๐Ÿ“ฐwrzlbrmpft's cyberlights๐Ÿ’ฅ

weekly cybersecurity highlights (for everyone!)

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


๐Ÿ’ฐ Krypto-Betrรผger: Sechs ร–sterreicher festgenommen cybercrime โ€“ Six Austrians were arrested for running an online scam involving a supposed new cryptocurrency, defrauding investors of millions. Europol coordinated the operation, seizing over 500,000 euros in cryptocurrencies, 250,000 euros in fiat, and other assets. The suspects falsely claimed to open an online trading company with a new cryptocurrency, carrying out an Initial Coin Offering (ICO) without transparency, leading investors to realize they were deceived in February 2018. https://www.heise.de/news/Krypto-Betrueger-Sechs-Oesterreicher-festgenommen-9714300.html

Lockbit Corner ๐Ÿ›‘ Law enforcement seized Lockbit group's website again cybercrime โ€“ Law enforcement seizes Lockbit group's website, threatens to reveal identities. https://securityaffairs.com/162778/cyber-crime/law-enforcement-seized-lockbit-site-again.html

โ›“๏ธ U.S. Charges Russian Man as Boss of LockBit Ransomware Group โ€“ Krebs on Security cybercrime โ€“ U.S. charges Russian man as boss of LockBit ransomware group, part of elaborate criminal network. https://krebsonsecurity.com/2024/05/u-s-charges-russian-man-as-boss-of-lockbit-ransomware-group/

๐ŸŽ™๏ธ In interview, LockbitSupp says authorities outed the wrong guy cybercrime โ€“ LockBit leader denies being correctly identified. https://therecord.media/lockbitsupp-interview-ransomware-cybercrime-lockbit

๐Ÿง LockBit gang claimed responsibility for the attack on City of Wichita cybercrime โ€“ The City of Wichita was hit by a LockBit ransomware attack, leading to network shutdown. The LockBit gang threatened to leak stolen data, prompting an investigation by third-party experts and law enforcement. Systems remain offline, with no definitive timeline for restoration. https://securityaffairs.com/162910/cyber-crime/city-of-wichita-lockbit-ransomware.html

News For All

๐Ÿฅ  Stealing cookies: Researchers describe how to bypass modern authentication security research โ€“ Researchers detail bypassing modern authentication via MITM attack. https://cyberscoop.com/stealing-cookies-researchers-describe-how-to-bypass-modern-authentication/

๐Ÿ” Why Your VPN May Not Be As Secure As It Claims โ€“ Krebs on Security security research โ€“ Researchers reveal VPN vulnerability via rogue DHCP server attacks. https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/

๐Ÿ’ธ Online Scams: Are These All Scams? Distinguishing the Legit from the Scam cybercrime โ€“ Sophisticated scammers create fake websites and emails, deceiving users. https://asec.ahnlab.com/en/65091/

๐Ÿ”‘ Yubico bolsters authentication security with updated YubiKey 5 series devices security news โ€“ Yubico releases updated security keys with enhanced features. https://www.theverge.com/2024/5/7/24150918/yubico-5-7-firmware-update-security-key-yubikey-5

๐Ÿ”— April 2024โ€™s Most Wanted Malware: Surge in Androxgh0st Attacks and the Decline of LockBit3 security research โ€“ significant increase in AndroXgh0st malware attacks during April 2024, alongside a noticeable decrease in LockBit3.0 attacks, highlighting the shifting landscape of cybersecurity threats. https://blog.checkpoint.com/security/april-2024s-most-wanted-malware-surge-in-androxgh0st-attacks-and-the-decline-of-lockbit3/

๐Ÿ” New Case Study: The Malicious Comment security news โ€“ Malicious code hidden in 'Thank you' image compromised online shoppers. https://thehackernews.com/2024/05/new-case-study-malicious-comment.html

โ›” Stolen childrenโ€™s health records posted online in extortion bid data breach โ€“ Children's health records from NHS Dumfries and Galloway published by cybercriminals for extortion. https://therecord.media/scotland-nhs-children-records-posted-extortion-ransomware

๐Ÿง  Back to the Hype: An Update on How Cybercriminals Are Using GenAI cybercrime โ€“ Cybercriminals continue to use generative AI, focusing on jailbreaking capabilities and emerging deepfake services for criminal activities. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai

โœˆ๏ธ Boeing confirms attempted $200 million ransomware extortion attempt cybercrime โ€“ Boeing faced a $200 million ransomware demand from LockBit, part of a larger cyberattack. Boeing did not pay the ransom and the incident impacted its parts and distribution business. https://cyberscoop.com/boeing-confirms-attempted-200-million-ransomware-extortion-attempt/

๐Ÿš” FBI Warns US Retailers That Cybercriminals Are Targeting Their Gift Card Systems warning โ€“ FBI warns US retailers of a cybercriminal group targeting staff with phishing attacks to create fraudulent gift cards, highlighting the financial losses and sophisticated tactics used. https://www.tripwire.com/state-of-security/fbi-warns-us-retailers-cybercriminals-are-targeting-their-gift-card-systems

โค๏ธโ€๐Ÿฉน Major health care system hobbled by โ€˜cyber incidentโ€™ cybercrime โ€“ Ascension health care system suffers a cyber incident causing disruptions to clinical operations, affecting medical services, patient records access, and necessitating manual documentation. Incident follows recent high-profile attacks in the healthcare industry, highlighting the need for cybersecurity standards. https://cyberscoop.com/major-health-care-system-hobbled-by-cyber-incident/

๐Ÿ“ข Dell discloses data breach impacting millions of customers data breach โ€“ Dell revealed a data breach affecting millions of customers, exposing names, physical addresses, and hardware purchase data. Financial details and sensitive information were not compromised. https://securityaffairs.com/162942/cyber-crime/dell-data-breach-2.html

๐Ÿ“ฑ Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials malware โ€“ Malicious Android apps impersonate popular services to trick users into installing them, then request extensive permissions to steal credentials and perform malicious activities, such as accessing contact lists, SMS messages, and launching phishing pages mimicking social media and financial services. https://thehackernews.com/2024/05/malicious-android-apps-pose-as-google.html

๐Ÿชฒ Google fixes fifth actively exploited Chrome zero vulnerability โ€“ Google patched the fifth zero-day vulnerability in Chrome this year, a use-after-free issue in the Visuals component, actively exploited in the wild, without disclosing details about the attacks. https://securityaffairs.com/162976/hacking/5th-chrome-zero-day-2024.html

๐Ÿ˜จ You've Been Breached: What Now? cyber defense โ€“ Breaches are inevitable in cybersecurity; after a breach, focus shifts to identifying the blast radius, providing temporary work credentials for affected employees, accountability at the executive level, and implementing incident response planning and a comprehensive cybersecurity strategy for recovery. https://www.darkreading.com/cyberattacks-data-breaches/you-have-been-breached-what-now

Some More, For the Curious

โš”๏ธ MITRE attributes the recent attack to China security news โ€“ MITRE discloses security breach attributed to China-linked UNC5221. https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html

๐Ÿซข RemcosRAT Distributed Using Steganography security research โ€“ RemcosRAT distributed using steganography technique, warns of malware infection risks. https://asec.ahnlab.com/en/65111/

๐Ÿ—ฃ๏ธ Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution vulnerability โ€“ Cisco Talos discloses three zero-day vulnerabilities, two allowing code execution. https://blog.talosintelligence.com/vulnerability-roundup-zero-days-may-8-2024/

๐ŸคŒ Breaking down Microsoftโ€™s pivot to placing cybersecurity as a top priority security news โ€“ Microsoft faced criticism over their security practices, prompting a new focus on cybersecurity as a top priority with six pillars. The announcement includes re-prioritizing efforts to enhance internal systems and respond to threats promptly. The new governance structure is designed to centralize security efforts and hold leadership accountable for progress. Despite past issues, this shift demonstrates a commitment to improving security practices and ensuring Microsoft products are a safe choice for users. https://doublepulsar.com/breaking-down-microsofts-pivot-to-placing-cybersecurity-as-a-top-priority-734467a8db01

โš™๏ธ 21115: An Oracle VirtualBox LPE Used to Win Pwn2Own vulnerability โ€“ The exploit involved a bug in the VGA device heap memory, which could be triggered by setting specific values. Through a series of steps, the exploit gained increased VRAM access, disabled critical sections, achieved buffer overread and overflow, and executed arbitrary code, ultimately demonstrating control over the host system. https://www.thezdi.com/blog/2024/5/9/cve-2024-21115-an-oracle-virtualbox-lpe-used-to-win-pwn2own

๐Ÿš— GhostStripe attack haunts self-driving cars by making them ignore road signs security news โ€“ novel hack called โ€œGhostStripeโ€ that targets autonomous vehicles by manipulating road sign visibility to the vehicles' cameras, making the signs unrecognizable to the self-driving system and thus potentially leading to dangerous driving errors. https://www.theregister.com/2024/05/10/baidu_apollo_hack/

๐Ÿฅ… Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation cyber defense โ€“ Juniper Threat Labs is monitoring the Ivanti Pulse Secure authentication bypass and remote code execution vulnerabilities being exploited by Mirai botnet. https://blogs.juniper.net/en-us/security/protecting-your-network-from-opportunistic-ivanti-pulse-secure-vulnerability-exploitation

๐Ÿก Unmasking Tycoon 2FA: A Stealthy Phishing Kit Used to Bypass Microsoft 365 and Google MFA security research โ€“ the Tycoon 2FA phishing kit, which exploits session cookies to bypass multifactor authentication for Microsoft 365 and Gmail, employing a business model via Telegram to sell phishing services and significantly impacting cybersecurity efforts. https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass

CISA Corner ๐Ÿชซ CISA Advisory โ€“ alpitronic Hypercharger EV Charger vulnerability โ€“ Vulnerability in alpitronic Hypercharger EV charger allows attackers to disable the device, bypass payment, and access payment data due to the use of default credentials. Mitigations include changing default passwords, limiting network exposure, and implementing secure access methods. https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02

โš ๏ธ #StopRansomware: Black Basta security news โ€“ The joint advisory from FBI, CISA, HHS, and MS-ISAC reveals details on Black Basta, a ransomware variant impacting critical infrastructure sectors, including Healthcare and Public Health, outlining TTPs and IOCs to assist organizations in protecting against Black Basta and other ransomware threats. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a

๐Ÿคน ASDโ€™s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies https://www.cisa.gov/news-events/alerts/2024/05/09/asds-acsc-cisa-and-partners-release-secure-design-guidance-choosing-secure-and-verifiable

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

๐Ÿค– CISA unveils guidelines for AI and critical infrastructure security news https://fedscoop.com/cisa-unveils-guidelines-for-ai-and-critical-infrastructure/

๐Ÿ” Watchdog reveals lingering Google Privacy Sandbox worries privacy https://go.theregister.com/feed/www.theregister.com/2024/04/29/uk_cma_google/

โš ๏ธ Bewertungen entfernen lassen? Vorsicht vor entferno.at warning https://www.watchlist-internet.at/news/google-bewertungen-entfernen-lassen-vorsicht-vor-entfernoat/

๐Ÿ”’ UK becomes first country to ban default bad passwords on IoT devices security news https://therecord.media/united-kingdom-bans-defalt-passwords-iot-devices

๐Ÿ”“ FBCS data breach impacted 2M individuals data breach https://securityaffairs.com/162514/cyber-crime/fbcs-data-breach.html

๐Ÿ˜ถโ€ Russia Clones Wikipedia, Censors It, Bans Original security news โ€“ Russia clones Wikipedia to censor and ban original content. https://www.404media.co/russia-clones-wikipedia-censors-it-bans-original/

๐Ÿ„ The UK beefs up smart home security by going after bad default passwords security news https://www.theverge.com/2024/4/29/24144325/uk-psti-password-requirements-network-connected-devices-iot-smart-home

๐Ÿ“ FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data โ€“ Krebs on Security privacy https://krebsonsecurity.com/2024/04/fcc-fines-major-u-s-wireless-carriers-for-selling-customer-location-data/

๐Ÿ” Apple's 'incredibly private' Safari not so private in Europe privacy โ€“ Apple's Safari browser in Europe exposed to privacy flaws due to third-party app store feature, leaking user activity and identifiers to approved marketplaces. Implementation lacks security measures, raising concerns about tracking. https://go.theregister.com/feed/www.theregister.com/2024/04/30/apple_safari_europe_tracking/

๐Ÿš— Carmakers lying about requiring warrants before sharing location data, Senate probe finds privacy โ€“ Senate probe finds automakers deceive customers by sharing driver location data without warrants, contradicting pledges, and misleading for years. Requested FTC investigation. Automakers store location data for years. Alliance for Automotive Innovation statement conflicts with findings. https://therecord.media/carmakers-lying-about-warrants-location-data

๐Ÿ’ธ UnitedHealth CEO confirms company paid $22 million ransom in heated Senate hearing security news โ€“ UnitedHealth Group paid ransom to BlackCat/AlphV gang post-ransomware attack. CEO admits multifactor authentication lapse. Senators criticize data restoration issues and impact on medical organizations. https://therecord.media/unitedhealth-ceo-testifies-senate-hearing

๐ŸŒ We can have a different web Blogpost โ€“ Reflections on the evolution of the web from an open space to commercialized walled gardens. Call for reclaiming the web's original spirit of innovation, authenticity, connection, and less surveillance. https://www.citationneeded.news/we-can-have-a-different-web/

๐Ÿ—๏ธ Microsoft launches passkey support for all consumer accounts security news โ€“ allowing face, fingerprint, PIN, or security key authentication across devices to streamline signing in without traditional passwords. https://www.theverge.com/2024/5/2/24147124/microsoft-passkeys-support-consumer-msa

๐Ÿ›ก๏ธ Organizations patch CISA KEV list bugs 3.5 times faster than others, researchers find security news https://therecord.media/kev-list-vulnerabilities-patched-significantly-faster

๐Ÿ•ต๏ธ Indonesia sneakily buys spyware, says Amnesty International security news โ€“ Amnesty International reveals Indonesia's purchase of spyware from various suppliers through intermediary companies, citing the lack of transparency and regulation in dual-use technology exports. https://go.theregister.com/feed/www.theregister.com/2024/05/03/amnesty_indonesia_surveillance/

๐Ÿ‘” Microsoft ties executive pay to security following multiple failures and breaches security news โ€“ Microsoft faces severe criticism for security failures and breaches, including breaches by China and Russia-based hacking groups; response under scrutiny by lawmakers and regulators. Introduces 'Secure Future Initiative' and ties executive pay to security milestones, emphasizing robust security practices. https://arstechnica.com/information-technology/2024/05/microsoft-ties-executive-pay-to-security-following-multiple-failures-and-breaches/

๐Ÿ’‘ Dating apps kiss'n'tell all sorts of sensitive user info privacy โ€“ Most dating apps collect excessive user data, poor privacy practices revealed by Mozilla research. Grindr singled out for historically weak data protection. Concerns raised over user data sharing, AI integration, and privacy violations. https://www.theregister.com/2024/05/04/dating_apps_privacy_mozilla/

Some More, For the Curious

๐Ÿ›ก๏ธ Brokewell: do not go broke from new banking malware! malware โ€“ Brokewell, a dangerous mobile banking malware with device takeover capabilities. https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware

๐Ÿ”’ How we fought bad apps and bad actors in 2023 security news โ€“ Google Play's security measures in 2023. https://security.googleblog.com/2024/04/how-we-fought-bad-apps-and-bad-actors-in-2023.html

๐Ÿ”“ Multiple Brocade SANnav SAN Management SW flaws allow device compromise vulnerability https://securityaffairs.com/162473/uncategorized/brocade-sannav-flaws.html

๐Ÿฆ  Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams security research โ€“ JFrog's security research team discovered nearly 20% of Docker Hub repositories hosting malicious content, ranging from spam to harmful entities like malware and phishing sites, driven by fake imageless repositories. Identified massive malicious campaigns targeting Docker Hub, leading to removal of 3.2 million suspicious repositories. https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/

๐Ÿ’ป AWS S3 storage bucket with unlucky name nearly cost developer $1,300 security news โ€“ Developer's AWS S3 bucket with common name faces massive unauthorized requests due to an open-source tool, accumulating over $1,300 bill in one day. https://arstechnica.com/information-technology/2024/04/aws-s3-storage-bucket-with-unlucky-name-nearly-cost-developer-1300/

โš”๏ธ Uncharmed: Untangling Iran's APT42 Operations security research โ€“ APT42 operations by Iranian state-sponsored threat actor with focus on enhanced social engineering, credential harvesting, cloud operations, and custom backdoors NICECURL and TAMECAT. Mandiant links APT42 to IRGC-IO and outlines their methods of stealing Microsoft, Yahoo, Google credentials. https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/

๐Ÿฏ Examining the Deception infrastructure in place behind code.microsoft.com security research โ€“ Microsoft repurposes the dangling subdomain code.microsoft.com into a honeypot to gather threat intelligence, simulating attacker interactions for research and protection. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/examining-the-deception-infrastructure-in-place-behind-code/ba-p/4124464

๐Ÿ›ก๏ธ โ€œDirty streamโ€ attack: Discovering and mitigating a common vulnerability pattern in Android apps security research โ€“ Microsoft identifies a path traversal vulnerability pattern in popular Android apps, facilitating arbitrary code execution and token theft, with potential disastrous consequences. https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/

๐Ÿ—ฝ State of Exploitation โ€“ A Peek into the Last Decade of Vulnerability Exploitation security research โ€“ Explores vulnerability trends from 2014 to 2023. Increase in known exploitation and POC exploits. https://vulncheck.com/blog/state-of-exploitation-a-decade

CISA Corner Microsoft SmartScreen Prompt https://www.cisa.gov/news-events/alerts/2024/04/30/cisa-adds-one-known-exploited-vulnerability-catalog GitLab Community and Enterprise Editions https://www.cisa.gov/news-events/alerts/2024/05/01/cisa-adds-one-known-exploited-vulnerability-catalog CERT/CC Reports R Programming Language Vulnerability https://www.cisa.gov/news-events/alerts/2024/05/01/certcc-reports-r-programming-language-vulnerability

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.

A little late this week and a little shorter, but with some work put into the summary-thingy. Enjoy.

News For All

๐Ÿ” Firstyear's blog โ€“ Passkeys โ€“ A shattered dream privacy โ€“ Author expresses frustration with the direction of Passkeys and issues with Webauthn standards, emphasizing the importance of password managers. https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/

๐Ÿš— How G.M. Tricked Millions of Drivers Into Being Spied On (Including Me) privacy โ€“ G.M. collected driving data from OnStar users, shared with insurers. https://www.nytimes.com/2024/04/23/technology/general-motors-spying-driver-data-consent.html?unlocked_article_code=1.m00.gIzH.YdQ-yszzdzq6

โš ๏ธ A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites vulnerability โ€“ Forminator plugin allows unrestricted file uploads, other vulnerabilities. https://securityaffairs.com/162113/security/forminator-wordpress-plugin-flaws.html

๐Ÿ”’ Europol asks tech firms, governments to get rid of E2EE privacy โ€“ Europol calls for end to E2EE to combat crimes, sparking debate on privacy versus law enforcement access. https://www.theregister.com/2024/04/22/europol_becomes_latest_cop_shop/

๐Ÿ›ก๏ธ Hackers infect users of antivirus service that delivered updates over HTTP cybercrime โ€“ Hackers exploit eScan antivirus service for five years via MitM attack to deliver malware to end users. https://arstechnica.com/security/2024/04/hackers-infect-users-of-antivirus-service-that-delivered-updates-over-http/

โš•๏ธ Nurses Protest 'Deeply Troubling' Use of AI in Hospitals security news โ€“ Nurses protest AI implementation in healthcare for potential negative impact on patient care and job roles. https://www.404media.co/nurses-protest-ai-automation/

๐Ÿ”’ Ring to pay $5.6M to settle claims of poor privacy practices privacy โ€“ The FTC fines Ring for poor privacy practices, leading to unauthorized access to customer cameras by cybercriminals and rogue employees. https://www.theregister.com/2024/04/25/ring_ftc_settlement/

๐Ÿ“ฑ Flaws in Chinese keyboard apps expose smartphones to snoops privacy โ€“ Chinese keyboard apps, including major manufacturers' offerings, leak keystrokes due to weak encryption potentially exposing over 780 million smartphone users to surveillance. https://www.theregister.com/2024/04/26/pinyin_keyboard_security_risks/

๐Ÿท Swedenโ€™s liquor supply severely impacted by ransomware attack cybercrime โ€“ A ransomware attack on Swedish logistics company Skanlog severely impacts Sweden's liquor supply. https://securityaffairs.com/162333/cyber-crime/swedens-liquor-supply-ransomware-attack.html

๐Ÿ”’ Discord Shuts Down โ€˜Spy Petโ€™ Bots That Scraped, Sold User Messages privacy https://www.404media.co/discord-shuts-down-spy-pet-bots-that-scraped-sold-user-messages/

โš ๏ธ Experts warn of malware campaign targeting WP vulnerability โ€“ A critical SQL injection vulnerability in the WordPress Automatic plugin allows attackers to inject backdoors and compromise websites. Admins are urged to update immediately. https://securityaffairs.com/162364/hacking/wordpress-automatic-critical-flaw.html

๐Ÿ”’ Okta warns of unprecedented scale in credential stuffing attacks on online services https://securityaffairs.com/162464/hacking/okta-warned-spike-credential-stuffing-attacks.html

๐Ÿ”’ How to Remove Personal Information From Data Broker Sites privacy โ€“ Data brokers, like Acxiom and Epsilon, collect personal information for marketing purposes. Advises visiting each broker's site, create an account, locate your information, and request removal to safeguard privacy. Opting out may vary require annual repetition. https://www.mcafee.com/blogs/tips-tricks/how-to-remove-personal-information-from-data-broker-sites/

๐Ÿ”’ (The) Postman Carries Lots of Secrets โ—† Truffle Security Co. security news โ€“ Postman, known for hosting a vast collection of public APIs, has become a major source of leaked secrets with over 4,000 live credentials exposed. https://trufflesecurity.com/blog/postman-carries-lots-of-secretsf

Some More, For the Curious

๐Ÿ CERT.at Double Agents and User Agents: Navigating the Realm of Malicious Python Packages malware โ€“ Malicious Python packages act as double agents, tricking users to build grabbers that collect data for nefarious purposes. https://cert.at/en/blog/2024/4/double-agents-and-user-agents-navigating-the-realm-of-malicious-python-packages

โš”๏ธ M-Trends 2024: Our View from the Frontlines security research โ€“ Mandiant Consulting's M-Trends report highlights increased attacker evasion tactics and improved defender detection, emphasizing the need for ongoing vigilance in cybersecurity. https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2024/

๐Ÿ” Distribution of Infostealer Made With Electron malware โ€“ Infostealer malware strain created with Electron framework; evades detection with NSIS installer format. https://asec.ahnlab.com/en/64445/

๐Ÿช Unplugging PlugX: Sinkholing the PlugX USB worm botnet security research โ€“ Sophos and Sekoia sinkhole PlugX worm botnet to control its activities and explore remote system disinfection methods. https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/

๐Ÿ“ต A Briefing on SIM Hijacking cybercrime โ€“ SIM hijacking: stealing phone numbers for cryptocurrency theft and account takeovers. https://intel471.com/blog/a-briefing-on-sim-hijacking

๐Ÿฆฎ Microsoft Security โ€“ Guidance for Incident Responders cyber defense https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/IR-Guidebook-Final.pdf

๐Ÿ” The private sector probably isnโ€™t coming to save the NVD security news โ€“ Major backlogs in U.S. National Vulnerability Database prompt potential solutions from government and private sector https://blog.talosintelligence.com/threat-source-newsletter-april-25-2024/

๐Ÿง  Microsoft Deleted Its LLM Because It Didnโ€™t Get a Safety Test, But Now Itโ€™s Everywhere security news โ€“ Microsoft releases powerful language model, WizardLM 2, without safety testing, leading to unintended spread on the internet. https://www.404media.co/microsoft-deleted-its-llm-because-it-didnt-get-a-safety-test-but-now-its-everywhere/

CISA Corner Cicso ASA & CrushFTP added to KEV https://www.cisa.gov/news-events/alerts/2024/04/24/cisa-adds-three-known-exploited-vulnerabilities-catalog Microsoft Print Spooler PEV added to KEV https://www.cisa.gov/news-events/alerts/2024/04/23/cisa-adds-one-known-exploited-vulnerability-catalog

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.

Highlight ๐Ÿšจ Erneut Phishing-Mails im Namen der ร–GK im Umlauf! https://www.watchlist-internet.at/news/erneut-phishing-mails-im-namen-der-oegk-im-umlauf/

News For All

๐Ÿข PuTTY vulnerability vuln-p521-bias vulnerability https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

๐Ÿฆฆ Fake cheat lures gamers into spreading infostealer malware security news https://www.bleepingcomputer.com/news/security/fake-cheat-lures-gamers-into-spreading-infostealer-malware/

๐Ÿค– Liberals accuse Conservatives of using AI for amendments to jobs bill as votes loom security news โ€“ using AI for unconstructive bill amendments https://www.cbc.ca/news/politics/sustainable-jobs-bill-amendments-1.7171414

๐Ÿ’ป UPDATED: Ready or Not Developer Has 4TB Of Data Stolen Including Full Source Code data breach https://insider-gaming.com/ready-or-not-developer-has-4tb-of-data-stolen-including-full-source-code/

๐ŸŒ UNDP Investigates Cyber-Security Incident data breach โ€“ HR and procurement data stolen https://www.undp.org/speeches/undp-investigates-cyber-security-incident

๐Ÿ”‘ Advanced Phishing Kit Adds LastPass Branding for Use in Phishing Campaigns warning โ€“ phishing campaign with Voice Phishing (Vishing) https://blog.lastpass.com/posts/2024/04/advanced-phishing-kit-adds-lastpass-branding-for-use-in-phishing-campaigns

๐Ÿ” Delinea releases Secret Server patches for critical vuln vulnerability โ€“ critical https://www.theregister.com/2024/04/15/delinea_secret_server_patch/

๐Ÿ”’ Roku switches on 2FA for all following latest security snafu *security news โ€“ after two incidents led to unauthorized access * https://www.theregister.com/2024/04/15/roku_2fa_for_everyone/

๐Ÿ›‚ MGM sues to block FTC investigation of its data security security news โ€“ questioning the constitutionality of the agency's requests. https://therecord.media/mgm-sues-ftc-block-investigtion-data-security

๐Ÿ•ต๏ธ A Spy Site Is Scraping Discord and Selling Usersโ€™ Messages privacy โ€“ Spy Pet, an online service, selling access to users' messages, voice channel activity, and more for $5. https://www.404media.co/a-spy-site-is-scraping-discord-and-selling-users-messages/

๐Ÿงข House passes bill to limit personal data purchases by law enforcement, intelligence agencies mycat: security news privacy โ€“ โ€œFourth Amendment Is Not For Sale Actโ€ to limit government purchases of personal data without a court order. https://cyberscoop.com/house-passes-4th-amendment-is-not-for-sale-act/

๐ŸคŒ EU tells Meta it can't paywall privacy privacy โ€“ Meta maintains its subscription model complies with EU laws, while privacy groups argue against 'fake choice' practices, citing GDPR violations. https://www.theregister.com/2024/04/18/eu_meta_subscription_privacy/

๐Ÿซ Kaspersky Study: Devices Infected With Data-Stealing Malware Increased by 7 Times Since 2020 security research https://www.techrepublic.com/article/data-stealing-malware-study/

๐Ÿ‘ฅ Microsoftโ€™s VASA-1 can deepfake a person with one photo and one audio track security news https://arstechnica.com/information-technology/2024/04/microsofts-vasa-1-can-deepfake-a-person-with-one-photo-and-one-audio-track/

Some More, For the Curious

๐Ÿ›ก๏ธ โ€œTotally Unexpectedโ€ Package Malware Using Modified Notepad++ Plugin malware https://asec.ahnlab.com/en/64106/

โš”๏ธ Leaked LockBit builder in a real-life incident response case security research โ€“ Analysis of LockBit builder in ransomware incident response https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware/112375/

๐Ÿ‘๏ธ Entra IDs โ€œBanned Password Listsโ€: password spraying optimizations and defenses security research https://www.synacktiv.com/en/publications/entra-id-banned-password-lists-password-spraying-optimizations-and-defenses

โš™๏ธ Creating Payloads with ScareCrow to Mimic Reputable Sources and Bypass Anti-Virus hacking write-up https://infosecwriteups.com/creating-payloads-with-scarecrow-to-mimic-reputable-sources-and-bypass-anti-virus-01196cac741e

๐Ÿต Shostack + Friends Blog > CSRB Report on Microsoft security news โ€“ An in-depth analysis of the CSRB report on Microsoft's intrusion. https://shostack.org/blog/csrb-report-on-microsoft/

โš–๏ธ Warrantless spying powers extended to 2026 with Bidenโ€™s signature security news https://therecord.media/fisa-section-702-bill-biden-signature

๐Ÿš„ Russia is trying to sabotage European railways, Czech minister said security news https://securityaffairs.com/161899/cyber-warfare-2/russia-sabotage-european-railways-czech.html

โณ Whatโ€™s the deal with the massive backlog of vulnerabilities at the NVD? security news โ€“ unanalyzed vulnerabilities, impacting patch management efforts and leading to delays in severity score assignments. https://blog.talosintelligence.com/nvd-vulnerability-backlog-the-need-to-know/

๐Ÿชฑ Unearthing APT44: Russiaโ€™s Notorious Cyber Sabotage Unit Sandworm security research https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm/

๐Ÿฅ€ Critical CrushFTP zero-day exploited in attacks in the wild vulnerability https://securityaffairs.com/162067/hacking/crushftp-zero-day-exploited.html

CISA Corner Oracle Releases Critical Patch Update Advisory for April 2024 https://www.cisa.gov/news-events/alerts/2024/04/18/oracle-releases-critical-patch-update-advisory-april-2024 Cisco Releases Security Advisories for Cisco Integrated Management Controller https://www.cisa.gov/news-events/alerts/2024/04/19/cisco-releases-security-advisories-cisco-integrated-management-controller

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


๐Ÿšซ Help us to take down the parasite website security news โ€“ Malicious site impersonates Notepad++ for profit, containing deceptive ads. https://notepad-plus-plus.org/news/help-to-take-down-parasite-site/

โš ๏ธ Vorsicht vor kostenlosen Diensten zur Anpassung und Verรคnderung von Dateien warning โ€“ Vorsicht vor kostenlosen Dateikonvertierungsdiensten, die in Abofallen locken. https://www.watchlist-internet.at/news/vorsicht-vor-kostenlosen-diensten-zur-anpassung-und-veraenderung-von-dateien/

๐Ÿ“‘ Messenger-Matrix: GroรŸes Update, zwei neue Messenger (Line, Viber) und neue Kategorien privacy https://www.kuketz-blog.de/messenger-matrix-grosses-update-zwei-neue-messenger-line-viber-und-neue-kategorien/

News For All

๐Ÿฆ‡ BatBadBut flaw allowed an attacker to perform command injection on Windows vulnerability โ€“ RyotaK discovered the 'BatBadBut' vulnerability affecting multiple programming languages, permitting command injection in Windows. https://securityaffairs.com/161785/security/batbadbut-flaw-programming-languages.html https://kb.cert.org/vuls/id/123335

๐Ÿค– Chinese hackers are using AI to inflame social tensions in US, Microsoft says cybercrime โ€“ China uses AI to spread disinformation, specifically targeting elections. https://therecord.media/china-ai-influence-operations

๐Ÿ“ž How to Protect Yourself (and Your Loved Ones) From AI Scam Calls security news โ€“ avoid falling for AI scam calls impersonating loved ones. https://www.wired.com/story/how-to-protect-yourself-ai-scam-calls-detect/

โค๏ธโ€๐Ÿฉน U.S. Department of Health warns of attacks against IT help desks security news โ€“ Sophisticated attacks target healthcare IT help desks using social engineering. https://securityaffairs.com/161566/hacking/healthcare-it-help-desks-attacks.html

๐Ÿ’ฐ Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits security news https://www.securityweek.com/company-offering-30-million-for-android-ios-browser-zero-day-exploits/

๐Ÿ” It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise security research โ€“ Increasing trends in malware-initiated scanning attacks against networks. https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/

๐Ÿฅ Hospital websites share visitors' data with Google, Meta privacy โ€“ Research reveals that 96% of non-federal acute care hospitals' websites transmit user data to third parties without privacy policies, posing risks to visitors and hospitals. Tracking technologies expose data to tech giants like Google, Meta, Adobe, and data brokers. https://www.theregister.com/2024/04/11/hospital_website_data_sharing/

๐Ÿ Apple swaps 'state-sponsored' lingo for 'mercenary spyware' security news โ€“ Apple shifts attributing attacks to broadly categorizing them, highlighting the difficulty in identifying perpetrators of sophisticated digital threats. https://www.theregister.com/2024/04/12/apple_mercenary_spyware/

๐Ÿ’ธ Change Healthcare faces another ransomware threatโ€”and it looks credible cybercrime โ€“ Change Healthcare faces a complex ransomware situation, with ransomware groups AlphV and RansomHub involved. https://arstechnica.com/security/2024/04/change-healthcare-faces-another-ransomware-threat-and-it-looks-credible/

โš ๏ธ Crooks manipulate GitHub's search results to distribute malware malware โ€“ techniques like automatic updates and fake stars to boost visibility. https://securityaffairs.com/161792/cyber-crime/githubs-search-results-distribute-malware.htmlf

Some More, For the Curious

๐Ÿฆซ Why CISA is Warning CISOs About a Breach at Sisense security news https://krebsonsecurity.com/2024/04/why-cisa-is-warning-cisos-about-a-breach-at-sisense/

๐Ÿซฆ Vulnerabilities Identified in LG WebOS vulnerability โ€“ Bitdefender discovers vulnerabilities in LG WebOS exposing devices to remote attacks. https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/

โš”๏ธ Confidential VMs Hacked via New Ahoi Attacks security research โ€“ New Ahoi attacks target confidential VMs using malicious interrupts. https://www.securityweek.com/confidential-vms-hacked-via-new-ahoi-attacks/

๐Ÿ›ก๏ธ Microsoft fixes two Windows zero-days exploited in malware attacks vulnerability โ€“ Microsoft patches actively exploited zero-days in April 2024 Patch Tuesday. https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/

๐Ÿ” Zero Day Initiative โ€” The April 2024 Security Updates Review security news โ€“ Zero Day Initiative review of April 2024 security updates by Adobe and Microsoft. https://www.zerodayinitiative.com/blog/2024/4/9/the-april-2024-security-updates-review

๐Ÿ’ณ VISA PUBLIC Biannual Threats Report โ€“ A Payment Ecosystem Report by Visa Payment Fraud Disruption security news โ€“ Visa report highlights evolving, advanced fraud tactics and ransomware threats. https://usa.visa.com/content/dam/VCOM/regional/na/us/run-your-business/documents/pfd-biannual-threats-report-december-2023.pdf

๐Ÿ”‘ Microsoft left internal passwords exposed in latest security blunder security news โ€“ Microsoft exposed internal passwords on open server to the internet. https://www.theverge.com/2024/4/10/24126057/microsoft-azure-server-internal-passwords-exposed-cybersecurity

๐Ÿ›ก๏ธ Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker security research โ€“ Attackers embed credit card skimmer in fake Facebook Pixel script to steal sensitive information from checkout pages. https://blog.sucuri.net/2024/04/credit-card-skimmer-hidden-in-fake-facebook-pixel-tracker.html

๐Ÿ›ก๏ธ CISA emergency directive tells agencies to fix credentials after Microsoft breach security news โ€“ CISA issues emergency directive for federal agencies to reset passwords by April 30 and identify affected email correspondence due to security risks. https://cyberscoop.com/cisa-emergency-directive-tells-agencies-to-fix-credentials-after-microsoft-breach/

๐Ÿ”ช Awkward Adolescence: Increased Risks Among Immature Ransomware Operators security research โ€“ Contrasting mature ransomware groups with less sophisticated, riskier ones. https://www.guidepointsecurity.com/blog/awkward-adolescence-increased-risks-among-immature-ransomware-operators/

CISA Corner KEV โ€“ Palo Alto โ€“ CVSS 10 https://www.cisa.gov/news-events/alerts/2024/04/12/palo-alto-networks-releases-guidance-vulnerability-pan-os-cve-2024-3400 KEV โ€“ D-Link NAS https://www.cisa.gov/news-events/alerts/2024/04/11/cisa-adds-two-known-exploited-vulnerabilities-catalog Siemens https://www.cisa.gov/news-events/alerts/2024/04/11/cisa-releases-nine-industrial-control-systems-advisories Citrix Xen https://www.cisa.gov/news-events/alerts/2024/04/12/citrix-releases-security-updates-xenserver-and-citrix-hypervisor Juniper https://www.cisa.gov/news-events/alerts/2024/04/12/juniper-releases-security-bulletin-multiple-juniper-products Microsofts BULK! https://www.cisa.gov/news-events/alerts/2024/04/09/microsoft-releases-april-2024-security-updates Adobe โ€“ more or less ALL https://www.cisa.gov/news-events/alerts/2024/04/09/adobe-releases-security-updates-multiple-products-0 Fortinet https://www.cisa.gov/news-events/alerts/2024/04/09/fortinet-releases-security-updates-multiple-products

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights.

The short summaries are AI generated and I only skim them! If something is wrong, please let me know!

Highlight ๐Ÿ” Microsoft could have prevented Chinese cloud email hack, US cyber report says security news โ€“ US report blames Microsoft, highlighting security culture issues and gaps in prevention. https://www.theverge.com/2024/4/3/24119787/microsoft-cloud-email-hack-china-us-cyber-report ๐Ÿ” Cyber review board blames cascading Microsoft failures for Chinese hack https://cyberscoop.com/microsoft-csrb-china-hacking/ ๐Ÿ›น Cyber Safety Review Board โ€“ Review of the Summer 2023 Microsoft Exchange Online Intrusion The report! https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf

News For All

๐Ÿ”’ Google to delete billions of web browsing data records to resolve lawsuit privacy โ€“ Google settles landmark lawsuit by committing to delete or de-identify vast web browsing data records collected from users in Incognito mode. https://therecord.media/google-to-delete-web-browsing-records-to-resolve-lawsuit

๐Ÿ“ฑ Google Patches Pixel Phone Zero-days After Exploitation by โ€œForensic Companiesโ€ security news https://www.tripwire.com/state-of-security/google-patches-pixel-phone-zero-days-after-exploitation-forensic-companies

โš ๏ธ The Human Element in Cybersecurity: Understanding Trust and Social Engineering social engineering โ€“ Cybersecurity hinges on human trust vulnerabilities with social engineering tactics exploiting such trust for malicious ends. https://www.blackhillsinfosec.com/understanding-trust-and-social-engineering/

๐Ÿ›ก๏ธ PandaBuy data breach allegedly impacted +1.3M customers data breach โ€“ PandaBuy breached, threat actors announcing the breach and selling stolen data on a cybercrime forum. https://securityaffairs.com/161355/data-breach/pandabuy-data-breach.html

๐Ÿ”’YUBICO Security Advisory YSA-2024-01 vulnerability โ€“ YubiKey Manager GUI < 1.2.6 on Windows may lead to privilege escalation if run as Administrator opening browser windows as Administrator, affecting FIDO features. https://www.yubico.com/support/security-advisories/ysa-2024-01/

๐Ÿฆ  Bing ad posing as NordVPN aims to spread SecTopRAT malware malware โ€“ involving typosquatting and a malicious Dropbox link, leading to a RAT with advanced capabilities. https://www.scmagazine.com/news/bing-ad-posing-as-nordvpn-aims-to-spread-sectoprat-malware

๐Ÿ” KI und Datenschutz: Eine kritische Betrachtung privacy โ€“ KI in Bezug auf Datenschutz, Diskriminierung und gesellschaftliche Auswirkungen. https://www.kuketz-blog.de/ki-und-datenschutz-eine-kritische-betrachtung/

๐Ÿ” Have I Been Pwned: SurveyLama got breached. data breach โ€“ including passwords https://haveibeenpwned.com/PwnedWebsites#SurveyLama

๐Ÿ“ฑ Essential iPhone security tips to protect your private data. security news โ€“ Tips include staying updated, avoiding suspicious apps, managing email security, and handling threats like phishing and Pegasus spyware. https://tuta.com/blog/iphone-security-essentials

๐Ÿ•น๏ธ Threat Actors Deliver Malware via YouTube Video Game Cracks malware https://www.proofpoint.com/us/blog/threat-insight/threat-actors-deliver-malware-youtube-video-game-cracks

Some More, For the Curious

๐Ÿ” OWASP discloses a data breach data breach โ€“ OWASP discloses a data breach involving old member resumes due to misconfiguration of an old Wiki web server. https://securityaffairs.com/161371/data-breach/owasp-data-breach.html

๐Ÿ›ก๏ธ HTTP/2 CONTINUATION frames can be utilized for DoS attacks vulnerability โ€“ multiple HTTP/2 implementations enable attackers to cause out-of-memory crashes, DoS attacks, and CPU resource exhaustion. https://kb.cert.org/vuls/id/421644

๐Ÿ”’ Schneier on Security โ€“ Ross Anderson security news โ€“ Tribute to influential cryptographer and security engineer, Ross Anderson. https://www.schneier.com/blog/archives/2024/03/ross-anderson.html

๐Ÿ”ง Persistence โ€“ DLL Proxy Loading security research https://pentestlab.blog/2024/04/03/persistence-dll-proxy-loading/

๐Ÿ•ต๏ธ 5 ChatGPT Jailbreak Prompts Being Used By Cybercriminals security research โ€“ Cybercriminals using jailbreak prompts to bypass ChatGPT safety measures. https://abnormalsecurity.com/blog/chatgpt-jailbreak-prompts

๐Ÿฅท Adversaries are leveraging remote access tools now more than ever โ€“ hereโ€™s how to stop them cyber defense โ€“ policy, technical controls, DNS security, and EDR blocks. https://blog.talosintelligence.com/adversaries-are-leveraging-remote-access-tools/

๐Ÿ”“ From OneNote to RansomNote: An Ice Cold Intrusion security research โ€“ Threat actors exploited OneNote files, deploying IcedID, using Cobalt Strike, AnyDesk, and FileZilla for data exfiltration and ransomware deployment. https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/

๐Ÿ”’ NVD Program Announcement security news โ€“ Growing backlog of vulnerabilities at NVD prompts prioritization, collaboration. https://nvd.nist.gov/general/news/nvd-program-transition-announcement

๐Ÿชณ Earth Freybug Uses UNAPIMON for Unhooking Critical APIs malware โ€“ Earth Freybug (APT41) uses DLL hijacking and API unhooking to deploy malware UNAPIMON for defense evasion. https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights.

The short summaries are AI generated! If something is wrong, please let me know!

News For All

โš ๏ธ Google's new AI search results promotes sites pushing malware, scams warning https://www.bleepingcomputer.com/news/google/googles-new-ai-search-results-promotes-sites-pushing-malware-scams/

๐Ÿ‘ง Florida enacts tough social media law barring children under 14 from holding accounts privacy โ€“ Florida law bars children under 14 from social media accounts, requires consent for 14-15 year olds, and mandates age verification for explicit sites. Critics argue privacy violations and censorship issues. https://therecord.media/florida-enacts-social-media-law-bars-minors

๐Ÿ โ€œMFA Fatigueโ€ attack targets iPhone owners with endless password reset prompts cybercrime โ€“ Victims, overwhelmed by prompts, might unintentionally grant access or accidentally allow attackers in. https://arstechnica.com/security/2024/03/mfa-fatigue-attack-targets-iphone-owners-with-endless-password-reset-prompts/

๐Ÿ“ˆ Meta allegedly snooped on Snapchat via traffic decryption privacy โ€“ Meta allegedly using Onavo to intercept Snapchat data for commercial gain. Meta's actions included intercepting SSL traffic. https://www.theregister.com/2024/03/27/meta_snapchat_data/

โ˜Ž๏ธ Telegram Offers Premium Subscription in Exchange for Using Your Number to Send OTPs privacy โ€“ Telegram offers free premium subscription to users in exchange for allowing their phone numbers to be used to send OTPs. https://thehackernews.com/2024/03/telegram-offers-premium-subscription-in.html

๐Ÿค– Navigating the Challenges and Opportunities of Synthetic Voices security research โ€“ OpenAI shares insights into small-scale preview of Voice Engine, highlighting potential risks. https://openai.com/blog/navigating-the-challenges-and-opportunities-of-synthetic-voices

โš–๏ธ 25 years for Sam Bankman-Fried cybercrime โ€“ Sam Bankman-Fried sentenced to 25 years in prison and $11 billion judgment for crimes related to FTX. https://www.citationneeded.news/sam-bankman-fried-sentenced/

โš›๏ธ Sellafield nuclear waste dump faces prosecution over cybersecurity failures security news โ€“ Sellafield nuclear waste dump faces legal action over cybersecurity breaches, potential espionage and disruptive attacks. https://www.bitdefender.com/blog/hotforsecurity/sellafield-nuclear-waste-dump-faces-prosecution-over-cybersecurity-failures/

APT31 put in a corner? ๐Ÿฌ Justice Department indicts 7 accused in 14-year hack campaign by Chinese gov cybercrime https://arstechnica.com/security/2024/03/justice-department-indicts-7-accused-in-14-year-hack-campaign-by-chinese-gov/ ๐ŸŒ UK, New Zealand Accuse China of Cyberattacks on Government Entities cybercrime โ€“ Chinese hacktivist groups like APT31 are accused of spying. The countries have taken action by imposing sanctions on Chinese entities. https://www.securityweek.com/uk-new-zealand-accuse-china-of-cyberattacks-on-government-entities/ โ›ฉ๏ธ Finland confirms APT31 hackers behind 2021 parliament breach cybercrime https://www.bleepingcomputer.com/news/security/finland-confirms-apt31-hackers-behind-2021-parliament-breach/

Some More, For the Curious

โ›“๏ธ๐Ÿ’ฃ xz supply chain corner ๐Ÿ’ฃโ›“๏ธ this is THE BIG ONE this week. When linux distros tell you to stop using their product, something is wrong... advisories https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094 https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users timeline https://boehs.org/node/everything-i-know-about-the-xz-backdoor need to know https://jfrog.com/blog/xz-backdoor-attack-cve-2024-3094-all-you-need-to-know/ summary in a pic https://infosec.exchange/@fr0gger/112189232773640259 all you can find in one link https://shellsharks.com/xz-compromise-link-roundup

๐Ÿ”’ Shostack + Friends Blog > The NVD Crisis security news โ€“ The National Vulnerability Database (NVD) is struggling and not issuing CVSS information to CVEs, causing concern for patch management. Recommendations include embracing cloud-native practices and automation to streamline patch deployment. https://shostack.org/blog/the-nvd-crisis/

๐Ÿ” CPE Enrichment in VulnCheck NVD++ security news โ€“ NIST NVD faces delay in CVE analysis, VulnCheck launches NVD++ for community accessibility. https://vulncheck.com/blog/nvd-cpe

0๏ธโƒฃ Weโ€™re All in this Together โ€“ A Year in Review of Zero-Days Exploited In-the-Wild in 2023 security research โ€“ Google Threat Analysis Group https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf ๐Ÿฅธ Spyware and zero-day exploits increasingly go hand-in-hand, researchers find security research โ€“ Commercial spyware firms exploit 64% of zero-day mobile and browser vulnerabilities, targeting end-user devices for surveillance. https://cyberscoop.com/spyware-zero-days-2023/

โš™๏ธ ZenHammer: Rowhammer Attacks on AMD Zen security research โ€“ bit flips https://comsec.ethz.ch/research/dram/zenhammer/

๐ŸŽฃ Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit security research โ€“ Sekoia uncovers Tycoon 2FA phishing kit, monitors infrastructure, and analyzes in-depth changes. https://blog.sekoia.io/tycoon-2fa-an-in-depth-analysis-of-the-latest-version-of-the-aitm-phishing-kit/

๐Ÿ”’ Double trouble for DNSSEC though the devil is in the details vulnerability โ€“ Two DNSSEC vulnerabilities are disclosed, KeyTrap and NSEC3-encloser, with KeyTrap posing a greater threat. Concerns are raised about MITRE's assessment of the severity of the vulnerabilities. https://www.theregister.com/2024/03/26/software_risk_scores/

โš™๏ธ Local Privilege Escalating my way to root through Apple macOS filesystems hacking writeup โ€“ CVE-2023-42931 in macOS involving filesystem mount options allows users to potentially escalate to root. https://www.alter-solutions.fr/blog/local-privilege-escalating-my-way-to-root-throught-apple-macos-filesystems

๐Ÿš˜ Zero days demonstrated at Pwn2Own 2024 security news โ€“ Google and Mozilla addressed zero-days discovered during Pwn2Own Vancouver 2024. https://securityaffairs.com/161151/security/google-chrome-zero-days-pwn2own-2024.html

๐ŸŒ‘ The Darkside of TheMoon security research โ€“ Black Lotus Labs at Lumen Technologies discovered a multi-year campaign targeting end-of-life routers and IoT devices using an updated version of TheMoon malware. https://blog.lumen.com/the-darkside-of-themoon/

๐Ÿ” Cisco warns of password-spraying attacks targeting Secure Firewall devices warning https://securityaffairs.com/161205/hacking/cisco-warns-password-spraying-attacks.html

๐Ÿ’ฐ Rewards for Justice โ€“ Reward Offer for Information on ALPHV BlackCat-linked Cyber Actors Targeting U.S. Critical Infrastructure cybercrime โ€“ Up to $10 million reward for info on ALPHV BlackCat ransomware targeting U.S. infrastructure https://www.state.gov/rewards-for-justice-reward-offer-for-information-on-alphv-blackcat-linked-cyber-actors-targeting-u-s-critical-infrastructure/

โš ๏ธCISA Corner Sharepoint, Ivanti, Fortinet โ€“ Update your s***! https://www.cisa.gov/news-events/alerts/2024/03/26/cisa-adds-one-known-exploited-vulnerability-catalog https://www.cisa.gov/news-events/alerts/2024/03/25/cisa-adds-three-known-exploited-vulnerabilities-catalog Safari & macOS https://www.cisa.gov/news-events/alerts/2024/03/27/apple-released-security-updates-safari-and-macos Cisco IOS and Access Points https://www.cisa.gov/news-events/alerts/2024/03/28/cisco-releases-security-updates-multiple-products

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights.

โ€ผ๏ธ New feature warning โ€“ AI generated mini summariesโ€ผ๏ธ Some of you reached out with feedback and asked for summaries of the articles. Well, I don't want to spend my own time on this, but chat-GPT should be quite good at this. So, I decided to script myself a little python thingy and you now get AI generated single line summaries and categorizations (which nearly double the length of a single post). This is a โ€œwork in progressโ€-feature. I would appreciate feedback and please let me know, if anything is off or I missed grave errors.

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

Highlight ๐Ÿคพโ€โ™€๏ธ Esports league postponed after players hacked midgame hacking news https://techcrunch.com/2024/03/18/esports-league-postponed-after-players-hacked-midgame/ https://www.theverge.com/2024/3/18/24104666/apex-legends-postpones-algs-competition-hack-concerns

For All

๐Ÿค• Meta to shutter key disinformation tracking tool before 2024 election warning โ€“ Meta's closure of CrowdTangle tool sparks criticism as groups fear impeded disinformation monitoring ahead of elections. https://therecord.media/meta-to-shutter-crowdtangle-disinformation-tracking-tool-before-election

๐Ÿฌ FlipperZero โ€“ Our Response to the Canadian Government https://blog.flipper.net/response-to-canadian-government/

๐Ÿ’ธ Crypto scams more costly to US than ransomware, Feds say cybercrime โ€“ Investment fraud led to $4.57 billion losses in 2023, surpassing ransomware costs. https://www.theregister.com/2024/03/19/crypto_scams_cost/

๐Ÿฆ How Spammers, Scammers and Creators Leverage AI-Generated Images on Facebook for Audience Growth cybercrime โ€“ Researchers analyze how spammers leverage AI-generated images, such as Shrimp Jesus, on Facebook for audience growth. https://cyber.fsi.stanford.edu/io/news/ai-spam-accounts-build-followers

๐Ÿฅธ Warning Against Infostealer Disguised as Installer malware โ€“ StealC malware disguised as installer distributed in mass, extorting various data through multiple redirections. https://asec.ahnlab.com/en/63308/

๐Ÿ”“ Email accounts of International Monetary Fund compromised data breach โ€“ 11 accounts breached, incident under investigation. https://securityaffairs.com/160641/hacking/international-monetary-fund-email-compromise.html

๐ŸŠ Remove WordPress miniOrange plugins, a critical flaw can allow site takeover vulnerability โ€“ Uninstall miniOrange plugins; critical privilege escalation flaw enabling site takeover. https://securityaffairs.com/160674/hacking/remove-wordpress-miniorange-plugins.html

๐ŸŽŽ Fujitsu hack raises questions, after firm confirms customer data breach data breach โ€“ Fujitsu warns of potential customer data theft due to malware, lacking details, and uncertain impact. https://grahamcluley.com/fujitsu-hack-raises-questions-after-firm-confirms-customer-data-breach/

๐Ÿค– FTC investigating Reddit plan to sell user content for AI model training privacy โ€“ Reddit's plan to sell user content for AI training sparks privacy concerns. https://therecord.media/ftc-investigating-reddit-selling-user-data-ai

๐Ÿ›‘ Russians will no longer be able to access Microsoft cloud services, business intelligence tools general news โ€“ Microsoft will suspend access to cloud services for Russian users due to European sanctions post-invasion of Ukraine. https://therecord.media/russians-losing-access-microsoft-cloud-amazon

๐Ÿฉป Here's why Twitter sends you to a different site than what you clicked security research โ€“ Twitter link previews can redirect to different websites; security flaw abused by scammers and threat actors. https://www.bleepingcomputer.com/news/security/heres-why-twitter-sends-you-to-a-different-site-than-what-you-clicked/

๐Ÿ’ง Mozilla Drops Onerep After CEO Admits to Running People-Search Networks privacy โ€“ Mozilla ends partnership with Onerep after CEO's admission of founding numerous people-search services. https://krebsonsecurity.com/2024/03/mozilla-drops-onerep-after-ceo-admits-to-running-people-search-networks/

๐ŸŒ Nemesis darknet marketplace raided in Germany-led operation cybercrime https://therecord.media/nemesis-cybercrime-market-takedown-germany

more, For the Curious

๐Ÿ“ฆ Opening Pandora-s box โ€“ Supply Chain Insider Threats in Open Source projects vulnerability โ€“ Open Source projects face supply chain insider threat risks, demonstrated through a responsible disclosure of an RCE vulnerability in AWS. https://boostsecurity.io/blog/opening-pandora-box-supply-chain-insider-threats-in-oss-projects

โ›ด๏ธ Acoustic Side Channel Attack on Keyboards Based on Typing Patterns security research https://arxiv.org/pdf/2403.08740.pdf

๐Ÿ‘ป Shielding Networks From Androxgh0st malware โ€“ AndroxGh0st targets Laravel apps; abuses multiple CVEs for data extraction and RCE. https://blogs.juniper.net/en-us/security/shielding-networks-against-androxgh0st

๐Ÿ“„ Abschlussbericht โ€“ Security Incident: Sรผdwestfalen-IT https://notfallseite.sit.nrw/fileadmin/user_upload/SIT_Incident_Response_v1.1.pdf

๐Ÿฆœ VIDEO by PirateSoftware: Apex Legends Vulnerabilities โ€“ Investigation and Wrap Up hacking news https://www.youtube.com/watch?v=jHf6dkgXfVg

๐Ÿ—๏ธ Microsoft announces deprecation of 1024-bit RSA keys in Windows https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-deprecation-of-1024-bit-rsa-keys-in-windows/

โ›ˆ๏ธ AcidRain | A Modem Wiper Rains Down on Europe malware โ€“ AcidRain wiper attack in Ukraine and Germany linked to Russian invasion, using a new ELF MIPS malware wiping modems and routers. https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/

๐Ÿค Weโ€™re closer to a cybersecurity standard for smart home devices general news โ€“ CSA introduces IoT Device Security Specification and certification to ensure secure smart home devices globally. https://www.theverge.com/2024/3/18/24104906/csa-iot-device-security-specification-product-security-verification-mark

๐Ÿ’” Inside the Massive Alleged AT&T Data Breach data breach โ€“ 70 million AT&T records, including SSNs and DOBs, leaked on a public forum. https://www.troyhunt.com/inside-the-massive-alleged-att-data-breach/

โšก CISA and Partners Release Joint Fact Sheet for Leaders on PRC-sponsored Volt Typhoon Cyber Activity warning โ€“ CISA and partners issue warning on PRC-sponsored Volt Typhoon cyber threat targeting U.S. critical infrastructure. https://www.cisa.gov/news-events/alerts/2024/03/19/cisa-and-partners-release-joint-fact-sheet-leaders-prc-sponsored-volt-typhoon-cyber-activity

๐Ÿคจ Ivanti Releases Security Updates for Neurons for ITSM and Standalone Sentry vulnerability https://www.cisa.gov/news-events/alerts/2024/03/21/ivanti-releases-security-updates-neurons-itsm-and-standalone-sentry

๐Ÿ Unpatchable vulnerability in Apple chip leaks secret encryption keys vulnerability โ€“ Apple chip vulnerability leaks encryption keys due to prefetchers confusions with memory content. https://arstechnica.com/security/2024/03/hackers-can-extract-secret-encryption-keys-from-apples-mac-chips/

โš ๏ธ Pwn2Own Vancouver 2024: participants earned $1,132,500 for 29 unique 0-days hacking news https://securityaffairs.com/160901/hacking/pwn2own-vancouver-2024-final-result.html

๐Ÿฆฅ NVD slowdown leaves thousands of vulnerabilities without analysis data vulnerability โ€“ NVD stopped updating vulnerabilities analysis, leading to thousands of unanalyzed CVEs, affecting security tools and vulnerability management. https://www.theregister.com/2024/03/22/opinion_column_nist/

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

Highlights ๐Ÿšธ Hackers are targeting a surprising group of people: young public school students Don't be afraid, but please be aware https://www.npr.org/2024/03/12/1237497833/students-schools-cybersecurity-hackers-credit

๐Ÿ”‘ Open Source Password Managers: Overview, Pros & Cons Use a password manager! Please!!! https://www.techrepublic.com/article/open-source-password-manager/

For All

๐Ÿ’โ€โ™€๏ธ Microsoft says Windows 10 21H2 support is ending in June https://www.bleepingcomputer.com/news/microsoft/microsoft-says-windows-10-21h2-support-is-ending-in-june/

โœ‚ CISA forced to take two systems offline last month after Ivanti compromise https://therecord.media/cisa-takes-two-systems-offline-following-ivanti-compromise

๐ŸŽญ CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms https://krebsonsecurity.com/2024/03/ceo-of-data-privacy-company-onerep-com-founded-dozens-of-people-search-firms/

๐ŸŽฆ Airbnb is banning indoor security cameras https://www.theverge.com/2024/3/11/24097107/airbnb-indoor-security-camera-ban

๐Ÿ“ท Wi-Fi jamming to knock out cameras suspected in nine Minnesota burglaries https://www.tomshardware.com/networking/wi-fi-jamming-to-knock-out-cameras-suspected-in-nine-minnesota-burglaries-smart-security-systems-vulnerable-as-tech-becomes-cheaper-and-easier-to-acquire

โ†”๏ธ How to share sensitive files securely online https://www.welivesecurity.com/en/how-to/share-sensitive-files-securely-online/

๐ŸŽจ ASCII art elicits harmful responses from 5 major AI chatbots https://arstechnica.com/security/2024/03/researchers-use-ascii-art-to-elicit-harmful-responses-from-5-major-ai-chatbots/

๐Ÿ‘ƒ Hackers can read private AI-assistant chats even though theyโ€™re encrypted TL;DR sniffing traffic can be enough https://arstechnica.com/security/2024/03/hackers-can-read-private-ai-assistant-chats-even-though-theyre-encrypted/

๐Ÿ‘จโ€๐Ÿฆฏ British authorities have never detected a breach of ransomware sanctions โ€” but is that good or bad news? https://therecord.media/uk-authorities-have-never-detected-ransomware-payment-sanction-violation

Incognito Corner My big one this week. Bad guys acting like bad guys. What a surprise! ๐Ÿ’ฃ Incognito Market: The not-so-secure dark web drug marketplace https://grahamcluley.com/incognito-market-the-not-so-secure-dark-web-drug-marketplace/ โ™Ÿ Incognito Darknet Market Mass-Extorts Buyers, Sellers https://krebsonsecurity.com/2024/03/incognito-darknet-market-mass-extorts-buyers-sellers/ ๐Ÿ’ฐ Millions in BTC, XMR possibly stolen after reports of darknet market โ€˜exit scamโ€™ https://cointelegraph.com/news/bitcoin-monero-reportedly-stolen-darknet-market-exit-scam

more, For the Curious

โฑ Risky Biz News: NIST NVD stopped enriching CVEs a month ago Recommending the main story of this weekly news summary https://news.risky.biz/risky-biz-news-nist-nvd-stopped-enriching-cves-last-month/

๐Ÿ‘ฉโ€โœˆ๏ธ Microsoftโ€™s Security Copilot Enters General Availability Scaaary! ๐Ÿ˜ฑ https://www.techrepublic.com/article/microsoft-security-copilot-experience-center/

๐Ÿง† Misconfiguration Manager โ€“ knowledge base for Microsoft Configuration Manager tradecraft and hardening guidance https://github.com/subat0mik/Misconfiguration-Manager

๐Ÿงน Using ChatGPT to Deobfuscate Malicious Scripts, (Wed, Mar 13th) https://isc.sans.edu/diary/rss/30740

๐ŸŽก What a Cluster: Local Volumes Vulnerability in Kubernetes CVE-2023-5528 writeup https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges

๐Ÿฆœ PixPirate: The Brazilian financial malware you canโ€™t see https://securityintelligence.com/posts/pixpirate-brazilian-financial-malware/

๐Ÿงž Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data

๐Ÿ‘จโ€โš–๏ธ On the new Dutch Intelligence and Security Law https://berthub.eu/articles/posts/dutch-intelligence-and-security-law/

๐Ÿ‘ป GhostRace โ€“ Exploiting and Mitigating Speculative Race Conditions https://www.vusec.net/projects/ghostrace/

๐Ÿ’น RisePro stealer targets Github users in โ€œgitgubโ€ campaign https://www.gdatasoftware.com/blog/2024/03/37885-risepro-stealer-campaign-github

๐Ÿคช Real-time, privacy-preserving URL protection https://security.googleblog.com/2024/03/blog-post.html

๐Ÿงฆ The LockBit story: Why the ransomware affiliate model can turn takedowns into disruptions https://blog.talosintelligence.com/ransomware-affiliate-model/

๐Ÿงต The 2024 Sophos Threat Report: Cybercrime on Main Street https://news.sophos.com/en-us/2024/03/12/2024-sophos-threat-report

๐Ÿ’ผ Beware of the Messengers, Exploiting ActiveMQ Vulnerability Good read if you want to know a liitle more about โ€œActiveMQโ€ https://www.cybereason.com/blog/beware-of-the-messengers-exploiting-activemq-vulnerability

โš™ AUTOATTACKER: A Large Language Model Guided System to Implement Automatic Cyber-attacks https://arxiv.org/pdf/2403.01038.pdf

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

Highlights โœ–๏ธ The new X calling feature can hurt your privacy https://techcrunch.com/2024/03/04/elon-musk-x-twitter-calling-privacy-switch-off/ โš ๏ธ IP address X-posure now a feature on Musk's social media thing https://www.theregister.com/2024/03/05/ip_address_xposure_now_a/

๐Ÿง  Additional Critical Security Issues Affecting TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199) โ€“ Update to 2023.11.4 Now JetBrains TeamCity https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/

For All

๐Ÿ„ Content farm impersonates 60+ major news outlets, like BBC, CNN, CNBC https://www.bleepingcomputer.com/news/security/content-farm-impersonates-60-plus-major-news-outlets-like-bbc-cnn-cnbc/

๐Ÿ• PetSmart warns of credential stuffing attacks trying to hack accounts Smart reaction! https://www.bleepingcomputer.com/news/security/petsmart-warns-of-credential-stuffing-attacks-trying-to-hack-accounts/

๐Ÿฆ Predator spyware infrastructure taken down after exposure https://cyberscoop.com/predator-spyware-infrastructure-taken-down/

๐ŸŽ  Pegasus spyware creator ordered to reveal code used to spy on WhatsApp users https://www.malwarebytes.com/blog/news/2024/03/pegasus-spyware-creator-ordered-to-reveal-code-used-to-spy-on-whatsapp-users

๐Ÿ“ณ Surveillance through Push Notifications https://www.schneier.com/blog/archives/2024/03/surveillance-through-push-notifications.html

๐Ÿซจ Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say https://www.wired.com/story/meta-hacked-users-draining-resources/

๐ŸŽ About the security content of iOS 17.4 and iPadOS 17.4 https://support.apple.com/en-us/HT214081

๐Ÿ–ฅ๏ธ VMware Releases Security Advisory for Multiple Products https://www.cisa.gov/news-events/alerts/2024/03/06/vmware-releases-security-advisory-multiple-products

โ„๏ธ Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

Change Healthcare/Alphv Corner Choose your source โ€“ this is the big one at the moment ๐Ÿˆโ€โฌ› Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment https://www.wired.com/story/alphv-change-healthcare-ransomware-payment/ โค๏ธโ€๐Ÿฉน BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare https://krebsonsecurity.com/2024/03/blackcat-ransomware-group-implodes-after-apparent-22m-ransom-payment-by-change-healthcare/ โ†˜๏ธ BlackCat ransomware shuts down in exit scam, blames the โ€œfedsโ€ https://www.bleepingcomputer.com/news/security/blackcat-ransomware-shuts-down-in-exit-scam-blames-the-feds/ ๐Ÿฅท Ransomware group behind Change Healthcare attack goes dark https://cyberscoop.com/ransomware-group-behind-change-healthcare-attack-goes-dark/ ๐ŸŸ๏ธ After collecting $22 million, AlphV ransomware group stages FBI takedown https://arstechnica.com/security/2024/03/alphv-ransomware-site-claims-it-was-seized-by-fbi-researchers-suspect-22m-scam/

more, For the Curious

๐Ÿชฒ Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices https://securityaffairs.com/160224/hacking/fortios-bug-cve-2024-21762-150k-devices.html

๐Ÿ—จ๏ธ Stealthy GTPDOOR Linux malware targets mobile operator networks I missed this one last week https://www.bleepingcomputer.com/news/security/stealthy-gtpdoor-linux-malware-targets-mobile-operator-networks/

โŒ› Hackers exploited Windows 0-day for 6 months after Microsoft knew of it https://arstechnica.com/security/2024/03/hackers-exploited-windows-0-day-for-6-months-after-microsoft-knew-of-it/

๐Ÿงข Living off the land with native SSH and split tunnelling https://www.pentestpartners.com/security-blog/living-off-the-land-with-native-ssh-and-split-tunnelling/

โ™ฃ๏ธ Delving into Dalvik: A Look Into DEX Files https://www.mandiant.com/resources/blog/dalvik-look-into-dex-files

๐Ÿฆ… CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices https://www.cisa.gov/news-events/alerts/2024/03/07/cisa-and-nsa-release-cybersecurity-information-sheets-cloud-security-best-practices

๐Ÿ‘ CISA Announces New Efforts to Help Secure Open Source Ecosystem https://www.cisa.gov/news-events/news/cisa-announces-new-efforts-help-secure-open-source-ecosystem

๐Ÿš Does Confluence Dream of Shells? https://vulncheck.com/blog/confluence-dreams-of-shells

๐Ÿงฒ Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/

๐Ÿ“š LEARNING LESSONS FROM THE CYBER-ATTACK โ€œoverview of the cyber-attack on the British Library that took place in October 2023โ€ โ€“ 18 Pages worth the read https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub