๐Ÿ“ฐwrzlbrmpft's cyberlights๐Ÿ’ฅ

weekly cybersecurity highlights (for everyone!)

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

๐Ÿ”” Schwerwiegende Sicherheitslรผcken in Sonicwall SSL-VPN โ€“ aktiv ausgenutzt warning https://www.cert.at/de/warnungen/2025/1/schwewiegende-sicherheitslucken-in-sonicwall-ssl-vpn-aktiv-ausgenutzt


News For All

๐Ÿ•ต๏ธโ€โ™‚๏ธ Privacy of Photos.appโ€™s Enhanced Visual Search privacy โ€“ Apple's Enhanced Visual Search feature, enabled by default, allows photo data to be matched with a global index, raising privacy concerns about data transmission and user consent. https://mjtsai.com/blog/2025/01/01/privacy-of-photos-apps-enhanced-visual-search/

๐Ÿ“Š Telegram Hands U.S. Authorities Data on Thousands of Users privacy โ€“ Telegram provided U.S. authorities with data on over 2,200 users in 2024, marking a significant increase in data requests after its CEO was arrested. https://www.404media.co/telegram-hands-u-s-authorities-data-on-thousands-of-users/

๐Ÿงฌ Widely used DNA sequencer still doesnโ€™t enforce Secure Boot vulnerability โ€“ The Illumina iSeq 100 DNA sequencer lacks Secure Boot enforcement, exposing it to firmware attacks. Researchers warn this vulnerability could be exploited by threat actors in sensitive environments. https://arstechnica.com/security/2025/01/widely-used-dna-sequencer-still-doesnt-enforce-secure-boot/

๐Ÿชฝ UN aviation agency โ€˜investigatingโ€™ security breach after hacker claims theft of personal data data breach โ€“ The ICAO is investigating a security breach after a hacker claimed to have stolen 42,000 documents containing personal data, including names and contact details of individuals. https://techcrunch.com/2025/01/07/un-aviation-agency-investigating-security-breach-after-hacker-claims-theft-of-personal-data/

๐Ÿ”’ Android patches several vulnerabilities in first security update of 2025 security news โ€“ Android's first security update of 2025 addresses critical RCE vulnerabilities that could allow attackers to execute code without privileges. Users are urged to apply patches to protect their devices. https://cyberscoop.com/android-security-update-january-2025/

๐Ÿš˜The leaked GTA San Andreas source code is apparently fake and contains ransomware, so please don't download it malware โ€“ The purported GTA: San Andreas source code leak is fake and harbors ransomware from a new group called Rhysida. https://www.gamesradar.com/games/grand-theft-auto/the-leaked-gta-san-andreas-source-code-is-apparently-fake-and-contains-ransomware-so-please-dont-download-it/

๐Ÿ“น License Plate Readers Are Leaking Real-Time Video Feeds and Vehicle Data security research โ€“ Misconfigured ALPR systems from Motorola are exposing live video feeds and sensitive vehicle data online, raising serious privacy concerns. Over 150 cameras have leaked information due to security flaws. https://www.wired.com/story/license-plate-reader-live-video-data-exposed/

๐Ÿ—ฃ๏ธ Meta replaces fact-checking with community notes post โ€˜Cultural Tipping Pointโ€™ security news โ€“ Meta is shifting from its fact-checking program to a community notes system, emphasizing free speech and reducing censorship. This change aims to simplify policies and enhance user involvement in moderation. https://securityaffairs.com/172793/social-networks/meta-replaces-fact-checking.html

๐Ÿˆ Data of more than 8,500 customers breached on Green Bay Packers shopping website data breach โ€“ The Green Bay Packers reported a breach affecting 8,514 customers due to malicious code on their Pro Shop website, compromising payment information. Affected individuals will receive credit monitoring services. https://therecord.media/green-bay-packers-online-store-data-breach

๐Ÿ” Hereโ€™s how hucksters are manipulating Google to promote shady Chrome extensions cybercrime โ€“ Developers are violating Chrome Web Store policies by using keyword stuffing techniques, including hidden translations, to manipulate search results for extensions. This leads to unrelated or potentially harmful extensions appearing in searches. https://arstechnica.com/security/2025/01/googles-chrome-web-store-has-a-serious-spam-problem-promoting-shady-extensions/

๐Ÿ“ณ Apple says Siri isnโ€™t sending your conversations to advertisers privacy โ€“ Apple denies claims that Siri recordings are used for advertising, stating it has never built marketing profiles from Siri data. This follows a settlement over privacy concerns related to Siri interactions. https://www.theverge.com/2025/1/8/24337477/apple-responds-rumors-siri-advertising-privacy-lawsuit

๐Ÿป Space Bears Ransomware: What You Need To Know cybercrime โ€“ Space Bears is a new ransomware group known for its corporate-like image and ransom tactics. Operating from Moscow, they steal data, encrypt systems, and demand payment, offering post-transaction guarantees. https://www.tripwire.com/state-of-security/space-bears-ransomware-what-you-need-know

๐Ÿ“ Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location data breach โ€“ A hack of Gravy Analytics exposed thousands of apps, including popular ones like Candy Crush and Tinder, used to collect sensitive location data without user knowledge, raising serious privacy concerns. https://www.wired.com/story/gravy-location-data-app-leak-rtb/

๐Ÿ“š PowerSchool data breach leaks info of students and staff at schools across the US data breach โ€“ A data breach at PowerSchool has potentially exposed sensitive information of students and staff, including names, addresses, and Social Security numbers. The company has paid a ransom and claims the data is deleted. https://www.theverge.com/2025/1/10/24340556/powerschool-sis-data-breach-leak-student-data-us-canada-schools

๐Ÿ’ป Slovakiaโ€™s land registry hit by biggest cyberattack in countryโ€™s history, minister says security news โ€“ Slovakia's land registry suffered its largest cyberattack, disrupting property transactions and essential services. The attack, believed to be ransomware, has paralyzed real estate markets and is linked to rising tensions with Ukraine. https://therecord.media/slovakia-registry-cyberattack-land-agriculture

๐Ÿ’ธ A novel PayPal phishing campaign hijacks accounts cybercrime โ€“ Fortinet warns of a phishing campaign targeting PayPal users by using legitimate links to trick victims into granting unauthorized access, potentially compromising their accounts. https://securityaffairs.com/172935/cyber-crime/paypal-phishing-campaign-hijacks-accounts.html

๐Ÿ“ฆ How Cracks and Installers Bring Malware to Your Device security research โ€“ Attackers exploit platforms like YouTube to distribute fake installers, using reputable file hosting services and encryption to evade detection. This malware collects sensitive browser data, highlighting the risks of downloading fraudulent software. https://www.trendmicro.com/en_us/research/25/a/how-cracks-and-installers-bring-malware-to-your-device.html


Some More, For the Curious

๐ŸŽฃ New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages cybercrime โ€“ Cybercriminals have developed PhishWP, a WordPress plugin that creates fake payment pages to steal sensitive data like credit card info. It sends stolen data directly to attackers via Telegram. https://hackread.com/phishwp-plugin-russian-hacker-forum-phishing-sites/

โš ๏ธ MediaTek says โ€˜Happy New Yearโ€™ with critical RCE, other bugs vulnerability โ€“ MediaTek disclosed critical vulnerabilities, including a severe RCE bug in 51 chipsets that could be exploited via attacker-controlled base stations. Device manufacturers were notified and patches are expected. https://www.theregister.com/2025/01/06/mediatek_chipset_vulnerabilities/

๐Ÿญ Industrial networking manufacturer Moxa reports โ€˜criticalโ€™ router bugs vulnerability โ€“ Moxa's cellular and secure routers have critical vulnerabilities allowing privilege escalation and command execution. Users are urged to apply patches or limit network exposure to mitigate risks. https://cyberscoop.com/industrial-networking-manufacturer-moxa-reports-critical-router-bugs/

๐Ÿ“ก Three more telcos reportedly join China Salt Typhoon victims security news โ€“ Charter, Consolidated, and Windstream are the latest telecom companies confirmed as victims of the Salt Typhoon cyberattack, attributed to Chinese government espionage efforts targeting U.S. networks. https://www.theregister.com/2025/01/06/charter_consolidated_windstream_salt_typhoon/

๐Ÿ” CISA says 'no indication' of wider government hack beyond Treasury security news โ€“ CISA reports no evidence of other U.S. federal agencies being hacked in the December cyberattack on the Treasury, attributed to Chinese government-backed hackers accessing employee workstations. https://techcrunch.com/2025/01/06/cisa-says-no-indication-of-wider-government-hack-beyond-treasury/

๐Ÿ›ก๏ธ US adds Tencent to the list of companies supporting Chinese military๏ฟผ security news โ€“ The U.S. Department of Defense has listed Tencent among companies supporting the Chinese military, citing concerns over its technologies' dual-use potential. Tencent plans to appeal, claiming the inclusion is an error. https://securityaffairs.com/172765/security/us-adds-tencent-list-of-companies-supporting-chinese-military.html

๐Ÿฆ  Gayfemboy Botnet targets Four-Faith router vulnerability cybercrime โ€“ The Gayfemboy botnet, a variant of Mirai, exploits vulnerabilities in Four-Faith routers and other devices to conduct DDoS attacks, with over 15,000 active nodes targeting global entities since late 2024. https://securityaffairs.com/172805/malware/gayfemboy-mirai-botnet-four-faith-flaw.html

๐Ÿชข Ukrainian Cyber Alliance destroyed the connectivity of Russian ISP Nodex security news โ€“ The Ukrainian Cyber Alliance hacked Russian ISP Nodex, stealing sensitive data and disrupting connectivity. The ISP confirmed the attack and is working to restore its systems. https://securityaffairs.com/172864/hacktivism/ukrainian-cyber-alliance-destroyed-russian-isp-nodex.html

๐Ÿ’ฐ Facebook awards researcher $100,000 for finding bug that granted internal access security news โ€“ Ben Sadeghipour discovered a vulnerability in Facebook's ad platform that allowed him to run commands on an internal server. Meta awarded him $100,000 for reporting the issue, which was fixed quickly. https://techcrunch.com/2025/01/09/facebook-awards-researcher-100000-for-finding-bug-that-granted-internal-access/

๐Ÿ–ฑ๏ธ Researchers disclosed details of a now-patched Samsung zero-click flaw vulnerability โ€“ Google Project Zero revealed a now-patched zero-click vulnerability (CVE-2024-49415) in Samsung devices that allowed remote code execution via audio messages, affecting Galaxy S23 and S24 models. https://securityaffairs.com/172909/hacking/samsung-zero-click-flaw.html

๐Ÿ”‘ How We Cracked a 512-Bit DKIM Key for Less Than $8 in the Cloud hacking write-up โ€“ Researchers cracked a 512-bit DKIM key using a cloud server for under $8, revealing the insecurity of short RSA keys. They tested DKIM signatures, finding some providers accepted the compromised key. https://dmarcchecker.app/articles/crack-512-bit-dkim-rsa-key

๐Ÿšผ WorstFit: Unveiling Hidden Transformers in Windows ANSI! hacking write-up โ€“ Research reveals a novel attack surface in Windows through the Best-Fit character conversion feature, leading to vulnerabilities like Path Traversal and RCE. The study highlights risks associated with encoding mishandling and provides examples of exploitation. https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/

๐Ÿ” Using SYN Port Scans with Source IP Spoofing For Offensive Deception cyber defense โ€“ This article discusses how attackers use SYN port scanning with spoofed IP addresses as a deceptive tactic to generate alerts, diverting SOC teams' attention from real threats. It highlights the challenges modern IDS face in detecting such evasion techniques. https://tierzerosecurity.co.nz/2025/01/08/syn-spoof-scan.html


CISA Corner

โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added three vulnerabilities, including two from Mitel and one from Oracle, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, highlighting significant security risks. https://www.cisa.gov/news-events/alerts/2025/01/07/cisa-adds-three-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds One Vulnerability to the KEV Catalog warning โ€“ CISA has added CVE-2025-0282, a vulnerability in Ivanti Connect Secure, to its Known Exploited Vulnerabilities Catalog, urging organizations to implement mitigations and report incidents promptly. https://www.cisa.gov/news-events/alerts/2025/01/08/cisa-adds-one-vulnerability-kev-catalog

โš™๏ธ CISA Releases Two Industrial Control Systems Advisories vulnerability โ€“ CISA issued two advisories on January 7, 2025, highlighting security issues in ABB and Nedap ICS products. Users are urged to review for vulnerabilities and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/01/07/cisa-releases-two-industrial-control-systems-advisories โš™๏ธ CISA Releases Four Industrial Control Systems Advisories vulnerability โ€“ CISA has issued four advisories on January 10, 2025, detailing security vulnerabilities in various Industrial Control Systems, urging users to review for technical details and mitigations. https://www.cisa.gov/news-events/alerts/2025/01/10/cisa-releases-four-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

๐Ÿ“ง Mails zur Rรผckerstattung von ORF warning โ€“ Aktuell erhalten viele Personen Phishing-E-Mails, die fรคlschlicherweise eine Rรผckerstattung von ORF-Gebรผhren in Hรถhe von 34,40 Euro versprechen, um Kontodaten zu stehlen. https://www.watchlist-internet.at/news/betruegerisches-orf-rueckerstattung-e-mail/


News For All

๐Ÿงฉ Large language models can do jaw-dropping things. But nobody knows exactly why. security research โ€“ Researchers explore the unpredictable behaviors of large language models, such as 'grokking' and 'double descent', revealing a lack of understanding behind their impressive capabilities and potential risks. https://www.technologyreview.com/2024/03/04/1089403/large-language-models-amazing-but-nobody-knows-why/

๐Ÿฆ  The Mac Malware of 2024 malware โ€“ A detailed overview of new macOS malware in 2024, including various types like info stealers, their infection vectors, persistence mechanisms, and technical insights into their operations. https://objective-see.org/blog/blog_0x7D.html

๐Ÿšจ Threat actors attempt to exploit a flaw in Four vulnerability โ€“ Researchers warn of active exploitation of a high-severity OS command injection vulnerability in Four-Faith routers, allowing remote attackers to execute arbitrary commands using default credentials. https://securityaffairs.com/172450/hacking/four-faith-routers-flaw-exploited.html

๐Ÿ”‘ Passkey technology is elegant, but itโ€™s most definitely not usable security security news โ€“ Despite their security advantages, passkeys face usability issues due to inconsistent implementations across platforms, confusing workflows, and reliance on passwords, undermining their intended benefits. https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/

๐Ÿ”’ AT&T and Verizon say networks are secure after being breached by China-linked Salt Typhoon hackers cybercrime โ€“ AT&T and Verizon claim their networks are secure after being targeted by the China-linked Salt Typhoon hackers, stating they have contained the incident with no ongoing threat activity detected. https://techcrunch.com/2024/12/30/verizon-says-it-has-secured-its-network-after-breach-by-china-linked-salt-typhoon-group/

๐ŸŒ The Most Dangerous People on the Internet in 2024 cybercrime โ€“ In 2024, the internet remains perilous, driven by disruptive figures like Elon Musk, Donald Trump, state-sponsored hackers, and ransomware groups, all contributing to a chaotic online environment. https://www.wired.com/story/the-most-dangerous-people-on-the-internet-in-2024/

๐Ÿš— Volkswagen leak exposed location data for 800,000 electric cars data breach โ€“ A data leak exposed precise location data for 800,000 Volkswagen electric vehicles, potentially allowing tracking of drivers, along with personal information like emails and phone numbers. https://www.theverge.com/2024/12/30/24332181/volkswagen-data-leak-exposed-location-evs

๐Ÿ“ฐ Telegram blocks Russian state media channels in several EU countries security news โ€“ Telegram has blocked access to Russian state media channels in multiple EU countries, citing local law violations, prompting accusations of censorship from Moscow and highlighting ongoing tensions over media control. https://therecord.media/telegram-blocks-russian-state-channels

๐Ÿ”“ AT&T, Verizon, Lumen confirm Salt Typhoon breach data breach โ€“ AT&T, Verizon, and Lumen confirmed breaches by the Chinese state-sponsored Salt Typhoon group, which allowed access to geolocation data and potential recording of calls, highlighting significant cybersecurity vulnerabilities. https://www.theregister.com/2024/12/30/att_verizon_confirm_salt_typhoon_breach/

๐Ÿ Not just one bad apple: FTX's practices were business as usual in crypto security research โ€“ The collapse of FTX reveals widespread unethical practices in the crypto industry, including secret acquisitions, unaudited financials, and connections to criminal activity, indicating that FTX's behavior was not an isolated incident. https://www.citationneeded.news/not-just-one-bad-apple/

๐Ÿ’ณ Gift Card Fraud cybercrime โ€“ Organized crime is increasingly using gift card fraud tactics, such as card draining, where criminals tamper with gift cards and return them to stores, enabling them to steal funds loaded by unsuspecting customers. https://www.schneier.com/blog/archives/2024/12/gift-card-fraud.html

๐Ÿ”’ New Yearโ€™s cybersecurity resolutions that every startup should keep security news โ€“ As 2024 ended with numerous data breaches, startups should adopt cybersecurity resolutions like using password managers, implementing multi-factor authentication, applying software patches, backing up data, being cautious with phone calls, and maintaining transparency about incidents. https://techcrunch.com/2024/12/31/new-year-cybersecurity-resolutions-that-every-startup-should-keep/

๐Ÿ”“ Rhode Island โ€™s data from health benefits system leaked on the dark web data breach โ€“ Rhode Island's health benefits system was hacked, resulting in leaked resident data on the dark web. The state is informing affected individuals and advising them to take protective measures. https://securityaffairs.com/172503/cyber-crime/rhode-island-data-breach.html

๐Ÿ—‘๏ธ Hey, Maybe It's Time to Delete Some Old Chat Histories privacy โ€“ As old chat histories may expose sensitive information, users are encouraged to declutter their digital footprint by deleting outdated messages and utilizing features like auto-delete to enhance privacy. https://www.wired.com/story/old-chat-history-delete/

๐Ÿ’ฐ Apple to pay $95 million to settle Siri privacy lawsuit privacy โ€“ Apple will pay $95 million to settle a class-action lawsuit claiming Siri recorded conversations without consent and shared them with third parties. Affected users may receive up to $20 each. https://therecord.media/apple-to-pay-95-million-siri-lawsuit

๐Ÿ” Google Is Allowing Device Fingerprinting privacy โ€“ Google's decision to permit device fingerprinting starting in 2025 has been criticized as a significant setback for user privacy. https://www.schneier.com/blog/archives/2025/01/google-is-allowing-device-fingerprinting.html

๐Ÿ“ž A US soldier was arrested for leaking presidential call logs security news โ€“ US Army soldier Cameron John Wagenius was arrested for allegedly leaking presidential call logs and selling stolen records from AT&T and Verizon under the alias 'Kiberphant0m.' https://securityaffairs.com/172589/cyber-crime/us-soldier-arrested-for-leaking-presidential-call-logs.html

๐Ÿ”’ Time to check if you ran any of these 33 malicious Chrome extensions malware โ€“ A recent discovery revealed that 33 malicious Chrome extensions, used by approximately 2.6 million devices, siphoned sensitive data through a double-click attack, prompting users to change passwords and review their security. https://arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/

๐Ÿค– Meta's AI Profiles Are Indistinguishable From Terrible Spam That Took Over Facebook security news โ€“ Meta's plan to introduce AI character profiles on Instagram and Facebook has sparked concerns as existing, poorly received AI profiles have led users to fear an influx of spam-like content on the platforms. https://www.404media.co/metas-ai-profiles-are-indistinguishable-from-terrible-spam-that-took-over-facebook/

๐Ÿ”’ Atos mostly denies Space Bears' ransomware claims security news โ€“ Atos denied a ransomware breach by Space Bears but acknowledged that third-party infrastructure containing data linked to Atos was compromised. The company emphasized that its own systems were not affected. https://www.theregister.com/2025/01/04/atos_denies_space_bears_ransomware/

๐Ÿ” Encryption backdoor debate 'done and dusted' security news โ€“ Following the Salt Typhoon hacks, US officials have reversed their stance on encryption, now advocating for end-to-end encryption without backdoors to protect communications from cyber threats. https://www.theregister.com/2025/01/04/encryption_backdoor_debate/


Some More, For the Curious

๐Ÿ”ง Why Configurations Are the Wrong Thing to Get Wrong cyber defense โ€“ Misconfigurations remain a leading cause of data breaches, with many organizations neglecting basic security practices. Proper management can significantly reduce vulnerabilities. https://www.tripwire.com/state-of-security/configurations-mega-blog-why-configurations-are-wrong-thing-get-wrong

๐Ÿค” 10 Non-tech things you wish you had done after being breached security news โ€“ Post-breach recovery involves vital non-tech actions like reinforcing NDAs, reviewing third-party relationships, updating employee training, and conducting reputation assessments to strengthen resilience. https://www.pentestpartners.com/security-blog/10-non-tech-things-you-wish-you-had-done-after-being-breached/

๐Ÿ› ๏ธ Prioritizing patching: A deep dive into frameworks and tools โ€“ Part 2: Alternative frameworks cyber defense โ€“ This article explores alternative frameworks like EPSS and SSVC for vulnerability prioritization, highlighting their strengths and limitations in comparison to CVSS, and emphasizing the need for a tailored approach based on organizational context. https://news.sophos.com/en-us/2024/12/30/prioritizing-patching-a-deep-dive-into-frameworks-and-tools-part-2-alternative-frameworks/

๐Ÿ” Log4j Log4Shell Vulnerability Q&A vulnerability โ€“ The article discusses the Log4j Log4Shell vulnerability, its detection, comparison to Shellshock, and solutions for identifying and remediating affected packages using tools like JFrog Xray. https://jfrog.com/blog/a-log4j-log4shell-vulnerability-qa/

๐Ÿ–ฑ๏ธ DoubleClickjacking allows clickjacking on major websites vulnerability โ€“ The 'DoubleClickjacking' exploit uses a double-click sequence to bypass clickjacking protections on major websites, potentially leading to account takeovers and unauthorized actions. https://securityaffairs.com/172572/hacking/doubleclickjacking-clickjacking-on-major-websites.html

๐Ÿ’ป Japan's largest mobile carrier says cyberattack disrupted some services security news โ€“ NTT Docomo, Japan's largest mobile carrier, reported a DDoS cyberattack that temporarily disrupted services, including its news and video platforms. Most services have been restored, but delays may continue. https://therecord.media/ntt-docomo-japan-mobile-carrier-ddos-incident

๐Ÿ“ฑ stealing malware supports spyware capabilities malware โ€“ FireScam malware targets Android devices by masquerading as a fake 'Telegram Premium' app, stealing sensitive information through notification monitoring and exfiltrating data to a Firebase database. https://securityaffairs.com/172656/malware/firescam-android-malware.html

โš ๏ธ Malicious npm packages target Ethereum developers malware โ€“ A supply chain attack involving malicious npm packages is targeting Ethereum developers by impersonating Hardhat plugins, aiming to steal private keys and sensitive data from development environments. https://securityaffairs.com/172671/malware/malicious-npm-packages-target-ethereum-developers.html

๐Ÿงฌ Studie: Entwicklungsstand Quantencomputer Version 2.1 security research โ€“ This study examines the theoretical and practical developments in quantum computing, particularly in cryptanalysis, providing insights for scientists and actionable information for decision makers. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/Quantencomputer/Entwicklungstand_QC_V_2_1.html


CISA Corner

โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has included CVE-2024-3393, a vulnerability in Palo Alto Networks' PAN-OS, in its Known Exploited Vulnerabilities Catalog, emphasizing the need for federal agencies to remediate it to mitigate risks. https://www.cisa.gov/news-events/alerts/2024/12/30/cisa-adds-one-known-exploited-vulnerability-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿ›ก๏ธ Microsoft Recall screenshots credit cards and Social Security numbers, even with the โ€œsensitive informationโ€ filter enabled privacy โ€“ Microsoft's Recall feature, designed to capture screenshots, fails to adequately filter sensitive information like credit card numbers and Social Security numbers, raising privacy concerns despite encryption efforts. https://www.tomshardware.com/software/windows/microsoft-recall-screenshots-credit-cards-and-social-security-numbers-even-with-the-sensitive-information-filter-enabled

๐Ÿก OpenWrt supply chain attack scare prompts urgent upgrades vulnerability โ€“ OpenWrt users are urged to upgrade their firmware to mitigate a potential supply chain attack involving command injection and weak hash vulnerabilities that could allow attackers to serve malicious images. https://www.theregister.com/2024/12/09/openwrt_firmware_vulnerabilities/

๐Ÿ”’ WhatsApp patches View Once flaw exposing vanishing media security news โ€“ WhatsApp has fixed a vulnerability in its View Once feature, which allowed disappearing media to be accessed through web clients and rogue browser extensions, undermining user privacy. https://www.theregister.com/2024/12/10/whatsapp_view_once/

๐Ÿ›ก๏ธ EU cybersecurity rules for smart devices enter into force security news โ€“ The EU's Cyber Resilience Act has come into effect, imposing security obligations on manufacturers of connected devices, requiring them to provide updates and ensure compliance by December 2027. https://techcrunch.com/2024/12/10/eu-cybersecurity-rules-for-smart-devices-enter-into-force/

๐Ÿ’ฐ 3AM Ransomware: What You Need To Know malware โ€“ 3AM is a ransomware group that exfiltrates and encrypts data, using Rust for speed. Notably linked to LockBit, it threatens victims with data leaks unless a ransom is paid. https://www.tripwire.com/state-of-security/3am-ransomware-what-you-need-know

๐Ÿšจ Location Data Firm Offers to Help Cops Track Targets via Doctor Visits privacy โ€“ Fog Data Science is proposing to assist police in tracking individuals by using location data linked to their doctors' offices, raising privacy concerns amidst increasing surveillance of healthcare visits. https://www.404media.co/location-data-firm-offers-to-help-cops-track-targets-via-doctor-visits/

๐Ÿ’ธ French internet operator fined $53 million for unsolicited ads and tracking users without consent privacy โ€“ France's CNIL fined Orange S.A. $53 million for sending unsolicited ads and tracking users without consent, violating data protection laws, despite the company claiming the practices were standard. https://therecord.media/french-internet-operator-fined-53-million-unsolicited-ads-tracking

๐ŸŽ„ Network security best practices for the holidays security news โ€“ As cyber threats rise during the holidays, ensure your network is secure by updating infrastructure, shutting down non-essential systems, and implementing multi-factor authentication to protect against attacks. https://news.sophos.com/en-us/2024/12/10/network-security-best-practices-for-the-holidays/

๐Ÿ”‘ How easily access cards can be cloned and why your PACS might be vulnerable hacking write-up โ€“ Access cards can be easily cloned due to vulnerabilities in Physical Access Control Systems (PACS). Proper configuration and secure tokens are essential to protect against cloning threats. https://www.pentestpartners.com/security-blog/how-easily-access-cards-can-be-cloned-and-why-your-pacs-might-be-vulnerable/

๐Ÿ‘ Patch Tuesday, December 2024 Edition security news โ€“ Microsoft patched at least 70 security vulnerabilities, including a zero-day exploit (CVE-2024-49138) in the Windows CLFS driver that allows attackers to gain system privileges. Users are urged to update systems. https://krebsonsecurity.com/2024/12/patch-tuesday-december-2024-edition/

๐Ÿ’ต How Cryptocurrency Turns to Cash in Russian Banks โ€“ Krebs on Security cybercrime โ€“ Research reveals that a Canadian firm, Cryptomus, acts as a payment processor for Russian cryptocurrency exchanges, enabling cash conversion for cybercrime services and evasion of sanctions against Russia. https://krebsonsecurity.com/2024/12/how-cryptocurrency-turns-to-cash-in-russian-banks/

๐Ÿšซ Mozilla removing Do Not Track option from Firefox 135 privacy โ€“ Mozilla will remove the Do Not Track feature from Firefox 135 due to its ineffectiveness, directing users to utilize the Global Privacy Control instead, which aims to enhance online privacy. https://www.theregister.com/2024/12/12/firefox_do_not_track/

๐Ÿ›‘ 27 DDoS-For-Hire Services Disrupted In Run-Up To Holiday Season cybercrime โ€“ Operation PowerOFF, involving law enforcement from 15 countries, has disrupted 27 DDoS-for-hire services ahead of the holiday season, arresting several individuals and aiming to deter cybercriminal activity. https://www.tripwire.com/state-of-security/27-ddos-hire-services-disrupted-run-holiday-season

๐Ÿš™ Researchers find security flaws in Skoda cars that may let hackers remotely track them vulnerability โ€“ Security researchers identified 12 vulnerabilities in Skoda Superb III's infotainment system that could allow hackers to track vehicles and execute malicious code via Bluetooth without authentication. https://techcrunch.com/2024/12/12/researchers-find-security-flaws-in-skoda-cars-that-may-let-hackers-remotely-track-them/

๐Ÿ” The Top Ten List of Why You Got Hacked This Year (2023/2024) security news โ€“ An analysis of penetration testing findings reveals the top reasons for security breaches, including lack of firewall restrictions, weak protocols, outdated web applications, social engineering, and poor password policies. https://www.blackhillsinfosec.com/top-ten-list-of-why-you-got-hacked-this-year-2023-2024/

๐Ÿ“ฆ Critical WordPress plugin vulnerability under active exploit threatens thousands vulnerability โ€“ A critical vulnerability (CVE-2024-11972) in the Hunk Companion WordPress plugin, affecting over 10,000 sites, is actively exploited for unauthenticated code execution, with only 12% of users having applied the patch. https://arstechnica.com/security/2024/12/thousands-of-sites-remain-unpatched-against-actively-exploited-wordpress-plugin-bug/

๐Ÿช™ Cleo urges customers to โ€˜immediatelyโ€™ apply new patch as researchers discover new malware vulnerability โ€“ Cleo has urged users to apply a new patch for a critical vulnerability in its file sharing products, following reports of ongoing exploitation and the discovery of a new malware family, Malichus. https://therecord.media/cleo-urges-customers-to-immediately-patch-systems-after-exploitation

๐Ÿ’ฐ Game-like โ€˜task scamsโ€™ stole more than $220 million in six months cybercrime โ€“ The FTC warns about game-like online job scams that have stolen over $220 million in six months, accounting for 40% of scam reports this year. Victims are often tricked into paying scammers under false promises of income. https://www.theverge.com/2024/12/13/24320391/ftc-task-scams-spotlight-warning

๐Ÿ”‘ The Simple Math Behind Public Key Cryptography security news โ€“ Public key cryptography uses a pair of keysโ€”one public and one privateโ€”to secure communications, relying on mathematical trapdoor functions that are easy to compute one way but difficult to reverse, ensuring data security against unauthorized access. https://www.wired.com/story/how-public-key-cryptography-really-works-using-only-simple-math/


Some More, For the Curious

๐Ÿ”’ Mitigating NTLM Relay Attacks by Default cyber defense โ€“ Microsoft has enhanced security by enabling Extended Protection for Authentication (EPA) by default in Exchange Server and other services to combat NTLM relay attacks, protecting users' identities. https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/

โš ๏ธ Cleo Harmony, VLTrader, and LexiCom โ€“ RCE via Arbitrary File Write (CVE-2024-50623) vulnerability โ€“ A zero-day exploit in Cleo's file transfer software allows attackers to execute remote code via arbitrary file write. Patched versions still vulnerable; urgent updates are needed. https://labs.watchtowr.com/cleo-cve-2024-50623/

๐Ÿ’ป Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows malware โ€“ A new cross-platform malware named Meeten targets crypto users via AI-generated scams, stealing sensitive information from macOS and Windows systems through deceptive downloads. https://www.cadosecurity.com/blog/meeten-malware-threat

๐ŸŽญ Malicious Maven Package Impersonating 'XZ for Java' Library ... security research โ€“ A malicious Maven package impersonating the legitimate XZ for Java library introduces a backdoor for remote command execution, posing significant risks to Java applications and supply chains. https://socket.dev/blog/malicious-maven-package-impersonating-xz-for-java-library

๐Ÿšจ Stark gestiegenes Aufkommen an Microsoft Remote Desktop Protokoll (RDP) Scanning warning โ€“ A significant surge in Microsoft Remote Desktop Protocol (RDP) scanning has been observed, particularly targeting port 1098. It's advised to restrict RDP access to enhance security. https://www.cert.at/de/aktuelles/2024/12/stark-gestiegenes-aufkommen-an-microsoft-remote-desktop-protokoll-rdp-scanning

๐Ÿ’ฅ AMDโ€™s trusted execution environment blown wide open by new BadRAM attack vulnerability โ€“ Researchers revealed the BadRAM attack, which exploits vulnerabilities in AMD's Secure Encrypted Virtualization, allowing physical access to bypass protections and compromise sensitive data in virtual machines. https://arstechnica.com/information-technology/2024/12/new-badram-attack-neuters-security-assurances-in-amd-epyc-processors/

๐Ÿ”ง Ivanti fixed a maximum severity vulnerability in its CSA solution vulnerability โ€“ Ivanti addressed a critical authentication bypass vulnerability (CVE-2024-11639) in its Cloud Services Appliance, allowing remote attackers to gain administrative access. Additional SQL injection vulnerabilities were also fixed in version 5.0.3. https://securityaffairs.com/171850/breaking-news/ivanti-maximum-severity-flaw-csa-solution.html

๐Ÿ“Š Latest round of MITRE ATT&CK evaluations put cybersecurity products through rigors of ransomware security news โ€“ MITRE's latest ATT&CK evaluations assessed 19 vendors against ransomware tactics, revealing disparities in detection rates and false positives. The inclusion of macOS threats highlighted evolving security challenges. https://cyberscoop.com/mitre-attack-evaluations-ransomware-macos/

๐Ÿ‘๏ธ Researchers uncover Chinese spyware used to target Android devices security research โ€“ Researchers at Lookout revealed EagleMsgSpy, a Chinese spyware tool used by law enforcement to collect extensive data from Android devices, including messages and location information, potentially posing risks to travelers. https://techcrunch.com/2024/12/11/researchers-uncover-chinese-spyware-used-to-target-android-devices/

๐Ÿคž The evolution and abuse of proxy networks cybercrime โ€“ Proxy networks have evolved from privacy tools like VPNs and TOR to being exploited by cybercriminals and state-sponsored actors for malicious activities, including DDoS attacks and espionage, posing challenges for defenders. https://blog.talosintelligence.com/the-evolution-and-abuse-of-proxy-networks/

๐Ÿ” Zero Day Initiative โ€” SolarWinds Access Rights Manager: One Vulnerability to LPE Them All vulnerability โ€“ Research revealed multiple vulnerabilities in SolarWinds Access Rights Manager, including pre-auth arbitrary file deletion that could allow attackers to escalate privileges remotely on Windows machines, particularly if using a Domain Admin account. https://www.thezdi.com/blog/2024/12/11/solarwinds-access-rights-manager-one-vulnerability-to-lpe-them-all

๐Ÿ”’ Google says its breakthrough quantum chip canโ€™t break modern cryptography security news โ€“ Google's Willow quantum chip, while powerful, is not capable of breaking modern cryptography. Experts estimate it will take millions of qubits and at least a decade to potentially crack RSA encryption. https://www.theverge.com/2024/12/12/24319879/google-willow-cant-break-rsa-cryptography

๐Ÿ“Š Common Vulnerability Scoring System (CVSS) security news โ€“ The Common Vulnerability Scoring System (CVSS) is a standardized framework used to assess the severity of software vulnerabilities, providing a numerical score to help organizations prioritize their responses. https://vulncheck.com/blog/common-vulnerability-scoring-system

โ›“๏ธโ€๐Ÿ’ฅ Ultralytics Supply-Chain Attack security research โ€“ A supply-chain attack on the Ultralytics AI library led to a malicious version being published on PyPI, which downloaded a coinminer. Experts recommend improving security configurations for package publishers. https://www.schneier.com/blog/archives/2024/12/ultralytics-supply-chain-attack.html

๐Ÿ” XRefer: The Gemini-Assisted Binary Navigator security research โ€“ Mandiant introduces XRefer, a tool designed to assist malware analysts by providing cluster-based navigation and context-aware views for understanding complex binaries, enhancing efficiency in reverse engineering. https://cloud.google.com/blog/topics/threat-intelligence/xrefer-gemini-assisted-binary-navigator/

โ›ณ German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox malware โ€“ BSI has disrupted a botnet of 30,000 infected devices running BadBox malware, blocking communication and preventing further exploitation. Outdated Android versions are at risk. https://securityaffairs.com/171968/malware/bsi-sinkholed-badbox-botnet.html


CISA Corner

โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2024-49138, a heap-based buffer overflow vulnerability in Microsoft Windows CLFS Driver, to its Known Exploited Vulnerabilities Catalog due to active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/12/10/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2024-50623, an unrestricted file upload vulnerability affecting Cleo products, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, highlighting significant risks for federal agencies. https://www.cisa.gov/news-events/alerts/2024/12/13/cisa-adds-one-known-exploited-vulnerability-catalog

๐Ÿ”’ Microsoft Releases December 2024 Security Updates security news โ€“ Microsoft has issued security updates for various products to fix vulnerabilities that could allow cyber attackers to take control of affected systems. Users are urged to apply the updates promptly. https://www.cisa.gov/news-events/alerts/2024/12/10/microsoft-releases-december-2024-security-updates ๐Ÿ”’ Ivanti Releases Security Updates for Multiple Products security news โ€“ Ivanti has issued security updates for several products, including Ivanti Cloud Service Application and Ivanti Connect Secure, urging users to review advisories and apply necessary updates. https://www.cisa.gov/news-events/alerts/2024/12/10/ivanti-releases-security-updates-multiple-products ๐Ÿ”’ Adobe Releases Security Updates for Multiple Products security news โ€“ Adobe has issued security updates for several products, including Acrobat and Illustrator, to fix vulnerabilities that could allow cyber attackers to take control of affected systems. https://www.cisa.gov/news-events/alerts/2024/12/10/adobe-releases-security-updates-multiple-products ๐Ÿ”’ Apple Releases Security Updates for Multiple Products security news โ€“ Apple has issued security updates for various products to fix vulnerabilities that could allow cyber attackers to take control of affected systems. Users are urged to review advisories and apply updates promptly. https://www.cisa.gov/news-events/alerts/2024/12/12/apple-releases-security-updates-multiple-products

โš™๏ธ CISA Releases Seven Industrial Control Systems Advisories vulnerability โ€“ CISA has issued seven advisories on ICS vulnerabilities, including products from MOBATIME, Schneider Electric, National Instruments, and Rockwell Automation, urging users to review for mitigations. https://www.cisa.gov/news-events/alerts/2024/12/10/cisa-releases-seven-industrial-control-systems-advisories โš™๏ธ CISA Releases Ten Industrial Control Systems Advisories vulnerability โ€“ CISA has published ten advisories addressing vulnerabilities in various Siemens Industrial Control Systems, urging users to review the advisories for technical details and necessary mitigations. https://www.cisa.gov/news-events/alerts/2024/12/12/cisa-releases-ten-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿค– How threat actors can use generative artificial intelligence? cybercrime โ€“ Generative AI is increasingly exploited by cybercriminals for phishing, deepfakes, and disinformation campaigns, posing significant risks in cybersecurity. https://securityaffairs.com/171582/uncategorized/how-threat-actors-can-use-generative-artificial-intelligence.html

๐Ÿ” Are You Being Tracked by an AirTag? Hereโ€™s How to Check privacy โ€“ To check for unwanted AirTag tracking, iPhone users should enable notifications and scan for unknown devices, while Android users can use the Tracker Detect app. If found, remove the battery and contact authorities if necessary. https://www.wired.com/story/how-to-find-airtags/

๐Ÿชง Indian online ID verification firm Signzy confirms security incident data breach โ€“ Signzy, a major online ID verification provider, confirmed a cyberattack impacting its services for financial institutions. Although some client data was briefly visible online, many customers report no data compromise. https://techcrunch.com/2024/12/02/indian-online-id-verification-firm-signzy-confirms-security-incident/

๐Ÿ“ณ Small number of vulnerabilities patched in last Android security update of 2024 security news โ€“ Google's December 2024 Android Security Bulletin addresses several vulnerabilities, including a high-severity flaw (CVE-2024-43767) allowing remote code execution. Patches are provided to partners for various Android components. https://cyberscoop.com/android-security-update-december-2024/

๐Ÿšซ Certain names make ChatGPT grind to a halt, and we know why security research โ€“ ChatGPT encounters issues when certain names are mentioned due to hard-coded filters, likely stemming from past defamation lawsuits. This can hinder user experience and raise concerns about adversarial attacks. https://arstechnica.com/information-technology/2024/12/certain-names-make-chatgpt-grind-to-a-halt-and-we-know-why/

๐Ÿ‘ฏ Apple patents system for identifying people when facial scans arenโ€™t enough privacy โ€“ Apple's newly approved patent describes a system that enhances facial recognition with body characteristics like gait and clothing to identify individuals even in unclear video feeds. https://therecord.media/apple-patent-body-recognition-biometrics

๐Ÿ’ผ Xerox, Nokia, BofA, Morgan Stanley's employees data dumped data breach โ€“ A massive data breach linked to the MOVEit vulnerability has exposed personal data of hundreds of thousands of employees from companies like Xerox, Nokia, Bank of America, and Morgan Stanley, posing risks for social engineering attacks. https://www.theregister.com/2024/12/03/760k_xerox_nokia_bofa_morgan/

๐Ÿ›‘ Data brokers may be banned from selling your social security number privacy โ€“ The CFPB proposes a rule to limit data brokers from selling sensitive personal information, including Social Security numbers, requiring compliance with the Fair Credit Reporting Act and explicit consumer consent for data sharing. https://www.theverge.com/2024/12/3/24311498/cfpb-rule-data-brokers-social-security-number-fico-score

โฌ†๏ธ North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets cybercrime โ€“ North Korean hackers are using false identities to pose as remote IT workers and venture capitalists to steal cryptocurrency and sensitive information, employing sophisticated tactics to infiltrate unsuspecting companies. https://www.bitdefender.com/en-us/blog/hotforsecurity/north-korean-hackers-masquerade-as-remote-it-workers-and-venture-capitalists-to-steal-crypto-and-secrets

๐Ÿ”— Why Phishers Love New TLDs Like .shop, .top and .xyz cybercrime โ€“ Phishing attacks surged nearly 40% due to new generic top-level domains (gTLDs) like .shop and .xyz, which offer cheap registration and minimal verification, making them attractive to scammers. New research highlights the need for stricter regulations. https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/

๐Ÿ“Š Your Bluesky Posts Are Probably In A Bunch of Datasets Now privacy โ€“ Bluesky posts are being scraped into large datasets for machine learning, sparking controversy over consent and privacy. Multiple datasets, including one with 298 million posts, have emerged, raising ethical and legal concerns. https://www.404media.co/bluesky-posts-machine-learning-ai-datasets-hugging-face/

๐Ÿš— โ€˜A Total Meltdownโ€™: Black Friday Zipcar Outage Strands Customers in Random Places security news โ€“ A Zipcar outage on Black Friday stranded customers nationwide, locking them out of rented cars and leading to surprise charges. The company attributed the issue to increased site traffic and SMS service problems. https://www.404media.co/a-total-meltdown-black-friday-zipcar-outage-strands-customers-in-random-places/

๐ŸŒ Finland says latest fiber-optic cable break was an accident, not sabotage security news โ€“ Finland's police confirmed that the recent damage to two fiber-optic cables was accidental, caused by excavation work, not sabotage. The incident led to a major internet outage affecting 6,000 customers and 100 businesses. https://therecord.media/finland-sweden-cable-accident-not-malicious

๐Ÿšซ Two data brokers banned from selling โ€˜sensitiveโ€™ location data by the FTC privacy โ€“ The FTC has banned Gravy Analytics and Mobilewalla from selling sensitive location data, citing violations that put millions of Americans at risk by enabling tracking to sensitive sites. The companies must comply with strict data handling regulations. https://www.theverge.com/2024/12/3/24312313/ftc-bans-sensitive-location-data-brokers-gravy-analytics-venntel-mobilewalla

๐Ÿ’ฌ Eurocops red pill the Matrix 'secure' criminal chat systems cybercrime โ€“ French and Dutch police have dismantled the Matrix chat app, a secure messaging tool for criminals, after infiltrating its servers. The operation yielded 2.3 million messages related to criminal activities and resulted in multiple arrests. https://www.theregister.com/2024/12/04/eurocop_crack_matrix/

๐Ÿ’ป Tech Support Scams Exploit Google Ads to Target Users cybercrime โ€“ Cybercriminals are using Google Ads for tech support scams, manipulating search results to display malicious ads impersonating legitimate companies like PayPal and Netflix. https://www.tripwire.com/state-of-security/tech-support-scams-exploit-google-ads-target-users

๐Ÿ—ณ๏ธ AI and the 2024 Elections security news โ€“ In the unprecedented 2024 elections, AI played a significant role, with both beneficial and harmful applications observed. While AI-assisted campaigns helped connect with voters, misinformation and deepfakes raised concerns about electoral integrity. https://www.schneier.com/blog/archives/2024/12/ai-and-the-2024-elections.html

๐Ÿ”’ U.S. Offered $10M for Hacker Just Arrested by Russia cybercrime โ€“ Mikhail Matveev, known as 'Wazawaka,' was arrested by Russian authorities after being indicted by the U.S. for ransomware activities. The arrest raises questions about motivations behind the move, with experts suggesting it could be linked to local corruption and financial pressures. https://krebsonsecurity.com/2024/12/u-s-offered-10m-for-hacker-just-arrested-by-russia/

๐ŸŽญ Deepfake YouTube Ads of Celebrities Promise to Get You โ€˜Rock Hardโ€™ security news โ€“ YouTube ran ads featuring deepfaked celebrities like Schwarzenegger and Stallone promoting erectile dysfunction supplements. These misleading ads, using AI-generated voices, have been removed after being flagged for false endorsements. https://www.404media.co/deepfake-youtube-ads-of-celebrities-promise-to-get-you-rock-hard/

๐Ÿš” Authorities shut down Crimenetwork, the Germany's largest crime marketplace cybercrime โ€“ German authorities have dismantled Crimenetwork, the largest German-speaking underground marketplace for illegal goods, arresting an administrator and seizing โ‚ฌ1 million in assets. The platform facilitated extensive criminal activities since 2012. https://securityaffairs.com/171658/cyber-crime/german-authorities-shut-down-crimenetwork.html

๐Ÿซฅ US officials recommend encrypted messaging to evade hackers in telecom networks security news โ€“ FBI and CISA officials advise Americans to use encrypted messaging apps to protect communications from hackers linked to the Chinese group Salt Typhoon, who may still access U.S. telecom networks. https://www.theverge.com/2024/12/4/24313187/encrypted-apps-salt-typhoon-hack-telecom-fbi-cisa

๐Ÿ” $1 phone scanner finds seven Pegasus spyware infections privacy โ€“ iVerify's $1 diagnostic tool detected seven instances of Pegasus spyware among 2,500 scans, indicating a broader scope of spyware use beyond just targeting activists. The findings challenge the narrative that commercial spyware is only used against a select few. https://arstechnica.com/security/2024/12/1-phone-scanner-finds-seven-pegasus-spyware-infections/

๐Ÿ”‘ Your AI clone could target your family, but thereโ€™s a simple defense security news โ€“ The FBI advises families to establish a secret word or phrase to verify identity and protect against AI voice-cloning scams, as criminals increasingly use AI to impersonate loved ones for fraud. https://arstechnica.com/ai/2024/12/your-ai-clone-could-target-your-family-but-theres-a-simple-defense/


Some More, For the Curious

๐Ÿคฆโ€โ™‚๏ธ New era of slop security reports for open source security news โ€“ An increase in low-quality security reports from AI tools burdens open source maintainers, leading to burnout and confusion. Better reporting practices are needed to protect valuable contributors. https://sethmlarson.dev/slop-security-reports

๐Ÿ’ฐ Supply Chain Attack Detected in Solana's web3.js Library security research โ€“ Versions 1.95.6 and 1.95.7 of the @solana/web3.js library were compromised to steal private keys, risking users' cryptocurrency wallets. Developers are urged to audit and secure their projects immediately. https://socket.dev/blog/supply-chain-attack-solana-web3-js-library

๐Ÿฅš The Curious Case of an Egg-Cellent Resume security research โ€“ A campaign by TA4557/FIN6 exploited resumes to install malware and access servers. The attack involved multiple tactics, including credential theft and lateral movement, using various malicious tools. https://thedfirreport.com/2024/12/02/the-curious-case-of-an-egg-cellent-resume/

๐Ÿฅด Exploit Intelligence this is part of a post series. take a look at the others! ๐Ÿ˜‰ cyber defense โ€“ The article discusses the significance of exploit intelligence in cybersecurity, highlighting the need for organizations to stay informed about vulnerabilities and emerging threats to enhance their defense strategies. https://vulncheck.com/blog/exploit-intelligence

๐Ÿƒ ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches cyber defense โ€“ This article outlines essential strategies for securing Industrial Control Systems against cyber threats found in their card game, emphasizing isolation and comprehensive security practices to mitigate risks. https://www.blackhillsinfosec.com/mitigations-to-scenarios-found-in-ics-ot-backdoors-and-breaches/

๐ŸŒ‰ Tor Project needs 200 WebTunnel bridges more to bypass Russia' censorship privacy โ€“ The Tor Project aims to deploy 200 new WebTunnel bridges by year-end to combat increasing censorship in Russia, where government actions have made existing bridges less accessible. https://securityaffairs.com/171601/digital-id/tor-project-needs-200-webtunnel-bridges.html

๐Ÿ›ก๏ธ Building Cyber Resilience Against Ransomware Attacks cyber defense โ€“ Ransomware attacks are on the rise, costing organizations an average of $5.24 million. This article outlines a framework for building resilience against ransomware, emphasizing the need for effective response, sustainability, and recovery strategies. https://blog.nviso.eu/2024/12/03/building-cyber-resilience-against-ransomware-attacks/

๐Ÿ”Œ Zero Day Initiative โ€” Detailing the Attack Surfaces of the WolfBox E40 EV Charger hacking write-up โ€“ The WolfBox E40 EV charger has been analyzed for potential vulnerabilities, revealing attack surfaces via its mobile app and hardware components. The firmware extraction process highlights risks associated with its communications module and embedded OS. https://www.thezdi.com/blog/2024/12/2/detailing-the-attack-surfaces-of-the-wolfbox-e40-ev-charger

๐Ÿ“Š Linux Foundation report highlights the true state of open source libraries in production apps security news โ€“ The Linux Foundation's Census III report reveals insights on open source libraries in production, emphasizing the rise of Rust for memory safety and ongoing reliance on Python 2, which raises security risks. https://techcrunch.com/2024/12/04/linux-foundation-report-highlights-the-true-state-of-open-source-libraries-in-production-apps/

๐Ÿ”ง Veeam addressed critical Service Provider Console (VSPC) bug vulnerability โ€“ Veeam fixed a critical vulnerability (CVE-2024-42448) in its Service Provider Console that could allow remote code execution. Organizations are urged to upgrade to version 8.1.0.21999 to mitigate this and another related vulnerability. https://securityaffairs.com/171651/security/veeam-addressed-critical-service-provider-console-vspc-flaw.html

๐Ÿ๏ธ (QR) Coding My Way Out of Here: C2 in Browser Isolation Environments cyber defense โ€“ Mandiant reveals a technique to bypass browser isolation using QR codes for command-and-control (C2) communication, highlighting vulnerabilities in browser isolation technologies while recommending continued use as a defense measure against web threats. https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/

๐ŸŒถ๏ธ White House: Chinese telecom hacks have been in motion for years security news โ€“ A White House official revealed that the Salt Typhoon hack, linked to Chinese state-sponsored actors, has impacted eight U.S. telecom companies and has been ongoing for two years, posing risks to communications and requiring urgent cybersecurity measures. https://cyberscoop.com/salt-typhoon-national-security-council-chinese-spying/

๐Ÿ RACE Conditions in Modern Web Applications security research โ€“ RACE conditions, where simultaneous processes lead to unpredictable outcomes, remain a security concern in web applications. Recent research highlights new methods to exploit these vulnerabilities, emphasizing the need for proactive mitigation strategies in application development. https://www.guidepointsecurity.com/blog/race-conditions-in-modern-web-applications/

๐Ÿงซ Analyzing the vulnerability landscape in Q3 2024 security news โ€“ Q3 2024 saw an increase in vulnerabilities in Windows and Linux, with notable exploits affecting systems like WinRAR and Microsoft Office. Experts emphasize the importance of timely patching and monitoring to mitigate risks. https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/


CISA Corner

๐Ÿ”’ CISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications Providers security news โ€“ CISA, alongside the NSA, FBI, and international partners, issued guidance to enhance security following a cyber espionage campaign by a PRC-affiliated threat actor targeting global telecommunications networks. https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-and-partners-release-joint-guidance-prc-affiliated-threat-actor-compromising-networks-global

๐Ÿ”’ Cisco Releases Security Updates for NX-OS Software vulnerability โ€“ Cisco has issued security updates for NX-OS software to fix a vulnerability that could allow cybercriminals to gain control of affected systems. Users are advised to review the advisory and apply updates promptly. https://www.cisa.gov/news-events/alerts/2024/12/05/cisco-releases-security-updates-nx-os-software

โš™๏ธ CISA Releases Eight Industrial Control Systems Advisories vulnerability โ€“ On December 3, 2024, CISA issued eight advisories addressing vulnerabilities in various Industrial Control Systems, urging users and administrators to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-releases-eight-industrial-control-systems-advisories โš™๏ธ CISA Releases Two Industrial Control Systems Advisories vulnerability โ€“ On December 5, 2024, CISA issued two advisories addressing security vulnerabilities in Industrial Control Systems: AutomationDirect C-More EA9 Programming Software and Planet Technology Planet WGS-804HPT, urging users to review them for mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/12/05/cisa-releases-two-industrial-control-systems-advisories

โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, urging users to address these risks to federal networks. The vulnerabilities include CVE-2023-45727, CVE-2024-11680, and CVE-2024-11667. https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-adds-three-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2024-51378, a vulnerability in CyberPanel related to incorrect default permissions, to its Known Exploited Vulnerabilities Catalog, highlighting the need for Federal agencies to remediate this risk promptly. https://www.cisa.gov/news-events/alerts/2024/12/04/cisa-adds-one-known-exploited-vulnerability-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿ“ฆ Vorsicht vor gefรคlschten Paketbenachrichtigungen warning โ€“ Kriminelle nutzen die Black Friday Zeit, um gefรคlschte Paketbenachrichtigungen zu versenden, die Nutzer zur Zahlung von angeblichen Versandkosten verleiten und sie in Abofallen locken. https://www.watchlist-internet.at/news/falsche-paketbenachrichtigungen/

๐Ÿงฑ Google blocked 1000 pro China websites from services security news โ€“ Google has blocked over 1,000 sites linked to a network promoting pro-China narratives, exposing coordinated disinformation tactics that blur the lines between authentic and fake news. https://www.theregister.com/2024/11/25/google_beijing_propaganda/

๐Ÿ“ฆ Supply chain vendor Blue Yonder succumbs to ransomware cybercrime โ€“ Blue Yonder has suffered a ransomware attack, disrupting services and affecting customers like Starbucks and UK retailers, who are struggling to maintain supply chain operations. https://www.theregister.com/2024/11/26/blue_yonder_ransomware/

๐Ÿ“ž Malware linked to Salt Typhoon used to hack telcos around the world security news โ€“ Salt Typhoon, a sophisticated Chinese APT group, has exploited various vulnerabilities to infiltrate telecom companies globally, using advanced malware and tactics for cyber-espionage. https://cyberscoop.com/salt-typhoon-us-telecom-hack-earth-estries-trend-micro-report/

๐Ÿ”ง Weekend QNAP, Veritas bugs hit patch pipelines vulnerability โ€“ QNAP patched 24 vulnerabilities in its products, including critical flaws in Notes Station 3, while Veritas faces delays in addressing seven critical vulnerabilities in its Enterprise Vault software. https://www.theregister.com/2024/11/26/qnap_veritas_vulnerabilities/

๐Ÿš” Emergency Vehicle Lights Can Screw Up a Carโ€™s Automated Driving System security research โ€“ Research reveals that emergency vehicle lights can disrupt camera-based automated driving systems, causing them to misidentify objects and potentially leading to accidents, highlighting vulnerabilities in AI driving tech. https://www.wired.com/story/emergency-vehicle-lights-can-screw-up-a-cars-automated-driving-system/

๐Ÿšซ Steam Removes Oct 7 Game at Request of UK Counter-Terrorism Unit security news โ€“ Valve removed the game 'Fursan al-Aqsa' from Steam in the UK at the request of the Counter-Terrorism Internet Referral Unit, citing concerns over its portrayal of violence related to the Israel-Palestine conflict. https://www.404media.co/steam-removes-oct-7-game-at-request-of-uk-counter-terrorism-unit/

๐Ÿ”“ Canadian privacy regulators publish details of medical testing companyโ€™s data breach data breach โ€“ A court ruling has allowed the public release of a report detailing a 2019 data breach at LifeLabs, exposing millions of Canadians' health data and revealing inadequate security measures. https://therecord.media/canadian-privacy-regulators-publish-life-labs-investigation

๐Ÿฆ  Russia-linked hackers exploited Firefox and Windows bugs in 'widespread' hacking campaign security research โ€“ RomCom, a Russian-linked hacking group, exploited zero-day vulnerabilities in Firefox and Windows to deploy malware via a 'zero-click' exploit, targeting users in Europe and North America. https://techcrunch.com/2024/11/26/russia-linked-hackers-exploited-firefox-and-windows-zero-day-bugs-in-widespread-hacking-campaign/

๐Ÿคซ US alleges man is cybercrook with distaste for opsec cybercrime โ€“ Nicholas Kloster, 31, is accused of a cybercrime spree in Missouri, including unauthorized access and damage to computers, showing a blatant disregard for operational security. https://www.theregister.com/2024/11/26/kansas_city_cybercrime_charges/

๐Ÿ“Š Someone Made a Dataset of One Million Bluesky Posts for 'Machine Learning Research' privacy โ€“ A dataset of one million public Bluesky posts was released for machine learning research but was later removed by its creator, citing violations of transparency and consent principles. https://www.404media.co/someone-made-a-dataset-of-one-million-bluesky-posts-for-machine-learning-research/

๐Ÿ‘” NSO Group Spies on People on Behalf of Governments privacy โ€“ NSO Group, known for selling Pegasus spyware, reportedly operates the spyware on behalf of governments, revealing that they install and extract data from targeted devices themselves. https://www.schneier.com/blog/archives/2024/11/nso-group-spies-on-people-on-behalf-of-governments.html

โš–๏ธ Judge rejects data brokersโ€™ bid to throw out case brought by law enforcement officers privacy โ€“ A federal judge denied data brokers' motion to dismiss a lawsuit by New Jersey law enforcement officers under Daniel's Law, which protects their personal information from being disclosed online. https://therecord.media/judge-rejects-bid-to-throw-out-data-broker-police-privacy-case

๐ŸŽฎ Russian Disinformation Campaign Spreads Lies About Ukraine's โ€˜Stalker 2โ€™ security news- A Russian disinformation campaign falsely claims that the Ukrainian game Stalker 2 is used for military enlistment and data collection, aiming to undermine the game's significance amidst the ongoing conflict. https://www.404media.co/stalker2-disinformation/

๐Ÿ“ณ T-Mobile says telco hackers had 'no access' to customer call and text message logs data breach โ€“ T-Mobile stated that hackers did not access customer calls, texts, or voicemails during a cyberattack linked to the China-backed group Salt Typhoon, while emphasizing their robust cybersecurity measures. https://techcrunch.com/2024/11/27/t-mobile-says-telco-hackers-had-no-access-to-customer-call-and-text-message-logs/

๐Ÿšข Investigators think a Chinese ship purposefully cut critical data cables security news โ€“ European investigators allege a Chinese ship intentionally dragged its anchor to sever two critical data cables, potentially linked to Russian intelligence, while the Kremlin denies involvement. https://techcrunch.com/2024/11/27/investigators-think-a-chinese-ship-purposefully-cut-critical-data-cables/

๐Ÿ’ป Mimic Ransomware: What You Need To Know malware โ€“ Mimic ransomware, first identified in 2022, encrypts files and may exfiltrate data, leveraging the legitimate 'Everything' tool for quick file access. Infected files have a '.QUIETPLACE' extension, and a new variant called Elpaco has emerged, targeting systems via RDP. https://www.tripwire.com/state-of-security/mimic-ransomware-what-you-need-know

โšฝ Italian football club Bologna FC says company data stolen during ransomware attack data breach โ€“ Bologna FC confirmed a ransomware attack by RansomHub, resulting in the theft of 200GB of sensitive data, including financial documents and player medical records, which may be leaked online. https://therecord.media/italian-football-club-blogna-fc-ransomware

๐Ÿ“ฑ 15 SpyLoan Android apps found on Google play had over 8 million installs malware โ€“ McAfee identified 15 SpyLoan apps on Google Play with over 8 million installs, exploiting users through deceptive tactics to collect sensitive data and leading to extortion and harassment. https://securityaffairs.com/171553/cyber-crime/15-spyloan-android-apps-on-google-play.html


Some More, For the Curious

๐Ÿคฆโ€โ™‚๏ธ Malicious NPM Package Exploits React Native Documentation Example security research โ€“ A malicious npm package mimicked official React Native documentation, tricking developers and highlighting vulnerabilities in supply chain security. Vigilance is essential to prevent such attacks. https://checkmarx.com/blog/malicious-npm-package-exploits-react-native-documentation-example/

๐Ÿ—ณ๏ธ Security Analysis of the MERGE Voting Protocol security research โ€“ The MERGE voting protocol, intended for internet voting, is criticized for its fundamental flaws and the impracticality of ensuring trustworthy elections without significant legal and administrative reforms. https://www.schneier.com/blog/archives/2024/11/security-analysis-of-the-merge-voting-protocol.html

๐ŸŽฎ The Exploitation of Gaming Engines: A New Dimension in Cybercrime cybercrime โ€“ Cybercriminals exploit Godot Engine to distribute malware undetected, infecting over 17,000 machines. This new trend poses significant risks to developers and gamers alike. https://blog.checkpoint.com/research/the-exploitation-of-gaming-engines-a-new-dimension-in-cybercrime/

๐Ÿšจ Malware campaign abused flawed Avast Anti security research โ€“ Threat actors exploited a vulnerable Avast Anti-Rootkit driver to gain kernel-level access, disable security tools, and compromise systems, highlighting the risks of flawed drivers in malware campaigns. https://securityaffairs.com/171340/hacking/avast-anti-rootkit-driver-abused-malware-campaign.html

๐Ÿ›ก๏ธ Zyxel firewalls targeted in recent ransomware attacks vulnerability โ€“ Zyxel warns that a ransomware group is exploiting a patched command injection vulnerability in its firewalls, allowing attackers to execute OS commands if certain conditions are met. https://securityaffairs.com/171382/cyber-crime/zyxel-firewall-ransomware-attacks.html

๐Ÿ”‘ BitLocker Security: Are Your Keys Truly Safe? hacking write-up โ€“ BitLocker's security relies on the TPM, but its default configuration may expose vulnerabilities. Without additional authentication, attackers can sniff the TPM bus and access encryption keys, compromising data. https://blog.nviso.eu/2024/11/26/wake-up-and-smell-the-bitlocker-keys/

๐Ÿง‘โ€๐Ÿ’ป The source code of Banshee Stealer leaked online malware โ€“ Banshee Stealer, a macOS malware for stealing sensitive data, has had its source code leaked on GitHub, leading to the shutdown of its operations by the developers. https://securityaffairs.com/171423/malware/the-source-code-of-banshee-stealer-leaked-online.html

๐Ÿ“„ The Four Question Framework for Threat Modeling security research โ€“ Shostack + Associates has released a free whitepaper on the Four Question Framework for Threat Modeling, emphasizing the importance of consistent phrasing to maintain nuance and intent in security discussions. https://shostack.org/blog/four-question-frame/

โš ๏ธ ProjectSend critical flaw actively exploited in the wild, experts warn vulnerability โ€“ A critical vulnerability in ProjectSend (CVE-2024-11680) is being actively exploited, allowing unauthorized access and webshell uploads. Many instances remain unpatched, raising significant security concerns. https://securityaffairs.com/171494/hacking/projectsend-critical-flaw-actively-exploited.html

๐Ÿ‡ Race Condition Attacks against LLMs security research โ€“ New attacks against LLMs include 'Flowbreaking,' which disrupts guardrails, and 'Second Thoughts,' where LLMs retract sensitive content if a user interrupts the response. These exploit vulnerabilities in the surrounding application architecture. https://www.schneier.com/blog/archives/2024/11/race-condition-attacks-against-llms.html

๐Ÿ”’ Zabbix urges upgrades after SQL injection bug disclosure vulnerability โ€“ Zabbix warns of a critical SQL injection vulnerability (CVE-2024-42327) affecting multiple product versions, potentially allowing full system compromise. Users are urged to upgrade to the latest versions for protection. https://www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/

๐Ÿฑ Code found online exploits LogoFAIL to install Bootkitty Linux backdoor malware โ€“ Malicious code exploiting the LogoFAIL vulnerability can hijack the boot process of certain Linux devices from manufacturers like Acer and HP, allowing installation of the Bootkitty backdoor without user interaction. https://arstechnica.com/security/2024/11/code-found-online-exploits-logofail-to-install-bootkitty-linux-backdoor/


CISA Corner

โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2023-28461, a vulnerability in Array Networks, to its catalog due to active exploitation, underscoring the need for federal agencies to address known vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/11/25/cisa-adds-one-known-exploited-vulnerability-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

โš ๏ธ PSA: You shouldn't upload your medical images to AI chatbots privacy โ€“ Users are cautioned against uploading private medical images to AI chatbots like Grok, as it risks exposing sensitive data, which may be used to train models and shared without clear protections. https://techcrunch.com/2024/11/19/psa-you-shouldnt-upload-your-medical-images-to-ai-chatbots/


News For All

๐ŸŒŸ These alternatives to popular apps can help reclaim your online life from billionaires and surveillance privacy โ€“ Explore privacy-focused alternatives to popular apps that empower you to control your data, avoiding surveillance and monetization by big tech companies. https://techcrunch.com/2024/11/24/these-alternatives-to-popular-apps-can-help-reclaim-your-online-life-from-billionaires-and-surveillance/

๐Ÿ•ต๏ธโ€โ™€๏ธ Women In Russian-Speaking Cybercrime: Mythical Creatures or Significant Members of Underground? cybercrime โ€“ This article explores the underrepresented roles of women in Russian-speaking cybercrime, revealing their contributions, challenges, and evolving dynamics amid geopolitical tensions, highlighting both historical and contemporary insights. https://www.sans.org/blog/women-in-russian-speaking-cybercrime-mythical-creatures-or-significant-members-of-underground

๐ŸŽถ Spotify abused to promote pirated software and game cheats cybercrime โ€“ Threat actors are exploiting Spotify playlists and podcasts to promote pirated software and game cheats, leveraging Spotify's SEO benefits to drive traffic to malicious sites. https://www.bleepingcomputer.com/news/security/spotify-abused-to-promote-pirated-software-and-game-cheats/

๐Ÿฆ  Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden malware โ€“ A malvertising campaign on Facebook disguised as Bitwarden updates spreads malware through fake ads, tricking users into installing malicious Chrome extensions that exploit business accounts. https://hackread.com/facebook-malvertising-malware-via-fake-bitwarden/

โš ๏ธ Really Simple Security plugin flaw impacts 4M+ WordPress sites vulnerability โ€“ A critical vulnerability (CVE-2024-10924) in the Really Simple Security plugin affects over 4 million WordPress sites, allowing attackers to bypass authentication and gain full admin access. A fix has been released. https://securityaffairs.com/171100/hacking/really-simple-security-plugin-flaw-affects-4m-sites.html

๐Ÿ’ป Ransomware gang Akira leaks unprecedented number of victimsโ€™ data in one day cybercrime โ€“ The Akira ransomware gang leaked a record 35 victims' data in one day, showcasing their aggressive tactics. This marks a significant surge in their operations since emerging in 2023. https://therecord.media/akira-ransomware-group-publishes-unprecedented-leak-data

๐Ÿšจ Alleged Russian Phobos ransomware administrator extradited to U.S., in custody cybercrime โ€“ Evgenii Ptitsyn, a Russian alleged Phobos ransomware administrator, has been extradited to the U.S. after extorting over $16 million from more than 1,000 victims worldwide, facing multiple charges. https://cyberscoop.com/alleged-russian-phobos-ransomware-administrator-extradited-to-u-s-in-custody/

๐Ÿ›’ Scammer Black Friday offers: Online shopping threats and dark web sales security news โ€“ Kaspersky's report highlights the surge in online shopping-related cyber threats, including phishing attacks, fake mobile apps, and banking trojans, emphasizing the risks during Black Friday and the role of the dark web in selling stolen data. https://securelist.com/black-friday-report-2024/114589/

๐Ÿ”’ Microsoft beefs up Windows security with new recovery and patching features security news โ€“ In response to the CrowdStrike outage, Microsoft announced enhancements to Windows security, including Quick Machine Recovery, kernel mode changes for antivirus, and Administrator Protection for user permissions, aimed at improving system resilience and recovery. https://techcrunch.com/2024/11/19/microsoft-beefs-up-windows-security/

โš–๏ธ German court says victims of massive Facebook data breach can be compensated data breach โ€“ A German court ruled that victims of the 2021 Facebook data breach can claim โ‚ฌ100 ($105) in compensation, acknowledging non-material damage due to loss of control over personal data, despite no financial loss evidence. https://therecord.media/german-court-says-victims-facebook-breach-compensation

๐ŸŒ Niantic uses Pokรฉmon Go player data to build AI navigation system security news โ€“ Niantic is developing a 'Large Geospatial Model' for AI navigation, using visual scans from Pokรฉmon Go and Scaniverse players, leveraging over 10 million scanned locations worldwide to enhance augmented reality applications. https://arstechnica.com/ai/2024/11/niantic-uses-pokemon-go-player-data-to-build-ai-navigation-system/

๐Ÿ“ Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany security news โ€“ A report reveals that a data broker is selling detailed location data of US military and intelligence personnel in Germany, raising national security concerns as this information can be exploited for espionage and other malicious activities. https://www.wired.com/story/phone-data-us-soldiers-spies-nuclear-germany/

๐Ÿ“บ Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events security research โ€“ Threat actors exploit misconfigured JupyterLab and Jupyter Notebook servers to hijack environments for illegal sports streaming, using tools like ffmpeg to capture and redistribute broadcasts, posing significant risks to organizations. https://securityaffairs.com/171193/cyber-crime/misconfigured-jupyterlab-and-jupyter-notebooks-illegal-live-sports-streaming.html

๐Ÿ“ฑ Malicious QR Codes: How big of a problem is it, really? security news โ€“ Malicious QR codes exploit weaknesses in anti-spam filters, with around 60% of emails containing QR codes being spam. Security experts recommend caution when scanning QR codes, as they can lead to phishing or malware sites. https://blog.talosintelligence.com/malicious_qr_codes/

๐Ÿšธ UK says a new law banning social media for under-16s is 'on the table' security news โ€“ The UK government is considering a ban on social media for under-16s to protect children's wellbeing, with a new study announced to assess social media's impact. The proposal aligns with the upcoming Online Safety Act aimed at enhancing online safety for children. https://therecord.media/britain-social-media-ban-children-proposal

๐Ÿฅ 750,000 Patients' Medical Records Exposed After Data Breach at French data breach โ€“ A cyber attack on a French hospital exposed the medical records of over 750,000 patients, with the hacker claiming access to data from multiple healthcare facilities. The breach was linked to stolen login credentials for the Mediboard system. https://www.tripwire.com/state-of-security/750000-patients-medical-records-exposed-after-data-breach-french-hospital

๐Ÿ’ฐ DeliveryHero subsidiary fined \$5.2 million for tracking driversโ€™ geolocation privacy โ€“ Italy's data privacy regulator fined Foodinho S.r.l. โ‚ฌ5 million ($5.2 million) for illegally tracking drivers' geolocation, including outside working hours, and sharing data with third parties without consent. The company is also prohibited from using biometric data for identity verification. https://therecord.media/deliveryhero-subsidiary-fined-5-million-geolocation-data

๐Ÿ– Meta cracks down on millions of accounts it tied to pig-butchering scams security news โ€“ Meta has removed millions of accounts linked to pig-butchering scams, a fraudulent scheme costing victims billions. The crackdown aims to protect users from organized crime. https://cyberscoop.com/meta-cracks-down-on-millions-of-accounts-it-tied-to-pig-butchering-scams/

๐ŸŽ‰ Hackers break into Andrew Tateโ€™s online โ€˜university,โ€™ steal user data and flood chats with emojis data breach โ€“ Hackers accessed data of nearly 800,000 users from Andrew Tate's online course, leaking emails and private chats while disrupting chats. https://techcrunch.com/2024/11/21/hackers-break-into-andrew-tates-online-university-steal-user-data-and-flood-chats-with-emojis/


Some More, For the Curious

๐Ÿ”“ BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA security research โ€“ BrazenBamboo exploits a zero-day vulnerability in FortiClient to extract user VPN credentials using their DEEPDATA malware, highlighting the ongoing threat of credential theft. https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/

๐Ÿ”’ What To Use Instead of PGP security research โ€“ The article argues against using PGP for secure communications, recommending better alternatives like Sigstore, SSH signatures, Magic Wormhole, and Signal for various use cases, emphasizing modern tools over outdated methods. https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

๐Ÿ›ก๏ธ Inside the Threat: A Behind-the-Scenes Look at Stopping an Active Intrusion cyber defense โ€“ This article details a proactive investigation into an active intrusion, showcasing how early detection, vigilant employees, and layered security measures thwarted a potentially devastating ransomware attack. https://sec-consult.com/blog/detail/inside-the-threat-a-behind-the-scenes-look-at-stopping-an-active-intrusion/

๐Ÿ“ Azure Detection Engineering: Log idiosyncrasies you should know about cyber defense โ€“ This article discusses various inconsistencies and intricacies in Azure logs, including schema, IP addresses, user-agent fields, and UUID formatting, offering insights for better monitoring and detection in Azure environments. https://tracebit.com/blog/azure-detection-engineering-log-idiosyncrasies-you-should-know-about

๐Ÿ” CVE-2024-10524 Wget Zero Day Vulnerability vulnerability โ€“ A zero-day vulnerability (CVE-2024-10524) in Wget allows attackers to exploit shorthand HTTP URLs, potentially leading to phishing, SSRF, and MiTM attacks. A patch has been released in version 1.25.0. https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/

โš ๏ธ Critical 9.8-rated VMware vCenter RCE bug under exploit security news โ€“ Two VMware vCenter vulnerabilities, CVE-2024-38812 and CVE-2024-38813, have been confirmed exploited in the wild, including a critical RCE flaw rated 9.8. Urgent fixes are required. https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/

๐ŸŽˆ Microsoft announces its own Black Hat-like hacking event with big rewards for AI security security news โ€“ Microsoft is launching Zero Day Quest, a major hacking event aimed at discovering cloud and AI security flaws, offering $4 million in rewards. The event emphasizes collaboration with security researchers and aims to enhance industry-wide security practices. https://www.theverge.com/2024/11/19/24299999/microsoft-zero-day-quest-hacking-event-ai-cloud-security

๐Ÿฉถ Leaked Documents Show What Phones Secretive Tech โ€˜Graykeyโ€™ Can Unlock privacy โ€“ Leaked documents reveal that Graykey, a law enforcement tool for unlocking phones, can only access partial data from modern iPhones running iOS 18 and iOS 18.0.1, highlighting the ongoing battle between forensics tools and phone security. https://www.404media.co/leaked-documents-show-what-phones-secretive-tech-graykey-can-unlock-2/

๐Ÿ› ๏ธ Botnet serving as โ€˜backboneโ€™ of malicious proxy network taken offline security research โ€“ The ngioweb botnet, a key player in malicious proxy services, has been dismantled by security experts. This botnet, primarily composed of compromised IoT devices and routers, facilitated various cybercrimes, including DDoS attacks and credential stuffing. https://cyberscoop.com/proxy-services-cybercrime-ngioweb-botnet-nsocks/

๐Ÿ”’ Fintech giant Finastra confirms it's investigating a data breach data breach โ€“ Finastra is investigating a data breach involving its internal Secure File Transfer Platform after a hacker claimed to sell 400GB of stolen data from the companyโ€™s banking clients. Initial evidence suggests compromised credentials. https://techcrunch.com/2024/11/20/fintech-giant-finastra-confirms-its-investigating-a-data-breach/

๐Ÿ–‡๏ธ D-Link says replace vulnerable routers or risk pwnage vulnerability โ€“ D-Link has advised users of older VPN router models to replace them due to a serious unauthenticated remote code execution vulnerability. The company will not issue patches for affected devices, which have reached end of life, and is offering a discount on a new model. https://www.theregister.com/2024/11/20/dlink_rip_replace_router/

๐Ÿ”’ A new โ€˜ultra-secureโ€™ phone carrier says it can make you harder to track security news โ€“ Cape, a new privacy-focused phone carrier, aims to protect users' data by minimizing personal information collection and offering a pre-configured Android phone with enhanced security features, targeting high-risk individuals. https://www.theverge.com/2024/11/21/24302416/cape-ultra-secure-phone-data-collection-tracking

๐ŸŽ›๏ธ Finding Access Control Vulnerabilities with Autorize cyber defense โ€“ This article discusses how to identify access control vulnerabilities using Autorize, focusing on vertical and horizontal access control issues in web applications, and highlights the importance of proper session management and user permissions. https://www.blackhillsinfosec.com/finding-access-control-vulnerabilities-with-autorize/

๐Ÿ˜๏ธ Spies hack Wi-Fi networks in far-off land to launch attack on target next door security research โ€“ Russian hackers linked to Fancy Bear executed a 'Nearest Neighbor Attack' by compromising a nearby Wi-Fi-enabled device to access a high-value target's network, exploiting credential weaknesses without needing physical proximity. https://arstechnica.com/security/2024/11/spies-hack-wi-fi-networks-in-far-off-land-to-launch-attack-on-target-next-door/

๐Ÿ˜ฑ 'Alarming' security bugs lay low in Linux's needrestart utility for 10 years vulnerability โ€“ Five critical vulnerabilities in the needrestart utility allow local attackers to gain root access, posing severe risks to system security. Immediate updates are urged. https://www.theregister.com/2024/11/21/qualys_needrestart_linux_vulnerabilities/


CISA Corner

๐Ÿ” Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization security research โ€“ CISA conducted a red team assessment revealing critical vulnerabilities in a US critical infrastructure organization, highlighting issues with insufficient technical controls, lack of staff training, and ineffective monitoring that allowed attackers to exploit systems. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a

โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, including command injection and authentication bypass flaws in Kemp LoadMaster and Palo Alto Networks PAN-OS, urging users to review related security bulletins. https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added two vulnerabilities, CVE-2024-38812 and CVE-2024-38813, related to VMware vCenter Server, to its Known Exploited Vulnerabilities Catalog, highlighting significant risks for federal agencies and the need for prompt remediation. https://www.cisa.gov/news-events/alerts/2024/11/20/cisa-adds-two-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, including code execution and XSS vulnerabilities in Apple products and an incorrect authorization flaw in Oracle PLM, highlighting significant risks for federal agencies. https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-adds-three-known-exploited-vulnerabilities-catalog

โš™๏ธ CISA Releases One Industrial Control Systems Advisory vulnerability โ€“ CISA issued an advisory (ICSA-24-324-01) on November 19, 2024, regarding vulnerabilities in Mitsubishi Electric's MELSEC iQ-F Series. Users are urged to review the advisory for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/11/19/cisa-releases-one-industrial-control-systems-advisory โš™๏ธ CISA Releases Seven Industrial Control Systems Advisories vulnerability โ€“ CISA has released seven advisories on November 21, 2024, addressing security issues and vulnerabilities in various Industrial Control Systems, including products from Automated Logic and Schneider Electric. https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-releases-seven-industrial-control-systems-advisories

๐Ÿ”’ Apple Releases Security Updates for Multiple Products security news โ€“ Apple has released security updates to fix vulnerabilities in various products, warning that cyber threat actors could exploit these flaws to gain control of affected systems. Users are urged to apply the updates. https://www.cisa.gov/news-events/alerts/2024/11/20/apple-releases-security-updates-multiple-products


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

๐Ÿฆ Einladung ins Fediverse: Mastodon als Alternative zu X, Instagram und Co. privacy โ€“ The article invites readers to consider Mastodon as a privacy-friendly alternative to popular social media platforms like X and Instagram, encouraging sharing and engagement through various channels. https://www.kuketz-blog.de/einladung-ins-fediverse-mastodon-als-alternative-zu-x-instagram-und-co/

๐Ÿ›ก๏ธ Kritische Sicherheitslรผcke in Laravel Framework โ€“ Updates verfรผgbar warning โ€“ The article about a critical vulnerability in Laravel is provided by CERT.at, Austria's Computer Emergency Response Team. https://www.cert.at/de/warnungen/2024/11/kritische-sicherheitslucke-in-laravel-framework-updates-verfugbar


News For All

โ“ Brauchst du wirklich ein VPN? privacy โ€“ The article explores whether a VPN is necessary for online privacy and security, highlighting both its benefits and limitations in protecting personal data. https://www.kuketz-blog.de/brauchst-du-wirklich-ein-vpn/

๐Ÿ’ผ Hacker erbeuten Firmendaten des Statistischen Bundesamtes data breach โ€“ A hacker group has stolen and is selling sensitive data from Germany's Federal Statistical Office, including contact details and access credentials, raising significant privacy concerns. https://www.golem.de/news/cyberangriff-auf-destatis-hacker-erbeuten-firmendaten-des-statistischen-bundesamtes-2411-190805.html

๐Ÿ’ณ 200,000 SelectBlinds customers have their cards skimmed in malware attack data breach โ€“ SelectBlinds revealed a breach affecting over 206,000 customers due to malware on its checkout page, compromising sensitive information, including credit card details. Users are advised to reset passwords and monitor statements. https://www.bitdefender.com/en-us/blog/hotforsecurity/200-000-selectblinds-customers-card-details-skimmed-malware-attack/

๐Ÿ”‘ These are the passwords you definitely shouldnโ€™t be using security news โ€“ NordPass released its annual list of the most common passwords, revealing a lack of creativity with '123456' topping the chart. Users are urged to create more secure passwords or consider using passkeys. https://www.theverge.com/2024/11/13/24295543/most-common-passwords-list-2024

๐Ÿ•ต๏ธโ€โ™€๏ธ The WIRED Guide to Protecting Yourself From Government Surveillance privacy โ€“ With the potential expansion of government surveillance under a new administration, experts recommend various privacy protections, including encrypted communications, device encryption, and careful management of location and financial data. https://www.wired.com/story/the-wired-guide-to-protecting-yourself-from-government-surveillance/

๐Ÿšจ Criminals Exploiting FBI Emergency Data Requests cybercrime โ€“ Cybercriminals have exploited compromised police accounts to impersonate law enforcement and request user data, resulting in unauthorized access to sensitive information from companies. This highlights vulnerabilities in lawful-access mechanisms. https://www.schneier.com/blog/archives/2024/11/criminals-exploiting-fbi-emergency-data-requests.html

๐Ÿ“ƒ 'FYI. A Warrant Isnโ€™t Needed': Secret Service Says You Agreed To Be Tracked With Location Data privacy โ€“ Internal emails reveal the Secret Service's debate on needing warrants for location data from apps, claiming users consented through terms of service, despite concerns over illegal usage of the data. https://www.404media.co/fyi-a-warrant-isnt-needed-secret-service-says-you-agreed-to-be-tracked-with-location-data/

๐Ÿ”“ Delta, Amazon confirm vendor breach as dark web posts revive MOVEit leak concerns data breach โ€“ Delta and Amazon confirmed that employee data was stolen from a vendor via a MOVEit vulnerability. The leaked data, including contact information, has reignited concerns about previous breaches tied to the Clop ransomware gang. https://therecord.media/delta-amazon-vendor-breach-confirmed

๐Ÿ‘๏ธ ICE Started Ramping Up Its Surveillance Arsenal Immediately After Donald Trump Won privacy โ€“ Immediately following Trump's election, ICE sought contracts to enhance surveillance technologies for monitoring non-citizens awaiting deportation, anticipating a dramatic increase in those under surveillance from 200,000 to over 5 million. https://www.wired.com/story/ice-surveillance-contracts-isap/

๐Ÿ“ฑ Safer with Google: New intelligent, real-time protections on Android to keep you safe security news โ€“ The article discusses Google's latest advancements in online security features aimed at enhancing user safety through intelligent systems and real-time protection mechanisms. https://security.googleblog.com/2024/11/new-real-time-protections-on-Android.html

๐ŸŽง These Guys Hacked AirPods to Give Their Grandmas Hearing Aids hacking write-up โ€“ Three technologists in India hacked AirPods Pro 2 to enable hearing aid features by creating a Faraday cage to bypass Apple's location restrictions, allowing their grandmothers to use the technology. https://www.wired.com/story/apple-airpods-hearing-aid-hack/

๐Ÿ‘ถ Pregnancy Tracking App โ€˜What to Expectโ€™ Refuses to Fix Issue that Allows Full Account Takeover privacy โ€“ The 'What to Expect' pregnancy tracking app is neglecting serious vulnerabilities, including one enabling full account takeover, which risks exposing users' sensitive reproductive health information amid rising concerns for privacy and safety. https://www.404media.co/pregnancy-tracking-app-what-to-expect-refuses-to-fix-issue-that-allows-full-account-takeover-2/

๐Ÿ’ฌ An Interview With the Target & Home Depot Hacker โ€“ Krebs on Security cybercrime โ€“ Mikhail Shefel, the identity behind the Rescator alias, discusses his role in the Target and Home Depot breaches, his connections to other hackers, and his current financial struggles following legal issues and arrests. https://krebsonsecurity.com/2024/11/an-interview-with-the-target-home-depot-hacker/

๐Ÿค ShrinkLocker Ransomware: What You Need To Know malware โ€“ ShrinkLocker is a new ransomware that uses VBScript and BitLocker to encrypt victims' files, locking them out without providing a password. It changes drive names to an attacker's contact, but Bitdefender offers a free decryption tool. https://www.tripwire.com/state-of-security/shrinklocker-ransomware-what-you-need-know

๐Ÿ“ฌ Scammers resort to physical Swiss post to spread malware cybercrime โ€“ Switzerland's NCSC warns of a new scam where malware is spread through fake letters mimicking official weather alerts. Recipients are tricked into downloading a malicious app containing the Coper trojan, targeting banking information. https://www.theregister.com/2024/11/16/swiss_malware_qr/


Some More, For the Curious

๐Ÿค” Newag admits: Dragon Sector hackers did not modify software in Impuls trains I missed this one a few weeks earlier. security news โ€“ Newag's lawsuit against hackers reveals that while they claim no software modifications were made, they still face questions about intentional software locks in their trains. The truth remains elusive. https://rys.io/en/175.html

๐Ÿฆ  A new fileless variant of Remcos RAT observed in the wild malware โ€“ Fortinet has identified a phishing campaign distributing a new variant of Remcos RAT, using an Excel document to exploit vulnerabilities and stealthily execute malware, granting attackers remote access. https://securityaffairs.com/170791/security/a-new-fileless-variant-of-remcos-rat-phishing.html

๐Ÿ’ป North Korean-linked hackers were caught experimenting with new macOS malware malware โ€“ Researchers found North Korean hackers embedding malware in macOS applications using an open-source SDK, capable of bypassing Apple's security. The malware shows ties to cryptocurrency intrusions but its use remains uncertain. https://cyberscoop.com/north-korea-macos-malware-flutter-jamf/

โš™๏ธ Exploit code released for RCE attack on Citrix VDI solution vulnerability โ€“ Researchers released a PoC exploit for a vulnerability in Citrix's Virtual Apps and Desktops, allowing remote code execution via HTTP requests. Citrix disputes the claim of unauthenticated access, urging users to apply hotfixes. https://www.theregister.com/2024/11/12/http_citrix_vuln/

๐Ÿ”ง Zero Day Initiative โ€” The November 2024 Security Update Review security news โ€“ Adobe and Microsoft released significant patches in November, addressing numerous vulnerabilities across various products. Key issues include critical RCE flaws in Windows and multiple critical updates from Adobe. https://www.thezdi.com/blog/2024/11/12/the-november-2024-security-update-review

๐Ÿฅผ Inside the DemandScience by Pure Incubation Data Breach data breach โ€“ The article discusses the DemandScience data breach, revealing how personal data was aggregated and sold. It highlights public concerns about data privacy, expectations of notification, and the implications of data misuse. https://www.troyhunt.com/inside-the-demandscience-by-pure-incubation-data-breach/

๐ŸŒ A three beats waltz: The ecosystem behind Chinese state-sponsored cyber threats security research โ€“ The article analyzes the complex ecosystem of Chinese state-sponsored cyber operations, highlighting the roles of the PLA, MSS, and MPS, along with the involvement of private companies and patriotic hackers in cyber offensives. https://blog.sekoia.io/a-three-beats-waltz-the-ecosystem-behind-chinese-state-sponsored-cyber-threats/

๐Ÿ”— China's Volt Typhoon botnet has re security research โ€“ The Volt Typhoon botnet has resurfaced, using the same infrastructure and techniques to target critical infrastructure in the U.S. and Guam. Despite previous disruptions, it remains a significant threat, exploiting outdated devices. https://securityaffairs.com/170872/apt/volt-typhoon-botnet-has-re-emerged.html

๐Ÿ“‰ NIST says exploited vulnerability backlog cleared but end-of-year goal for full list unlikely security news โ€“ NIST announced it has cleared a backlog of unanalyzed exploited vulnerabilities with support from CISA and the private sector. However, it will not meet its goal of clearing all vulnerabilities by year-end due to data processing challenges. https://therecord.media/nist-vulnerability-backlog-cleared-cisa

๐Ÿ’ฐ Crimeware and financial predictions for 2025 security news โ€“ Kaspersky's report predicts an increase in AI-powered cyberattacks, supply chain attacks, and financial threats targeting central banks and smartphones in 2025, highlighting evolving tactics in the crimeware landscape. https://securelist.com/ksb-financial-and-crimeware-predictions-2025/114565/

๐Ÿ”‘ Good Essay on the History of Bad Password Policies security research โ€“ Stuart Schechter discusses the history of ineffective password policies, highlighting mistakes made by Morris and Thompson in assuming that their interventions would lead to strong passwords without adequate testing or metrics. https://www.schneier.com/blog/archives/2024/11/good-essay-on-the-history-of-bad-password-policies.html

๐Ÿ” NSO Group admits cutting off 10 customers because they abused its Pegasus spyware, say unsealed court documents security news โ€“ Court documents reveal NSO Group cut off 10 customers for abusing its Pegasus spyware, which exploited WhatsApp vulnerabilities. The revelations raise concerns about NSO's operations and the use of its tools against individuals, including high-profile targets. https://techcrunch.com/2024/11/15/nso-group-admits-cutting-off-10-customers-because-they-abused-its-pegasus-spyware-say-unsealed-court-documents/

๐Ÿชช Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation cyber defense โ€“ Misconfigurations in Active Directory Certificate Services can lead to serious vulnerabilities, enabling attackers to gain unauthorized access and escalate privileges within a domain. https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-fortifying-active-directory-certificate-services-adcs-against-exploitation/


CISA Corner

๐Ÿ”’ 2023 Top Routinely Exploited Vulnerabilities security news โ€“ A joint advisory from cybersecurity agencies highlights an increase in zero-day vulnerabilities exploited in 2023, urging software developers and end-users to implement secure practices and timely patching to mitigate risks. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

โš ๏ธ CISA Adds Five Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has included five new vulnerabilities in Atlassian Jira, Cisco ASA, Metabase GeoJSON and Microsoft Windows to its Known Exploited Vulnerabilities Catalog, emphasizing their active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-adds-five-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has included two new vulnerabilities in its Known Exploited Vulnerabilities Catalog: CVE-2024-9463 and CVE-2024-9465, both related to Palo Alto Networks Expedition, highlighting significant risks to federal networks. https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-adds-two-known-exploited-vulnerabilities-catalog

๐Ÿญ CISA Releases Nineteen Industrial Control Systems Advisories vulnerability โ€“ CISA has published nineteen advisories addressing security vulnerabilities in Industrial Control Systems. Siemens, Rockwell, Hitachi, 2N, Elvaco, Baxter https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-releases-nineteen-industrial-control-systems-advisories ๐Ÿญ CISA Releases Five Industrial Control Systems Advisories vulnerability โ€“ CISA has published five advisories detailing security vulnerabilities and exploits related to various Industrial Control Systems. Subnet, Hitachi, Rockwell, Mitsubishi, Snap One https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-releases-five-industrial-control-systems-advisories

๐Ÿ”’ Fortinet Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/fortinet-releases-security-updates-multiple-products ๐Ÿ›ก๏ธ Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/adobe-releases-security-updates-multiple-products ๐Ÿ” Microsoft Releases November 2024 Security Updates https://www.cisa.gov/news-events/alerts/2024/11/12/microsoft-releases-november-2024-security-updates ๐Ÿ”ง Ivanti Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/11/12/ivanti-releases-security-updates-multiple-products ๐Ÿ”’ Citrix Releases Security Updates for NetScaler and Citrix Session Recording https://www.cisa.gov/news-events/alerts/2024/11/12/citrix-releases-security-updates-netscaler-and-citrix-session-recording


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿฆน Inside the Massive Crime Industry Thatโ€™s Hacking Billion-Dollar Companies cybercrime โ€“ A complex hacking ecosystem fueled by infostealer malware is behind major breaches, as hackers exploit stolen credentials from pirated software. https://www.wired.com/story/inside-the-massive-crime-industry-thats-hacking-billion-dollar-companies/

๐Ÿ† Valorant is winning the war against PC gaming cheaters security news โ€“ Riot Games' Vanguard anti-cheat system has significantly reduced cheating in Valorant by employing advanced detection methods. https://www.theverge.com/2024/11/4/24283482/valorant-is-winning-the-war-against-pc-gaming-cheaters

๐ŸŽซ Hacker suspected in massive Ticketmaster, AT&T breaches arrested in Canada cybercrime โ€“ Canadian authorities arrested a man suspected of breaching around 165 companies, including Ticketmaster and AT&T, by exploiting Snowflake's cloud storage with stolen credentials. https://www.theverge.com/2024/11/5/24288654/alleged-snowflake-hacker-arrested-ticketmaster-att-data-breaches

๐Ÿ“‰ Mozilla Foundation lays off 30% staff, drops advocacy division security news โ€“ The Mozilla Foundation has laid off 30% of its staff, eliminating its advocacy and global programs divisions to streamline operations and focus on its mission amidst significant changes in the tech landscape. https://techcrunch.com/2024/11/05/mozilla-foundation-lays-off-30-staff-drops-advocacy-division/

๐Ÿ’ธ South Korean authorities fine Meta $15.6 million for sharing user data with advertisers privacy โ€“ South Korea fined Meta $15.6 million for sharing sensitive data of 980,000 Facebook users with advertisers without consent, violating the Personal Information Protection Act. https://therecord.media/facebook-south-korea-privacy-regulator-fine

๐Ÿ ToxicPanda Android banking trojan targets Europe and LATAM malware โ€“ The ToxicPanda Android banking trojan has infected over 1,500 devices, targeting banks in Europe and Latin America. It employs On-Device Fraud techniques to bypass security measures, indicating a potential shift in attack strategies by Chinese-speaking threat actors. https://securityaffairs.com/170605/malware/toxicpanda-android-malware-targets-italy.html

๐Ÿ‘ฎโ€โ™‚๏ธ Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs cybercrime โ€“ Interpol's Operation Synergia resulted in 41 arrests and the takedown of over 22,000 malicious IP addresses linked to cybercrime, preventing numerous phishing and ransomware attacks worldwide. https://therecord.media/interpol-operation-arrests-takedowns

๐Ÿ•บ Canada ordered ByteDance to shut down TikTok operations in the country over security concerns privacy โ€“ Canada has ordered ByteDance to dissolve TikTok Technology Canada due to security concerns, though Canadians can still access the app. The decision follows a national security review amid ongoing scrutiny of TikTok's data practices. https://securityaffairs.com/170653/security/canada-ordered-bytedance-to-shut-down-tiktok-operations.html

๐Ÿ’ฝ Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices vulnerability โ€“ Synology patched a critical vulnerability (CVE-2024-10443) in DiskStation and BeePhotos NAS devices that allowed remote code execution without user interaction, affecting millions. Users are urged to apply updates immediately. https://securityaffairs.com/170602/hacking/synology-fixed-critical-bug-in-diskstation-and-beephotos-nas.html

๐Ÿฆ  SteelFox Trojan imitates popular products to drop stealer and miner malware security research โ€“ The SteelFox Trojan, disguised as software activators, spreads via torrent and forum posts, stealing sensitive data and mining cryptocurrency. It targets popular applications like AutoCAD and Foxit PDF Editor, employing sophisticated techniques to evade detection. https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/

๐Ÿšซ Major Ukrainian university bans Telegram to reduce cyberthreats security news โ€“ Taras Shevchenko National University of Kyiv has banned Telegram for official communications, citing security concerns over Russian access to user data. The ban follows similar restrictions for state officials, prompting discussions about alternative communication platforms. https://therecord.media/ukraine-university-bans-telegram

๐Ÿงข How early-stage companies can go beyond cybersecurity basics cyber defense โ€“ To combat evolving cyber threats, early-stage companies should adopt a proactive cybersecurity strategy that transcends basic compliance, focusing on risk management, layered security, employee training, and incident response planning. https://cyberscoop.com/cybersecurity-for-startups-early-stage-companies/

๐Ÿงช What Is Penetration Testing? security news โ€“ Penetration testing simulates attacks to identify vulnerabilities within an organization's security systems. By employing various techniques, it helps organizations strengthen defenses, comply with regulations, and improve incident response capabilities. https://www.blackhillsinfosec.com/what-is-penetration-testing/

๐ŸŽฎ Hacker says they banned โ€˜thousandsโ€™ of Call of Duty gamers by abusing anti-cheat flaw security news โ€“ A hacker named Vizor exploited a flaw in Activision's Ricochet anti-cheat system to falsely ban thousands of Call of Duty players by sending messages containing specific strings. https://techcrunch.com/2024/11/07/hacker-says-they-banned-thousands-of-call-of-duty-gamers-by-abusing-anti-cheat-flaw/

๐Ÿš— Zero Day Initiative โ€” Multiple Vulnerabilities in the Mazda In vulnerability โ€“ Multiple vulnerabilities in the Mazda Connect CMU system allow physical attackers to exploit insufficient input sanitization via USB devices, enabling arbitrary code execution with root privileges, posing significant security risks. https://www.thezdi.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system

๐Ÿ”’ A new iOS 18 security feature makes it harder for police to unlock iPhones privacy โ€“ iOS 18 introduces an inactivity timer that reboots iPhones after four days of inactivity, entering a more secure state that complicates police access to locked devices and limits data extraction capabilities. https://www.theverge.com/2024/11/9/24292092/ios-18-security-inactivity-reboot-police-complain-unlocking-iphone-difficult


Some More, For the Curious

๐Ÿฐ Fortinet FortiGate CVE-2024-23113 โ€“ A Super Complex Vulnerability In A Super Secure Appliance In 2024 vulnerability โ€“ A Format String vulnerability in Fortinet's FortiGate SSLVPN devices allows remote code execution. https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/

๐Ÿ”€ A look at the latest post-quantum signature standardization candidates security research โ€“ NIST advances 14 post-quantum signature schemes for cybersecurity, highlighting their need to resist quantum attacks. The migration to these standards poses challenges, particularly regarding performance and data overhead in TLS connections. https://blog.cloudflare.com/another-look-at-pq-signatures

๐ŸŽŸ๏ธ Strengthening Local Admin Security in Windows 11 with Local Administrator Protection security news โ€“ Windows 11's new Local Administrator Protection feature enhances security by providing just-in-time admin privileges, reducing exposure to malware and minimizing risks associated with local admin rights. https://call4cloud.nl/local-administrator-protection-privilege-protection/

๐Ÿฆ˜ Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems security research โ€“ The SANS report highlights rising attacks on ICS/OT systems, primarily through IT network vulnerabilities, with non-ransomware incidents outnumbering ransomware. https://www.darkreading.com/ics-ot-security/attackers-breach-network-provider-ot-ics-network

๐Ÿ’ผ Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale security research โ€“ Cybercriminals are exploiting DocuSign's APIs to send realistic fake invoices using genuine accounts, bypassing traditional phishing defenses. https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/

๐Ÿค– AIs Discovering Vulnerabilities security research โ€“ Research into AI capabilities for discovering software vulnerabilities is advancing, with tools like ZeroPath uncovering critical flaws missed by traditional methods. https://www.schneier.com/blog/archives/2024/11/ais-discovering-vulnerabilities.html

๐Ÿ” Typosquat campaign impersonates 287+ popular npm packages cybercrime โ€“ A new typosquatting campaign targets developers by publishing malicious npm packages that mimic legitimate ones, utilizing Ethereum smart contracts for command-and-control. https://www.theregister.com/2024/11/05/typosquatting_npm_campaign/

๐Ÿ’ฐ Schneider Electric reports cyberattack, its third incident in 18 months *security news โ€“ Schneider Electric confirmed a cyberattack involving unauthorized access to its project tracking platform, with the HellCat ransomware group demanding a $150,000 ransom in baguettes after claiming to steal over 40GB of data.* https://cyberscoop.com/schneider-electric-energy-ransomware-hellcat/

๐Ÿ” Abusing Intune Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments security research โ€“ Mandiant's Red Team demonstrated how attackers can exploit Intune permissions to achieve lateral movement and privilege escalation within Microsoft Entra ID. https://cloud.google.com/blog/topics/threat-intelligence/abusing-intune-permissions-entra-id-environments/

๐Ÿ’ฏ Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw vulnerability โ€“ Cisco has issued a critical alert for CVE-2024-20418, a vulnerability in its Ultra-Reliable Wireless Backhaul systems that allows remote attackers to gain admin access via crafted HTTP requests, necessitating immediate patching. https://www.theregister.com/2024/11/07/cisco_uiws_flaw/

๐Ÿค– AI Industry is Trying to Subvert the Definition of โ€œOpen Source AIโ€ security news โ€“ The Open Source Initiative's new definition of 'open source AI' has sparked controversy for permitting secretive practices in training data, raising concerns about true transparency in AI development. Critics argue for a clear distinction between 'open source' and 'open weights' models. https://www.schneier.com/blog/archives/2024/11/ai-industry-is-trying-to-subvert-the-definition-of-open-source-ai.html

๐Ÿš” FBI says hackers are sending fraudulent police data requests to tech giants to steal people's private information security news โ€“ The FBI warns that hackers are exploiting compromised government email addresses to submit fraudulent emergency data requests, enabling them to steal private user information from tech companies like Apple and Meta. https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/

๐Ÿœ๏ธ Palo Alto Networks warns of potential RCE in PAN vulnerability โ€“ Palo Alto Networks alerts customers to a potential remote code execution vulnerability in PAN-OS management interface, urging them to restrict access and follow security best practices to mitigate risks. https://securityaffairs.com/170697/security/palo-alto-networks-warns-potential-pan-os-rce.html

๐Ÿ“‡ Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks security research โ€“ This guide emphasizes the importance of limiting high-privilege accounts and monitoring for unusual replication requests to defend against DCSync attacks on Active Directory. https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-securing-active-directory-against-dcsync-attacks/

๐Ÿค– With 2FA Enabled: NPM Package lottie-player Taken Over by Attackers security research โ€“ Attackers exploited a leaked automation token to inject malicious code into popular NPM package versions, highlighting vulnerabilities in software supply chains and 2FA limitations. https://checkmarx.com/blog/with-2fa-enabled-npm-package-lottie-player-taken-over-by-attackers/


CISA Corner

โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added two vulnerabilities affecting PTZOptics cameras to its Known Exploited Vulnerabilities Catalog, highlighting the risks of OS command injection and authentication bypass to federal networks. https://www.cisa.gov/news-events/alerts/2024/11/04/cisa-adds-two-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Four Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, including privilege escalation and authentication flaws, highlighting significant risks for federal agencies that must address these vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/11/07/cisa-adds-four-known-exploited-vulnerabilities-catalog

โš™๏ธ CISA Releases Three Industrial Control Systems Advisories vulnerability โ€“ CISA issued three advisories on November 7, 2024, addressing security vulnerabilities in Beckhoff Automation, Delta Electronics, and Bosch Rexroth ICS products, urging users to review for technical details and mitigations. https://www.cisa.gov/news-events/alerts/2024/11/07/cisa-releases-three-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐ŸŽญ Massive hack-for-hire scandal rocks Italian political elites cybercrime โ€“ A hack-for-hire scheme exposed sensitive data of top Italian politicians, raising serious concerns about democracy and privacy. Investigations have led to arrests and calls for stronger security measures. https://www.politico.eu/article/hacking-scandal-italy-matteo-renzi-sergio-mattarella-equalize-nunzio-samuele-calamucci/

๐Ÿ’ป Black Basta affiliates used Microsoft Teams in recent attacks security research โ€“ Black Basta ransomware affiliates are now using Microsoft Teams to impersonate IT support, tricking employees into granting access and spreading malware through malicious QR codes. https://securityaffairs.com/170311/cyber-crime/black-basta-ransomware-microsoft-teams.html

๐Ÿ”“ Free, Franceโ€™s second-largest telecoms company, confirms being hit by cyberattack data breach โ€“ Free confirmed a cyberattack that compromised personal data of subscribers, with over 19 million potentially affected. The company has reported the breach and is enhancing security measures. https://therecord.media/france-telecom-free-cyberattack

๐Ÿค– Hospitals adopt error-prone AI transcription tools despite warnings security news โ€“ OpenAI's Whisper tool is generating fabricated medical transcripts, raising serious concerns for patient care. Despite warnings, many healthcare providers are using it, risking accuracy in critical situations. https://arstechnica.com/ai/2024/10/hospitals-adopt-error-prone-ai-transcription-tools-despite-warnings/

๐Ÿ“š Die digitale Bildung unter der Lupe: Eine Analyse von Schul- und Lern-Apps privacy โ€“ The article examines school and learning apps, focusing on their effectiveness and privacy implications. It emphasizes the need for scrutiny in digital education tools to protect user data. https://www.kuketz-blog.de/die-digitale-bildung-unter-der-lupe-eine-analyse-von-schul-und-lern-apps/

๐Ÿƒโ€โ™‚๏ธ Macron's bodyguards show his location by sharing Strava data privacy โ€“ An investigation revealed that President Macron's bodyguards inadvertently shared their locations on Strava, exposing sensitive information about his whereabouts and security arrangements. https://www.theregister.com/2024/10/29/macron_location_strava/

๐Ÿก QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024 vulnerability โ€“ QNAP patched a critical zero-day vulnerability (CVE-2024-50388) exploited at Pwn2Own Ireland 2024, allowing remote code execution on TS-464 NAS devices. The flaw was quickly addressed following the demonstration. https://securityaffairs.com/170386/uncategorized/qnap-fixed-zero-day-cve-2024-50388-pwn2own-ireland-2024.html

๐Ÿฆ  Malware campaign expands its use of fake CAPTCHAs malware โ€“ A new malware campaign utilizes fake CAPTCHAs to deliver Lumma and Amadey malware, targeting users on various websites. Clicking the CAPTCHA triggers malicious code, leading to data theft and browser credential extraction. https://therecord.media/fake-captcha-malware-campaign-lumma-amadey

๐Ÿคฌ Google CEO says over 25% of new Google code is generated by AI security news โ€“ Google's CEO announced that AI now generates over 25% of new code at the company, aiding developers' productivity. While AI tools are popular, concerns about bugs and security remain. Comment: I can't express how scary this sounds to me. https://arstechnica.com/ai/2024/10/google-ceo-says-over-25-of-new-google-code-is-generated-by-ai/

๐ŸŽข Windows Themes 0-day opens door to NTLM credential theft vulnerability โ€“ A zero-day vulnerability in Windows Themes allows attackers to steal NTLM credentials by tricking users into handling malicious theme files. A free micropatch from Acros Security is available while awaiting a Microsoft fix. https://www.theregister.com/2024/10/30/zeroday_windows_themes/

๐Ÿ“ž New version of Android malware FakeCall redirects bank calls to scammers cybercrime โ€“ The updated FakeCall malware for Android redirects bank calls to scammers, stealing sensitive information and funds. It mimics the Android dialer, tricking users into granting it default call handler permissions. https://securityaffairs.com/170410/malware/fakecall-malware-intercepts-outgoing-bank-calls.html

๐Ÿ›’ Satori Threat Intelligence Alert: Phish โ€™nโ€™ Ships Fakes Online Shops to Steal Money and Credit Card Information cybercrime โ€“ Satori uncovered a fraud operation, Phish โ€™nโ€™ Ships, exploiting fake online shops to steal credit card information. The scheme, which has affected hundreds of thousands of consumers, uses infected websites to redirect users to counterfeit stores, resulting in significant financial losses. https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-phish-n-ships-fakes-online-shops-to-steal-money-and-credit-card-information

๐ŸŽฃ Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files security research โ€“ Midnight Blizzard, a Russian threat actor, is executing a spear-phishing campaign targeting government and academic sectors using signed RDP files to redirect victims to actor-controlled servers for intelligence collection. https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/

๐Ÿฝ๏ธ Fired Disney worker accused of hacking into restaurant menus, replacing them with Windings and false peanut allergy information security news โ€“ A former Disney employee allegedly hacked the restaurant menu system, changing fonts to Wingdings and removing allergy info, risking safety. He faces multiple charges, including a denial-of-service attack on Disney staff. https://www.bitdefender.com/en-us/blog/hotforsecurity/fired-disney-worker-hacking-restaurant-menus-replacing-false-peanut-allergy/

๐Ÿ›Ž๏ธ Booking.com Phishers May Leave You With Reservations cybercrime โ€“ A spear-phishing campaign targeting Booking.com users exploits stolen credentials from hotel partners, allowing scammers to send fraudulent messages. Booking.com is enhancing security measures, including mandatory 2FA, but threats persist as cybercriminals adapt. https://krebsonsecurity.com/2024/11/booking-com-phishers-may-leave-you-with-reservations/


Some More, For the Curious

๐Ÿ‘ฎโ€โ™€๏ธ Law Enforcement Deanonymizes Tor Users security news โ€“ German police have managed to deanonymize several Tor users by monitoring known relays and applying timing analysis, raising concerns about the effectiveness of Tor's anonymity. https://www.schneier.com/blog/archives/2024/10/law-enforcement-deanonymizes-tor-users.html

๐Ÿ” Five Eyes tell tech startups to take infosec seriously cyber defense โ€“ The Five Eyes nations have issued security principles for tech startups to combat threats like IP theft. They emphasize understanding risks, securing products, and managing partnerships as essential practices. https://www.theregister.com/2024/10/29/five_eyes_secure_innovation_campaign/

๐Ÿฆ  Fog and Akira ransomware attacks exploit SonicWall VPN flaw warning โ€“ Fog and Akira ransomware groups are exploiting a critical SonicWall VPN vulnerability (CVE-2024-40766) to breach corporate networks, emphasizing the need for urgent patching to mitigate risks. https://securityaffairs.com/170359/cyber-crime/fog-akira-ransomware-sonicwall-vpn-flaw.html

๐Ÿ” How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware cybercrime โ€“ U.S. prosecutors charged Maxim Rudometov for developing Redline malware, tracing him through opsec mistakes like using identifiable email and social accounts, leading to his arrest in Operation Magnus. https://techcrunch.com/2024/10/29/how-a-series-of-opsec-failures-led-us-authorities-to-the-alleged-developer-of-the-redline-password-stealing-malware/

๐ŸŽ›๏ธ Writing a BugSleep C2 server and detecting its traffic with Snort security research โ€“ Researchers analyzed the BugSleep RAT, detailing its C2 protocol and methods for traffic detection using Snort. They implemented rules to identify and block its communications effectively. https://blog.talosintelligence.com/writing-a-bugsleep-c2-server/

๐Ÿ‘บ Hereโ€™s the paper no one read before declaring the demise of modern cryptography security news โ€“ Amidst alarmist claims about quantum computing threatening encryption, experts clarify that recent research does not break RSA or AES. Instead, it finds known vulnerabilities using quantum methods without significant advancements. https://arstechnica.com/information-technology/2024/10/the-sad-bizarre-tale-of-hype-fueling-fears-that-modern-cryptography-is-dead/

๐Ÿ”‘ Hackers find 15,000 credentials by scanning for git configuration data breach โ€“ Sysdig discovered over 15,000 stolen cloud service credentials in an open AWS bucket, collected by the EMERALDWHALE operation targeting exposed git configurations for spam and phishing campaigns. https://cyberscoop.com/sysdig-git-credentials-cloud-service-emeraldwhale/

๐Ÿ”“ Chinese state-backed hackers breached 20 Canadian government networks over four years, agency warns security news โ€“ Chinese hackers have compromised 20 Canadian government networks in four years, targeting critical infrastructure and innovation sectors. The threat includes espionage, IP theft, and influence operations, as noted by Canadaโ€™s cyber agency. https://therecord.media/canada-20-government-agencies-hacked-china-last-four-years

โŽ Colorado scrambles to change voting-system passwords after accidental leak data breach โ€“ The Colorado Department of State is urgently updating passwords after accidentally posting a spreadsheet with partial voting system passwords online. Officials assert there is no immediate security threat, but the GOP criticizes the handling of the incident. https://arstechnica.com/tech-policy/2024/10/colorado-scrambles-to-change-voting-system-passwords-after-accidental-leak/

๐Ÿฑ Hack Nintendo's Alarmo to run code (cat pics)? Let's-a go! hacking write-up โ€“ Hacker GaryOderNichts exploited a vulnerability in Nintendo's Alarmo clock to run custom code, including displaying cat pictures. The hack utilized findings from researcher Naomi Smith and involved accessing the device's firmware. https://www.theregister.com/2024/11/01/hack_nintendos_alarmo/

๐Ÿ”“ Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack vulnerability โ€“ A critical zero-click vulnerability in Synology's default photo app allows attackers to steal data from millions of NAS devices without user interaction. Researchers warn this could lead to ransomware attacks and unauthorized access. https://www.wired.com/story/synology-zero-click-vulnerability/

๐Ÿ”‘ An Okta login bug bypassed checking passwords on some long usernames vulnerability โ€“ A vulnerability in Okta allowed logins without password checks for usernames over 52 characters for three months. The issue has been fixed by switching the cryptographic algorithm used for cache keys. https://www.theverge.com/2024/11/1/24285874/okta-52-character-login-password-authentication-bypass

๐Ÿšฟ Chinese threat actors use Quad7 botnet in password-spray attacks cybercrime โ€“ Microsoft warns that Chinese threat actors are using the Quad7 botnet to conduct password-spray attacks, targeting SOHO devices and VPNs to steal credentials. The botnet exploits vulnerabilities in various routers to relay brute-force attacks. https://securityaffairs.com/170503/malware/quad7-botnet-used-by-chinese-threat-actors.html

๐Ÿงฐ BOFHound: AD CS Integration cyber defense โ€“ The BOFHound tool now supports parsing Active Directory Certificate Services (AD CS) objects for better attack path mapping in BloodHound. It allows for manual LDAP queries and enhances visibility into AD environments while maintaining stealth. https://posts.specterops.io/bofhound-ad-cs-integration-91b706bc7958

๐Ÿ”ง A Deeper Look at FortiJump (FortiManager CVE-2024-47575) vulnerability โ€“ CVE-2024-47575, known as FortiJump, is a critical vulnerability in FortiManager that allowed unauthorized access to devices due to missing authentication. Although the flaw has been patched, researchers warn about the potential for command injection exploits. https://bishopfox.com/blog/a-look-at-fortijump-cve-2024-47575


CISA Corner

๐Ÿ”’ Apple Releases Security Updates for Multiple Products security news โ€“ Apple has released critical security updates for various products to address vulnerabilities and enhance user protection. Users are encouraged to apply these updates promptly. https://www.cisa.gov/news-events/alerts/2024/10/29/apple-releases-security-updates-multiple-products ๐Ÿ“ง Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments cybercrime โ€“ CISA reports a large-scale spear-phishing campaign targeting government and IT sectors using malicious RDP files. Organizations are urged to implement security measures like restricting RDP connections and enabling multi-factor authentication. https://www.cisa.gov/news-events/alerts/2024/10/31/foreign-threat-actor-conducting-large-scale-spear-phishing-campaign-rdp-attachments

โš ๏ธ Fortinet Updates Guidance and Indicators of Compromise following FortiManager Vulnerability Exploitation vulnerability โ€“ Fortinet has revised its advisory for the critical FortiManager vulnerability (CVE-2024-47575), adding new workarounds and indicators of compromise. CISA urges users to apply updates and monitor for malicious activity. https://www.cisa.gov/news-events/alerts/2024/10/30/fortinet-updates-guidance-and-indicators-compromise-following-fortimanager-vulnerability

โš™๏ธ CISA Releases Three Industrial Control Systems Advisories warning โ€“ CISA has issued three advisories addressing vulnerabilities in Siemens, Solar-Log, and Delta Electronics ICS devices, urging users to review them for security updates and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/29/cisa-releases-three-industrial-control-systems-advisories โš™๏ธ CISA Releases Four Industrial Control Systems Advisories warning โ€“ CISA has issued four advisories addressing vulnerabilities in Rockwell Automation and Mitsubishi Electric ICS products, urging users to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/31/cisa-releases-four-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

โณ Sicherheit: Worauf du beim Kauf eines neuen Android-Smartphones achten solltest security news โ€“ Many Android manufacturers fail to provide timely security updates, often delaying patches for years, leaving users vulnerable to threats and privacy issues. https://www.kuketz-blog.de/sicherheit-worauf-du-beim-kauf-eines-neuen-android-smartphones-achten-solltest/

๐Ÿ”Ž Watch: Inside the FBIโ€™s Secret Phone Company security research โ€“ The FBI secretly operated Anom, a secure app used by criminals, revealing how law enforcement exploited its popularity to monitor organized crime without users' knowledge. https://www.404media.co/watch-inside-the-fbis-secret-phone-company/

๐Ÿงจ Internet Archive was breached twice in a month security news โ€“ The Internet Archive faced two breaches within a month, exposing 31 million user records due to mishandled authentication tokens, raising serious concerns about their security practices. https://securityaffairs.com/170068/data-breach/internet-archive-second-data-breach.html

๐Ÿ”’ HM Surf macOS vuln potentially exploited by Adloader malware vulnerability โ€“ A macOS vulnerability (CVE-2024-44133) may allow malware like Adloader to exploit user privacy by accessing cameras and microphones. Apple users are urged to update their systems immediately. https://www.theregister.com/2024/10/21/microsoft_macos_hm_surf/

๐Ÿšง ICE's $2 Million Contract With a Spyware Vendor Is Under White House Review privacy โ€“ ICE's $2 million contract with Paragon Solutions for spyware is under review for compliance with Biden's executive order on spyware, raising concerns about privacy and civil liberties. https://www.wired.com/story/ice-paragon-contract-white-house-review/

๐Ÿ‘ค Meta brings back face scanning to combat scams and account hacking privacy โ€“ Meta reintroduces facial recognition on Facebook and Instagram to help users recover hacked accounts and fight scam ads impersonating celebrities, following privacy concerns that led to its earlier removal. https://www.theverge.com/2024/10/22/24276593/meta-facebook-instagram-facial-recognition-tools-test-celeb-bait

๐Ÿšจ Samsung zero-day flaw actively exploited in the wild vulnerability โ€“ A Samsung zero-day vulnerability (CVE-2024-44068) is being actively exploited, allowing privilege escalation on vulnerable Android devices. Security updates were released in October 2024 to address the issue. https://securityaffairs.com/170119/security/samsung-zero-day-activey-exploited.html

๐Ÿ˜‰ Google Online Security Blog: 5 new protections on Google Messages to help keep you safe security news โ€“ Google introduces five new security features in Google Messages aimed at enhancing user safety, including spam protection and improved verification for messages, to combat scams and protect privacy. https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html

๐Ÿ“ฑ WhatsApp is making a massive change to the way it saves your contacts security news โ€“ WhatsApp introduces a built-in contact manager that allows users to save contacts within the app, independent of their smartphoneโ€™s address book, enhancing privacy and ease of use. https://www.theverge.com/2024/10/22/24276714/whatsapp-built-in-contacts-address-book

๐Ÿšซ Googles Manifest V3: Ein Schlag fรผr Werbeblocker und Nutzerrechte privacy โ€“ Google's Manifest V3 introduces changes that undermine ad blockers and user rights, raising concerns about online privacy and control over web experiences. https://www.kuketz-blog.de/googles-manifest-v3-ein-schlag-fuer-werbeblocker-und-nutzerrechte/

๐Ÿ“ The Global Surveillance Free-for-All in Mobile Ad Data privacy โ€“ A lawsuit highlights how mobile ad data enables tracking of individuals, including law enforcement officers, through services like Babel Street, raising significant privacy concerns amidst a growing data broker industry. https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/

๐Ÿฆบ Ransomware gang stoops to new low, targets prominent nonprofit for disabled people cybercrime โ€“ The Rhysida ransomware group has targeted Easterseals, a nonprofit for disabled individuals, demanding $1.3 million after accessing personal data of nearly 15,000 people in a cyberattack. https://therecord.media/easterseals-central-illinois-data-breach

๐Ÿ’ฃ The EU Throws a Hand Grenade on Software Liability security news โ€“ The EU is introducing strict software liability laws to hold software makers accountable for defects, contrasting with the US approach, which is lagging due to lobbying and lack of political will. https://news.risky.biz/the-eu-throws-a-hand-grenade-on-software-liability/

๐Ÿ’ธ LinkedIn hit with $335 million fine for using member data for ad targeting without consent privacy โ€“ Ireland's Data Protection Commission fined LinkedIn โ‚ฌ310 million for violating GDPR by using member data for ads without consent, marking one of the largest fines against a tech company for data misuse. https://therecord.media/linkedin-hit-with-335-million-fine-gdpr-ireland

๐Ÿ•ต๏ธโ€โ™‚๏ธ HYPR is latest firm to reveal hiring of fraudulent IT worker overseas cybercrime โ€“ HYPR exposed an incident involving a fraudulent IT worker from a contracting agency, highlighting the need for enhanced vetting processes to prevent hiring scams amid rising concerns of fake remote employees. https://cyberscoop.com/hypr-hired-fraudulent-tech-worker-overseas/

๐Ÿฅฝ How the ransomware attack at Change Healthcare went down: A timeline cybercrime โ€“ A ransomware attack on Change Healthcare in February 2024 led to a massive data breach affecting over 100 million people, revealing vulnerabilities in cybersecurity and prompting extensive investigations. https://techcrunch.com/2024/10/24/how-the-ransomware-attack-at-change-healthcare-went-down-a-timeline/

๐Ÿ”ง It Is Now Legal to Hack McFlurry Machines (and Medical Devices) to Fix Them security news โ€“ A new federal rule allows the circumvention of digital locks on McFlurry machines and medical devices for repair purposes, highlighting ongoing issues with manufacturer control over equipment and the need for further repair legislation. https://www.404media.co/it-is-now-legal-to-hack-mcflurry-machines-and-medical-devices-to-fix-them/

๐Ÿค” Prominent crypto critic says someone offered bribes to take down a blog post security news โ€“ Molly White, a crypto critic, reported being offered bribes to remove a post about a fraud case involving Roman Ziemian. After declining the bribe, she received a dubious DMCA takedown request from someone claiming to be a lawyer. https://techcrunch.com/2024/10/25/prominent-crypto-critic-says-someone-offered-bribes-to-take-down-a-blog-post/


Some More, For the Curious

๐Ÿ›ก๏ธ Update #1 Kritische Zero-Day Schwachstelle in FortiManager wird aktiv ausgenutzt โ€“ Update verfรผgbar warning โ€“ The article discusses CERT.at, Austria's Computer Emergency Response Team, focusing on its role in cybersecurity, incident response, and providing guidance to organizations on protecting against cyber threats. https://www.cert.at/de/warnungen/2024/10/kritische-zero-day-schwachstelle-in-fortimanager-wird-aktiv-ausgenutzt-update-verfugbar

๐Ÿ’ธ Stealers on the rise: Kral, AMOS, Vidar and ACR security research โ€“ Information stealers are proliferating, targeting credentials and cryptocurrency data, with methods ranging from malicious downloads to deceptive phishing tactics. Cybercriminals profit from these attacks, threatening privacy. https://securelist.com/kral-amos-vidar-acr-stealers/114237/

๐Ÿ‘ป Sneaky Ghostpulse malware loader hides inside PNG pixels security research โ€“ The Ghostpulse malware now extracts its payload from PNG image pixels, making detection harder. This evolution showcases increasing sophistication in cybercriminal tactics to evade security measures. https://www.theregister.com/2024/10/22/ghostpulse_malware_loader_png/

๐Ÿ›ก๏ธ Justice Department rule aims to curb the sale of Americansโ€™ personal data overseas privacy โ€“ The Justice Department proposed regulations to restrict the sale of Americans' personal data to adversarial countries, enhancing privacy protections while imposing compliance requirements on companies. https://cyberscoop.com/justice-department-data-broker-regulation-china-russia-iran/

๐Ÿ™‚โ€โ†”๏ธ No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer security research โ€“ Recent claims that China's quantum computer has cracked military-grade encryption are exaggerated. Experts affirm that modern cryptography remains secure for the foreseeable future. https://www.schneier.com/blog/archives/2024/10/no-the-chinese-have-not-broken-modern-encryption-systems-with-a-quantum-computer.html

๐Ÿ› ๏ธ VMware fixes critical RCE, make-me-root bugs in vCenter โ€“ for the second time vulnerability โ€“ VMware has issued a second patch for critical vulnerabilities in vCenter Server that could allow remote code execution and privilege escalation, urging all users to update immediately. https://www.theregister.com/2024/10/22/vmware_rce_vcenter_bugs/

๐Ÿช Threat Spotlight: WarmCookie/BadSpace malware โ€“ WarmCookie, a malware family active since April 2024, is used for initial access and persistence, enabling further malware deployment like CSharp-Streamer-RAT. Its distribution involves malspam and malvertising tactics. https://blog.talosintelligence.com/warmcookie-analysis/

๐Ÿ˜ˆ Lazarus APT steals cryptocurrency and user data via a decoy MOBA game security news โ€“ Lazarus APT uses a fake MOBA game to exploit a Google Chrome zero-day vulnerability, gaining access to victims' PCs. The group targets cryptocurrency and evolves its tactics with sophisticated social engineering. https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/

๐Ÿ‘‹ Meet ZachXBT, the Masked Vigilante Tracking Down Billions in Crypto Scams and Thefts security news โ€“ ZachXBT, an anonymous crypto investigator, has traced billions in stolen funds, including a recent $243 million Bitcoin theft, leading to arrests of the alleged hackers and advocating for justice for victims. https://www.wired.com/story/meet-zachxbt-243-million-crypto-theft/

๐ŸŒ Removal of Russian coders spurs debate about Linux kernelโ€™s politics security news โ€“ The Linux kernel's maintainer removed Russian developers from the MAINTAINERS file due to compliance with US sanctions, sparking debate over the intersection of open source and international politics. https://arstechnica.com/information-technology/2024/10/russian-coders-removed-from-linux-maintainers-list-due-to-sanction-concerns/


CISA Corner

โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2024-9537, a ScienceLogic SL1 vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting the need for federal agencies to address active threats promptly. https://www.cisa.gov/news-events/alerts/2024/10/21/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2024-38094, a Microsoft SharePoint deserialization vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting its risks to federal networks and the need for remediation. https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2024-47575, a missing authentication vulnerability in Fortinet FortiManager, to its Known Exploited Vulnerabilities Catalog, urging users to apply patches to mitigate risks. https://www.cisa.gov/news-events/alerts/2024/10/23/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has included CVE-2024-20481 (Cisco ASA and FTD DoS vulnerability) and CVE-2024-37383 (RoundCube Webmail XSS vulnerability) in its Known Exploited Vulnerabilities Catalog due to active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-adds-two-known-exploited-vulnerabilities-catalog

โš™๏ธ ICONICS and Mitsubishi Electric Products vulnerability โ€“ A vulnerability (CVE-2024-7587) in ICONICS and Mitsubishi Electric products allows for potential data disclosure and tampering due to incorrect default permissions. Users are urged to update to mitigate risks. https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01 โš™๏ธ CISA Releases Four Industrial Control Systems Advisories vulnerability โ€“ CISA issued four ICS advisories addressing security vulnerabilities in various systems, VIMESA VHF/FM, iniNet Spider Control, Deep Sea Electronics, OMNET Proteus https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-releases-four-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub