๐Ÿ“ฐwrzlbrmpft's cyberlights๐Ÿ’ฅ

weekly cybersecurity highlights (for everyone!)

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿ“ฆ Vorsicht vor gefรคlschten Paketbenachrichtigungen warning โ€“ Kriminelle nutzen die Black Friday Zeit, um gefรคlschte Paketbenachrichtigungen zu versenden, die Nutzer zur Zahlung von angeblichen Versandkosten verleiten und sie in Abofallen locken. https://www.watchlist-internet.at/news/falsche-paketbenachrichtigungen/

๐Ÿงฑ Google blocked 1000 pro China websites from services security news โ€“ Google has blocked over 1,000 sites linked to a network promoting pro-China narratives, exposing coordinated disinformation tactics that blur the lines between authentic and fake news. https://www.theregister.com/2024/11/25/google_beijing_propaganda/

๐Ÿ“ฆ Supply chain vendor Blue Yonder succumbs to ransomware cybercrime โ€“ Blue Yonder has suffered a ransomware attack, disrupting services and affecting customers like Starbucks and UK retailers, who are struggling to maintain supply chain operations. https://www.theregister.com/2024/11/26/blue_yonder_ransomware/

๐Ÿ“ž Malware linked to Salt Typhoon used to hack telcos around the world security news โ€“ Salt Typhoon, a sophisticated Chinese APT group, has exploited various vulnerabilities to infiltrate telecom companies globally, using advanced malware and tactics for cyber-espionage. https://cyberscoop.com/salt-typhoon-us-telecom-hack-earth-estries-trend-micro-report/

๐Ÿ”ง Weekend QNAP, Veritas bugs hit patch pipelines vulnerability โ€“ QNAP patched 24 vulnerabilities in its products, including critical flaws in Notes Station 3, while Veritas faces delays in addressing seven critical vulnerabilities in its Enterprise Vault software. https://www.theregister.com/2024/11/26/qnap_veritas_vulnerabilities/

๐Ÿš” Emergency Vehicle Lights Can Screw Up a Carโ€™s Automated Driving System security research โ€“ Research reveals that emergency vehicle lights can disrupt camera-based automated driving systems, causing them to misidentify objects and potentially leading to accidents, highlighting vulnerabilities in AI driving tech. https://www.wired.com/story/emergency-vehicle-lights-can-screw-up-a-cars-automated-driving-system/

๐Ÿšซ Steam Removes Oct 7 Game at Request of UK Counter-Terrorism Unit security news โ€“ Valve removed the game 'Fursan al-Aqsa' from Steam in the UK at the request of the Counter-Terrorism Internet Referral Unit, citing concerns over its portrayal of violence related to the Israel-Palestine conflict. https://www.404media.co/steam-removes-oct-7-game-at-request-of-uk-counter-terrorism-unit/

๐Ÿ”“ Canadian privacy regulators publish details of medical testing companyโ€™s data breach data breach โ€“ A court ruling has allowed the public release of a report detailing a 2019 data breach at LifeLabs, exposing millions of Canadians' health data and revealing inadequate security measures. https://therecord.media/canadian-privacy-regulators-publish-life-labs-investigation

๐Ÿฆ  Russia-linked hackers exploited Firefox and Windows bugs in 'widespread' hacking campaign security research โ€“ RomCom, a Russian-linked hacking group, exploited zero-day vulnerabilities in Firefox and Windows to deploy malware via a 'zero-click' exploit, targeting users in Europe and North America. https://techcrunch.com/2024/11/26/russia-linked-hackers-exploited-firefox-and-windows-zero-day-bugs-in-widespread-hacking-campaign/

๐Ÿคซ US alleges man is cybercrook with distaste for opsec cybercrime โ€“ Nicholas Kloster, 31, is accused of a cybercrime spree in Missouri, including unauthorized access and damage to computers, showing a blatant disregard for operational security. https://www.theregister.com/2024/11/26/kansas_city_cybercrime_charges/

๐Ÿ“Š Someone Made a Dataset of One Million Bluesky Posts for 'Machine Learning Research' privacy โ€“ A dataset of one million public Bluesky posts was released for machine learning research but was later removed by its creator, citing violations of transparency and consent principles. https://www.404media.co/someone-made-a-dataset-of-one-million-bluesky-posts-for-machine-learning-research/

๐Ÿ‘” NSO Group Spies on People on Behalf of Governments privacy โ€“ NSO Group, known for selling Pegasus spyware, reportedly operates the spyware on behalf of governments, revealing that they install and extract data from targeted devices themselves. https://www.schneier.com/blog/archives/2024/11/nso-group-spies-on-people-on-behalf-of-governments.html

โš–๏ธ Judge rejects data brokersโ€™ bid to throw out case brought by law enforcement officers privacy โ€“ A federal judge denied data brokers' motion to dismiss a lawsuit by New Jersey law enforcement officers under Daniel's Law, which protects their personal information from being disclosed online. https://therecord.media/judge-rejects-bid-to-throw-out-data-broker-police-privacy-case

๐ŸŽฎ Russian Disinformation Campaign Spreads Lies About Ukraine's โ€˜Stalker 2โ€™ security news- A Russian disinformation campaign falsely claims that the Ukrainian game Stalker 2 is used for military enlistment and data collection, aiming to undermine the game's significance amidst the ongoing conflict. https://www.404media.co/stalker2-disinformation/

๐Ÿ“ณ T-Mobile says telco hackers had 'no access' to customer call and text message logs data breach โ€“ T-Mobile stated that hackers did not access customer calls, texts, or voicemails during a cyberattack linked to the China-backed group Salt Typhoon, while emphasizing their robust cybersecurity measures. https://techcrunch.com/2024/11/27/t-mobile-says-telco-hackers-had-no-access-to-customer-call-and-text-message-logs/

๐Ÿšข Investigators think a Chinese ship purposefully cut critical data cables security news โ€“ European investigators allege a Chinese ship intentionally dragged its anchor to sever two critical data cables, potentially linked to Russian intelligence, while the Kremlin denies involvement. https://techcrunch.com/2024/11/27/investigators-think-a-chinese-ship-purposefully-cut-critical-data-cables/

๐Ÿ’ป Mimic Ransomware: What You Need To Know malware โ€“ Mimic ransomware, first identified in 2022, encrypts files and may exfiltrate data, leveraging the legitimate 'Everything' tool for quick file access. Infected files have a '.QUIETPLACE' extension, and a new variant called Elpaco has emerged, targeting systems via RDP. https://www.tripwire.com/state-of-security/mimic-ransomware-what-you-need-know

โšฝ Italian football club Bologna FC says company data stolen during ransomware attack data breach โ€“ Bologna FC confirmed a ransomware attack by RansomHub, resulting in the theft of 200GB of sensitive data, including financial documents and player medical records, which may be leaked online. https://therecord.media/italian-football-club-blogna-fc-ransomware

๐Ÿ“ฑ 15 SpyLoan Android apps found on Google play had over 8 million installs malware โ€“ McAfee identified 15 SpyLoan apps on Google Play with over 8 million installs, exploiting users through deceptive tactics to collect sensitive data and leading to extortion and harassment. https://securityaffairs.com/171553/cyber-crime/15-spyloan-android-apps-on-google-play.html


Some More, For the Curious

๐Ÿคฆโ€โ™‚๏ธ Malicious NPM Package Exploits React Native Documentation Example security research โ€“ A malicious npm package mimicked official React Native documentation, tricking developers and highlighting vulnerabilities in supply chain security. Vigilance is essential to prevent such attacks. https://checkmarx.com/blog/malicious-npm-package-exploits-react-native-documentation-example/

๐Ÿ—ณ๏ธ Security Analysis of the MERGE Voting Protocol security research โ€“ The MERGE voting protocol, intended for internet voting, is criticized for its fundamental flaws and the impracticality of ensuring trustworthy elections without significant legal and administrative reforms. https://www.schneier.com/blog/archives/2024/11/security-analysis-of-the-merge-voting-protocol.html

๐ŸŽฎ The Exploitation of Gaming Engines: A New Dimension in Cybercrime cybercrime โ€“ Cybercriminals exploit Godot Engine to distribute malware undetected, infecting over 17,000 machines. This new trend poses significant risks to developers and gamers alike. https://blog.checkpoint.com/research/the-exploitation-of-gaming-engines-a-new-dimension-in-cybercrime/

๐Ÿšจ Malware campaign abused flawed Avast Anti security research โ€“ Threat actors exploited a vulnerable Avast Anti-Rootkit driver to gain kernel-level access, disable security tools, and compromise systems, highlighting the risks of flawed drivers in malware campaigns. https://securityaffairs.com/171340/hacking/avast-anti-rootkit-driver-abused-malware-campaign.html

๐Ÿ›ก๏ธ Zyxel firewalls targeted in recent ransomware attacks vulnerability โ€“ Zyxel warns that a ransomware group is exploiting a patched command injection vulnerability in its firewalls, allowing attackers to execute OS commands if certain conditions are met. https://securityaffairs.com/171382/cyber-crime/zyxel-firewall-ransomware-attacks.html

๐Ÿ”‘ BitLocker Security: Are Your Keys Truly Safe? hacking write-up โ€“ BitLocker's security relies on the TPM, but its default configuration may expose vulnerabilities. Without additional authentication, attackers can sniff the TPM bus and access encryption keys, compromising data. https://blog.nviso.eu/2024/11/26/wake-up-and-smell-the-bitlocker-keys/

๐Ÿง‘โ€๐Ÿ’ป The source code of Banshee Stealer leaked online malware โ€“ Banshee Stealer, a macOS malware for stealing sensitive data, has had its source code leaked on GitHub, leading to the shutdown of its operations by the developers. https://securityaffairs.com/171423/malware/the-source-code-of-banshee-stealer-leaked-online.html

๐Ÿ“„ The Four Question Framework for Threat Modeling security research โ€“ Shostack + Associates has released a free whitepaper on the Four Question Framework for Threat Modeling, emphasizing the importance of consistent phrasing to maintain nuance and intent in security discussions. https://shostack.org/blog/four-question-frame/

โš ๏ธ ProjectSend critical flaw actively exploited in the wild, experts warn vulnerability โ€“ A critical vulnerability in ProjectSend (CVE-2024-11680) is being actively exploited, allowing unauthorized access and webshell uploads. Many instances remain unpatched, raising significant security concerns. https://securityaffairs.com/171494/hacking/projectsend-critical-flaw-actively-exploited.html

๐Ÿ‡ Race Condition Attacks against LLMs security research โ€“ New attacks against LLMs include 'Flowbreaking,' which disrupts guardrails, and 'Second Thoughts,' where LLMs retract sensitive content if a user interrupts the response. These exploit vulnerabilities in the surrounding application architecture. https://www.schneier.com/blog/archives/2024/11/race-condition-attacks-against-llms.html

๐Ÿ”’ Zabbix urges upgrades after SQL injection bug disclosure vulnerability โ€“ Zabbix warns of a critical SQL injection vulnerability (CVE-2024-42327) affecting multiple product versions, potentially allowing full system compromise. Users are urged to upgrade to the latest versions for protection. https://www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/

๐Ÿฑ Code found online exploits LogoFAIL to install Bootkitty Linux backdoor malware โ€“ Malicious code exploiting the LogoFAIL vulnerability can hijack the boot process of certain Linux devices from manufacturers like Acer and HP, allowing installation of the Bootkitty backdoor without user interaction. https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/


CISA Corner

โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2023-28461, a vulnerability in Array Networks, to its catalog due to active exploitation, underscoring the need for federal agencies to address known vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/11/25/cisa-adds-one-known-exploited-vulnerability-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

โš ๏ธ PSA: You shouldn't upload your medical images to AI chatbots privacy โ€“ Users are cautioned against uploading private medical images to AI chatbots like Grok, as it risks exposing sensitive data, which may be used to train models and shared without clear protections. https://techcrunch.com/2024/11/19/psa-you-shouldnt-upload-your-medical-images-to-ai-chatbots/


News For All

๐ŸŒŸ These alternatives to popular apps can help reclaim your online life from billionaires and surveillance privacy โ€“ Explore privacy-focused alternatives to popular apps that empower you to control your data, avoiding surveillance and monetization by big tech companies. https://techcrunch.com/2024/11/24/these-alternatives-to-popular-apps-can-help-reclaim-your-online-life-from-billionaires-and-surveillance/

๐Ÿ•ต๏ธโ€โ™€๏ธ Women In Russian-Speaking Cybercrime: Mythical Creatures or Significant Members of Underground? cybercrime โ€“ This article explores the underrepresented roles of women in Russian-speaking cybercrime, revealing their contributions, challenges, and evolving dynamics amid geopolitical tensions, highlighting both historical and contemporary insights. https://www.sans.org/blog/women-in-russian-speaking-cybercrime-mythical-creatures-or-significant-members-of-underground

๐ŸŽถ Spotify abused to promote pirated software and game cheats cybercrime โ€“ Threat actors are exploiting Spotify playlists and podcasts to promote pirated software and game cheats, leveraging Spotify's SEO benefits to drive traffic to malicious sites. https://www.bleepingcomputer.com/news/security/spotify-abused-to-promote-pirated-software-and-game-cheats/

๐Ÿฆ  Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden malware โ€“ A malvertising campaign on Facebook disguised as Bitwarden updates spreads malware through fake ads, tricking users into installing malicious Chrome extensions that exploit business accounts. https://hackread.com/facebook-malvertising-malware-via-fake-bitwarden/

โš ๏ธ Really Simple Security plugin flaw impacts 4M+ WordPress sites vulnerability โ€“ A critical vulnerability (CVE-2024-10924) in the Really Simple Security plugin affects over 4 million WordPress sites, allowing attackers to bypass authentication and gain full admin access. A fix has been released. https://securityaffairs.com/171100/hacking/really-simple-security-plugin-flaw-affects-4m-sites.html

๐Ÿ’ป Ransomware gang Akira leaks unprecedented number of victimsโ€™ data in one day cybercrime โ€“ The Akira ransomware gang leaked a record 35 victims' data in one day, showcasing their aggressive tactics. This marks a significant surge in their operations since emerging in 2023. https://therecord.media/akira-ransomware-group-publishes-unprecedented-leak-data

๐Ÿšจ Alleged Russian Phobos ransomware administrator extradited to U.S., in custody cybercrime โ€“ Evgenii Ptitsyn, a Russian alleged Phobos ransomware administrator, has been extradited to the U.S. after extorting over $16 million from more than 1,000 victims worldwide, facing multiple charges. https://cyberscoop.com/alleged-russian-phobos-ransomware-administrator-extradited-to-u-s-in-custody/

๐Ÿ›’ Scammer Black Friday offers: Online shopping threats and dark web sales security news โ€“ Kaspersky's report highlights the surge in online shopping-related cyber threats, including phishing attacks, fake mobile apps, and banking trojans, emphasizing the risks during Black Friday and the role of the dark web in selling stolen data. https://securelist.com/black-friday-report-2024/114589/

๐Ÿ”’ Microsoft beefs up Windows security with new recovery and patching features security news โ€“ In response to the CrowdStrike outage, Microsoft announced enhancements to Windows security, including Quick Machine Recovery, kernel mode changes for antivirus, and Administrator Protection for user permissions, aimed at improving system resilience and recovery. https://techcrunch.com/2024/11/19/microsoft-beefs-up-windows-security/

โš–๏ธ German court says victims of massive Facebook data breach can be compensated data breach โ€“ A German court ruled that victims of the 2021 Facebook data breach can claim โ‚ฌ100 ($105) in compensation, acknowledging non-material damage due to loss of control over personal data, despite no financial loss evidence. https://therecord.media/german-court-says-victims-facebook-breach-compensation

๐ŸŒ Niantic uses Pokรฉmon Go player data to build AI navigation system security news โ€“ Niantic is developing a 'Large Geospatial Model' for AI navigation, using visual scans from Pokรฉmon Go and Scaniverse players, leveraging over 10 million scanned locations worldwide to enhance augmented reality applications. https://arstechnica.com/ai/2024/11/niantic-uses-pokemon-go-player-data-to-build-ai-navigation-system/

๐Ÿ“ Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany security news โ€“ A report reveals that a data broker is selling detailed location data of US military and intelligence personnel in Germany, raising national security concerns as this information can be exploited for espionage and other malicious activities. https://www.wired.com/story/phone-data-us-soldiers-spies-nuclear-germany/

๐Ÿ“บ Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events security research โ€“ Threat actors exploit misconfigured JupyterLab and Jupyter Notebook servers to hijack environments for illegal sports streaming, using tools like ffmpeg to capture and redistribute broadcasts, posing significant risks to organizations. https://securityaffairs.com/171193/cyber-crime/misconfigured-jupyterlab-and-jupyter-notebooks-illegal-live-sports-streaming.html

๐Ÿ“ฑ Malicious QR Codes: How big of a problem is it, really? security news โ€“ Malicious QR codes exploit weaknesses in anti-spam filters, with around 60% of emails containing QR codes being spam. Security experts recommend caution when scanning QR codes, as they can lead to phishing or malware sites. https://blog.talosintelligence.com/malicious_qr_codes/

๐Ÿšธ UK says a new law banning social media for under-16s is 'on the table' security news โ€“ The UK government is considering a ban on social media for under-16s to protect children's wellbeing, with a new study announced to assess social media's impact. The proposal aligns with the upcoming Online Safety Act aimed at enhancing online safety for children. https://therecord.media/britain-social-media-ban-children-proposal

๐Ÿฅ 750,000 Patients' Medical Records Exposed After Data Breach at French data breach โ€“ A cyber attack on a French hospital exposed the medical records of over 750,000 patients, with the hacker claiming access to data from multiple healthcare facilities. The breach was linked to stolen login credentials for the Mediboard system. https://www.tripwire.com/state-of-security/750000-patients-medical-records-exposed-after-data-breach-french-hospital

๐Ÿ’ฐ DeliveryHero subsidiary fined \$5.2 million for tracking driversโ€™ geolocation privacy โ€“ Italy's data privacy regulator fined Foodinho S.r.l. โ‚ฌ5 million ($5.2 million) for illegally tracking drivers' geolocation, including outside working hours, and sharing data with third parties without consent. The company is also prohibited from using biometric data for identity verification. https://therecord.media/deliveryhero-subsidiary-fined-5-million-geolocation-data

๐Ÿ– Meta cracks down on millions of accounts it tied to pig-butchering scams security news โ€“ Meta has removed millions of accounts linked to pig-butchering scams, a fraudulent scheme costing victims billions. The crackdown aims to protect users from organized crime. https://cyberscoop.com/meta-cracks-down-on-millions-of-accounts-it-tied-to-pig-butchering-scams/

๐ŸŽ‰ Hackers break into Andrew Tateโ€™s online โ€˜university,โ€™ steal user data and flood chats with emojis data breach โ€“ Hackers accessed data of nearly 800,000 users from Andrew Tate's online course, leaking emails and private chats while disrupting chats. https://techcrunch.com/2024/11/21/hackers-break-into-andrew-tates-online-university-steal-user-data-and-flood-chats-with-emojis/


Some More, For the Curious

๐Ÿ”“ BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA security research โ€“ BrazenBamboo exploits a zero-day vulnerability in FortiClient to extract user VPN credentials using their DEEPDATA malware, highlighting the ongoing threat of credential theft. https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/

๐Ÿ”’ What To Use Instead of PGP security research โ€“ The article argues against using PGP for secure communications, recommending better alternatives like Sigstore, SSH signatures, Magic Wormhole, and Signal for various use cases, emphasizing modern tools over outdated methods. https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

๐Ÿ›ก๏ธ Inside the Threat: A Behind-the-Scenes Look at Stopping an Active Intrusion cyber defense โ€“ This article details a proactive investigation into an active intrusion, showcasing how early detection, vigilant employees, and layered security measures thwarted a potentially devastating ransomware attack. https://sec-consult.com/blog/detail/inside-the-threat-a-behind-the-scenes-look-at-stopping-an-active-intrusion/

๐Ÿ“ Azure Detection Engineering: Log idiosyncrasies you should know about cyber defense โ€“ This article discusses various inconsistencies and intricacies in Azure logs, including schema, IP addresses, user-agent fields, and UUID formatting, offering insights for better monitoring and detection in Azure environments. https://tracebit.com/blog/azure-detection-engineering-log-idiosyncrasies-you-should-know-about

๐Ÿ” CVE-2024-10524 Wget Zero Day Vulnerability vulnerability โ€“ A zero-day vulnerability (CVE-2024-10524) in Wget allows attackers to exploit shorthand HTTP URLs, potentially leading to phishing, SSRF, and MiTM attacks. A patch has been released in version 1.25.0. https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/

โš ๏ธ Critical 9.8-rated VMware vCenter RCE bug under exploit security news โ€“ Two VMware vCenter vulnerabilities, CVE-2024-38812 and CVE-2024-38813, have been confirmed exploited in the wild, including a critical RCE flaw rated 9.8. Urgent fixes are required. https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/

๐ŸŽˆ Microsoft announces its own Black Hat-like hacking event with big rewards for AI security security news โ€“ Microsoft is launching Zero Day Quest, a major hacking event aimed at discovering cloud and AI security flaws, offering $4 million in rewards. The event emphasizes collaboration with security researchers and aims to enhance industry-wide security practices. https://www.theverge.com/2024/11/19/24299999/microsoft-zero-day-quest-hacking-event-ai-cloud-security

๐Ÿฉถ Leaked Documents Show What Phones Secretive Tech โ€˜Graykeyโ€™ Can Unlock privacy โ€“ Leaked documents reveal that Graykey, a law enforcement tool for unlocking phones, can only access partial data from modern iPhones running iOS 18 and iOS 18.0.1, highlighting the ongoing battle between forensics tools and phone security. https://www.404media.co/leaked-documents-show-what-phones-secretive-tech-graykey-can-unlock-2/

๐Ÿ› ๏ธ Botnet serving as โ€˜backboneโ€™ of malicious proxy network taken offline security research โ€“ The ngioweb botnet, a key player in malicious proxy services, has been dismantled by security experts. This botnet, primarily composed of compromised IoT devices and routers, facilitated various cybercrimes, including DDoS attacks and credential stuffing. https://cyberscoop.com/proxy-services-cybercrime-ngioweb-botnet-nsocks/

๐Ÿ”’ Fintech giant Finastra confirms it's investigating a data breach data breach โ€“ Finastra is investigating a data breach involving its internal Secure File Transfer Platform after a hacker claimed to sell 400GB of stolen data from the companyโ€™s banking clients. Initial evidence suggests compromised credentials. https://techcrunch.com/2024/11/20/fintech-giant-finastra-confirms-its-investigating-a-data-breach/

๐Ÿ–‡๏ธ D-Link says replace vulnerable routers or risk pwnage vulnerability โ€“ D-Link has advised users of older VPN router models to replace them due to a serious unauthenticated remote code execution vulnerability. The company will not issue patches for affected devices, which have reached end of life, and is offering a discount on a new model. https://www.theregister.com/2024/11/20/dlink_rip_replace_router/

๐Ÿ”’ A new โ€˜ultra-secureโ€™ phone carrier says it can make you harder to track security news โ€“ Cape, a new privacy-focused phone carrier, aims to protect users' data by minimizing personal information collection and offering a pre-configured Android phone with enhanced security features, targeting high-risk individuals. https://www.theverge.com/2024/11/21/24302416/cape-ultra-secure-phone-data-collection-tracking

๐ŸŽ›๏ธ Finding Access Control Vulnerabilities with Autorize cyber defense โ€“ This article discusses how to identify access control vulnerabilities using Autorize, focusing on vertical and horizontal access control issues in web applications, and highlights the importance of proper session management and user permissions. https://www.blackhillsinfosec.com/finding-access-control-vulnerabilities-with-autorize/

๐Ÿ˜๏ธ Spies hack Wi-Fi networks in far-off land to launch attack on target next door security research โ€“ Russian hackers linked to Fancy Bear executed a 'Nearest Neighbor Attack' by compromising a nearby Wi-Fi-enabled device to access a high-value target's network, exploiting credential weaknesses without needing physical proximity. https://arstechnica.com/security/2024/11/spies-hack-wi-fi-networks-in-far-off-land-to-launch-attack-on-target-next-door/

๐Ÿ˜ฑ 'Alarming' security bugs lay low in Linux's needrestart utility for 10 years vulnerability โ€“ Five critical vulnerabilities in the needrestart utility allow local attackers to gain root access, posing severe risks to system security. Immediate updates are urged. https://www.theregister.com/2024/11/21/qualys_needrestart_linux_vulnerabilities/


CISA Corner

๐Ÿ” Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization security research โ€“ CISA conducted a red team assessment revealing critical vulnerabilities in a US critical infrastructure organization, highlighting issues with insufficient technical controls, lack of staff training, and ineffective monitoring that allowed attackers to exploit systems. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a

โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, including command injection and authentication bypass flaws in Kemp LoadMaster and Palo Alto Networks PAN-OS, urging users to review related security bulletins. https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added two vulnerabilities, CVE-2024-38812 and CVE-2024-38813, related to VMware vCenter Server, to its Known Exploited Vulnerabilities Catalog, highlighting significant risks for federal agencies and the need for prompt remediation. https://www.cisa.gov/news-events/alerts/2024/11/20/cisa-adds-two-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, including code execution and XSS vulnerabilities in Apple products and an incorrect authorization flaw in Oracle PLM, highlighting significant risks for federal agencies. https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-adds-three-known-exploited-vulnerabilities-catalog

โš™๏ธ CISA Releases One Industrial Control Systems Advisory vulnerability โ€“ CISA issued an advisory (ICSA-24-324-01) on November 19, 2024, regarding vulnerabilities in Mitsubishi Electric's MELSEC iQ-F Series. Users are urged to review the advisory for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/11/19/cisa-releases-one-industrial-control-systems-advisory โš™๏ธ CISA Releases Seven Industrial Control Systems Advisories vulnerability โ€“ CISA has released seven advisories on November 21, 2024, addressing security issues and vulnerabilities in various Industrial Control Systems, including products from Automated Logic and Schneider Electric. https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-releases-seven-industrial-control-systems-advisories

๐Ÿ”’ Apple Releases Security Updates for Multiple Products security news โ€“ Apple has released security updates to fix vulnerabilities in various products, warning that cyber threat actors could exploit these flaws to gain control of affected systems. Users are urged to apply the updates. https://www.cisa.gov/news-events/alerts/2024/11/20/apple-releases-security-updates-multiple-products


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

๐Ÿฆ Einladung ins Fediverse: Mastodon als Alternative zu X, Instagram und Co. privacy โ€“ The article invites readers to consider Mastodon as a privacy-friendly alternative to popular social media platforms like X and Instagram, encouraging sharing and engagement through various channels. https://www.kuketz-blog.de/einladung-ins-fediverse-mastodon-als-alternative-zu-x-instagram-und-co/

๐Ÿ›ก๏ธ Kritische Sicherheitslรผcke in Laravel Framework โ€“ Updates verfรผgbar warning โ€“ The article about a critical vulnerability in Laravel is provided by CERT.at, Austria's Computer Emergency Response Team. https://www.cert.at/de/warnungen/2024/11/kritische-sicherheitslucke-in-laravel-framework-updates-verfugbar


News For All

โ“ Brauchst du wirklich ein VPN? privacy โ€“ The article explores whether a VPN is necessary for online privacy and security, highlighting both its benefits and limitations in protecting personal data. https://www.kuketz-blog.de/brauchst-du-wirklich-ein-vpn/

๐Ÿ’ผ Hacker erbeuten Firmendaten des Statistischen Bundesamtes data breach โ€“ A hacker group has stolen and is selling sensitive data from Germany's Federal Statistical Office, including contact details and access credentials, raising significant privacy concerns. https://www.golem.de/news/cyberangriff-auf-destatis-hacker-erbeuten-firmendaten-des-statistischen-bundesamtes-2411-190805.html

๐Ÿ’ณ 200,000 SelectBlinds customers have their cards skimmed in malware attack data breach โ€“ SelectBlinds revealed a breach affecting over 206,000 customers due to malware on its checkout page, compromising sensitive information, including credit card details. Users are advised to reset passwords and monitor statements. https://www.bitdefender.com/en-us/blog/hotforsecurity/200-000-selectblinds-customers-card-details-skimmed-malware-attack/

๐Ÿ”‘ These are the passwords you definitely shouldnโ€™t be using security news โ€“ NordPass released its annual list of the most common passwords, revealing a lack of creativity with '123456' topping the chart. Users are urged to create more secure passwords or consider using passkeys. https://www.theverge.com/2024/11/13/24295543/most-common-passwords-list-2024

๐Ÿ•ต๏ธโ€โ™€๏ธ The WIRED Guide to Protecting Yourself From Government Surveillance privacy โ€“ With the potential expansion of government surveillance under a new administration, experts recommend various privacy protections, including encrypted communications, device encryption, and careful management of location and financial data. https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/

๐Ÿšจ Criminals Exploiting FBI Emergency Data Requests cybercrime โ€“ Cybercriminals have exploited compromised police accounts to impersonate law enforcement and request user data, resulting in unauthorized access to sensitive information from companies. This highlights vulnerabilities in lawful-access mechanisms. https://www.schneier.com/blog/archives/2024/11/criminals-exploiting-fbi-emergency-data-requests.html

๐Ÿ“ƒ 'FYI. A Warrant Isnโ€™t Needed': Secret Service Says You Agreed To Be Tracked With Location Data privacy โ€“ Internal emails reveal the Secret Service's debate on needing warrants for location data from apps, claiming users consented through terms of service, despite concerns over illegal usage of the data. https://www.404media.co/fyi-a-warrant-isnt-needed-secret-service-says-you-agreed-to-be-tracked-with-location-data/

๐Ÿ”“ Delta, Amazon confirm vendor breach as dark web posts revive MOVEit leak concerns data breach โ€“ Delta and Amazon confirmed that employee data was stolen from a vendor via a MOVEit vulnerability. The leaked data, including contact information, has reignited concerns about previous breaches tied to the Clop ransomware gang. https://therecord.media/delta-amazon-vendor-breach-confirmed

๐Ÿ‘๏ธ ICE Started Ramping Up Its Surveillance Arsenal Immediately After Donald Trump Won privacy โ€“ Immediately following Trump's election, ICE sought contracts to enhance surveillance technologies for monitoring non-citizens awaiting deportation, anticipating a dramatic increase in those under surveillance from 200,000 to over 5 million. https://www.wired.com/story/ice-surveillance-contracts-isap/

๐Ÿ“ฑ Safer with Google: New intelligent, real-time protections on Android to keep you safe security news โ€“ The article discusses Google's latest advancements in online security features aimed at enhancing user safety through intelligent systems and real-time protection mechanisms. https://security.googleblog.com/2024/11/new-real-time-protections-on-Android.html

๐ŸŽง These Guys Hacked AirPods to Give Their Grandmas Hearing Aids hacking write-up โ€“ Three technologists in India hacked AirPods Pro 2 to enable hearing aid features by creating a Faraday cage to bypass Apple's location restrictions, allowing their grandmothers to use the technology. https://www.wired.com/story/apple-airpods-hearing-aid-hack/

๐Ÿ‘ถ Pregnancy Tracking App โ€˜What to Expectโ€™ Refuses to Fix Issue that Allows Full Account Takeover privacy โ€“ The 'What to Expect' pregnancy tracking app is neglecting serious vulnerabilities, including one enabling full account takeover, which risks exposing users' sensitive reproductive health information amid rising concerns for privacy and safety. https://www.404media.co/pregnancy-tracking-app-what-to-expect-refuses-to-fix-issue-that-allows-full-account-takeover-2/

๐Ÿ’ฌ An Interview With the Target & Home Depot Hacker โ€“ Krebs on Security cybercrime โ€“ Mikhail Shefel, the identity behind the Rescator alias, discusses his role in the Target and Home Depot breaches, his connections to other hackers, and his current financial struggles following legal issues and arrests. https://krebsonsecurity.com/2024/11/an-interview-with-the-target-home-depot-hacker/

๐Ÿค ShrinkLocker Ransomware: What You Need To Know malware โ€“ ShrinkLocker is a new ransomware that uses VBScript and BitLocker to encrypt victims' files, locking them out without providing a password. It changes drive names to an attacker's contact, but Bitdefender offers a free decryption tool. https://www.tripwire.com/state-of-security/shrinklocker-ransomware-what-you-need-know

๐Ÿ“ฌ Scammers resort to physical Swiss post to spread malware cybercrime โ€“ Switzerland's NCSC warns of a new scam where malware is spread through fake letters mimicking official weather alerts. Recipients are tricked into downloading a malicious app containing the Coper trojan, targeting banking information. https://www.theregister.com/2024/11/16/swiss_malware_qr/


Some More, For the Curious

๐Ÿค” Newag admits: Dragon Sector hackers did not modify software in Impuls trains I missed this one a few weeks earlier. security news โ€“ Newag's lawsuit against hackers reveals that while they claim no software modifications were made, they still face questions about intentional software locks in their trains. The truth remains elusive. https://rys.io/en/175.html

๐Ÿฆ  A new fileless variant of Remcos RAT observed in the wild malware โ€“ Fortinet has identified a phishing campaign distributing a new variant of Remcos RAT, using an Excel document to exploit vulnerabilities and stealthily execute malware, granting attackers remote access. https://securityaffairs.com/170791/security/a-new-fileless-variant-of-remcos-rat-phishing.html

๐Ÿ’ป North Korean-linked hackers were caught experimenting with new macOS malware malware โ€“ Researchers found North Korean hackers embedding malware in macOS applications using an open-source SDK, capable of bypassing Apple's security. The malware shows ties to cryptocurrency intrusions but its use remains uncertain. https://cyberscoop.com/north-korea-macos-malware-flutter-jamf/

โš™๏ธ Exploit code released for RCE attack on Citrix VDI solution vulnerability โ€“ Researchers released a PoC exploit for a vulnerability in Citrix's Virtual Apps and Desktops, allowing remote code execution via HTTP requests. Citrix disputes the claim of unauthenticated access, urging users to apply hotfixes. https://www.theregister.com/2024/11/12/http_citrix_vuln/

๐Ÿ”ง Zero Day Initiative โ€” The November 2024 Security Update Review security news โ€“ Adobe and Microsoft released significant patches in November, addressing numerous vulnerabilities across various products. Key issues include critical RCE flaws in Windows and multiple critical updates from Adobe. https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review

๐Ÿฅผ Inside the DemandScience by Pure Incubation Data Breach data breach โ€“ The article discusses the DemandScience data breach, revealing how personal data was aggregated and sold. It highlights public concerns about data privacy, expectations of notification, and the implications of data misuse. https://www.troyhunt.com/inside-the-demandscience-by-pure-incubation-data-breach/

๐ŸŒ A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats security research โ€“ The article analyzes the complex ecosystem of Chinese state-sponsored cyber operations, highlighting the roles of the PLA, MSS, and MPS, along with the involvement of private companies and patriotic hackers in cyber offensives. https://blog.sekoia.io/a-three-beats-waltz-the-ecosystem-behind-chinese-state-sponsored-cyber-threats/

๐Ÿ”— China's Volt Typhoon botnet has re security research โ€“ The Volt Typhoon botnet has resurfaced, using the same infrastructure and techniques to target critical infrastructure in the U.S. and Guam. Despite previous disruptions, it remains a significant threat, exploiting outdated devices. https://securityaffairs.com/170872/apt/volt-typhoon-botnet-has-re-emerged.html

๐Ÿ“‰ NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely security news โ€“ NIST announced it has cleared a backlog of unanalyzed exploited vulnerabilities with support from CISA and the private sector. However, it will not meet its goal of clearing all vulnerabilities by year-end due to data processing challenges. https://therecord.media/nist-vulnerability-backlog-cleared-cisa

๐Ÿ’ฐ Crimeware and financial predictions for 2025 security news โ€“ Kaspersky's report predicts an increase in AI-powered cyberattacks, supply chain attacks, and financial threats targeting central banks and smartphones in 2025, highlighting evolving tactics in the crimeware landscape. https://securelist.com/ksb-financial-and-crimeware-predictions-2025/114565/

๐Ÿ”‘ Good Essay on the History of Bad Password Policies security research โ€“ Stuart Schechter discusses the history of ineffective password policies, highlighting mistakes made by Morris and Thompson in assuming that their interventions would lead to strong passwords without adequate testing or metrics. https://www.schneier.com/blog/archives/2024/11/good-essay-on-the-history-of-bad-password-policies.html

๐Ÿ” NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents security news โ€“ Court documents reveal NSO Group cut off 10 customers for abusing its Pegasus spyware, which exploited WhatsApp vulnerabilities. The revelations raise concerns about NSO's operations and the use of its tools against individuals, including high-profile targets. https://techcrunch.com/2024/11/15/nso-group-admits-cutting-off-10-customers-because-they-abused-its-pegasus-spyware-say-unsealed-court-documents/

๐Ÿชช Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation cyber defense โ€“ Misconfigurations in Active Directory Certificate Services can lead to serious vulnerabilities, enabling attackers to gain unauthorized access and escalate privileges within a domain. https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-fortifying-active-directory-certificate-services-adcs-against-exploitation/


CISA Corner

๐Ÿ”’ 2023 Top Routinely Exploited Vulnerabilities security news โ€“ A joint advisory from cybersecurity agencies highlights an increase in zero-day vulnerabilities exploited in 2023, urging software developers and end-users to implement secure practices and timely patching to mitigate risks. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

โš ๏ธ CISA Adds Five Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has included five new vulnerabilities in Atlassian Jira, Cisco ASA, Metabase GeoJSON and Microsoft Windows to its Known Exploited Vulnerabilities Catalog, emphasizing their active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-adds-five-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has included two new vulnerabilities in its Known Exploited Vulnerabilities Catalog: CVE-2024-9463 and CVE-2024-9465, both related to Palo Alto Networks Expedition, highlighting significant risks to federal networks. https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-adds-two-known-exploited-vulnerabilities-catalog

๐Ÿญ CISA Releases Nineteen Industrial Control Systems Advisories vulnerability โ€“ CISA has published nineteen advisories addressing security vulnerabilities in Industrial Control Systems. Siemens, Rockwell, Hitachi, 2N, Elvaco, Baxter https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-releases-nineteen-industrial-control-systems-advisories ๐Ÿญ CISA Releases Five Industrial Control Systems Advisories vulnerability โ€“ CISA has published five advisories detailing security vulnerabilities and exploits related to various Industrial Control Systems. Subnet, Hitachi, Rockwell, Mitsubishi, Snap One https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-releases-five-industrial-control-systems-advisories

๐Ÿ”’ Fortinet Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/fortinet-releases-security-updates-multiple-products ๐Ÿ›ก๏ธ Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/adobe-releases-security-updates-multiple-products ๐Ÿ” Microsoft Releases November 2024 Security Updates https://www.cisa.gov/news-events/alerts/2024/11/12/microsoft-releases-november-2024-security-updates ๐Ÿ”ง Ivanti Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/ivanti-releases-security-updates-multiple-products ๐Ÿ”’ Citrix Releases Security Updates for NetScaler and Citrix Session Recording https://www.cisa.gov/news-events/alerts/2024/11/12/citrix-releases-security-updates-netscaler-and-citrix-session-recording


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿฆน Inside the Massive Crime Industry Thatโ€™s Hacking Billion-Dollar Companies cybercrime โ€“ A complex hacking ecosystem fueled by infostealer malware is behind major breaches, as hackers exploit stolen credentials from pirated software. https://www.wired.com/story/inside-the-massive-crime-industry-thats-hacking-billion-dollar-companies/

๐Ÿ† Valorant is winning the war against PC gaming cheaters security news โ€“ Riot Games' Vanguard anti-cheat system has significantly reduced cheating in Valorant by employing advanced detection methods. https://www.theverge.com/2024/11/4/24283482/valorant-is-winning-the-war-against-pc-gaming-cheaters

๐ŸŽซ Hacker suspected in massive Ticketmaster, AT&T breaches arrested in Canada cybercrime โ€“ Canadian authorities arrested a man suspected of breaching around 165 companies, including Ticketmaster and AT&T, by exploiting Snowflake's cloud storage with stolen credentials. https://www.theverge.com/2024/11/5/24288654/alleged-snowflake-hacker-arrested-ticketmaster-att-data-breaches

๐Ÿ“‰ Mozilla Foundation lays off 30% staff, drops advocacy division security news โ€“ The Mozilla Foundation has laid off 30% of its staff, eliminating its advocacy and global programs divisions to streamline operations and focus on its mission amidst significant changes in the tech landscape. https://techcrunch.com/2024/11/05/mozilla-foundation-lays-off-30-staff-drops-advocacy-division/

๐Ÿ’ธ South Korean authorities fine Meta $15.6 million for sharing user data with advertisers privacy โ€“ South Korea fined Meta $15.6 million for sharing sensitive data of 980,000 Facebook users with advertisers without consent, violating the Personal Information Protection Act. https://therecord.media/facebook-south-korea-privacy-regulator-fine

๐Ÿ ToxicPanda Android banking trojan targets Europe and LATAM malware โ€“ The ToxicPanda Android banking trojan has infected over 1,500 devices, targeting banks in Europe and Latin America. It employs On-Device Fraud techniques to bypass security measures, indicating a potential shift in attack strategies by Chinese-speaking threat actors. https://securityaffairs.com/170605/malware/toxicpanda-android-malware-targets-italy.html

๐Ÿ‘ฎโ€โ™‚๏ธ Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs cybercrime โ€“ Interpol's Operation Synergia resulted in 41 arrests and the takedown of over 22,000 malicious IP addresses linked to cybercrime, preventing numerous phishing and ransomware attacks worldwide. https://therecord.media/interpol-operation-arrests-takedowns

๐Ÿ•บ Canada ordered ByteDance to shut down TikTok operations in the country over security concerns privacy โ€“ Canada has ordered ByteDance to dissolve TikTok Technology Canada due to security concerns, though Canadians can still access the app. The decision follows a national security review amid ongoing scrutiny of TikTok's data practices. https://securityaffairs.com/170653/security/canada-ordered-bytedance-to-shut-down-tiktok-operations.html

๐Ÿ’ฝ Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices vulnerability โ€“ Synology patched a critical vulnerability (CVE-2024-10443) in DiskStation and BeePhotos NAS devices that allowed remote code execution without user interaction, affecting millions. Users are urged to apply updates immediately. https://securityaffairs.com/170602/hacking/synology-fixed-critical-bug-in-diskstation-and-beephotos-nas.html

๐Ÿฆ  SteelFox Trojan imitates popular products to drop stealer and miner malware security research โ€“ The SteelFox Trojan, disguised as software activators, spreads via torrent and forum posts, stealing sensitive data and mining cryptocurrency. It targets popular applications like AutoCAD and Foxit PDF Editor, employing sophisticated techniques to evade detection. https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/

๐Ÿšซ Major Ukrainian university bans Telegram to reduce cyberthreats security news โ€“ Taras Shevchenko National University of Kyiv has banned Telegram for official communications, citing security concerns over Russian access to user data. The ban follows similar restrictions for state officials, prompting discussions about alternative communication platforms. https://therecord.media/ukraine-university-bans-telegram

๐Ÿงข How early-stage companies can go beyond cybersecurity basics cyber defense โ€“ To combat evolving cyber threats, early-stage companies should adopt a proactive cybersecurity strategy that transcends basic compliance, focusing on risk management, layered security, employee training, and incident response planning. https://cyberscoop.com/cybersecurity-for-startups-early-stage-companies/

๐Ÿงช What Is Penetration Testing? security news โ€“ Penetration testing simulates attacks to identify vulnerabilities within an organization's security systems. By employing various techniques, it helps organizations strengthen defenses, comply with regulations, and improve incident response capabilities. https://www.blackhillsinfosec.com/what-is-penetration-testing/

๐ŸŽฎ Hacker says they banned โ€˜thousandsโ€™ of Call of Duty gamers by abusing anti-cheat flaw security news โ€“ A hacker named Vizor exploited a flaw in Activision's Ricochet anti-cheat system to falsely ban thousands of Call of Duty players by sending messages containing specific strings. https://techcrunch.com/2024/11/07/hacker-says-they-banned-thousands-of-call-of-duty-gamers-by-abusing-anti-cheat-flaw/

๐Ÿš— Zero Day Initiative โ€” Multiple Vulnerabilities in the Mazda In vulnerability โ€“ Multiple vulnerabilities in the Mazda Connect CMU system allow physical attackers to exploit insufficient input sanitization via USB devices, enabling arbitrary code execution with root privileges, posing significant security risks. https://www.thezdi.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system

๐Ÿ”’ A new iOS 18 security feature makes it harder for police to unlock iPhones privacy โ€“ iOS 18 introduces an inactivity timer that reboots iPhones after four days of inactivity, entering a more secure state that complicates police access to locked devices and limits data extraction capabilities. https://www.theverge.com/2024/11/9/24292092/ios-18-security-inactivity-reboot-police-complain-unlocking-iphone-difficult


Some More, For the Curious

๐Ÿฐ Fortinet FortiGate CVE-2024-23113 โ€“ A Super Complex Vulnerability In A Super Secure Appliance In 2024 vulnerability โ€“ A Format String vulnerability in Fortinet's FortiGate SSLVPN devices allows remote code execution. https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/

๐Ÿ”€ A look at the latest post-quantum signature standardization candidates security research โ€“ NIST advances 14 post-quantum signature schemes for cybersecurity, highlighting their need to resist quantum attacks. The migration to these standards poses challenges, particularly regarding performance and data overhead in TLS connections. https://blog.cloudflare.com/another-look-at-pq-signatures

๐ŸŽŸ๏ธ Strengthening Local Admin Security in Windows 11 with Local Administrator Protection security news โ€“ Windows 11's new Local Administrator Protection feature enhances security by providing just-in-time admin privileges, reducing exposure to malware and minimizing risks associated with local admin rights. https://call4cloud.nl/local-administrator-protection-privilege-protection/

๐Ÿฆ˜ Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems security research โ€“ The SANS report highlights rising attacks on ICS/OT systems, primarily through IT network vulnerabilities, with non-ransomware incidents outnumbering ransomware. https://www.darkreading.com/ics-ot-security/attackers-breach-network-provider-ot-ics-network

๐Ÿ’ผ Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale security research โ€“ Cybercriminals are exploiting DocuSign's APIs to send realistic fake invoices using genuine accounts, bypassing traditional phishing defenses. https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/

๐Ÿค– AIs Discovering Vulnerabilities security research โ€“ Research into AI capabilities for discovering software vulnerabilities is advancing, with tools like ZeroPath uncovering critical flaws missed by traditional methods. https://www.schneier.com/blog/archives/2024/11/ais-discovering-vulnerabilities.html

๐Ÿ” Typosquat campaign impersonates 287+ popular npm packages cybercrime โ€“ A new typosquatting campaign targets developers by publishing malicious npm packages that mimic legitimate ones, utilizing Ethereum smart contracts for command-and-control. https://www.theregister.com/2024/11/05/typosquatting_npm_campaign/

๐Ÿ’ฐ Schneider Electric reports cyberattack, its third incident in 18 months *security news โ€“ Schneider Electric confirmed a cyberattack involving unauthorized access to its project tracking platform, with the HellCat ransomware group demanding a $150,000 ransom in baguettes after claiming to steal over 40GB of data.* https://cyberscoop.com/schneider-electric-energy-ransomware-hellcat/

๐Ÿ” Abusing Intune Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments security research โ€“ Mandiant's Red Team demonstrated how attackers can exploit Intune permissions to achieve lateral movement and privilege escalation within Microsoft Entra ID. https://cloud.google.com/blog/topics/threat-intelligence/abusing-intune-permissions-entra-id-environments/

๐Ÿ’ฏ Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw vulnerability โ€“ Cisco has issued a critical alert for CVE-2024-20418, a vulnerability in its Ultra-Reliable Wireless Backhaul systems that allows remote attackers to gain admin access via crafted HTTP requests, necessitating immediate patching. https://www.theregister.com/2024/11/07/cisco_uiws_flaw/

๐Ÿค– AI Industry is Trying to Subvert the Definition of โ€œOpen Source AIโ€ security news โ€“ The Open Source Initiative's new definition of 'open source AI' has sparked controversy for permitting secretive practices in training data, raising concerns about true transparency in AI development. Critics argue for a clear distinction between 'open source' and 'open weights' models. https://www.schneier.com/blog/archives/2024/11/ai-industry-is-trying-to-subvert-the-definition-of-open-source-ai.html

๐Ÿš” FBI says hackers are sending fraudulent police data requests to tech giants to steal people's private information security news โ€“ The FBI warns that hackers are exploiting compromised government email addresses to submit fraudulent emergency data requests, enabling them to steal private user information from tech companies like Apple and Meta. https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/

๐Ÿœ๏ธ Palo Alto Networks warns of potential RCE in PAN vulnerability โ€“ Palo Alto Networks alerts customers to a potential remote code execution vulnerability in PAN-OS management interface, urging them to restrict access and follow security best practices to mitigate risks. https://securityaffairs.com/170697/security/palo-alto-networks-warns-potential-pan-os-rce.html

๐Ÿ“‡ Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks security research โ€“ This guide emphasizes the importance of limiting high-privilege accounts and monitoring for unusual replication requests to defend against DCSync attacks on Active Directory. https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-securing-active-directory-against-dcsync-attacks/

๐Ÿค– With 2FA Enabled: NPM Package lottie-player Taken Over by Attackers security research โ€“ Attackers exploited a leaked automation token to inject malicious code into popular NPM package versions, highlighting vulnerabilities in software supply chains and 2FA limitations. https://checkmarx.com/blog/with-2fa-enabled-npm-package-lottie-player-taken-over-by-attackers/


CISA Corner

โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added two vulnerabilities affecting PTZOptics cameras to its Known Exploited Vulnerabilities Catalog, highlighting the risks of OS command injection and authentication bypass to federal networks. https://www.cisa.gov/news-events/alerts/2024/11/04/cisa-adds-two-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Four Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, including privilege escalation and authentication flaws, highlighting significant risks for federal agencies that must address these vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/11/07/cisa-adds-four-known-exploited-vulnerabilities-catalog

โš™๏ธ CISA Releases Three Industrial Control Systems Advisories vulnerability โ€“ CISA issued three advisories on November 7, 2024, addressing security vulnerabilities in Beckhoff Automation, Delta Electronics, and Bosch Rexroth ICS products, urging users to review for technical details and mitigations. https://www.cisa.gov/news-events/alerts/2024/11/07/cisa-releases-three-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐ŸŽญ Massive hack-for-hire scandal rocks Italian political elites cybercrime โ€“ A hack-for-hire scheme exposed sensitive data of top Italian politicians, raising serious concerns about democracy and privacy. Investigations have led to arrests and calls for stronger security measures. https://www.politico.eu/article/hacking-scandal-italy-matteo-renzi-sergio-mattarella-equalize-nunzio-samuele-calamucci/

๐Ÿ’ป Black Basta affiliates used Microsoft Teams in recent attacks security research โ€“ Black Basta ransomware affiliates are now using Microsoft Teams to impersonate IT support, tricking employees into granting access and spreading malware through malicious QR codes. https://securityaffairs.com/170311/cyber-crime/black-basta-ransomware-microsoft-teams.html

๐Ÿ”“ Free, Franceโ€™s second-largest telecoms company, confirms being hit by cyberattack data breach โ€“ Free confirmed a cyberattack that compromised personal data of subscribers, with over 19 million potentially affected. The company has reported the breach and is enhancing security measures. https://therecord.media/france-telecom-free-cyberattack

๐Ÿค– Hospitals adopt error-prone AI transcription tools despite warnings security news โ€“ OpenAI's Whisper tool is generating fabricated medical transcripts, raising serious concerns for patient care. Despite warnings, many healthcare providers are using it, risking accuracy in critical situations. https://arstechnica.com/ai/2024/10/hospitals-adopt-error-prone-ai-transcription-tools-despite-warnings/

๐Ÿ“š Die digitale Bildung unter der Lupe: Eine Analyse von Schul- und Lern-Apps privacy โ€“ The article examines school and learning apps, focusing on their effectiveness and privacy implications. It emphasizes the need for scrutiny in digital education tools to protect user data. https://www.kuketz-blog.de/die-digitale-bildung-unter-der-lupe-eine-analyse-von-schul-und-lern-apps/

๐Ÿƒโ€โ™‚๏ธ Macron's bodyguards show his location by sharing Strava data privacy โ€“ An investigation revealed that President Macron's bodyguards inadvertently shared their locations on Strava, exposing sensitive information about his whereabouts and security arrangements. https://www.theregister.com/2024/10/29/macron_location_strava/

๐Ÿก QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024 vulnerability โ€“ QNAP patched a critical zero-day vulnerability (CVE-2024-50388) exploited at Pwn2Own Ireland 2024, allowing remote code execution on TS-464 NAS devices. The flaw was quickly addressed following the demonstration. https://securityaffairs.com/170386/uncategorized/qnap-fixed-zero-day-cve-2024-50388-pwn2own-ireland-2024.html

๐Ÿฆ  Malware campaign expands its use of fake CAPTCHAs malware โ€“ A new malware campaign utilizes fake CAPTCHAs to deliver Lumma and Amadey malware, targeting users on various websites. Clicking the CAPTCHA triggers malicious code, leading to data theft and browser credential extraction. https://therecord.media/fake-captcha-malware-campaign-lumma-amadey

๐Ÿคฌ Google CEO says over 25% of new Google code is generated by AI security news โ€“ Google's CEO announced that AI now generates over 25% of new code at the company, aiding developers' productivity. While AI tools are popular, concerns about bugs and security remain. Comment: I can't express how scary this sounds to me. https://arstechnica.com/ai/2024/10/google-ceo-says-over-25-of-new-google-code-is-generated-by-ai/

๐ŸŽข Windows Themes 0-day opens door to NTLM credential theft vulnerability โ€“ A zero-day vulnerability in Windows Themes allows attackers to steal NTLM credentials by tricking users into handling malicious theme files. A free micropatch from Acros Security is available while awaiting a Microsoft fix. https://www.theregister.com/2024/10/30/zeroday_windows_themes/

๐Ÿ“ž New version of Android malware FakeCall redirects bank calls to scammers cybercrime โ€“ The updated FakeCall malware for Android redirects bank calls to scammers, stealing sensitive information and funds. It mimics the Android dialer, tricking users into granting it default call handler permissions. https://securityaffairs.com/170410/malware/fakecall-malware-intercepts-outgoing-bank-calls.html

๐Ÿ›’ Satori Threat Intelligence Alert: Phish โ€™nโ€™ Ships Fakes Online Shops to Steal Money and Credit Card Information cybercrime โ€“ Satori uncovered a fraud operation, Phish โ€™nโ€™ Ships, exploiting fake online shops to steal credit card information. The scheme, which has affected hundreds of thousands of consumers, uses infected websites to redirect users to counterfeit stores, resulting in significant financial losses. https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-phish-n-ships-fakes-online-shops-to-steal-money-and-credit-card-information

๐ŸŽฃ Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files security research โ€“ Midnight Blizzard, a Russian threat actor, is executing a spear-phishing campaign targeting government and academic sectors using signed RDP files to redirect victims to actor-controlled servers for intelligence collection. https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/

๐Ÿฝ๏ธ Fired Disney worker accused of hacking into restaurant menus, replacing them with Windings and false peanut allergy information security news โ€“ A former Disney employee allegedly hacked the restaurant menu system, changing fonts to Wingdings and removing allergy info, risking safety. He faces multiple charges, including a denial-of-service attack on Disney staff. https://www.bitdefender.com/en-us/blog/hotforsecurity/fired-disney-worker-hacking-restaurant-menus-replacing-false-peanut-allergy/

๐Ÿ›Ž๏ธ Booking.com Phishers May Leave You With Reservations cybercrime โ€“ A spear-phishing campaign targeting Booking.com users exploits stolen credentials from hotel partners, allowing scammers to send fraudulent messages. Booking.com is enhancing security measures, including mandatory 2FA, but threats persist as cybercriminals adapt. https://krebsonsecurity.com/2024/11/booking-com-phishers-may-leave-you-with-reservations/


Some More, For the Curious

๐Ÿ‘ฎโ€โ™€๏ธ Law Enforcement Deanonymizes Tor Users security news โ€“ German police have managed to deanonymize several Tor users by monitoring known relays and applying timing analysis, raising concerns about the effectiveness of Tor's anonymity. https://www.schneier.com/blog/archives/2024/10/law-enforcement-deanonymizes-tor-users.html

๐Ÿ” Five Eyes tell tech startups to take infosec seriously cyber defense โ€“ The Five Eyes nations have issued security principles for tech startups to combat threats like IP theft. They emphasize understanding risks, securing products, and managing partnerships as essential practices. https://www.theregister.com/2024/10/29/five_eyes_secure_innovation_campaign/

๐Ÿฆ  Fog and Akira ransomware attacks exploit SonicWall VPN flaw warning โ€“ Fog and Akira ransomware groups are exploiting a critical SonicWall VPN vulnerability (CVE-2024-40766) to breach corporate networks, emphasizing the need for urgent patching to mitigate risks. https://securityaffairs.com/170359/cyber-crime/fog-akira-ransomware-sonicwall-vpn-flaw.html

๐Ÿ” How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware cybercrime โ€“ U.S. prosecutors charged Maxim Rudometov for developing Redline malware, tracing him through opsec mistakes like using identifiable email and social accounts, leading to his arrest in Operation Magnus. https://techcrunch.com/2024/10/29/how-a-series-of-opsec-failures-led-us-authorities-to-the-alleged-developer-of-the-redline-password-stealing-malware/

๐ŸŽ›๏ธ Writing a BugSleep C2 server and detecting its traffic with Snort security research โ€“ Researchers analyzed the BugSleep RAT, detailing its C2 protocol and methods for traffic detection using Snort. They implemented rules to identify and block its communications effectively. https://blog.talosintelligence.com/writing-a-bugsleep-c2-server/

๐Ÿ‘บ Hereโ€™s the paper no one read before declaring the demise of modern cryptography security news โ€“ Amidst alarmist claims about quantum computing threatening encryption, experts clarify that recent research does not break RSA or AES. Instead, it finds known vulnerabilities using quantum methods without significant advancements. https://arstechnica.com/information-technology/2024/10/the-sad-bizarre-tale-of-hype-fueling-fears-that-modern-cryptography-is-dead/

๐Ÿ”‘ Hackers find 15,000 credentials by scanning for git configuration data breach โ€“ Sysdig discovered over 15,000 stolen cloud service credentials in an open AWS bucket, collected by the EMERALDWHALE operation targeting exposed git configurations for spam and phishing campaigns. https://cyberscoop.com/sysdig-git-credentials-cloud-service-emeraldwhale/

๐Ÿ”“ Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns security news โ€“ Chinese hackers have compromised 20 Canadian government networks in four years, targeting critical infrastructure and innovation sectors. The threat includes espionage, IP theft, and influence operations, as noted by Canadaโ€™s cyber agency. https://therecord.media/canada-20-government-agencies-hacked-china-last-four-years

โŽ Colorado scrambles to change voting-system passwords after accidental leak data breach โ€“ The Colorado Department of State is urgently updating passwords after accidentally posting a spreadsheet with partial voting system passwords online. Officials assert there is no immediate security threat, but the GOP criticizes the handling of the incident. https://arstechnica.com/tech-policy/2024/10/colorado-scrambles-to-change-voting-system-passwords-after-accidental-leak/

๐Ÿฑ Hack Nintendo's Alarmo to run code (cat pics)? Let's-a go! hacking write-up โ€“ Hacker GaryOderNichts exploited a vulnerability in Nintendo's Alarmo clock to run custom code, including displaying cat pictures. The hack utilized findings from researcher Naomi Smith and involved accessing the device's firmware. https://www.theregister.com/2024/11/01/hack_nintendos_alarmo/

๐Ÿ”“ Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack vulnerability โ€“ A critical zero-click vulnerability in Synology's default photo app allows attackers to steal data from millions of NAS devices without user interaction. Researchers warn this could lead to ransomware attacks and unauthorized access. https://www.wired.com/story/synology-zero-click-vulnerability/

๐Ÿ”‘ An Okta login bug bypassed checking passwords on some long usernames vulnerability โ€“ A vulnerability in Okta allowed logins without password checks for usernames over 52 characters for three months. The issue has been fixed by switching the cryptographic algorithm used for cache keys. https://www.theverge.com/2024/11/1/24285874/okta-52-character-login-password-authentication-bypass

๐Ÿšฟ Chinese threat actors use Quad7 botnet in password-spray attacks cybercrime โ€“ Microsoft warns that Chinese threat actors are using the Quad7 botnet to conduct password-spray attacks, targeting SOHO devices and VPNs to steal credentials. The botnet exploits vulnerabilities in various routers to relay brute-force attacks. https://securityaffairs.com/170503/malware/quad7-botnet-used-by-chinese-threat-actors.html

๐Ÿงฐ BOFHound: AD CS Integration cyber defense โ€“ The BOFHound tool now supports parsing Active Directory Certificate Services (AD CS) objects for better attack path mapping in BloodHound. It allows for manual LDAP queries and enhances visibility into AD environments while maintaining stealth. https://posts.specterops.io/bofhound-ad-cs-integration-91b706bc7958

๐Ÿ”ง A Deeper Look at FortiJump (FortiManager CVE-2024-47575) vulnerability โ€“ CVE-2024-47575, known as FortiJump, is a critical vulnerability in FortiManager that allowed unauthorized access to devices due to missing authentication. Although the flaw has been patched, researchers warn about the potential for command injection exploits. https://bishopfox.com/blog/a-look-at-fortijump-cve-2024-47575


CISA Corner

๐Ÿ”’ Apple Releases Security Updates for Multiple Products security news โ€“ Apple has released critical security updates for various products to address vulnerabilities and enhance user protection. Users are encouraged to apply these updates promptly. https://www.cisa.gov/news-events/alerts/2024/10/29/apple-releases-security-updates-multiple-products ๐Ÿ“ง Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments cybercrime โ€“ CISA reports a large-scale spear-phishing campaign targeting government and IT sectors using malicious RDP files. Organizations are urged to implement security measures like restricting RDP connections and enabling multi-factor authentication. https://www.cisa.gov/news-events/alerts/2024/10/31/foreign-threat-actor-conducting-large-scale-spear-phishing-campaign-rdp-attachments

โš ๏ธ Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation vulnerability โ€“ Fortinet has revised its advisory for the critical FortiManager vulnerability (CVE-2024-47575), adding new workarounds and indicators of compromise. CISA urges users to apply updates and monitor for malicious activity. https://www.cisa.gov/news-events/alerts/2024/10/30/fortinet-updates-guidance-and-indicators-compromise-following-fortimanager-vulnerability

โš™๏ธ CISA Releases Three Industrial Control Systems Advisories warning โ€“ CISA has issued three advisories addressing vulnerabilities in Siemens, Solar-Log, and Delta Electronics ICS devices, urging users to review them for security updates and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/29/cisa-releases-three-industrial-control-systems-advisories โš™๏ธ CISA Releases Four Industrial Control Systems Advisories warning โ€“ CISA has issued four advisories addressing vulnerabilities in Rockwell Automation and Mitsubishi Electric ICS products, urging users to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/31/cisa-releases-four-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

โณ Sicherheit: Worauf du beim Kauf eines neuen Android-Smartphones achten solltest security news โ€“ Many Android manufacturers fail to provide timely security updates, often delaying patches for years, leaving users vulnerable to threats and privacy issues. https://www.kuketz-blog.de/sicherheit-worauf-du-beim-kauf-eines-neuen-android-smartphones-achten-solltest/

๐Ÿ”Ž Watch: Inside the FBIโ€™s Secret Phone Company security research โ€“ The FBI secretly operated Anom, a secure app used by criminals, revealing how law enforcement exploited its popularity to monitor organized crime without users' knowledge. https://www.404media.co/watch-inside-the-fbis-secret-phone-company/

๐Ÿงจ Internet Archive was breached twice in a month security news โ€“ The Internet Archive faced two breaches within a month, exposing 31 million user records due to mishandled authentication tokens, raising serious concerns about their security practices. https://securityaffairs.com/170068/data-breach/internet-archive-second-data-breach.html

๐Ÿ”’ HM Surf macOS vuln potentially exploited by Adloader malware vulnerability โ€“ A macOS vulnerability (CVE-2024-44133) may allow malware like Adloader to exploit user privacy by accessing cameras and microphones. Apple users are urged to update their systems immediately. https://www.theregister.com/2024/10/21/microsoft_macos_hm_surf/

๐Ÿšง ICE's $2 Million Contract With a Spyware Vendor Is Under White House Review privacy โ€“ ICE's $2 million contract with Paragon Solutions for spyware is under review for compliance with Biden's executive order on spyware, raising concerns about privacy and civil liberties. https://www.wired.com/story/ice-paragon-contract-white-house-review/

๐Ÿ‘ค Meta brings back face scanning to combat scams and account hacking privacy โ€“ Meta reintroduces facial recognition on Facebook and Instagram to help users recover hacked accounts and fight scam ads impersonating celebrities, following privacy concerns that led to its earlier removal. https://www.theverge.com/2024/10/22/24276593/meta-facebook-instagram-facial-recognition-tools-test-celeb-bait

๐Ÿšจ Samsung zero-day flaw actively exploited in the wild vulnerability โ€“ A Samsung zero-day vulnerability (CVE-2024-44068) is being actively exploited, allowing privilege escalation on vulnerable Android devices. Security updates were released in October 2024 to address the issue. https://securityaffairs.com/170119/security/samsung-zero-day-activey-exploited.html

๐Ÿ˜‰ Google Online Security Blog: 5 new protections on Google Messages to help keep you safe security news โ€“ Google introduces five new security features in Google Messages aimed at enhancing user safety, including spam protection and improved verification for messages, to combat scams and protect privacy. https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html

๐Ÿ“ฑ WhatsApp is making a massive change to the way it saves your contacts security news โ€“ WhatsApp introduces a built-in contact manager that allows users to save contacts within the app, independent of their smartphoneโ€™s address book, enhancing privacy and ease of use. https://www.theverge.com/2024/10/22/24276714/whatsapp-built-in-contacts-address-book

๐Ÿšซ Googles Manifest V3: Ein Schlag fรผr Werbeblocker und Nutzerrechte privacy โ€“ Google's Manifest V3 introduces changes that undermine ad blockers and user rights, raising concerns about online privacy and control over web experiences. https://www.kuketz-blog.de/googles-manifest-v3-ein-schlag-fuer-werbeblocker-und-nutzerrechte/

๐Ÿ“ The Global Surveillance Free-for-All in Mobile Ad Data privacy โ€“ A lawsuit highlights how mobile ad data enables tracking of individuals, including law enforcement officers, through services like Babel Street, raising significant privacy concerns amidst a growing data broker industry. https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/

๐Ÿฆบ Ransomware gang stoops to new low, targets prominent nonprofit for disabled people cybercrime โ€“ The Rhysida ransomware group has targeted Easterseals, a nonprofit for disabled individuals, demanding $1.3 million after accessing personal data of nearly 15,000 people in a cyberattack. https://therecord.media/easterseals-central-illinois-data-breach

๐Ÿ’ฃ The EU Throws a Hand Grenade on Software Liability security news โ€“ The EU is introducing strict software liability laws to hold software makers accountable for defects, contrasting with the US approach, which is lagging due to lobbying and lack of political will. https://news.risky.biz/the-eu-throws-a-hand-grenade-on-software-liability/

๐Ÿ’ธ LinkedIn hit with $335 million fine for using member data for ad targeting without consent privacy โ€“ Ireland's Data Protection Commission fined LinkedIn โ‚ฌ310 million for violating GDPR by using member data for ads without consent, marking one of the largest fines against a tech company for data misuse. https://therecord.media/linkedin-hit-with-335-million-fine-gdpr-ireland

๐Ÿ•ต๏ธโ€โ™‚๏ธ HYPR is latest firm to reveal hiring of fraudulent IT worker overseas cybercrime โ€“ HYPR exposed an incident involving a fraudulent IT worker from a contracting agency, highlighting the need for enhanced vetting processes to prevent hiring scams amid rising concerns of fake remote employees. https://cyberscoop.com/hypr-hired-fraudulent-tech-worker-overseas/

๐Ÿฅฝ How the ransomware attack at Change Healthcare went down: A timeline cybercrime โ€“ A ransomware attack on Change Healthcare in February 2024 led to a massive data breach affecting over 100 million people, revealing vulnerabilities in cybersecurity and prompting extensive investigations. https://techcrunch.com/2024/10/24/how-the-ransomware-attack-at-change-healthcare-went-down-a-timeline/

๐Ÿ”ง It Is Now Legal to Hack McFlurry Machines (and Medical Devices) to Fix Them security news โ€“ A new federal rule allows the circumvention of digital locks on McFlurry machines and medical devices for repair purposes, highlighting ongoing issues with manufacturer control over equipment and the need for further repair legislation. https://www.404media.co/it-is-now-legal-to-hack-mcflurry-machines-and-medical-devices-to-fix-them/

๐Ÿค” Prominent crypto critic says someone offered bribes to take down a blog post security news โ€“ Molly White, a crypto critic, reported being offered bribes to remove a post about a fraud case involving Roman Ziemian. After declining the bribe, she received a dubious DMCA takedown request from someone claiming to be a lawyer. https://techcrunch.com/2024/10/25/prominent-crypto-critic-says-someone-offered-bribes-to-take-down-a-blog-post/


Some More, For the Curious

๐Ÿ›ก๏ธ Update #1 Kritische Zero-Day Schwachstelle in FortiManager wird aktiv ausgenutzt โ€“ Update verfรผgbar warning โ€“ The article discusses CERT.at, Austria's Computer Emergency Response Team, focusing on its role in cybersecurity, incident response, and providing guidance to organizations on protecting against cyber threats. https://www.cert.at/de/warnungen/2024/10/kritische-zero-day-schwachstelle-in-fortimanager-wird-aktiv-ausgenutzt-update-verfugbar

๐Ÿ’ธ Stealers on the rise: Kral, AMOS, Vidar and ACR security research โ€“ Information stealers are proliferating, targeting credentials and cryptocurrency data, with methods ranging from malicious downloads to deceptive phishing tactics. Cybercriminals profit from these attacks, threatening privacy. https://securelist.com/kral-amos-vidar-acr-stealers/114237/

๐Ÿ‘ป Sneaky Ghostpulse malware loader hides inside PNG pixels security research โ€“ The Ghostpulse malware now extracts its payload from PNG image pixels, making detection harder. This evolution showcases increasing sophistication in cybercriminal tactics to evade security measures. https://www.theregister.com/2024/10/22/ghostpulse_malware_loader_png/

๐Ÿ›ก๏ธ Justice Department rule aims to curb the sale of Americansโ€™ personal data overseas privacy โ€“ The Justice Department proposed regulations to restrict the sale of Americans' personal data to adversarial countries, enhancing privacy protections while imposing compliance requirements on companies. https://cyberscoop.com/justice-department-data-broker-regulation-china-russia-iran/

๐Ÿ™‚โ€โ†”๏ธ No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer security research โ€“ Recent claims that China's quantum computer has cracked military-grade encryption are exaggerated. Experts affirm that modern cryptography remains secure for the foreseeable future. https://www.schneier.com/blog/archives/2024/10/no-the-chinese-have-not-broken-modern-encryption-systems-with-a-quantum-computer.html

๐Ÿ› ๏ธ VMware fixes critical RCE, make-me-root bugs in vCenter โ€“ for the second time vulnerability โ€“ VMware has issued a second patch for critical vulnerabilities in vCenter Server that could allow remote code execution and privilege escalation, urging all users to update immediately. https://www.theregister.com/2024/10/22/vmware_rce_vcenter_bugs/

๐Ÿช Threat Spotlight: WarmCookie/BadSpace malware โ€“ WarmCookie, a malware family active since April 2024, is used for initial access and persistence, enabling further malware deployment like CSharp-Streamer-RAT. Its distribution involves malspam and malvertising tactics. https://blog.talosintelligence.com/warmcookie-analysis/

๐Ÿ˜ˆ Lazarus APT steals cryptocurrency and user data via a decoy MOBA game security news โ€“ Lazarus APT uses a fake MOBA game to exploit a Google Chrome zero-day vulnerability, gaining access to victims' PCs. The group targets cryptocurrency and evolves its tactics with sophisticated social engineering. https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/

๐Ÿ‘‹ Meet ZachXBT, the Masked Vigilante Tracking Down Billions in Crypto Scams and Thefts security news โ€“ ZachXBT, an anonymous crypto investigator, has traced billions in stolen funds, including a recent $243 million Bitcoin theft, leading to arrests of the alleged hackers and advocating for justice for victims. https://www.wired.com/story/meet-zachxbt-243-million-crypto-theft/

๐ŸŒ Removal of Russian coders spurs debate about Linux kernelโ€™s politics security news โ€“ The Linux kernel's maintainer removed Russian developers from the MAINTAINERS file due to compliance with US sanctions, sparking debate over the intersection of open source and international politics. https://arstechnica.com/information-technology/2024/10/russian-coders-removed-from-linux-maintainers-list-due-to-sanction-concerns/


CISA Corner

โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2024-9537, a ScienceLogic SL1 vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting the need for federal agencies to address active threats promptly. https://www.cisa.gov/news-events/alerts/2024/10/21/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2024-38094, a Microsoft SharePoint deserialization vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting its risks to federal networks and the need for remediation. https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2024-47575, a missing authentication vulnerability in Fortinet FortiManager, to its Known Exploited Vulnerabilities Catalog, urging users to apply patches to mitigate risks. https://www.cisa.gov/news-events/alerts/2024/10/23/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has included CVE-2024-20481 (Cisco ASA and FTD DoS vulnerability) and CVE-2024-37383 (RoundCube Webmail XSS vulnerability) in its Known Exploited Vulnerabilities Catalog due to active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-adds-two-known-exploited-vulnerabilities-catalog

โš™๏ธ ICONICS and Mitsubishi Electric Products vulnerability โ€“ A vulnerability (CVE-2024-7587) in ICONICS and Mitsubishi Electric products allows for potential data disclosure and tampering due to incorrect default permissions. Users are urged to update to mitigate risks. https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01 โš™๏ธ CISA Releases Four Industrial Control Systems Advisories vulnerability โ€“ CISA issued four ICS advisories addressing security vulnerabilities in various systems, VIMESA VHF/FM, iniNet Spider Control, Deep Sea Electronics, OMNET Proteus https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-releases-four-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿค– Chatbot Traps: How to Avoid Job Scams cybercrime โ€“ Job seekers are at risk from AI-driven scams that produce convincing fake job offers and impersonate real companies. Stay alert and cautious when engaging with online recruiters. https://connect.geant.org/2024/10/14/chatbot-traps-how-to-avoid-job-scams

๐Ÿ“ฆ WordPress Jetpack plugin critical flaw impacts 27 million sites vulnerability โ€“ A critical flaw in the Jetpack plugin allowed logged-in users to access others' form submissions. An update has been issued, but caution is advised. https://securityaffairs.com/169848/uncategorized/wordpress-jetpack-plugin-critical-flaw.html

๐ŸฆŸ Hackers reportedly impersonate cyber firm ESET to target organizations in Israel cybercrime โ€“ Hackers impersonating ESET have targeted Israeli organizations with phishing emails containing wiper malware. ESET denies any compromise of its systems and is investigating the incident. https://therecord.media/hackers-impersonate-eset-wiper-malware

๐Ÿจ New Telekopye Scam Toolkit Targeting Booking.com and Airbnb Users cybercrime โ€“ ESET Research uncovers the Telekopye scam network, exploiting compromised accounts on Booking.com and Airbnb to create phishing pages that steal personal and payment information from travelers. https://hackread.com/telekopye-scam-toolkit-hit-booking-com-airbnb-users/

๐Ÿ—ƒ๏ธ Cyberangriff auf Internet Archive offenbar von russischen Hackern durchgefรผhrt security news โ€“ Die russische Hackergruppe SN_BLACKMETA gestand, das Internet Archive durch DDoS-Angriffe angegriffen zu haben, um auf die Situation in Gaza aufmerksam zu machen. https://www.heise.de/news/Cyberangriff-auf-Internet-Archive-offenbar-von-russischen-Hackern-durchgefuehrt-9983833.html

๐Ÿ˜ค The biggest data breaches in 2024: 1 billion stolen records and rising security news โ€“ 2024 has seen over 1 billion records stolen in significant data breaches affecting multiple companies. https://techcrunch.com/2024/10/14/2024-in-data-breaches-1-billion-stolen-records-and-rising/

๐ŸŽฎ Pokemon dev Game Freak discloses data breach data breach โ€“ Game Freak confirmed a cyberattack in August resulted in leaked source code and designs for unpublished Pokรฉmon games, affecting the personal data of 2,606 individuals. https://securityaffairs.com/169817/data-breach/game-freak-data-breach.html

๐Ÿ‘ฎ This AI Tool Helped Convict People of Murder. Then Someone Took a Closer Look security news โ€“ WIRED's investigation reveals that Global Intelligence's Cybercheck tool, used in criminal cases, often produces unverified and inaccurate geolocation data, raising concerns about its reliability in court. https://www.wired.com/story/cybercheck-crime-reports-prosecutions/

๐Ÿ”‘ Password manager makers want to let you securely transfer passkeys security news โ€“ The FIDO Alliance has introduced draft specifications for securely transferring passkeys between password managers, addressing a significant gap in credential management. https://www.theverge.com/2024/10/15/24270875/password-manager-makers-transfer-passkeys-fido-alliance

๐Ÿš” Sweden, Finland partner to take down Sipulitie criminal marketplace cybercrime โ€“ Swedish and Finnish law enforcement shut down the Sipulitie marketplace, a Tor-based site for selling narcotics, seizing its servers and disrupting criminal activities in Scandinavia. https://therecord.media/sweden-filand-take-down-sipulitie-criminal-marketplace

๐Ÿฅ Nearly 400 US healthcare institutions hit with ransomware over last year, Microsoft says security news โ€“ Microsoft's report reveals that 389 U.S. healthcare institutions faced ransomware attacks in the past year, with increased coordination among nation-states and cybercriminals. Social engineering remains a prevalent access method. https://therecord.media/ransomware-healthcare-microsoft-last-year

๐Ÿ“ฑ From QR to compromise: The growing โ€œquishingโ€ threat security news โ€“ Sophos reports on the rise of 'quishing' attacks, where QR codes in PDF attachments are used to phish corporate credentials, highlighting vulnerabilities in mobile security. https://news.sophos.com/en-us/2024/10/16/quishing/

๐Ÿ“ Hereโ€™s how attackers are getting around phishing defenses security news โ€“ Hackers are bypassing phishing defenses by manipulating natural language processing (NLP) tools with benign text and links, allowing malicious emails to evade detection, according to Egress research. https://cyberscoop.com/email-natural-language-obfuscation-phishing-egress/

๐Ÿš— Volkswagen checking ransomware data threat from 8Base data breach โ€“ The 8Base ransomware group claims to have stolen confidential Volkswagen files and is threatening to release them, but Volkswagen reports no impact on its IT infrastructure and is monitoring the situation. https://www.theregister.com/2024/10/16/volkswagen_ransomware_data_loss/

โš–๏ธ French government uses biased algorithm to detect welfare fraud, rights groups say privacy โ€“ Amnesty International and 14 organizations have filed a complaint against France's CNAF, alleging its discriminatory algorithm unfairly targets low-income and marginalized welfare recipients for fraud detection. https://therecord.media/french-government-biased-algorithm-welfare

๐Ÿ’ป Casio says 'no prospect of recovery yet' after ransomware attack cybercrime โ€“ Casio reports ongoing issues nearly two weeks after a ransomware attack, with many systems still down and shipping affected. https://techcrunch.com/2024/10/17/casio-says-no-prospect-of-recovery-yet-after-ransomware-attack/

๐Ÿ”“ Brazilian police arrested the hacker who stole everyoneโ€™s SSN cybercrime โ€“ Brazilian police arrested a hacker responsible for a breach exposing 2.9 billion records, including 270 million Social Security numbers. https://www.theverge.com/2024/10/17/24272271/brazilian-police-usdod-hacker-arrest-national-public-data

๐Ÿ›ก๏ธ Google Chromeโ€™s uBlock Origin Purge Has Begun privacy โ€“ Google is implementing new Chrome extension standards that will disable the legacy version of uBlock Origin, pushing users to switch to uBlock Origin Lite, which offers reduced ad-blocking capabilities. https://www.wired.com/story/google-chrome-ublock-origin-extension/

๐Ÿงฌ 23andMe faces an uncertain future โ€” so does your genetic data security news โ€“ Following a data breach and financial struggles, 23andMe's future is uncertain, raising concerns about the privacy of its 15 million customers' genetic data. https://techcrunch.com/2024/10/19/23andme-faces-an-uncertain-future-so-does-your-genetic-data/


Some More, For the Curious

๐Ÿ” DORA-Kernkonzepte verstehen: Fokus auf โ€œKritische oder wichtige Funktionenโ€ security news โ€“ DORA legt einen umfassenden Rahmen fรผr das IKT-Risikomanagement fest, um digitale operative Widerstandsfรคhigkeit zu gewรคhrleisten, indem kritische Funktionen identifiziert und verwaltet werden. https://sec-consult.com/de/blog/detail/dora-core-concepts-critical-or-important-functions-in-focus/

๐Ÿฑโ€Feline Hackers Among Us? (A Deep Dive and Simulation of the Meow Attack) security research โ€“ The Meow attack targets unsecured databases like Elasticsearch and MongoDB, corrupting data for fun rather than profit. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/feline-hackers-among-us-a-deep-dive-and-simulation-of-the-meow-attack/

๐Ÿชฉ Perfectl Malware malware โ€“ The Perfctl malware, discovered by Aqua Security, exploits over 20,000 misconfigurations and a critical Apache vulnerability to stealthily mine cryptocurrency and create persistent backdoors on infected systems. https://www.schneier.com/blog/archives/2024/10/perfectl-malware.html

๐Ÿ“ฑ Trump campaign gets 'unhackable' phones security news โ€“ The Trump campaign is using 'unhackable' phones and computers from Green Hills Software, aiming to prevent data breaches ahead of the election, despite skepticism about the absolute security claims. https://www.theregister.com/2024/10/14/trump_unhackable_phones/

๐Ÿฆ  Expanding the Investigation: Deep Dive into Latest TrickMo Samples malware โ€“ New variants of the TrickMo banking Trojan utilize advanced evasion techniques and can steal unlock patterns, posing significant threats to user data and financial security. https://www.zimperium.com/blog/expanding-the-investigation-deep-dive-into-latest-trickmo-samples/

๐Ÿ›ฐ๏ธ How satellites are pushing security innovation at Amazon security research โ€“ Amazon integrates security into its culture and development processes, particularly in Project Kuiper, which aims to provide secure satellite-based internet with robust encryption and key management. https://cyberscoop.com/amazon-cybersecurity-culture-project-kuiper/

๐Ÿชซ Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds security research โ€“ A report from Secure Code Warrior reveals that training developers in secure-by-design practices can reduce software vulnerabilities by over 50%. https://cyberscoop.com/secure-by-design-return-investment-code-warrior/

๐Ÿ›œ Cisco confirms ongoing probe into alleged data breach data breach โ€“ Cisco is investigating claims of a data breach involving sensitive files allegedly stolen and sold by cybercriminals, with no evidence found yet of impacted systems. Law enforcement is involved. https://www.theregister.com/2024/10/15/cisco_confirm_ongoing_investigation/

๐ŸŽ Tinkerers Are Taking Old Redbox Kiosks Home and Reverse Engineering Them security news โ€“ Following Redbox's bankruptcy, enthusiasts are acquiring abandoned kiosks to reverse engineer their operating systems, even running games like Doom on them, while also liberating DVDs from the machines. https://www.404media.co/tinkerers-are-taking-old-redbox-kiosks-home-and-reverse-engineering-them/

๐Ÿ”ง VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX vulnerability โ€“ VMware has addressed a high-severity SQL injection vulnerability (CVE-2024-38814) in its HCX platform, allowing non-admin users to execute remote code. Updates are available for affected versions. https://securityaffairs.com/169904/security/vmware-sql-injection-flaw-cve-2024-38814.html

๐Ÿ”’ What Iโ€™ve learned in my first 7-ish years in cybersecurity security news โ€“ After nearly seven years in cybersecurity at Cisco Talos, the author reflects on their journey from journalism to tech, emphasizing the importance of asking questions, collaboration, and the evolving nature of threats. https://blog.talosintelligence.com/threat-source-newsletter-oct-17-2024/

๐Ÿ”’ F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP vulnerability โ€“ F5 has patched a high-severity elevation of privilege vulnerability (CVE-2024-45844) in BIG-IP and a medium-severity XSS flaw (CVE-2024-47139) in BIG-IQ, urging organizations to restrict access to mitigate risks. https://securityaffairs.com/170022/security/f5-patches-big-ip-elevation-of-privilege-bug.html

๐Ÿ Open source LLM tool primed to sniff out Python zero-days security research โ€“ Protect AI is launching Vulnhuntr, an open-source tool that uses AI to identify zero-day vulnerabilities in Python code, marking a significant advancement in vulnerability detection. https://www.theregister.com/2024/10/20/python_zero_day_tool/


CISA Corner

โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added three vulnerabilities to its KEV Catalog, including critical issues in Microsoft Windows, Mozilla Firefox, and SolarWinds, emphasizing the need for federal agencies to remediate them promptly. https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-adds-three-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2024-40711, a deserialization vulnerability in Veeam Backup and Replication, to its KEV Catalog, emphasizing the need for federal agencies to remediate it promptly. https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-adds-one-known-exploited-vulnerability-catalog

โš ๏ธ Iranian Cyber Actorsโ€™ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations warning โ€“ A joint advisory warns of Iranian cyber actors using brute force and credential access techniques to target U.S. critical infrastructure sectors, emphasizing the need for enhanced cybersecurity measures and vigilance. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-290a

โš™๏ธ CISA Releases Two Industrial Control Systems Advisories vulnerability โ€“ CISA issued two advisories on October 15, 2024, addressing vulnerabilities in Siemens Siveillance Video Cameras and Schneider Electric Data Center Expert, urging users to review for mitigations. https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-releases-two-industrial-control-systems-advisories โš™๏ธ CISA Releases Seven Industrial Control Systems Advisories vulnerability โ€“ CISA has issued seven advisories detailing vulnerabilities in industrial control systems, urging users to review them for security measures and updates. https://www.cisa.gov/news-events/alerts/2024/10/17/cisa-releases-seven-industrial-control-systems-advisories

๐Ÿ“œ Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM) security news โ€“ CISA has released a guidance document on Software Bill of Materials (SBOM), outlining key concepts and processes for representing software components, aimed at promoting adoption and transparency. https://www.cisa.gov/news-events/alerts/2024/10/15/guidance-framing-software-component-transparency-establishing-common-software-bill-materials-sbom

๐Ÿฉน Oracle Releases Quarterly Critical Patch Update Advisory for October 2024 security news โ€“ Oracle's October 2024 Critical Patch Update Advisory addresses vulnerabilities in various products, some of which could allow cyber attackers to gain control of affected systems. Users are urged to apply updates. https://www.cisa.gov/news-events/alerts/2024/10/17/oracle-releases-quarterly-critical-patch-update-advisory-october-2024


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

๐Ÿ’ณ So stehlen Kriminelle mit gefรคlschten FinanzOnline-Benachrichtigungen Ihre Bankomatkarte cybercrime โ€“ Kriminelle nutzen gefรคlschte Onlinebanking-Seiten, um Bankdaten zu stehlen. Nutzer erhalten betrรผgerische Benachrichtigungen รผber Kartensperrungen und sollen ihre alte Karte zurรผcksenden. https://www.watchlist-internet.at/news/so-stehlen-kriminelle-kartenwechsel-scam/


News For All

๐Ÿค– Your robot vacuum cleaner might be spying on you privacy โ€“ A security flaw in Ecovacs robot vacuums allows remote access to cameras and microphones, exposing users to privacy risks. Updates are coming, but not soon enough for some customers. https://www.bitdefender.com/en-us/blog/hotforsecurity/your-robot-vacuum-cleaner-might-be-spying-on-you/

๐Ÿค” Cops often hush up use of facial recognition tools privacy โ€“ U.S. police frequently use facial recognition technology without disclosing it to suspects, leading to wrongful arrests. This raises concerns about privacy and accountability in law enforcement practices. https://www.theregister.com/2024/10/07/cops_love_facial_recognition_and/

๐Ÿ”’ Google brings better bricking to Androids, to curtail crims security news โ€“ Google is rolling out features to enhance Android security, making it harder for thieves to profit from stolen phones by requiring credentials for factory resets and biometric verification for sensitive actions. https://www.theregister.com/2024/10/08/google_android_security/

โš–๏ธ Twitter Acts Fast on Nonconsensual Nudity If It Thinks Itโ€™s a Copyright Violation privacy โ€“ A study reveals Twitter removes nonconsensual nude images quickly if reported for copyright violations but delays action on similar reports for nonconsensual content, highlighting legal gaps. https://www.404media.co/twitter-acts-fast-on-nonconsensual-nudity-if-it-thinks-its-a-copyright-violation/

๐Ÿ”„ What Googleโ€™s U-Turn on Third-Party Cookies Means for Chrome Privacy privacy โ€“ Google paused its plans to eliminate third-party cookies in Chrome, citing backlash from various stakeholders. Critics argue this compromises user privacy while Google emphasizes user choice in tracking. https://www.wired.com/story/google-chrome-third-party-cookies-privacy-rollback/

๐Ÿ” Credit monitoring and supply chain risk company hacked data breach โ€“ CreditRiskMonitor reported a data breach where sensitive employee information was stolen, though customer data remained unaffected. The company is offering impacted individuals 24 months of free credit monitoring. https://cyberscoop.com/credit-risk-monitor-cyber-crmz-ransomware/

๐Ÿ“ฑ Donโ€™t use iPhone Mirroring at work, experts warn privacy โ€“ Experts warn against using iPhone Mirroring at work due to privacy risks, as it can expose personal app data to employers. Apple is aware and working on a fix. https://www.theregister.com/2024/10/08/iphone_mirroring_at_work/

๐Ÿ“š The Editors Protecting Wikipedia from AI Hoaxes security news โ€“ Wikipedia editors have launched WikiProject AI Cleanup to address the rise of unsourced, poorly-written AI-generated content on the platform, aiming to preserve the quality of information. https://www.404media.co/the-editors-protecting-wikipedia-from-ai-hoaxes/

๐Ÿ’‰ Trinity ransomware targets healthcare orgs cybercrime โ€“ Trinity ransomware has infected at least one U.S. healthcare provider, employing double extortion tactics. Experts warn healthcare organizations to enhance security measures against such attacks. https://www.theregister.com/2024/10/09/trinity_ransomware_targets_healthcare_orgs/

๐Ÿ”‘ How to use Appleโ€™s new Passwords app on iOS and macOS security news โ€“ Apple's new Passwords app replaces previous password management methods, allowing users to store and manage passwords, passkeys, and Wi-Fi credentials across devices. It offers autofill, sharing, and security alerts. https://www.theverge.com/24264400/passwords-apple-ios-macos-how-to

๐Ÿ“‰ National Public Data files for bankruptcy after info leak security news โ€“ National Public Data filed for bankruptcy after a massive data breach affecting potentially hundreds of millions. The company faces multiple lawsuits and regulatory challenges following the incident. https://www.theregister.com/2024/10/09/national_public_data_bankrupt/

๐Ÿ”’ The Internet Archive is under attack, with a breach revealing info for 31 million accounts data breach โ€“ The Internet Archive confirmed a breach exposing data for 31 million accounts, including email addresses and hashed passwords. The site also faced a DDoS attack following the incident. https://www.theverge.com/2024/10/9/24266419/internet-archive-ddos-attack-pop-up-message

๐Ÿ“ฑ How Telegram Turbocharges Organised Crime cybercrime โ€“ A UN report highlights Telegram's role in facilitating organized crime, including cyber fraud, money laundering, and criminal marketplaces, emphasizing the need for stricter regulations to combat these activities. https://news.risky.biz/how-telegram-turbocharges-organised-crime/

โš ๏ธ Mozilla issued an urgent Firefox update to fix actively exploited flaw vulnerability โ€“ Mozilla released an urgent update for Firefox to fix a critical use-after-free vulnerability (CVE-2024-9680) actively exploited in attacks, urging users to upgrade immediately. https://securityaffairs.com/169590/security/mozilla-firefox-actively-exploited-flaw.html

๐Ÿ›ก๏ธ Blue Team, Red Team, and Purple Team: An Overview security news โ€“ This article discusses the roles of Blue, Red, and Purple Teams in cybersecurity, highlighting defensive operations, adversarial simulations, and collaborative efforts to enhance security measures. https://www.blackhillsinfosec.com/red-blue-and-purple-teams/

๐Ÿ˜ท 14,000 medical devices are online, unsecured and vulnerable security research โ€“ A report reveals over 14,000 exposed medical devices globally, with nearly half in the U.S. Many lack basic security measures, making them prime targets for cybercriminals amid increasing healthcare attacks. https://cyberscoop.com/medical-devices-online-health-censys/

๐Ÿ– Pig Butchering Scams Are Going High Tech cybercrime โ€“ The UNODC reports a surge in high-tech 'pig butchering' scams in Southeast Asia, utilizing generative AI and deepfakes to enhance fraud. These scams, alongside cryptocurrency drainers, are increasingly sophisticated and pose significant challenges for law enforcement. https://www.wired.com/story/pig-butchering-scams-go-high-tech/

โ›“๏ธโ€๐Ÿ’ฅ 'Chat control': The EU's controversial CSAM-scanning legal proposal explained privacy โ€“ The EU's proposed legislation to combat child sexual abuse material (CSAM) threatens user privacy by mandating scanning of private communications on messaging apps, raising concerns about encryption and mass surveillance. https://techcrunch.com/2024/10/12/chat-control-the-eus-controversial-csam-scanning-legal-proposal-explained/

๐Ÿ”’ How to Stop Your Data From Being Used to Train AI privacy โ€“ As generative AI increasingly utilizes online data, users can take steps to opt out of having their content used for training. The article outlines various platforms and methods to help protect personal data from being scraped. https://www.wired.com/story/how-to-stop-your-data-from-being-used-to-train-ai/

โš ๏ธ Magenta ID wurde deaktiviert: Vorsicht vor tรคuschend echter Phishing-Mail warning โ€“ Eine tรคuschend echte Phishing-Mail mit dem Betreff โ€žAktion erforderlich: Reaktivierung Ihrer Magenta IDโ€œ fordert zur Aktivierung einer nicht existierenden ID auf. Drei Hinweise entlarven die Betrugsmasche. https://futurezone.at/digital-life/magenta-id-wurde-deaktiviert-mail-phishing-rechnung-hinweise-betrug-warnung/402960708


Some More, For the Curious

๐ŸŽ‰ Kyiv's hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin's birthday security news โ€“ Ukrainian hackers reportedly disrupted VGTRK operations, wiping servers and backups on Putin's birthday, amid ongoing cyber conflict between Russia and Ukraine. https://securityaffairs.com/169486/cyber-warfare-2/kyivs-hackers-hit-russian-state-media.html

๐Ÿง“ The 30-year-old internet backdoor law that came back to bite security news โ€“ Chinese hackers compromised U.S. telecom wiretap systems, highlighting risks of backdoor laws like CALEA, which mandate access to customer data but create vulnerabilities for abuse. https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite/

๐Ÿ’ฐ MoneyGram says hackers stole customers' personal information and transaction data data breach โ€“ MoneyGram confirmed a cyberattack resulted in the theft of customers' personal and transaction data, affecting names, addresses, and some Social Security numbers. Investigation is ongoing. https://techcrunch.com/2024/10/07/moneygram-says-hackers-stole-customers-personal-information-and-transaction-data/

๐Ÿ—ƒ๏ธ ADT says hacker stole encrypted internal employee data after compromising business partner security news โ€“ ADT reported a breach where a hacker accessed its network through a compromised third-party partner, stealing encrypted employee data. No customer information was believed to be affected. https://therecord.media/adt-hacker-stole-encrypted-data-after-breaching-third-party

๐Ÿ›ก๏ธ Following the Trail of Flax Typhoon to Uncover Newly Discovered Vulnerabilities in Linear Emerge Access Control Devices security research โ€“ A vulnerability, CVE-2024-9441, affects Linear Emerge E3 series devices and is unpatched, raising concerns of imminent exploitation. Organizations are urged to isolate affected devices. https://vulncheck.com/blog/flax-typhoon-linear-merge

๐Ÿ”ง Zero Day Initiative โ€” The October 2024 Security Update Review security news โ€“ Adobe and Microsoft released significant security updates in October 2024, addressing numerous vulnerabilities including critical code execution bugs. Users are urged to promptly apply patches to mitigate risks. https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review

๐Ÿšซ Russia and Turkey ban Discord messaging app security news โ€“ Russia and Turkey have blocked Discord, citing non-compliance with local laws and misuse for illegal activities. The bans have sparked backlash, highlighting the platform's importance for communication. https://therecord.media/discord-messaging-app-banned-russia-turkey

๐Ÿ” Two never-before-seen tools, from same group, infect air-gapped devices security research โ€“ Researchers discovered two sophisticated toolsets used by a suspected Russian hacking group to compromise air-gapped devices for data theft, highlighting their evolving capabilities and modular design. https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/

โŒจ๏ธ Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips vulnerability โ€“ Qualcomm confirmed hackers exploited a zero-day vulnerability (CVE-2024-43047) in its chipsets used in Android devices, with indications of targeted exploitation. Fixes have been made available to device manufacturers. https://techcrunch.com/2024/10/09/hackers-were-targeting-android-users-with-qualcomm-zero-day/

๐ŸŒ OpenAI says it has disrupted 20-plus foreign influence networks in past year security news โ€“ OpenAI disrupted over 20 foreign influence operations using its AI tools to manipulate political sentiments and elections. The report highlights ongoing threats from nations like Russia and Iran. https://cyberscoop.com/openai-threat-report-foreign-influence-generative-ai/

๐Ÿš” Dutch cops reveal takedown of 'largest dark web market' cybercrime โ€“ Dutch police arrested the alleged administrators of Bohemia and Cannabia, the largest dark web marketplaces, which processed โ‚ฌ12 million monthly. The operators attempted an exit scam after becoming aware of the investigation. https://www.theregister.com/2024/10/10/cannabia_bohemia_darkweb_market_investigation/

๐Ÿช™ FBI created a crypto token so it could watch it being abused security news โ€“ The FBI developed its own cryptocurrency, NexFundAI, to monitor fraudulent activities in the crypto market, leading to arrests in three countries for alleged wash trading and manipulation schemes. https://www.theregister.com/2024/10/11/fbi_nexfundai_crypto_fraud_sting/

๐Ÿ”ง GitLab fixed a critical flaw that could allow arbitrary CI vulnerability โ€“ GitLab patched a critical vulnerability (CVE-2024-9164) that allowed unauthorized CI/CD pipeline execution. The update also addressed several high and medium severity issues in both Community and Enterprise Editions. https://securityaffairs.com/169671/security/gitlab-fixed-critical-flaw-cve-2024-9164.html

๐Ÿ“ฆ Malicious packages in open-source repositories are surging security research โ€“ A report by Sonatype reveals a 150% increase in malicious packages in open-source repositories over the past year, highlighting security vulnerabilities and the slow response to patching them. https://cyberscoop.com/open-source-security-supply-chain-sonatype/

๐Ÿ’ป Ransomware operators exploited Veeam Backup & Replication flaw CVE vulnerability โ€“ Ransomware operators are exploiting the critical CVE-2024-40711 vulnerability in Veeam Backup & Replication to deploy malware and create rogue accounts. Sophos warns of attacks leveraging compromised credentials and outdated VPNs. https://securityaffairs.com/169679/cyber-crime/ransomware-groups-exploit-veeam-backup-replication-bug.html

๐Ÿ“ File hosting services misused for identity phishing security research โ€“ Microsoft reports that ransomware operators are exploiting legitimate file hosting services to conduct phishing attacks, using tactics to evade detection and compromise user identities, leading to business email compromise (BEC) attacks. https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/


CISA Corner

๐Ÿšจ Avoid Scams After Disaster Strikes warning โ€“ CISA warns of increased cyber scams following natural disasters, urging caution with emails and social media related to hurricanes. Verify information from trusted sources before responding. https://www.cisa.gov/news-events/alerts/2024/10/08/avoid-scams-after-disaster-strikes

โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has included three vulnerabilities in its Known Exploited Vulnerabilities Catalog, highlighting risks from active exploitation. Agencies are required to remediate these vulnerabilities to protect federal networks. https://www.cisa.gov/news-events/alerts/2024/10/08/cisa-adds-three-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting risks from active exploitation in Fortinet and Ivanti products. Federal agencies must remediate these vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/10/09/cisa-adds-three-known-exploited-vulnerabilities-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿ– The Pig Butchering Invasion Has Begun cybercrime โ€“ Global pig butchering scams, rooted in Southeast Asia, exploit vulnerable populations and net billions. Operations are expanding worldwide, raising serious human trafficking and financial crime concerns. https://www.wired.com/story/pig-butchering-scam-invasion/

๐Ÿ” Remote ID verification tech is often biased and wrong security news โ€“ A GSA study reveals remote identity verification technologies are biased, with significant error rates affecting marginalized groups. The techโ€™s reliability raises concerns for government and user equity. https://www.theregister.com/2024/09/30/remote_identity_verification_biased/

๐Ÿ“š Massive E-Learning Platform Udemy Gave Teachers a Gen AI 'Opt-Out Window'. It's Already Over. privacy โ€“ Udemy's brief opt-out period for teachers to exclude their content from generative AI training has passed, sparking backlash over perceived intellectual property theft and biased communication. https://www.404media.co/massive-e-learning-platform-udemy-gave-teachers-a-gen-ai-opt-out-window-its-already-over/

๐ŸŽฏ North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence security news โ€“ North Korea's APT Kimsuky targeted German defense contractor Diehl Defence through a phishing campaign involving fake job offers, raising significant concerns due to the company's military manufacturing role. https://securityaffairs.com/169162/apt/kimsuky-apt-hit-diehl-defence.html

๐Ÿซด Paypal Opted You Into Sharing Data Without Your Knowledge privacy โ€“ PayPal has been criticized for automatically opting users into data sharing with third parties for personalized shopping, raising privacy concerns as users were unaware of this change. https://www.404media.co/paypal-personalized-shopping-opt-out/

๐Ÿ“ฐ News agency AFP hit by cyberattack, client services impacted cybercrime โ€“ AFP confirmed a cyberattack affecting its IT systems and client services, prompting investigations with Franceโ€™s cybersecurity agency. Global news coverage remains unaffected, but partners were warned about potential FTP credential compromises. https://securityaffairs.com/169175/hacking/news-agency-afp-hit-by-cyberattack-client-services-impacted.html

๐Ÿš” Multinational police effort hits sections of Lockbit ransomware operation security news โ€“ An international police effort led to arrests and seizures targeting the LockBit ransomware group, including a suspected developer in France and sanctions against affiliates linked to Evil Corp, amid ongoing efforts to disrupt cybercrime. https://cyberscoop.com/lockbit-arrests-ransomware-fbi-uk-nca-evil-corp/

๐Ÿฅ UMC Health System diverted patients following a ransomware attack cybercrime โ€“ UMC Health System in Texas diverted patients after a ransomware attack caused a network outage. The hospital is investigating the breach and working to restore services while ensuring patient care. https://securityaffairs.com/169198/cyber-crime/umc-health-system-cyberattack.html

๐Ÿ•ต๏ธโ€โ™€๏ธ ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions security news โ€“ ICE has contracted Israeli spyware vendor Paragon Solutions for $2 million amid ongoing scrutiny of commercial spyware. The contract raises questions about ethical surveillance practices and human rights implications. https://www.wired.com/story/ice-paragon-solutions-contract/

๐Ÿ“Š Thunderbird fรผr Android: Telemetrie-Daten werden bereits beim Start erfasst privacy โ€“ Die Beta-Version von Thunderbird fรผr Android รผbertrรคgt Telemetriedaten ohne Einwilligung an Mozilla. Dies verstรถรŸt gegen Datenschutzgesetze und enttรคuscht Nutzer, die eine Opt-In-Lรถsung erwarten. https://www.kuketz-blog.de/thunderbird-fuer-android-telemetrie-daten-werden-bereits-beim-start-erfasst/

๐Ÿชฉ A Network of AI โ€˜Nudifyโ€™ Sites Are a Front for Notorious Russian Hackers cybercrime โ€“ Fake AI โ€˜nudifyโ€™ sites are revealed to be fronts for Fin7, a Russian hacking group, designed to steal credentials. The sites lure users with the promise of generating nonconsensual content. https://www.404media.co/a-network-of-ai-nudify-sites-are-a-front-for-notorious-russian-hackers-2/

๐Ÿ” Telegram has disclosed criminal data to authorities for years, Durov says security news โ€“ Telegram's founder, Pavel Durov, clarified that the platform has long disclosed user data to law enforcement upon legal request, emphasizing recent updates to privacy policies do not signify a major shift in practices. https://therecord.media/telegram-disclosing-criminal-data-law-enforcement-durov-statement

๐Ÿ’ฐ Men Stole Over $1 Million From DoorDash Delivery Drivers By Impersonating Them to Customer Service cybercrime โ€“ Two men impersonated DoorDash drivers to steal over $1 million by hijacking accounts and redirecting payments. They used stolen personal information to bypass security and change account details. https://www.404media.co/men-stole-over-1-million-from-doordash-delivery-drivers-by-impersonating-them-to-customer-service/

๐Ÿ” The feds still canโ€™t get into Eric Adamsโ€™ phone security news โ€“ NYC Mayor Eric Adams forgot the new passcode to his phone after changing it, complicating federal investigators' efforts to access it amid ongoing fraud and bribery charges against him. https://www.theverge.com/2024/10/2/24260626/fbi-eric-adams-locked-phone-forgotten-changed-password

๐Ÿ“ธ License Plate Readers Are Creating a US-Wide Database of More Than Just Cars privacy โ€“ License plate readers in the US are compiling extensive databases that capture political affiliations and personal beliefs, raising concerns about privacy and surveillance as they collect data beyond just vehicle information. https://www.wired.com/story/license-plate-readers-political-signs-bumper-stickers/

๐Ÿ”’ DOJ, Microsoft seize 107 domains used in Russian attacks security news โ€“ The DOJ and Microsoft seized 107 domains linked to Russia's Callisto Group, disrupting a phishing campaign targeting US government agencies and other organizations, aimed at stealing sensitive information. https://www.theregister.com/2024/10/03/russian_phishing_domains_seized/

๐Ÿ‘ฎโ€โ™€๏ธ Dutch police breached by a state actor data breach โ€“ A state actor has been blamed for hacking into the Dutch police system, exposing contact details of officers. The investigation is ongoing, with security measures implemented to protect affected personnel. https://securityaffairs.com/169328/hacking/dutch-police-breached-by-state-actor.html

๐Ÿ‘“ Harvard duo modifies Meta glasses to grab strangers' info security news โ€“ Harvard students developed 'I-XRAY,' a system using Meta smart glasses to identify individuals and compile personal information from publicly available sources, highlighting privacy concerns in the AI era. https://www.theregister.com/2024/10/04/harvard_engineer_meta_smart_glasses/

๐Ÿ’ผ Crook made millions by breaking into execsโ€™ Office365 inboxes, feds say cybercrime โ€“ UK national Robert B. Westbrook has been charged with a hack-to-trade scheme, illegally accessing Office365 accounts of US executives to steal financial reports, earning approximately $3.75 million from insider trading. https://arstechnica.com/security/2024/10/crook-made-millions-by-breaking-into-execs-office365-inboxes-feds-say/

๐ŸŽฅ Metaโ€™s new โ€œMovie Genโ€ AI system can deepfake video from a single photo security news โ€“ Meta's Movie Gen AI can create realistic videos from a single photo, generating deepfakes and personalized content. While it offers innovative editing and sound synthesis features, it raises significant ethical concerns. https://arstechnica.com/ai/2024/10/metas-new-movie-gen-ai-system-can-deepfake-video-from-a-single-photo/

๐Ÿ”’ Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs security news โ€“ Apple's iOS 18.0.1 and iPadOS 18.0.1 updates address two vulnerabilities that could expose audio snippets and passwords. The flaws were fixed with improved validation checks, with no known active exploits reported. https://securityaffairs.com/169381/mobile-2/apple-ios-18-0-1.html

๐Ÿ›ฌ Ryanair faces GDPR turbulence over customer ID checks security news โ€“ Ireland's Data Protection Commission is investigating Ryanair's ID verification process for customers booking through third-party sites, focusing on compliance with GDPR regarding the use of biometric data. https://www.theregister.com/2024/10/05/irish_dpc_ryanair_probe/


Some More, For the Curious

๐ŸŽ’ Danger is Still Lurking in the NVD Backlog security news โ€“ The National Vulnerability Database still has a significant backlog of over 18,000 vulnerabilities, with 72.4% unanalyzed. Progress has been made, but many critical vulnerabilities remain unassessed. https://vulncheck.com/blog/nvd-backlog-exploitation-lurking

๐Ÿ”’ More frequent disruption operations needed to dent ransomware gangs, officials say security news โ€“ Officials urge for increased frequency of disruption operations against ransomware gangs, as current efforts have proven insufficient. New strategies and international cooperation are essential to combat the rising threat. https://cyberscoop.com/counter-ransomware-initiative-summit-white-house-odni/

๐Ÿ› ๏ธ capa Explorer Web: A Web-Based Tool for Program Capability Analysis security research โ€“ Mandiant introduces capa Explorer Web, a browser-based tool for visualizing program capabilities identified by the capa reverse engineering tool, enhancing analysis with interactive features and integration with VirusTotal. https://cloud.google.com/blog/topics/threat-intelligence/capa-explorer-web-program-capability-analysis/

๐Ÿ•ต๏ธโ€โ™‚๏ธ Notorious Evil Corp Hackers Targeted NATO Allies for Russian Intelligence cybercrime โ€“ Evil Corp has been linked to Russian intelligence agencies and tasked with espionage against NATO allies. The group, known for its Dridex malware and ransomware operations, has extorted over $300 million. https://www.wired.com/story/evil-corp-lockbit-russian-intelligence/

๐Ÿ›ก๏ธ Level Up Your Security Skills with the New Microsoft Sentinel Ninja Training! security news โ€“ Microsoft Sentinel Ninja Training has been revamped with interactive modules, hands-on labs, and real-world scenarios to enhance skills in threat detection and incident response, integrating with Defender XDR for streamlined operations. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/level-up-your-security-skills-with-the-new-microsoft-sentinel/ba-p/4260106

๐Ÿšจ Russian authorities arrest nearly 100 in raids tied to cybercriminal money laundering cybercrime โ€“ Russian authorities arrested nearly 100 individuals linked to the UAPS payment system and Cryptex exchanges in a money laundering investigation, handling over $1.2 billion in illicit funds for cybercriminals. https://cyberscoop.com/russian-cybercrime-raids-cryptex-uaps/

๐Ÿ”’ 14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries vulnerability โ€“ Forescout identified 14 vulnerabilities in DrayTek routers, affecting over 704,000 devices globally. Two critical flaws could enable severe attacks, prompting urgent updates from DrayTek. https://securityaffairs.com/169267/security/draytek-routers-flaws-impacts-700000-devices.html

๐Ÿ’ป Threat actor believed to be spreading new MedusaLocker variant since 2022 malware โ€“ Cisco Talos reports a financially motivated threat actor distributing a new MedusaLocker ransomware variant, 'BabyLockerKZ,' targeting organizations globally since 2022, with a shift from Europe to South America. https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/

๐Ÿ“ง Weird Zimbra Vulnerability vulnerability โ€“ A Zimbra vulnerability allows hackers to execute remote commands via malformed emails. While exploitation is easy, large-scale infections are unlikely. Defenders should monitor for suspicious email patterns. https://www.schneier.com/blog/archives/2024/10/weird-zimbra-vulnerability.html

โš ๏ธ The Silent Epidemic: Uncovering the Dangers of Alert Fatigue and How to Overcome It security news โ€“ Alert fatigue poses a significant threat to cybersecurity, overwhelming security teams and causing critical alerts to be overlooked. Organizations must adopt automation tools and education to mitigate these risks. https://www.cybereason.com/blog/the-silent-epidemic-uncovering-the-dangers-of-alert-fatigue-and-how-to-overcome-it

๐Ÿ›ฐ๏ธ Black Hills Information Security hacking write-up โ€“ The article discusses the history and future of satellite technology, highlighting vulnerabilities and notable attacks, including spoofing and jamming. It emphasizes the risks of cyberattacks on satellites and the need for robust security measures. https://www.blackhillsinfosec.com/satellite-hacking/

๐Ÿ Thousands of Linux systems infected by stealthy malware since 2021 malware โ€“ A stealthy malware strain named Perfctl has infected thousands of Linux systems since 2021, exploiting over 20,000 misconfigurations and a critical vulnerability, allowing for cryptocurrency mining and unauthorized access. https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/

๐Ÿ“Š Introducing the Use Cases Mapper workbook cyber defense โ€“ The Use Case Mapper Workbook aids organizations in optimizing Microsoft Sentinel by mapping common security use cases to the MITRE ATT&CK framework, identifying gaps in security solutions, and facilitating updates. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/introducing-the-use-cases-mapper-workbook/ba-p/4202058


CISA Corner

โš ๏ธ CISA Adds Four Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added four actively exploited vulnerabilities to its catalog, including critical command injection issues in routers and a deserialization flaw in SAP, posing serious risks to federal networks. https://www.cisa.gov/news-events/alerts/2024/09/30/cisa-adds-four-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added an Ivanti Endpoint Manager SQL Injection vulnerability to its Known Exploited Vulnerabilities Catalog, highlighting risks that malicious actors pose to federal networks. https://www.cisa.gov/news-events/alerts/2024/10/02/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has included a new vulnerability, CVE-2024-45519, affecting Synacor Zimbra, in its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, posing risks to federal networks. https://www.cisa.gov/news-events/alerts/2024/10/03/cisa-adds-one-known-exploited-vulnerability-catalog

โš™๏ธ CISA Releases Two Industrial Control Systems Advisories vulnerability โ€“ CISA issued two advisories on October 1, 2024, highlighting vulnerabilities in Optigo Networks and Mitsubishi Electric ICS. Users are urged to review the advisories for mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/01/cisa-releases-two-industrial-control-systems-advisories โš™๏ธ CISA Releases Three Industrial Control Systems Advisories vulnerability โ€“ CISA issued three advisories on October 3, 2024, addressing vulnerabilities in TEM Opera Plus, Subnet Solutions, and Delta Electronics ICS. Users are urged to review for security details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/03/cisa-releases-three-industrial-control-systems-advisories

๐Ÿ” ASDโ€™s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations security news โ€“ The ASDโ€™s ACSC, alongside CISA and international partners, released a guide outlining six principles for enhancing cybersecurity in operational technology environments to mitigate risks associated with business decisions. https://www.cisa.gov/news-events/alerts/2024/10/01/asds-acsc-cisa-fbi-nsa-and-international-partners-release-guidance-principles-ot-cybersecurity


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐ŸŽฎ Be Internet Awesome World: A fun new game to learn about online safety security news โ€“ Google's new game, Be Internet Awesome World, teaches kids online safety through interactive lessons on scams, passwords, and personal information sharing. https://blog.google/technology/safety-security/be-internet-awesome-roblox/

๐Ÿšจ Staying a Step Ahead: Mitigating the DPRK IT Worker Threat security research โ€“ Mandiant reports on DPRK IT workers posing as non-North Koreans to infiltrate global companies, generating revenue for the regime and posing cybersecurity risks; awareness and vigilance are crucial. https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat/

๐Ÿšดโ€โ™‚๏ธ Hacking the โ€œBike Angelsโ€ System for Moving Bikeshares security news โ€“ New York City's bikeshare system, Bike Angels, is being exploited by users creating artificial shortages to maximize rewards, prompting a need for system modifications to prevent such hacks. https://www.schneier.com/blog/archives/2024/09/hacking-the-bike-angels-system-for-moving-bikeshares.html

๐Ÿš— White House proposes rule to ban Chinese, Russian parts for networked vehicles security news โ€“ The White House proposes banning Chinese and Russian components in connected vehicles to address national security threats, targeting parts for connectivity systems amid rising surveillance and hacking concerns. https://cyberscoop.com/us-government-ban-china-russia-connected-cars/

โ˜‘๏ธ Privacy Service Optery Faces Backlash After Plan to Send OpenAI User Data privacy โ€“ Optery faced criticism for defaulting to transferring user data to OpenAI, leading to a backlash from privacy advocates and a subsequent shift to an opt-in model for data sharing. https://www.404media.co/privacy-service-optery-faces-backlash-after-plan-to-send-openai-user-data/

๐Ÿงป Telegram will now hand over your phone number and IP if youโ€™re a criminal suspect security news โ€“ Telegram will disclose users' phone numbers and IP addresses to authorities upon valid requests for criminal suspects, reflecting a shift in its privacy policy amid concerns over illegal activities on the platform. https://www.theverge.com/2024/9/23/24252276/telegram-disclose-user-data-legal-requests-criminal-activity

โ›ฐ๏ธ Pro-Russia hackers aim DDoS campaign at Austrian websites ahead of elections security news โ€“ Pro-Russia hacker groups, including NoName057(16) and OverFlame, have launched DDoS attacks on over 40 Austrian websites ahead of the upcoming elections, causing temporary outages but no lasting damage. https://therecord.media/austria-websites-ddos-incidents-pro-russia-hacktivists

๐Ÿ“ธ New twist on sextortion scam includes pictures of people's homes cybercrime โ€“ A new sextortion scam involves emails with photos of victims' homes, threatening to reveal their online activity unless they pay a ransom, leveraging personal data for intimidation. https://therecord.media/new-twist-on-sextortion-scam-pictures-of-peoples-homes

๐Ÿฐ Iranian-linked election interference operation shows signs of recent access security news โ€“ An alleged Iranian hacking effort targeting Trumpโ€™s campaign continues, sharing materials with journalists, suggesting ongoing access to campaign documents, with U.S. officials linking the activity to the Iranian government. https://cyberscoop.com/trump-campaign-hack-new-material-ongoing-access/

๐Ÿ›ค๏ธ Who is tracking web behavior the most? Google, obviously privacy โ€“ Kaspersky's report reveals Google as the top tracker of online behavior, with its systems like Google Analytics and YouTube Analytics leading the way in data collection across various regions. https://www.theregister.com/2024/09/24/google_online_tracker/

๐Ÿš™ Study finds many European car resellers fail to delete driver data privacy โ€“ A study reveals that 80% of resold cars in Europe contain previous owners' personal data, violating data privacy laws; dealerships are urged to implement structured data deletion processes to avoid legal consequences. https://therecord.media/study-finds-european-car-resellers-fail-to-delete-data

๐Ÿ’ณ New Android banking trojan Octo2 targets European banks malware โ€“ The Octo2 banking trojan has emerged, enhancing remote takeover capabilities and targeting European banks. Its advanced features and leaked source code could expand its use among cybercriminals. https://securityaffairs.com/168857/malware/octo2-android-banking-trojan.html

๐Ÿชค New Windows Malware Locks Computer in Kiosk Mode malware โ€“ A new malware campaign locks users in their browser's kiosk mode on Google's login page, coercing them to enter their credentials, which are then stolen by information-stealing malware. https://www.schneier.com/blog/archives/2024/09/new-windows-malware-locks-computer-in-kiosk-mode.html

๐ŸฆŠ Data privacy watchdog files complaint against Mozilla for new ad tracking feature privacy โ€“ The advocacy group noyb has filed a complaint against Mozilla for implementing a new ad tracking feature in Firefox without user consent, claiming it undermines data privacy rights. https://therecord.media/noyb-europe-complaint-mozilla-firefox-privacy-preserving-attribution

๐ŸŽ๏ธ Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug vulnerability โ€“ Researchers discovered a flaw in Kia's web portal that allowed them to track and control millions of vehicles, highlighting serious security vulnerabilities in the automotive industryโ€™s web-based systems. https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/

๐Ÿ“ฐ When UK rail stations Wi-Fi was defaced by hackers the only casualty was the truth security news โ€“ Hackers defaced public Wi-Fi at 19 UK rail stations with a hate-filled message, but the incident was downplayed as a minor cybersecurity breach rather than a major attack, contradicting sensational media coverage. https://www.bitdefender.com/blog/hotforsecurity/when-uk-rail-stations-wi-fi-was-defaced-by-hackers-the-only-casualty-was-the-truth/

๐Ÿ’ท UK data watchdog confirms it's investigating MoneyGram data breach data breach โ€“ The UK's ICO is investigating MoneyGram following a reported data breach that caused significant operational downtime, affecting customer transactions and partnerships; details on the breach remain unclear. https://techcrunch.com/2024/09/27/uk-data-watchdog-confirms-investigating-moneygram-data-breach/

๐Ÿ–จ๏ธ CUPS flaws allow remote code execution on Linux systems under certain conditions vulnerability โ€“ A critical vulnerability in the CUPS printing system allows unauthenticated remote code execution on Linux systems. Researchers disclosed multiple flaws, urging users to disable the affected service as a temporary mitigation. https://securityaffairs.com/169001/hacking/cups-flaws-allow-rce-on-linux-systems.html

๐Ÿค‘ Irish Data Protection Commission fines Meta โ‚ฌ91 million for passwords stored in plaintext privacy โ€“ The Irish Data Protection Commission fined Meta โ‚ฌ91 million for violating GDPR by storing users' passwords in plaintext, following a 2019 investigation where Meta disclosed the issue to regulators. https://cyberscoop.com/meta-fined-passwords-plaintext-ireland-millions-users/

๐Ÿ“ท Microsoft details security/privacy overhaul for Windows Recall ahead of relaunch security news โ€“ Microsoft is revamping its Recall feature for Windows after security concerns, making it opt-in, enhancing encryption, and requiring user re-authentication to access stored data. https://arstechnica.com/?p=2052960


Some More, For the Curious

๐Ÿค” The Cyber Resilience Act, an Accidental European Alien Torts Statute? security news โ€“ The Cyber Resilience Act may allow the EU to restrict tech sales based on fundamental rights violations, blending cybersecurity with accountability for international actions. https://www.lawfaremedia.org/article/the-cyber-resilience-act--an-accidental-european-alien-torts-statute

๐Ÿš’ Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall security research โ€“ China's Great Firewall manipulates DNS responses, creating vulnerabilities for domains routed through Chinese infrastructure, risking attacks like subdomain takeovers and XSS. https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall

๐Ÿ€ Move over, Cobalt Strike, there's a new post-exploit tool security research โ€“ Attackers are now using Splinter, a new post-exploitation tool capable of executing commands and stealing data, raising concerns for organizations despite being less advanced than Cobalt Strike. https://www.theregister.com/2024/09/23/splinter_red_team_tool/

๐Ÿ’€ Necro Trojan infiltrates Google Play and Spotify and WhatsApp mods malware โ€“ The Necro Trojan has re-emerged, infecting popular apps on Google Play and modified versions of Spotify and WhatsApp, using techniques like steganography to evade detection and execute malicious activities. https://securelist.com/necro-trojan-is-back-on-google-play/113881/

๐Ÿ”‚ Microsoftโ€™s largest ever security transformation detailed in new report security news โ€“ Microsoft reveals its largest security overhaul, emphasizing a cultural shift towards security, with 34,000 engineers involved and new governance structures, following criticism of its previous security practices. https://www.theverge.com/2024/9/23/24251945/microsoft-security-report-secure-future-initiative

๐Ÿค– A generative artificial intelligence malware used in phishing attacks malware โ€“ HP researchers found malware generated by AI in a phishing attack that delivered AsyncRAT, highlighting how generative AI is making it easier for cybercriminals to create sophisticated threats. https://securityaffairs.com/168840/malware/generative-artificial-intelligence-malware.html

๐Ÿคก CrowdStrike exec apologizes in front of Congress over huge global IT outage security news โ€“ A CrowdStrike executive apologized to Congress for a faulty update that caused a massive IT outage affecting 8.5 million systems, outlining new measures to prevent future incidents. https://cyberscoop.com/crowdstrike-exec-apologizes-congressional-hearing-it-outage/

๐ŸŽฏ China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs) security news โ€“ The China-linked APT group Salt Typhoon has compromised several U.S. ISPs, aiming for intelligence gathering and potential cyberattacks, raising concerns about security in critical infrastructure. https://securityaffairs.com/168941/apt/salt-typhoon-china-linked-threat-actors-breached-us-isp.html

๐Ÿฅ Senate bill eyes minimum cybersecurity standards for health care industry security news โ€“ Senators Wyden and Warner introduced the Health Infrastructure Security and Accountability Act to enforce mandatory cybersecurity standards in the health care sector following a ransomware attack on Change Healthcare. https://cyberscoop.com/minimum-cybersecurity-standards-health-care-wyden-warner-bill/

๐Ÿ”’ HPE patches three critical security holes in Aruba PAPI vulnerability โ€“ HPE has released urgent patches for three critical vulnerabilities in Aruba access points that allow unauthenticated attackers to execute code remotely, urging upgrades to affected systems. https://www.theregister.com/2024/09/26/hpe_aruba_patch_papi/

๐Ÿ“ NIST Recommends Some Common-Sense Password Rules security news โ€“ NIST's draft guidelines propose sensible password rules, including a minimum length of 8-15 characters, no mandatory complexity requirements, and no periodic changes unless compromised. https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-sense-password-rules.html

โš ๏ธ Critical Nvidia bug allows container escape, host takeover vulnerability โ€“ A critical vulnerability in Nvidia's Container Toolkit (CVE-2024-0132) allows attackers to escape containers and gain control of the host system, affecting 33% of cloud environments; fixes have been issued. https://www.theregister.com/2024/09/26/critical_nvidia_bug_container_escape/

โš–๏ธ The Data Breach Disclosure Conundrum security news โ€“ The article discusses the complexities of data breach disclosure, emphasizing the legal and ethical obligations organizations have to notify affected individuals and the potential backlash from non-disclosure, highlighting examples like Deezer and Uber. https://www.troyhunt.com/the-data-breach-disclosure-conundrum/


CISA Corner

๐Ÿ›ก๏ธ Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means securnty news โ€“ CISA warns that cyber threat actors exploit vulnerable OT/ICS devices using basic methods like default credentials and brute force attacks, urging operators to enhance their security measures. https://www.cisa.gov/news-events/alerts/2024/09/25/threat-actors-continue-exploit-otics-through-unsophisticated-means

๐Ÿ“œ ASDโ€™s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises security news โ€“ A joint guide by ASD ACSC and CISA offers strategies for organizations to detect and mitigate Active Directory compromises, crucial for securing enterprise IT networks against malicious actors. https://www.cisa.gov/news-events/alerts/2024/09/26/asds-acsc-cisa-and-us-and-international-partners-release-guidance-detecting-and-mitigating-active

๐Ÿ› ๏ธ CISA Releases Eight Industrial Control Systems Advisories vulnerability โ€“ CISA has issued eight advisories highlighting vulnerabilities in various Industrial Control Systems, urging users to review them for important security updates and mitigations. https://www.cisa.gov/news-events/alerts/2024/09/24/cisa-releases-eight-industrial-control-systems-advisories ๐Ÿ› ๏ธ CISA Releases Five Industrial Control Systems Advisories vulnerability โ€“ CISA has published five advisories addressing vulnerabilities in various Industrial Control Systems, urging users to review them for essential security updates and mitigations. https://www.cisa.gov/news-events/alerts/2024/09/26/cisa-releases-five-industrial-control-systems-advisories

โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability โ€“ CISA has included CVE-2024-7593, an authentication bypass vulnerability in Ivanti Virtual Traffic Manager, in its Known Exploited Vulnerabilities Catalog due to active exploitation. https://www.cisa.gov/news-events/alerts/2024/09/24/cisa-adds-one-known-exploited-vulnerability-catalog

๐Ÿ”ง Citrix Releases Security Updates for XenServer and Citrix Hypervisor vulnerability โ€“ Citrix has issued security updates for XenServer and Citrix Hypervisor to fix vulnerabilities that could lead to denial of service attacks; users are urged to apply these updates. https://www.cisa.gov/news-events/alerts/2024/09/25/citrix-releases-security-updates-xenserver-and-citrix-hypervisor ๐Ÿ”’ Cisco Releases Security Updates for IOS and IOS XE Software vulnerability โ€“ Cisco's September 2024 advisory addresses vulnerabilities in IOS and IOS XE software that could allow cyber actors to take control of affected systems; users are advised to apply updates. https://www.cisa.gov/news-events/alerts/2024/09/26/cisco-releases-security-updates-ios-and-ios-xe-software


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub