cyberlights โ week 02/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
Highlight
๐ Schwerwiegende Sicherheitslรผcken in Sonicwall SSL-VPN โ aktiv ausgenutzt warning https://www.cert.at/de/warnungen/2025/1/schwewiegende-sicherheitslucken-in-sonicwall-ssl-vpn-aktiv-ausgenutzt
News For All
๐ต๏ธโโ๏ธ Privacy of Photos.appโs Enhanced Visual Search privacy โ Apple's Enhanced Visual Search feature, enabled by default, allows photo data to be matched with a global index, raising privacy concerns about data transmission and user consent. https://mjtsai.com/blog/2025/01/01/privacy-of-photos-apps-enhanced-visual-search/
๐ Telegram Hands U.S. Authorities Data on Thousands of Users privacy โ Telegram provided U.S. authorities with data on over 2,200 users in 2024, marking a significant increase in data requests after its CEO was arrested. https://www.404media.co/telegram-hands-u-s-authorities-data-on-thousands-of-users/
๐งฌ Widely used DNA sequencer still doesnโt enforce Secure Boot vulnerability โ The Illumina iSeq 100 DNA sequencer lacks Secure Boot enforcement, exposing it to firmware attacks. Researchers warn this vulnerability could be exploited by threat actors in sensitive environments. https://arstechnica.com/security/2025/01/widely-used-dna-sequencer-still-doesnt-enforce-secure-boot/
๐ชฝ UN aviation agency โinvestigatingโ security breach after hacker claims theft of personal data data breach โ The ICAO is investigating a security breach after a hacker claimed to have stolen 42,000 documents containing personal data, including names and contact details of individuals. https://techcrunch.com/2025/01/07/un-aviation-agency-investigating-security-breach-after-hacker-claims-theft-of-personal-data/
๐ Android patches several vulnerabilities in first security update of 2025 security news โ Android's first security update of 2025 addresses critical RCE vulnerabilities that could allow attackers to execute code without privileges. Users are urged to apply patches to protect their devices. https://cyberscoop.com/android-security-update-january-2025/
๐The leaked GTA San Andreas source code is apparently fake and contains ransomware, so please don't download it malware โ The purported GTA: San Andreas source code leak is fake and harbors ransomware from a new group called Rhysida. https://www.gamesradar.com/games/grand-theft-auto/the-leaked-gta-san-andreas-source-code-is-apparently-fake-and-contains-ransomware-so-please-dont-download-it/
๐น License Plate Readers Are Leaking Real-Time Video Feeds and Vehicle Data security research โ Misconfigured ALPR systems from Motorola are exposing live video feeds and sensitive vehicle data online, raising serious privacy concerns. Over 150 cameras have leaked information due to security flaws. https://www.wired.com/story/license-plate-reader-live-video-data-exposed/
๐ฃ๏ธ Meta replaces fact-checking with community notes post โCultural Tipping Pointโ security news โ Meta is shifting from its fact-checking program to a community notes system, emphasizing free speech and reducing censorship. This change aims to simplify policies and enhance user involvement in moderation. https://securityaffairs.com/172793/social-networks/meta-replaces-fact-checking.html
๐ Data of more than 8,500 customers breached on Green Bay Packers shopping website data breach โ The Green Bay Packers reported a breach affecting 8,514 customers due to malicious code on their Pro Shop website, compromising payment information. Affected individuals will receive credit monitoring services. https://therecord.media/green-bay-packers-online-store-data-breach
๐ Hereโs how hucksters are manipulating Google to promote shady Chrome extensions cybercrime โ Developers are violating Chrome Web Store policies by using keyword stuffing techniques, including hidden translations, to manipulate search results for extensions. This leads to unrelated or potentially harmful extensions appearing in searches. https://arstechnica.com/security/2025/01/googles-chrome-web-store-has-a-serious-spam-problem-promoting-shady-extensions/
๐ณ Apple says Siri isnโt sending your conversations to advertisers privacy โ Apple denies claims that Siri recordings are used for advertising, stating it has never built marketing profiles from Siri data. This follows a settlement over privacy concerns related to Siri interactions. https://www.theverge.com/2025/1/8/24337477/apple-responds-rumors-siri-advertising-privacy-lawsuit
๐ป Space Bears Ransomware: What You Need To Know cybercrime โ Space Bears is a new ransomware group known for its corporate-like image and ransom tactics. Operating from Moscow, they steal data, encrypt systems, and demand payment, offering post-transaction guarantees. https://www.tripwire.com/state-of-security/space-bears-ransomware-what-you-need-know
๐ Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location data breach โ A hack of Gravy Analytics exposed thousands of apps, including popular ones like Candy Crush and Tinder, used to collect sensitive location data without user knowledge, raising serious privacy concerns. https://www.wired.com/story/gravy-location-data-app-leak-rtb/
๐ PowerSchool data breach leaks info of students and staff at schools across the US data breach โ A data breach at PowerSchool has potentially exposed sensitive information of students and staff, including names, addresses, and Social Security numbers. The company has paid a ransom and claims the data is deleted. https://www.theverge.com/2025/1/10/24340556/powerschool-sis-data-breach-leak-student-data-us-canada-schools
๐ป Slovakiaโs land registry hit by biggest cyberattack in countryโs history, minister says security news โ Slovakia's land registry suffered its largest cyberattack, disrupting property transactions and essential services. The attack, believed to be ransomware, has paralyzed real estate markets and is linked to rising tensions with Ukraine. https://therecord.media/slovakia-registry-cyberattack-land-agriculture
๐ธ A novel PayPal phishing campaign hijacks accounts cybercrime โ Fortinet warns of a phishing campaign targeting PayPal users by using legitimate links to trick victims into granting unauthorized access, potentially compromising their accounts. https://securityaffairs.com/172935/cyber-crime/paypal-phishing-campaign-hijacks-accounts.html
๐ฆ How Cracks and Installers Bring Malware to Your Device security research โ Attackers exploit platforms like YouTube to distribute fake installers, using reputable file hosting services and encryption to evade detection. This malware collects sensitive browser data, highlighting the risks of downloading fraudulent software. https://www.trendmicro.com/en_us/research/25/a/how-cracks-and-installers-bring-malware-to-your-device.html
Some More, For the Curious
๐ฃ New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages cybercrime โ Cybercriminals have developed PhishWP, a WordPress plugin that creates fake payment pages to steal sensitive data like credit card info. It sends stolen data directly to attackers via Telegram. https://hackread.com/phishwp-plugin-russian-hacker-forum-phishing-sites/
โ ๏ธ MediaTek says โHappy New Yearโ with critical RCE, other bugs vulnerability โ MediaTek disclosed critical vulnerabilities, including a severe RCE bug in 51 chipsets that could be exploited via attacker-controlled base stations. Device manufacturers were notified and patches are expected. https://www.theregister.com/2025/01/06/mediatek_chipset_vulnerabilities/
๐ญ Industrial networking manufacturer Moxa reports โcriticalโ router bugs vulnerability โ Moxa's cellular and secure routers have critical vulnerabilities allowing privilege escalation and command execution. Users are urged to apply patches or limit network exposure to mitigate risks. https://cyberscoop.com/industrial-networking-manufacturer-moxa-reports-critical-router-bugs/
๐ก Three more telcos reportedly join China Salt Typhoon victims security news โ Charter, Consolidated, and Windstream are the latest telecom companies confirmed as victims of the Salt Typhoon cyberattack, attributed to Chinese government espionage efforts targeting U.S. networks. https://www.theregister.com/2025/01/06/charter_consolidated_windstream_salt_typhoon/
๐ CISA says 'no indication' of wider government hack beyond Treasury security news โ CISA reports no evidence of other U.S. federal agencies being hacked in the December cyberattack on the Treasury, attributed to Chinese government-backed hackers accessing employee workstations. https://techcrunch.com/2025/01/06/cisa-says-no-indication-of-wider-government-hack-beyond-treasury/
๐ก๏ธ US adds Tencent to the list of companies supporting Chinese military๏ฟผ security news โ The U.S. Department of Defense has listed Tencent among companies supporting the Chinese military, citing concerns over its technologies' dual-use potential. Tencent plans to appeal, claiming the inclusion is an error. https://securityaffairs.com/172765/security/us-adds-tencent-list-of-companies-supporting-chinese-military.html
๐ฆ Gayfemboy Botnet targets Four-Faith router vulnerability cybercrime โ The Gayfemboy botnet, a variant of Mirai, exploits vulnerabilities in Four-Faith routers and other devices to conduct DDoS attacks, with over 15,000 active nodes targeting global entities since late 2024. https://securityaffairs.com/172805/malware/gayfemboy-mirai-botnet-four-faith-flaw.html
๐ชข Ukrainian Cyber Alliance destroyed the connectivity of Russian ISP Nodex security news โ The Ukrainian Cyber Alliance hacked Russian ISP Nodex, stealing sensitive data and disrupting connectivity. The ISP confirmed the attack and is working to restore its systems. https://securityaffairs.com/172864/hacktivism/ukrainian-cyber-alliance-destroyed-russian-isp-nodex.html
๐ฐ Facebook awards researcher $100,000 for finding bug that granted internal access security news โ Ben Sadeghipour discovered a vulnerability in Facebook's ad platform that allowed him to run commands on an internal server. Meta awarded him $100,000 for reporting the issue, which was fixed quickly. https://techcrunch.com/2025/01/09/facebook-awards-researcher-100000-for-finding-bug-that-granted-internal-access/
๐ฑ๏ธ Researchers disclosed details of a now-patched Samsung zero-click flaw vulnerability โ Google Project Zero revealed a now-patched zero-click vulnerability (CVE-2024-49415) in Samsung devices that allowed remote code execution via audio messages, affecting Galaxy S23 and S24 models. https://securityaffairs.com/172909/hacking/samsung-zero-click-flaw.html
๐ How We Cracked a 512-Bit DKIM Key for Less Than $8 in the Cloud hacking write-up โ Researchers cracked a 512-bit DKIM key using a cloud server for under $8, revealing the insecurity of short RSA keys. They tested DKIM signatures, finding some providers accepted the compromised key. https://dmarcchecker.app/articles/crack-512-bit-dkim-rsa-key
๐ผ WorstFit: Unveiling Hidden Transformers in Windows ANSI! hacking write-up โ Research reveals a novel attack surface in Windows through the Best-Fit character conversion feature, leading to vulnerabilities like Path Traversal and RCE. The study highlights risks associated with encoding mishandling and provides examples of exploitation. https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/
๐ Using SYN Port Scans with Source IP Spoofing For Offensive Deception cyber defense โ This article discusses how attackers use SYN port scanning with spoofed IP addresses as a deceptive tactic to generate alerts, diverting SOC teams' attention from real threats. It highlights the challenges modern IDS face in detecting such evasion techniques. https://tierzerosecurity.co.nz/2025/01/08/syn-spoof-scan.html
CISA Corner
โ ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ CISA has added three vulnerabilities, including two from Mitel and one from Oracle, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, highlighting significant security risks. https://www.cisa.gov/news-events/alerts/2025/01/07/cisa-adds-three-known-exploited-vulnerabilities-catalog โ ๏ธ CISA Adds One Vulnerability to the KEV Catalog warning โ CISA has added CVE-2025-0282, a vulnerability in Ivanti Connect Secure, to its Known Exploited Vulnerabilities Catalog, urging organizations to implement mitigations and report incidents promptly. https://www.cisa.gov/news-events/alerts/2025/01/08/cisa-adds-one-vulnerability-kev-catalog
โ๏ธ CISA Releases Two Industrial Control Systems Advisories vulnerability โ CISA issued two advisories on January 7, 2025, highlighting security issues in ABB and Nedap ICS products. Users are urged to review for vulnerabilities and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/01/07/cisa-releases-two-industrial-control-systems-advisories โ๏ธ CISA Releases Four Industrial Control Systems Advisories vulnerability โ CISA has issued four advisories on January 10, 2025, detailing security vulnerabilities in various Industrial Control Systems, urging users to review for technical details and mitigations. https://www.cisa.gov/news-events/alerts/2025/01/10/cisa-releases-four-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.