need for urgent patching to mitigate risks. https://securityaffairs.com/170359/cyber-crime/fog-akira-ransomware-sonicwall-vpn-flaw.html

🔍 How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware cybercrime – U.S. prosecutors charged Maxim Rudometov for developing Redline malware, tracing him through opsec mistakes like using identifiable email and social accounts, leading to his arrest in Operation Magnus. https://techcrunch.com/2024/10/29/how-a-series-of-opsec-failures-led-us-authorities-to-the-alleged-developer-of-the-redline-password-stealing-malware/

🎛️ Writing a BugSleep C2 server and detecting its traffic with Snort security research – Researchers analyzed the BugSleep RAT, detailing its C2 protocol and methods for traffic detection using Snort. They implemented rules to identify and block its communications effectively. https://blog.talosintelligence.com/writing-a-bugsleep-c2-server/

👺 Here’s the paper no one read before declaring the demise of modern cryptography security news – Amidst alarmist claims about quantum computing threatening encryption, experts clarify that recent research does not break RSA or AES. Instead, it finds known vulnerabilities using quantum methods without significant advancements. https://arstechnica.com/information-technology/2024/10/the-sad-bizarre-tale-of-hype-fueling-fears-that-modern-cryptography-is-dead/

🔑 Hackers find 15,000 credentials by scanning for git configuration data breach – Sysdig discovered over 15,000 stolen cloud service credentials in an open AWS bucket, collected by the EMERALDWHALE operation targeting exposed git configurations for spam and phishing campaigns. https://cyberscoop.com/sysdig-git-credentials-cloud-service-emeraldwhale/

🔓 Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns security news – Chinese hackers have compromised 20 Canadian government networks in four years, targeting critical infrastructure and innovation sectors. The threat includes espionage, IP theft, and influence operations, as noted by Canada’s cyber agency. https://therecord.media/canada-20-government-agencies-hacked-china-last-four-years

❎ Colorado scrambles to change voting-system passwords after accidental leak data breach – The Colorado Department of State is urgently updating passwords after accidentally posting a spreadsheet with partial voting system passwords online. Officials assert there is no immediate security threat, but the GOP criticizes the handling of the incident. https://arstechnica.com/tech-policy/2024/10/colorado-scrambles-to-change-voting-system-passwords-after-accidental-leak/

🐱 Hack Nintendo's Alarmo to run code (cat pics)? Let's-a go! hacking write-up – Hacker GaryOderNichts exploited a vulnerability in Nintendo's Alarmo clock to run custom code, including displaying cat pictures. The hack utilized findings from researcher Naomi Smith and involved accessing the device's firmware. https://www.theregister.com/2024/11/01/hack_nintendos_alarmo/

🔓 Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack vulnerability – A critical zero-click vulnerability in Synology's default photo app allows attackers to steal data from millions of NAS devices without user interaction. Researchers warn this could lead to ransomware attacks and unauthorized access. https://www.wired.com/story/synology-zero-click-vulnerability/

🔑 An Okta login bug bypassed checking passwords on some long usernames vulnerability – A vulnerability in Okta allowed logins without password checks for usernames over 52 characters for three months. The issue has been fixed by switching the cryptographic algorithm used for cache keys. https://www.theverge.com/2024/11/1/24285874/okta-52-character-login-password-authentication-bypass

🚿 Chinese threat actors use Quad7 botnet in password-spray attacks cybercrime – Microsoft warns that Chinese threat actors are using the Quad7 botnet to conduct password-spray attacks, targeting SOHO devices and VPNs to steal credentials. The botnet exploits vulnerabilities in various routers to relay brute-force attacks. https://securityaffairs.com/170503/malware/quad7-botnet-used-by-chinese-threat-actors.html

🧰 BOFHound: AD CS Integration cyber defense – The BOFHound tool now supports parsing Active Directory Certificate Services (AD CS) objects for better attack path mapping in BloodHound. It allows for manual LDAP queries and enhances visibility into AD environments while maintaining stealth. https://posts.specterops.io/bofhound-ad-cs-integration-91b706bc7958

🔧 A Deeper Look at FortiJump (FortiManager CVE-2024-47575) vulnerability – CVE-2024-47575, known as FortiJump, is a critical vulnerability in FortiManager that allowed unauthorized access to devices due to missing authentication. Although the flaw has been patched, researchers warn about the potential for command injection exploits. https://bishopfox.com/blog/a-look-at-fortijump-cve-2024-47575

CISA Corner

🔒 Apple Releases Security Updates for Multiple Products security news – Apple has released critical security updates for various products to address vulnerabilities and enhance user protection. Users are encouraged to apply these updates promptly. https://www.cisa.gov/news-events/alerts/2024/10/29/apple-releases-security-updates-multiple-products 📧 Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments cybercrime – CISA reports a large-scale spear-phishing campaign targeting government and IT sectors using malicious RDP files. Organizations are urged to implement security measures like restricting RDP connections and enabling multi-factor authentication. https://www.cisa.gov/news-events/alerts/2024/10/31/foreign-threat-actor-conducting-large-scale-spear-phishing-campaign-rdp-attachments

⚠️ Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation vulnerability – Fortinet has revised its advisory for the critical FortiManager vulnerability (CVE-2024-47575), adding new workarounds and indicators of compromise. CISA urges users to apply updates and monitor for malicious activity. https://www.cisa.gov/news-events/alerts/2024/10/30/fortinet-updates-guidance-and-indicators-compromise-following-fortimanager-vulnerability

⚙️ CISA Releases Three Industrial Control Systems Advisories warning – CISA has issued three advisories addressing vulnerabilities in Siemens, Solar-Log, and Delta Electronics ICS devices, urging users to review them for security updates and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/29/cisa-releases-three-industrial-control-systems-advisories ⚙️ CISA Releases Four Industrial Control Systems Advisories warning – CISA has issued four advisories addressing vulnerabilities in Rockwell Automation and Mitsubishi Electric ICS products, urging users to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/31/cisa-releases-four-industrial-control-systems-advisories

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 43/2024

October 28, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

⏳ Sicherheit: Worauf du beim Kauf eines neuen Android-Smartphones achten solltest security news – Many Android manufacturers fail to provide timely security updates, often delaying patches for years, leaving users vulnerable to threats and privacy issues. https://www.kuketz-blog.de/sicherheit-worauf-du-beim-kauf-eines-neuen-android-smartphones-achten-solltest/

🔎 Watch: Inside the FBI’s Secret Phone Company security research – The FBI secretly operated Anom, a secure app used by criminals, revealing how law enforcement exploited its popularity to monitor organized crime without users' knowledge. https://www.404media.co/watch-inside-the-fbis-secret-phone-company/

🧨 Internet Archive was breached twice in a month security news – The Internet Archive faced two breaches within a month, exposing 31 million user records due to mishandled authentication tokens, raising serious concerns about their security practices. https://securityaffairs.com/170068/data-breach/internet-archive-second-data-breach.html

🔒 HM Surf macOS vuln potentially exploited by Adloader malware vulnerability – A macOS vulnerability (CVE-2024-44133) may allow malware like Adloader to exploit user privacy by accessing cameras and microphones. Apple users are urged to update their systems immediately. https://www.theregister.com/2024/10/21/microsoft_macos_hm_surf/

🚧 ICE's $2 Million Contract With a Spyware Vendor Is Under White House Review privacy – ICE's $2 million contract with Paragon Solutions for spyware is under review for compliance with Biden's executive order on spyware, raising concerns about privacy and civil liberties. https://www.wired.com/story/ice-paragon-contract-white-house-review/

👤 Meta brings back face scanning to combat scams and account hacking privacy – Meta reintroduces facial recognition on Facebook and Instagram to help users recover hacked accounts and fight scam ads impersonating celebrities, following privacy concerns that led to its earlier removal. https://www.theverge.com/2024/10/22/24276593/meta-facebook-instagram-facial-recognition-tools-test-celeb-bait

🚨 Samsung zero-day flaw actively exploited in the wild vulnerability – A Samsung zero-day vulnerability (CVE-2024-44068) is being actively exploited, allowing privilege escalation on vulnerable Android devices. Security updates were released in October 2024 to address the issue. https://securityaffairs.com/170119/security/samsung-zero-day-activey-exploited.html

😉 Google Online Security Blog: 5 new protections on Google Messages to help keep you safe security news – Google introduces five new security features in Google Messages aimed at enhancing user safety, including spam protection and improved verification for messages, to combat scams and protect privacy. https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html

📱 WhatsApp is making a massive change to the way it saves your contacts security news – WhatsApp introduces a built-in contact manager that allows users to save contacts within the app, independent of their smartphone’s address book, enhancing privacy and ease of use. https://www.theverge.com/2024/10/22/24276714/whatsapp-built-in-contacts-address-book

🚫 Googles Manifest V3: Ein Schlag für Werbeblocker und Nutzerrechte privacy – Google's Manifest V3 introduces changes that undermine ad blockers and user rights, raising concerns about online privacy and control over web experiences. https://www.kuketz-blog.de/googles-manifest-v3-ein-schlag-fuer-werbeblocker-und-nutzerrechte/

📍 The Global Surveillance Free-for-All in Mobile Ad Data privacy – A lawsuit highlights how mobile ad data enables tracking of individuals, including law enforcement officers, through services like Babel Street, raising significant privacy concerns amidst a growing data broker industry. https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/

🦺 Ransomware gang stoops to new low, targets prominent nonprofit for disabled people cybercrime – The Rhysida ransomware group has targeted Easterseals, a nonprofit for disabled individuals, demanding $1.3 million after accessing personal data of nearly 15,000 people in a cyberattack. https://therecord.media/easterseals-central-illinois-data-breach

💣 The EU Throws a Hand Grenade on Software Liability security news – The EU is introducing strict software liability laws to hold software makers accountable for defects, contrasting with the US approach, which is lagging due to lobbying and lack of political will. https://news.risky.biz/the-eu-throws-a-hand-grenade-on-software-liability/

💸 LinkedIn hit with $335 million fine for using member data for ad targeting without consent privacy – Ireland's Data Protection Commission fined LinkedIn €310 million for violating GDPR by using member data for ads without consent, marking one of the largest fines against a tech company for data misuse. https://therecord.media/linkedin-hit-with-335-million-fine-gdpr-ireland

🕵️‍♂️ HYPR is latest firm to reveal hiring of fraudulent IT worker overseas cybercrime – HYPR exposed an incident involving a fraudulent IT worker from a contracting agency, highlighting the need for enhanced vetting processes to prevent hiring scams amid rising concerns of fake remote employees. https://cyberscoop.com/hypr-hired-fraudulent-tech-worker-overseas/

🥽 How the ransomware attack at Change Healthcare went down: A timeline cybercrime – A ransomware attack on Change Healthcare in February 2024 led to a massive data breach affecting over 100 million people, revealing vulnerabilities in cybersecurity and prompting extensive investigations. https://techcrunch.com/2024/10/24/how-the-ransomware-attack-at-change-healthcare-went-down-a-timeline/

🔧 It Is Now Legal to Hack McFlurry Machines (and Medical Devices) to Fix Them security news – A new federal rule allows the circumvention of digital locks on McFlurry machines and medical devices for repair purposes, highlighting ongoing issues with manufacturer control over equipment and the need for further repair legislation. https://www.404media.co/it-is-now-legal-to-hack-mcflurry-machines-and-medical-devices-to-fix-them/

🤔 Prominent crypto critic says someone offered bribes to take down a blog post security news – Molly White, a crypto critic, reported being offered bribes to remove a post about a fraud case involving Roman Ziemian. After declining the bribe, she received a dubious DMCA takedown request from someone claiming to be a lawyer. https://techcrunch.com/2024/10/25/prominent-crypto-critic-says-someone-offered-bribes-to-take-down-a-blog-post/

Some More, For the Curious

🛡️ Update #1 Kritische Zero-Day Schwachstelle in FortiManager wird aktiv ausgenutzt – Update verfügbar warning – The article discusses CERT.at, Austria's Computer Emergency Response Team, focusing on its role in cybersecurity, incident response, and providing guidance to organizations on protecting against cyber threats. https://www.cert.at/de/warnungen/2024/10/kritische-zero-day-schwachstelle-in-fortimanager-wird-aktiv-ausgenutzt-update-verfugbar

💸 Stealers on the rise: Kral, AMOS, Vidar and ACR security research – Information stealers are proliferating, targeting credentials and cryptocurrency data, with methods ranging from malicious downloads to deceptive phishing tactics. Cybercriminals profit from these attacks, threatening privacy. https://securelist.com/kral-amos-vidar-acr-stealers/114237/

👻 Sneaky Ghostpulse malware loader hides inside PNG pixels security research – The Ghostpulse malware now extracts its payload from PNG image pixels, making detection harder. This evolution showcases increasing sophistication in cybercriminal tactics to evade security measures. https://www.theregister.com/2024/10/22/ghostpulse_malware_loader_png/

🛡️ Justice Department rule aims to curb the sale of Americans’ personal data overseas privacy – The Justice Department proposed regulations to restrict the sale of Americans' personal data to adversarial countries, enhancing privacy protections while imposing compliance requirements on companies. https://cyberscoop.com/justice-department-data-broker-regulation-china-russia-iran/

🙂‍↔️ No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer security research – Recent claims that China's quantum computer has cracked military-grade encryption are exaggerated. Experts affirm that modern cryptography remains secure for the foreseeable future. https://www.schneier.com/blog/archives/2024/10/no-the-chinese-have-not-broken-modern-encryption-systems-with-a-quantum-computer.html

🛠️ VMware fixes critical RCE, make-me-root bugs in vCenter – for the second time vulnerability – VMware has issued a second patch for critical vulnerabilities in vCenter Server that could allow remote code execution and privilege escalation, urging all users to update immediately. https://www.theregister.com/2024/10/22/vmware_rce_vcenter_bugs/

🍪 Threat Spotlight: WarmCookie/BadSpace malware – WarmCookie, a malware family active since April 2024, is used for initial access and persistence, enabling further malware deployment like CSharp-Streamer-RAT. Its distribution involves malspam and malvertising tactics. https://blog.talosintelligence.com/warmcookie-analysis/

😈 Lazarus APT steals cryptocurrency and user data via a decoy MOBA game security news – Lazarus APT uses a fake MOBA game to exploit a Google Chrome zero-day vulnerability, gaining access to victims' PCs. The group targets cryptocurrency and evolves its tactics with sophisticated social engineering. https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/

👋 Meet ZachXBT, the Masked Vigilante Tracking Down Billions in Crypto Scams and Thefts security news – ZachXBT, an anonymous crypto investigator, has traced billions in stolen funds, including a recent $243 million Bitcoin theft, leading to arrests of the alleged hackers and advocating for justice for victims. https://www.wired.com/story/meet-zachxbt-243-million-crypto-theft/

🌍 Removal of Russian coders spurs debate about Linux kernel’s politics security news – The Linux kernel's maintainer removed Russian developers from the MAINTAINERS file due to compliance with US sanctions, sparking debate over the intersection of open source and international politics. https://arstechnica.com/information-technology/2024/10/russian-coders-removed-from-linux-maintainers-list-due-to-sanction-concerns/

CISA Corner

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-9537, a ScienceLogic SL1 vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting the need for federal agencies to address active threats promptly. https://www.cisa.gov/news-events/alerts/2024/10/21/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-38094, a Microsoft SharePoint deserialization vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting its risks to federal networks and the need for remediation. https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-47575, a missing authentication vulnerability in Fortinet FortiManager, to its Known Exploited Vulnerabilities Catalog, urging users to apply patches to mitigate risks. https://www.cisa.gov/news-events/alerts/2024/10/23/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has included CVE-2024-20481 (Cisco ASA and FTD DoS vulnerability) and CVE-2024-37383 (RoundCube Webmail XSS vulnerability) in its Known Exploited Vulnerabilities Catalog due to active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-adds-two-known-exploited-vulnerabilities-catalog

⚙️ ICONICS and Mitsubishi Electric Products vulnerability – A vulnerability (CVE-2024-7587) in ICONICS and Mitsubishi Electric products allows for potential data disclosure and tampering due to incorrect default permissions. Users are urged to update to mitigate risks. https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01 ⚙️ CISA Releases Four Industrial Control Systems Advisories vulnerability – CISA issued four ICS advisories addressing security vulnerabilities in various systems, VIMESA VHF/FM, iniNet Spider Control, Deep Sea Electronics, OMNET Proteus https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-releases-four-industrial-control-systems-advisories

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 42/2024

October 21, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

🤖 Chatbot Traps: How to Avoid Job Scams cybercrime – Job seekers are at risk from AI-driven scams that produce convincing fake job offers and impersonate real companies. Stay alert and cautious when engaging with online recruiters. https://connect.geant.org/2024/10/14/chatbot-traps-how-to-avoid-job-scams

📦 WordPress Jetpack plugin critical flaw impacts 27 million sites vulnerability – A critical flaw in the Jetpack plugin allowed logged-in users to access others' form submissions. An update has been issued, but caution is advised. https://securityaffairs.com/169848/uncategorized/wordpress-jetpack-plugin-critical-flaw.html

🦟 Hackers reportedly impersonate cyber firm ESET to target organizations in Israel cybercrime – Hackers impersonating ESET have targeted Israeli organizations with phishing emails containing wiper malware. ESET denies any compromise of its systems and is investigating the incident. https://therecord.media/hackers-impersonate-eset-wiper-malware

🏨 New Telekopye Scam Toolkit Targeting Booking.com and Airbnb Users cybercrime – ESET Research uncovers the Telekopye scam network, exploiting compromised accounts on Booking.com and Airbnb to create phishing pages that steal personal and payment information from travelers. https://hackread.com/telekopye-scam-toolkit-hit-booking-com-airbnb-users/

🗃️ Cyberangriff auf Internet Archive offenbar von russischen Hackern durchgeführt security news – Die russische Hackergruppe SN_BLACKMETA gestand, das Internet Archive durch DDoS-Angriffe angegriffen zu haben, um auf die Situation in Gaza aufmerksam zu machen. https://www.heise.de/news/Cyberangriff-auf-Internet-Archive-offenbar-von-russischen-Hackern-durchgefuehrt-9983833.html

😤 The biggest data breaches in 2024: 1 billion stolen records and rising security news – 2024 has seen over 1 billion records stolen in significant data breaches affecting multiple companies. https://techcrunch.com/2024/10/14/2024-in-data-breaches-1-billion-stolen-records-and-rising/

🎮 Pokemon dev Game Freak discloses data breach data breach – Game Freak confirmed a cyberattack in August resulted in leaked source code and designs for unpublished Pokémon games, affecting the personal data of 2,606 individuals. https://securityaffairs.com/169817/data-breach/game-freak-data-breach.html

👮 This AI Tool Helped Convict People of Murder. Then Someone Took a Closer Look security news – WIRED's investigation reveals that Global Intelligence's Cybercheck tool, used in criminal cases, often produces unverified and inaccurate geolocation data, raising concerns about its reliability in court. https://www.wired.com/story/cybercheck-crime-reports-prosecutions/

🔑 Password manager makers want to let you securely transfer passkeys security news – The FIDO Alliance has introduced draft specifications for securely transferring passkeys between password managers, addressing a significant gap in credential management. https://www.theverge.com/2024/10/15/24270875/password-manager-makers-transfer-passkeys-fido-alliance

🚔 Sweden, Finland partner to take down Sipulitie criminal marketplace cybercrime – Swedish and Finnish law enforcement shut down the Sipulitie marketplace, a Tor-based site for selling narcotics, seizing its servers and disrupting criminal activities in Scandinavia. https://therecord.media/sweden-filand-take-down-sipulitie-criminal-marketplace

🏥 Nearly 400 US healthcare institutions hit with ransomware over last year, Microsoft says security news – Microsoft's report reveals that 389 U.S. healthcare institutions faced ransomware attacks in the past year, with increased coordination among nation-states and cybercriminals. Social engineering remains a prevalent access method. https://therecord.media/ransomware-healthcare-microsoft-last-year

📱 From QR to compromise: The growing “quishing” threat security news – Sophos reports on the rise of 'quishing' attacks, where QR codes in PDF attachments are used to phish corporate credentials, highlighting vulnerabilities in mobile security. https://news.sophos.com/en-us/2024/10/16/quishing/

📍 Here’s how attackers are getting around phishing defenses security news – Hackers are bypassing phishing defenses by manipulating natural language processing (NLP) tools with benign text and links, allowing malicious emails to evade detection, according to Egress research. https://cyberscoop.com/email-natural-language-obfuscation-phishing-egress/

🚗 Volkswagen checking ransomware data threat from 8Base data breach – The 8Base ransomware group claims to have stolen confidential Volkswagen files and is threatening to release them, but Volkswagen reports no impact on its IT infrastructure and is monitoring the situation. https://www.theregister.com/2024/10/16/volkswagen_ransomware_data_loss/

⚖️ French government uses biased algorithm to detect welfare fraud, rights groups say privacy – Amnesty International and 14 organizations have filed a complaint against France's CNAF, alleging its discriminatory algorithm unfairly targets low-income and marginalized welfare recipients for fraud detection. https://therecord.media/french-government-biased-algorithm-welfare

💻 Casio says 'no prospect of recovery yet' after ransomware attack cybercrime – Casio reports ongoing issues nearly two weeks after a ransomware attack, with many systems still down and shipping affected. https://techcrunch.com/2024/10/17/casio-says-no-prospect-of-recovery-yet-after-ransomware-attack/

🔓 Brazilian police arrested the hacker who stole everyone’s SSN cybercrime – Brazilian police arrested a hacker responsible for a breach exposing 2.9 billion records, including 270 million Social Security numbers. https://www.theverge.com/2024/10/17/24272271/brazilian-police-usdod-hacker-arrest-national-public-data

🛡️ Google Chrome’s uBlock Origin Purge Has Begun privacy – Google is implementing new Chrome extension standards that will disable the legacy version of uBlock Origin, pushing users to switch to uBlock Origin Lite, which offers reduced ad-blocking capabilities. https://www.wired.com/story/google-chrome-ublock-origin-extension/

🧬 23andMe faces an uncertain future — so does your genetic data security news – Following a data breach and financial struggles, 23andMe's future is uncertain, raising concerns about the privacy of its 15 million customers' genetic data. https://techcrunch.com/2024/10/19/23andme-faces-an-uncertain-future-so-does-your-genetic-data/

Some More, For the Curious

🔍 DORA-Kernkonzepte verstehen: Fokus auf “Kritische oder wichtige Funktionen” security news – DORA legt einen umfassenden Rahmen für das IKT-Risikomanagement fest, um digitale operative Widerstandsfähigkeit zu gewährleisten, indem kritische Funktionen identifiziert und verwaltet werden. https://sec-consult.com/de/blog/detail/dora-core-concepts-critical-or-important-functions-in-focus/

🐱‍Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack) security research – The Meow attack targets unsecured databases like Elasticsearch and MongoDB, corrupting data for fun rather than profit. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/feline-hackers-among-us-a-deep-dive-and-simulation-of-the-meow-attack/

🪩 Perfectl Malware malware – The Perfctl malware, discovered by Aqua Security, exploits over 20,000 misconfigurations and a critical Apache vulnerability to stealthily mine cryptocurrency and create persistent backdoors on infected systems. https://www.schneier.com/blog/archives/2024/10/perfectl-malware.html

📱 Trump campaign gets 'unhackable' phones security news – The Trump campaign is using 'unhackable' phones and computers from Green Hills Software, aiming to prevent data breaches ahead of the election, despite skepticism about the absolute security claims. https://www.theregister.com/2024/10/14/trump_unhackable_phones/

🦠 Expanding the Investigation: Deep Dive into Latest TrickMo Samples malware – New variants of the TrickMo banking Trojan utilize advanced evasion techniques and can steal unlock patterns, posing significant threats to user data and financial security. https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples/

🛰️ How satellites are pushing security innovation at Amazon security research – Amazon integrates security into its culture and development processes, particularly in Project Kuiper, which aims to provide secure satellite-based internet with robust encryption and key management. https://cyberscoop.com/amazon-cybersecurity-culture-project-kuiper/

🪫 Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds security research – A report from Secure Code Warrior reveals that training developers in secure-by-design practices can reduce software vulnerabilities by over 50%. https://cyberscoop.com/secure-by-design-return-investment-code-warrior/

🛜 Cisco confirms ongoing probe into alleged data breach data breach – Cisco is investigating claims of a data breach involving sensitive files allegedly stolen and sold by cybercriminals, with no evidence found yet of impacted systems. Law enforcement is involved. https://www.theregister.com/2024/10/15/cisco_confirm_ongoing_investigation/

🎁 Tinkerers Are Taking Old Redbox Kiosks Home and Reverse Engineering Them security news – Following Redbox's bankruptcy, enthusiasts are acquiring abandoned kiosks to reverse engineer their operating systems, even running games like Doom on them, while also liberating DVDs from the machines. https://www.404media.co/tinkerers-are-taking-old-redbox-kiosks-home-and-reverse-engineering-them/

🔧 VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX vulnerability – VMware has addressed a high-severity SQL injection vulnerability (CVE-2024-38814) in its HCX platform, allowing non-admin users to execute remote code. Updates are available for affected versions. https://securityaffairs.com/169904/security/vmware-sql-injection-flaw-cve-2024-38814.html

🔒 What I’ve learned in my first 7-ish years in cybersecurity security news – After nearly seven years in cybersecurity at Cisco Talos, the author reflects on their journey from journalism to tech, emphasizing the importance of asking questions, collaboration, and the evolving nature of threats. https://blog.talosintelligence.com/threat-source-newsletter-oct-17-2024/

🔒 F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP vulnerability – F5 has patched a high-severity elevation of privilege vulnerability (CVE-2024-45844) in BIG-IP and a medium-severity XSS flaw (CVE-2024-47139) in BIG-IQ, urging organizations to restrict access to mitigate risks. https://securityaffairs.com/170022/security/f5-patches-big-ip-elevation-of-privilege-bug.html

🐍 Open source LLM tool primed to sniff out Python zero-days security research – Protect AI is launching Vulnhuntr, an open-source tool that uses AI to identify zero-day vulnerabilities in Python code, marking a significant advancement in vulnerability detection. https://www.theregister.com/2024/10/20/python_zero_day_tool/

CISA Corner

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its KEV Catalog, including critical issues in Microsoft Windows, Mozilla Firefox, and SolarWinds, emphasizing the need for federal agencies to remediate them promptly. https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-40711, a deserialization vulnerability in Veeam Backup and Replication, to its KEV Catalog, emphasizing the need for federal agencies to remediate it promptly. https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-adds-one-known-exploited-vulnerability-catalog

⚠️ Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations warning – A joint advisory warns of Iranian cyber actors using brute force and credential access techniques to target U.S. critical infrastructure sectors, emphasizing the need for enhanced cybersecurity measures and vigilance. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-290a

⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA issued two advisories on October 15, 2024, addressing vulnerabilities in Siemens Siveillance Video Cameras and Schneider Electric Data Center Expert, urging users to review for mitigations. https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-releases-two-industrial-control-systems-advisories ⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA has issued seven advisories detailing vulnerabilities in industrial control systems, urging users to review them for security measures and updates. https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-releases-seven-industrial-control-systems-advisories

📜 Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM) security news – CISA has released a guidance document on Software Bill of Materials (SBOM), outlining key concepts and processes for representing software components, aimed at promoting adoption and transparency. https://www.cisa.gov/news-events/alerts/2024/10/15/guidance-framing-software-component-transparency-establishing-common-software-bill-materials-sbom

🩹 Oracle Releases Quarterly Critical Patch Update Advisory for October 2024 security news – Oracle's October 2024 Critical Patch Update Advisory addresses vulnerabilities in various products, some of which could allow cyber attackers to gain control of affected systems. Users are urged to apply updates. https://www.cisa.gov/news-events/alerts/2024/10/17/oracle-releases-quarterly-critical-patch-update-advisory-october-2024

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 41/2024

October 15, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

Highlight

💳 So stehlen Kriminelle mit gefälschten FinanzOnline-Benachrichtigungen Ihre Bankomatkarte cybercrime – Kriminelle nutzen gefälschte Onlinebanking-Seiten, um Bankdaten zu stehlen. Nutzer erhalten betrügerische Benachrichtigungen über Kartensperrungen und sollen ihre alte Karte zurücksenden. https://www.watchlist-internet.at/news/so-stehlen-kriminelle-kartenwechsel-scam/

News For All

🤖 Your robot vacuum cleaner might be spying on you privacy – A security flaw in Ecovacs robot vacuums allows remote access to cameras and microphones, exposing users to privacy risks. Updates are coming, but not soon enough for some customers. https://www.bitdefender.com/en-us/blog/hotforsecurity/your-robot-vacuum-cleaner-might-be-spying-on-you/

🤔 Cops often hush up use of facial recognition tools privacy – U.S. police frequently use facial recognition technology without disclosing it to suspects, leading to wrongful arrests. This raises concerns about privacy and accountability in law enforcement practices. https://www.theregister.com/2024/10/07/cops_love_facial_recognition_and/

🔒 Google brings better bricking to Androids, to curtail crims security news – Google is rolling out features to enhance Android security, making it harder for thieves to profit from stolen phones by requiring credentials for factory resets and biometric verification for sensitive actions. https://www.theregister.com/2024/10/08/google_android_security/

⚖️ Twitter Acts Fast on Nonconsensual Nudity If It Thinks It’s a Copyright Violation privacy – A study reveals Twitter removes nonconsensual nude images quickly if reported for copyright violations but delays action on similar reports for nonconsensual content, highlighting legal gaps. https://www.404media.co/twitter-acts-fast-on-nonconsensual-nudity-if-it-thinks-its-a-copyright-violation/

🔄 What Google’s U-Turn on Third-Party Cookies Means for Chrome Privacy privacy – Google paused its plans to eliminate third-party cookies in Chrome, citing backlash from various stakeholders. Critics argue this compromises user privacy while Google emphasizes user choice in tracking. https://www.wired.com/story/google-chrome-third-party-cookies-privacy-rollback/

🔍 Credit monitoring and supply chain risk company hacked data breach – CreditRiskMonitor reported a data breach where sensitive employee information was stolen, though customer data remained unaffected. The company is offering impacted individuals 24 months of free credit monitoring. https://cyberscoop.com/credit-risk-monitor-cyber-crmz-ransomware/

📱 Don’t use iPhone Mirroring at work, experts warn privacy – Experts warn against using iPhone Mirroring at work due to privacy risks, as it can expose personal app data to employers. Apple is aware and working on a fix. https://www.theregister.com/2024/10/08/iphone_mirroring_at_work/

📚 The Editors Protecting Wikipedia from AI Hoaxes security news – Wikipedia editors have launched WikiProject AI Cleanup to address the rise of unsourced, poorly-written AI-generated content on the platform, aiming to preserve the quality of information. https://www.404media.co/the-editors-protecting-wikipedia-from-ai-hoaxes/

💉 Trinity ransomware targets healthcare orgs cybercrime – Trinity ransomware has infected at least one U.S. healthcare provider, employing double extortion tactics. Experts warn healthcare organizations to enhance security measures against such attacks. https://www.theregister.com/2024/10/09/trinity_ransomware_targets_healthcare_orgs/

🔑 How to use Apple’s new Passwords app on iOS and macOS security news – Apple's new Passwords app replaces previous password management methods, allowing users to store and manage passwords, passkeys, and Wi-Fi credentials across devices. It offers autofill, sharing, and security alerts. https://www.theverge.com/24264400/passwords-apple-ios-macos-how-to

📉 National Public Data files for bankruptcy after info leak security news – National Public Data filed for bankruptcy after a massive data breach affecting potentially hundreds of millions. The company faces multiple lawsuits and regulatory challenges following the incident. https://www.theregister.com/2024/10/09/national_public_data_bankrupt/

🔒 The Internet Archive is under attack, with a breach revealing info for 31 million accounts data breach – The Internet Archive confirmed a breach exposing data for 31 million accounts, including email addresses and hashed passwords. The site also faced a DDoS attack following the incident. https://www.theverge.com/2024/10/9/24266419/internet-archive-ddos-attack-pop-up-message

📱 How Telegram Turbocharges Organised Crime cybercrime – A UN report highlights Telegram's role in facilitating organized crime, including cyber fraud, money laundering, and criminal marketplaces, emphasizing the need for stricter regulations to combat these activities. https://news.risky.biz/how-telegram-turbocharges-organised-crime/

⚠️ Mozilla issued an urgent Firefox update to fix actively exploited flaw vulnerability – Mozilla released an urgent update for Firefox to fix a critical use-after-free vulnerability (CVE-2024-9680) actively exploited in attacks, urging users to upgrade immediately. https://securityaffairs.com/169590/security/mozilla-firefox-actively-exploited-flaw.html

🛡️ Blue Team, Red Team, and Purple Team: An Overview security news – This article discusses the roles of Blue, Red, and Purple Teams in cybersecurity, highlighting defensive operations, adversarial simulations, and collaborative efforts to enhance security measures. https://www.blackhillsinfosec.com/red-blue-and-purple-teams/

😷 14,000 medical devices are online, unsecured and vulnerable security research – A report reveals over 14,000 exposed medical devices globally, with nearly half in the U.S. Many lack basic security measures, making them prime targets for cybercriminals amid increasing healthcare attacks. https://cyberscoop.com/medical-devices-online-health-censys/

🐖 Pig Butchering Scams Are Going High Tech cybercrime – The UNODC reports a surge in high-tech 'pig butchering' scams in Southeast Asia, utilizing generative AI and deepfakes to enhance fraud. These scams, alongside cryptocurrency drainers, are increasingly sophisticated and pose significant challenges for law enforcement. https://www.wired.com/story/pig-butchering-scams-go-high-tech/

⛓️‍💥 'Chat control': The EU's controversial CSAM-scanning legal proposal explained privacy – The EU's proposed legislation to combat child sexual abuse material (CSAM) threatens user privacy by mandating scanning of private communications on messaging apps, raising concerns about encryption and mass surveillance. https://techcrunch.com/2024/10/12/chat-control-the-eus-controversial-csam-scanning-legal-proposal-explained/

🔒 How to Stop Your Data From Being Used to Train AI privacy – As generative AI increasingly utilizes online data, users can take steps to opt out of having their content used for training. The article outlines various platforms and methods to help protect personal data from being scraped. https://www.wired.com/story/how-to-stop-your-data-from-being-used-to-train-ai/

⚠️ Magenta ID wurde deaktiviert: Vorsicht vor täuschend echter Phishing-Mail warning – Eine täuschend echte Phishing-Mail mit dem Betreff „Aktion erforderlich: Reaktivierung Ihrer Magenta ID“ fordert zur Aktivierung einer nicht existierenden ID auf. Drei Hinweise entlarven die Betrugsmasche. https://futurezone.at/digital-life/magenta-id-wurde-deaktiviert-mail-phishing-rechnung-hinweise-betrug-warnung/402960708

Some More, For the Curious

🎉 Kyiv's hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin's birthday security news – Ukrainian hackers reportedly disrupted VGTRK operations, wiping servers and backups on Putin's birthday, amid ongoing cyber conflict between Russia and Ukraine. https://securityaffairs.com/169486/cyber-warfare-2/kyivs-hackers-hit-russian-state-media.html

🧓 The 30-year-old internet backdoor law that came back to bite security news – Chinese hackers compromised U.S. telecom wiretap systems, highlighting risks of backdoor laws like CALEA, which mandate access to customer data but create vulnerabilities for abuse. https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite/

💰 MoneyGram says hackers stole customers' personal information and transaction data data breach – MoneyGram confirmed a cyberattack resulted in the theft of customers' personal and transaction data, affecting names, addresses, and some Social Security numbers. Investigation is ongoing. https://techcrunch.com/2024/10/07/moneygram-says-hackers-stole-customers-personal-information-and-transaction-data/

🗃️ ADT says hacker stole encrypted internal employee data after compromising business partner security news – ADT reported a breach where a hacker accessed its network through a compromised third-party partner, stealing encrypted employee data. No customer information was believed to be affected. https://therecord.media/adt-hacker-stole-encrypted-data-after-breaching-third-party

🛡️ Following the Trail of Flax Typhoon to Uncover Newly Discovered Vulnerabilities in Linear Emerge Access Control Devices security research – A vulnerability, CVE-2024-9441, affects Linear Emerge E3 series devices and is unpatched, raising concerns of imminent exploitation. Organizations are urged to isolate affected devices. https://vulncheck.com/blog/flax-typhoon-linear-merge

🔧 Zero Day Initiative — The October 2024 Security Update Review security news – Adobe and Microsoft released significant security updates in October 2024, addressing numerous vulnerabilities including critical code execution bugs. Users are urged to promptly apply patches to mitigate risks. https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review

🚫 Russia and Turkey ban Discord messaging app security news – Russia and Turkey have blocked Discord, citing non-compliance with local laws and misuse for illegal activities. The bans have sparked backlash, highlighting the platform's importance for communication. https://therecord.media/discord-messaging-app-banned-russia-turkey

🔍 Two never-before-seen tools, from same group, infect air-gapped devices security research – Researchers discovered two sophisticated toolsets used by a suspected Russian hacking group to compromise air-gapped devices for data theft, highlighting their evolving capabilities and modular design. https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/

⌨️ Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips vulnerability – Qualcomm confirmed hackers exploited a zero-day vulnerability (CVE-2024-43047) in its chipsets used in Android devices, with indications of targeted exploitation. Fixes have been made available to device manufacturers. https://techcrunch.com/2024/10/09/hackers-were-targeting-android-users-with-qualcomm-zero-day/

🌐 OpenAI says it has disrupted 20-plus foreign influence networks in past year security news – OpenAI disrupted over 20 foreign influence operations using its AI tools to manipulate political sentiments and elections. The report highlights ongoing threats from nations like Russia and Iran. https://cyberscoop.com/openai-threat-report-foreign-influence-generative-ai/

🚔 Dutch cops reveal takedown of 'largest dark web market' cybercrime – Dutch police arrested the alleged administrators of Bohemia and Cannabia, the largest dark web marketplaces, which processed €12 million monthly. The operators attempted an exit scam after becoming aware of the investigation. https://www.theregister.com/2024/10/10/cannabia_bohemia_darkweb_market_investigation/

🪙 FBI created a crypto token so it could watch it being abused security news – The FBI developed its own cryptocurrency, NexFundAI, to monitor fraudulent activities in the crypto market, leading to arrests in three countries for alleged wash trading and manipulation schemes. https://www.theregister.com/2024/10/11/fbi_nexfundai_crypto_fraud_sting/

🔧 GitLab fixed a critical flaw that could allow arbitrary CI vulnerability – GitLab patched a critical vulnerability (CVE-2024-9164) that allowed unauthorized CI/CD pipeline execution. The update also addressed several high and medium severity issues in both Community and Enterprise Editions. https://securityaffairs.com/169671/security/gitlab-fixed-critical-flaw-cve-2024-9164.html

📦 Malicious packages in open-source repositories are surging security research – A report by Sonatype reveals a 150% increase in malicious packages in open-source repositories over the past year, highlighting security vulnerabilities and the slow response to patching them. https://cyberscoop.com/open-source-security-supply-chain-sonatype/

💻 Ransomware operators exploited Veeam Backup & Replication flaw CVE vulnerability – Ransomware operators are exploiting the critical CVE-2024-40711 vulnerability in Veeam Backup & Replication to deploy malware and create rogue accounts. Sophos warns of attacks leveraging compromised credentials and outdated VPNs. https://securityaffairs.com/169679/cyber-crime/ransomware-groups-exploit-veeam-backup-replication-bug.html

📁 File hosting services misused for identity phishing security research – Microsoft reports that ransomware operators are exploiting legitimate file hosting services to conduct phishing attacks, using tactics to evade detection and compromise user identities, leading to business email compromise (BEC) attacks. https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/

CISA Corner

🚨 Avoid Scams After Disaster Strikes warning – CISA warns of increased cyber scams following natural disasters, urging caution with emails and social media related to hurricanes. Verify information from trusted sources before responding. https://www.cisa.gov/news-events/alerts/2024/10/08/avoid-scams-after-disaster-strikes

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has included three vulnerabilities in its Known Exploited Vulnerabilities Catalog, highlighting risks from active exploitation. Agencies are required to remediate these vulnerabilities to protect federal networks. https://www.cisa.gov/news-events/alerts/2024/10/08/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting risks from active exploitation in Fortinet and Ivanti products. Federal agencies must remediate these vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/10/09/cisa-adds-three-known-exploited-vulnerabilities-catalog

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub