cyberlights – week 42/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🤖 Chatbot Traps: How to Avoid Job Scams cybercrime – Job seekers are at risk from AI-driven scams that produce convincing fake job offers and impersonate real companies. Stay alert and cautious when engaging with online recruiters. https://connect.geant.org/2024/10/14/chatbot-traps-how-to-avoid-job-scams
📦 WordPress Jetpack plugin critical flaw impacts 27 million sites vulnerability – A critical flaw in the Jetpack plugin allowed logged-in users to access others' form submissions. An update has been issued, but caution is advised. https://securityaffairs.com/169848/uncategorized/wordpress-jetpack-plugin-critical-flaw.html
🦟 Hackers reportedly impersonate cyber firm ESET to target organizations in Israel cybercrime – Hackers impersonating ESET have targeted Israeli organizations with phishing emails containing wiper malware. ESET denies any compromise of its systems and is investigating the incident. https://therecord.media/hackers-impersonate-eset-wiper-malware
🏨 New Telekopye Scam Toolkit Targeting Booking.com and Airbnb Users cybercrime – ESET Research uncovers the Telekopye scam network, exploiting compromised accounts on Booking.com and Airbnb to create phishing pages that steal personal and payment information from travelers. https://hackread.com/telekopye-scam-toolkit-hit-booking-com-airbnb-users/
🗃️ Cyberangriff auf Internet Archive offenbar von russischen Hackern durchgeführt security news – Die russische Hackergruppe SN_BLACKMETA gestand, das Internet Archive durch DDoS-Angriffe angegriffen zu haben, um auf die Situation in Gaza aufmerksam zu machen. https://www.heise.de/news/Cyberangriff-auf-Internet-Archive-offenbar-von-russischen-Hackern-durchgefuehrt-9983833.html
😤 The biggest data breaches in 2024: 1 billion stolen records and rising security news – 2024 has seen over 1 billion records stolen in significant data breaches affecting multiple companies. https://techcrunch.com/2024/10/14/2024-in-data-breaches-1-billion-stolen-records-and-rising/
🎮 Pokemon dev Game Freak discloses data breach data breach – Game Freak confirmed a cyberattack in August resulted in leaked source code and designs for unpublished Pokémon games, affecting the personal data of 2,606 individuals. https://securityaffairs.com/169817/data-breach/game-freak-data-breach.html
👮 This AI Tool Helped Convict People of Murder. Then Someone Took a Closer Look security news – WIRED's investigation reveals that Global Intelligence's Cybercheck tool, used in criminal cases, often produces unverified and inaccurate geolocation data, raising concerns about its reliability in court. https://www.wired.com/story/cybercheck-crime-reports-prosecutions/
🔑 Password manager makers want to let you securely transfer passkeys security news – The FIDO Alliance has introduced draft specifications for securely transferring passkeys between password managers, addressing a significant gap in credential management. https://www.theverge.com/2024/10/15/24270875/password-manager-makers-transfer-passkeys-fido-alliance
🚔 Sweden, Finland partner to take down Sipulitie criminal marketplace cybercrime – Swedish and Finnish law enforcement shut down the Sipulitie marketplace, a Tor-based site for selling narcotics, seizing its servers and disrupting criminal activities in Scandinavia. https://therecord.media/sweden-filand-take-down-sipulitie-criminal-marketplace
🏥 Nearly 400 US healthcare institutions hit with ransomware over last year, Microsoft says security news – Microsoft's report reveals that 389 U.S. healthcare institutions faced ransomware attacks in the past year, with increased coordination among nation-states and cybercriminals. Social engineering remains a prevalent access method. https://therecord.media/ransomware-healthcare-microsoft-last-year
📱 From QR to compromise: The growing “quishing” threat security news – Sophos reports on the rise of 'quishing' attacks, where QR codes in PDF attachments are used to phish corporate credentials, highlighting vulnerabilities in mobile security. https://news.sophos.com/en-us/2024/10/16/quishing/
📍 Here’s how attackers are getting around phishing defenses security news – Hackers are bypassing phishing defenses by manipulating natural language processing (NLP) tools with benign text and links, allowing malicious emails to evade detection, according to Egress research. https://cyberscoop.com/email-natural-language-obfuscation-phishing-egress/
🚗 Volkswagen checking ransomware data threat from 8Base data breach – The 8Base ransomware group claims to have stolen confidential Volkswagen files and is threatening to release them, but Volkswagen reports no impact on its IT infrastructure and is monitoring the situation. https://www.theregister.com/2024/10/16/volkswagen_ransomware_data_loss/
⚖️ French government uses biased algorithm to detect welfare fraud, rights groups say privacy – Amnesty International and 14 organizations have filed a complaint against France's CNAF, alleging its discriminatory algorithm unfairly targets low-income and marginalized welfare recipients for fraud detection. https://therecord.media/french-government-biased-algorithm-welfare
💻 Casio says 'no prospect of recovery yet' after ransomware attack cybercrime – Casio reports ongoing issues nearly two weeks after a ransomware attack, with many systems still down and shipping affected. https://techcrunch.com/2024/10/17/casio-says-no-prospect-of-recovery-yet-after-ransomware-attack/
🔓 Brazilian police arrested the hacker who stole everyone’s SSN cybercrime – Brazilian police arrested a hacker responsible for a breach exposing 2.9 billion records, including 270 million Social Security numbers. https://www.theverge.com/2024/10/17/24272271/brazilian-police-usdod-hacker-arrest-national-public-data
🛡️ Google Chrome’s uBlock Origin Purge Has Begun privacy – Google is implementing new Chrome extension standards that will disable the legacy version of uBlock Origin, pushing users to switch to uBlock Origin Lite, which offers reduced ad-blocking capabilities. https://www.wired.com/story/google-chrome-ublock-origin-extension/
🧬 23andMe faces an uncertain future — so does your genetic data security news – Following a data breach and financial struggles, 23andMe's future is uncertain, raising concerns about the privacy of its 15 million customers' genetic data. https://techcrunch.com/2024/10/19/23andme-faces-an-uncertain-future-so-does-your-genetic-data/
Some More, For the Curious
🔍 DORA-Kernkonzepte verstehen: Fokus auf “Kritische oder wichtige Funktionen” security news – DORA legt einen umfassenden Rahmen für das IKT-Risikomanagement fest, um digitale operative Widerstandsfähigkeit zu gewährleisten, indem kritische Funktionen identifiziert und verwaltet werden. https://sec-consult.com/de/blog/detail/dora-core-concepts-critical-or-important-functions-in-focus/
🐱Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack) security research – The Meow attack targets unsecured databases like Elasticsearch and MongoDB, corrupting data for fun rather than profit. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/feline-hackers-among-us-a-deep-dive-and-simulation-of-the-meow-attack/
🪩 Perfectl Malware malware – The Perfctl malware, discovered by Aqua Security, exploits over 20,000 misconfigurations and a critical Apache vulnerability to stealthily mine cryptocurrency and create persistent backdoors on infected systems. https://www.schneier.com/blog/archives/2024/10/perfectl-malware.html
📱 Trump campaign gets 'unhackable' phones security news – The Trump campaign is using 'unhackable' phones and computers from Green Hills Software, aiming to prevent data breaches ahead of the election, despite skepticism about the absolute security claims. https://www.theregister.com/2024/10/14/trump_unhackable_phones/
🦠 Expanding the Investigation: Deep Dive into Latest TrickMo Samples malware – New variants of the TrickMo banking Trojan utilize advanced evasion techniques and can steal unlock patterns, posing significant threats to user data and financial security. https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples/
🛰️ How satellites are pushing security innovation at Amazon security research – Amazon integrates security into its culture and development processes, particularly in Project Kuiper, which aims to provide secure satellite-based internet with robust encryption and key management. https://cyberscoop.com/amazon-cybersecurity-culture-project-kuiper/
🪫 Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds security research – A report from Secure Code Warrior reveals that training developers in secure-by-design practices can reduce software vulnerabilities by over 50%. https://cyberscoop.com/secure-by-design-return-investment-code-warrior/
🛜 Cisco confirms ongoing probe into alleged data breach data breach – Cisco is investigating claims of a data breach involving sensitive files allegedly stolen and sold by cybercriminals, with no evidence found yet of impacted systems. Law enforcement is involved. https://www.theregister.com/2024/10/15/cisco_confirm_ongoing_investigation/
🎁 Tinkerers Are Taking Old Redbox Kiosks Home and Reverse Engineering Them security news – Following Redbox's bankruptcy, enthusiasts are acquiring abandoned kiosks to reverse engineer their operating systems, even running games like Doom on them, while also liberating DVDs from the machines. https://www.404media.co/tinkerers-are-taking-old-redbox-kiosks-home-and-reverse-engineering-them/
🔧 VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX vulnerability – VMware has addressed a high-severity SQL injection vulnerability (CVE-2024-38814) in its HCX platform, allowing non-admin users to execute remote code. Updates are available for affected versions. https://securityaffairs.com/169904/security/vmware-sql-injection-flaw-cve-2024-38814.html
🔒 What I’ve learned in my first 7-ish years in cybersecurity security news – After nearly seven years in cybersecurity at Cisco Talos, the author reflects on their journey from journalism to tech, emphasizing the importance of asking questions, collaboration, and the evolving nature of threats. https://blog.talosintelligence.com/threat-source-newsletter-oct-17-2024/
🔒 F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP vulnerability – F5 has patched a high-severity elevation of privilege vulnerability (CVE-2024-45844) in BIG-IP and a medium-severity XSS flaw (CVE-2024-47139) in BIG-IQ, urging organizations to restrict access to mitigate risks. https://securityaffairs.com/170022/security/f5-patches-big-ip-elevation-of-privilege-bug.html
🐍 Open source LLM tool primed to sniff out Python zero-days security research – Protect AI is launching Vulnhuntr, an open-source tool that uses AI to identify zero-day vulnerabilities in Python code, marking a significant advancement in vulnerability detection. https://www.theregister.com/2024/10/20/python_zero_day_tool/
CISA Corner
⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its KEV Catalog, including critical issues in Microsoft Windows, Mozilla Firefox, and SolarWinds, emphasizing the need for federal agencies to remediate them promptly. https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-40711, a deserialization vulnerability in Veeam Backup and Replication, to its KEV Catalog, emphasizing the need for federal agencies to remediate it promptly. https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-adds-one-known-exploited-vulnerability-catalog
⚠️ Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations warning – A joint advisory warns of Iranian cyber actors using brute force and credential access techniques to target U.S. critical infrastructure sectors, emphasizing the need for enhanced cybersecurity measures and vigilance. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-290a
⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA issued two advisories on October 15, 2024, addressing vulnerabilities in Siemens Siveillance Video Cameras and Schneider Electric Data Center Expert, urging users to review for mitigations. https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-releases-two-industrial-control-systems-advisories ⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA has issued seven advisories detailing vulnerabilities in industrial control systems, urging users to review them for security measures and updates. https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-releases-seven-industrial-control-systems-advisories
📜 Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM) security news – CISA has released a guidance document on Software Bill of Materials (SBOM), outlining key concepts and processes for representing software components, aimed at promoting adoption and transparency. https://www.cisa.gov/news-events/alerts/2024/10/15/guidance-framing-software-component-transparency-establishing-common-software-bill-materials-sbom
🩹 Oracle Releases Quarterly Critical Patch Update Advisory for October 2024 security news – Oracle's October 2024 Critical Patch Update Advisory addresses vulnerabilities in various products, some of which could allow cyber attackers to gain control of affected systems. Users are urged to apply updates. https://www.cisa.gov/news-events/alerts/2024/10/17/oracle-releases-quarterly-critical-patch-update-advisory-october-2024
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.