๐Ÿ“ฐwrzlbrmpft's cyberlights๐Ÿ’ฅ

weekly cybersecurity highlights (for everyone!)

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿช Linksys-Router senden wohl WLAN-Passwรถrter an US-Server security research โ€“ zwei getestete Routermodelle รผbermitteln wohl sensible Daten an einen Server in den USA. https://www.golem.de/news/im-klartext-linksys-router-senden-wohl-wlan-passwoerter-an-us-server-2407-186894.html

๐Ÿ Apple warns iPhone users in 98 countries of spyware attacks warning โ€“ Apple warns iPhone users globally about targeted mercenary spyware attacks, emphasizing privacy and ongoing threat notifications. https://techcrunch.com/2024/07/10/apple-alerts-iphone-users-in-98-countries-to-mercenary-spyware-attacks/

๐ŸŽ“ โ€˜Serious hacker attackโ€™ forces Frankfurt university to shut down IT systems cyberattack โ€“ Frankfurt University of Applied Sciences faces a hacker attack, leading to a total IT system shutdown, impacting services and communication. https://therecord.media/serious-hacker-attack-shutdown-frankfurt

โ€ผ๏ธ Scammers double-dip by offering help to recover from scams warning โ€“ Scammers target victims of previous scams with fake offers to recover lost money, posing as trusted entities and requesting upfront fees or sensitive information, with the most vulnerable being victims over 65 years old. https://www.theregister.com/2024/07/09/australia_rescam_warning/

๐Ÿƒโ€โ™‚๏ธ Gadgetbridge: Smartwatches/Fitness-Tracker datenschutzfreundlich nutzen โ€“ Teil 1 privacy โ€“ Gadgetbridge ist eine datenschutzfreundliche Open-Source-App fรผr Android, die es ermรถglicht, Smartwatches und Fitness-Tracker unabhรคngig von den herstellereigenen Apps zu verwenden, um die volle Kontrolle รผber persรถnliche Daten zu behalten und lokale Speicherung zu gewรคhrleisten. https://www.kuketz-blog.de/gadgetbridge-smartwatches-fitness-tracker-datenschutzfreundlich-nutzen-teil-1/

๐Ÿ”ฎ Avast released a decryptor for DoNex Ransomware and its predecessors security news โ€“ Avast developed a decryptor for the DoNex ransomware family due to a cryptographic flaw, allowing victims to recover files for free since March 2024. https://securityaffairs.com/165469/malware/donex-ransomware-decryptor.html

๐Ÿป Apple removed 25 VPN apps from the App Store in Russia privacy โ€“ Apple removed 25 VPN apps from the Russian App Store due to government requests, part of Russia's control over internet access, leading to bypass difficulty for users. https://securityaffairs.com/165437/hacking/apple-removed-vpn-apps-from-app-store-in-russia.html

๐ŸŽซ The Ticketmaster Hack Is Becoming a Logistical Nightmare for Fans and Brokers data breach โ€“ A hacking group released data allowing the creation of over 38,000 concert tickets, posing a potential logistical nightmare for Ticketmaster, venues, fans, brokers, and resale platforms. The hack can lead to issues such as duplicated tickets for sold seats and legitimate buyers being denied entry. https://www.404media.co/the-ticketmaster-hack-is-becoming-a-logistical-nightmare-for-fans-and-brokers/

๐Ÿฅ“ More than 31M email addresses exposed following Neiman Marcus data breach data breach โ€“ Neiman Marcus data breach exposed over 31 million customer email addresses, affecting 64,472 individuals with leaked names, addresses, and more sold by threat actors. https://securityaffairs.com/165492/data-breach/neiman-marcus-data-breach-2.html

๐Ÿค– US, international authorities seize Russian AI bot farm cybercrime โ€“ U.S. authorities seized Russian AI bot farm domains linked to RT, accusing operatives of using Meliorator software to create social media personas and spread disinformation primarily aimed at U.S. politics. https://cyberscoop.com/us-international-authorities-seize-russian-ai-bot-farm/

๐Ÿช› Googleโ€™s dark web monitoring service will soon be free for all users security news โ€“ Google's dark web monitoring service, previously exclusive to Google One subscribers, will be free for all Google account holders starting soon, providing a combined solution to protect online presence. https://www.theverge.com/2024/7/9/24194970/google-one-free-dark-web-monitoring

๐Ÿ•ต๏ธ Hacktivists release two gigabytes of Heritage Foundation data data breach โ€“ The hacktivist group SiegedSec released two gigabytes of data from the Heritage Foundation in response to their Project 2025 initiative, claiming they wanted to expose supporters of the conservative think tank; however, Heritage denies being hacked, stating the data was from a publicly accessible archive. https://cyberscoop.com/hackvists-release-two-gigabytes-of-heritage-foundation-data/

๐Ÿ“ฐ How disinformation from a Russian AI spam farm ended up on top of Google search results security research โ€“ A piece of Russian disinformation about Ukrainian president's wife buying a luxury car spread rapidly online, originating from a fake French website and promoted by pro-Kremlin accounts. https://arstechnica.com/ai/2024/07/how-disinformation-from-a-russian-ai-spam-farm-ended-up-on-top-of-google-search-results/

๐Ÿฆ Scammers harness AI and deepfakes to sell bogus โ€˜miracle curesโ€™ on Meta platforms security news โ€“ Artificial intelligence and deepfake videos fuel health-related scam campaigns on Meta platforms, promoting fake 'miracle cures' endorsed by celebrities and bogus medical experts, targeting millions of users worldwide, based on research by Bitdefender Labs. https://therecord.media/scammers-harness-ai-deepfakes-medical-bogus

๐Ÿ™Š Spear phishing techniques in mass phishing: a new trend security news โ€“ An increasing trend shows elements of spear phishing being incorporated into regular mass phishing campaigns, with sophisticated email design, personalized details, and imitation of HR notifications, showcasing a shift in attackers' techniques and an escalation in decentralized attacks. https://securelist.com/spear-phishing-meets-mass/113125/

๐Ÿฆน RansomHub Ransomware โ€“ What You Need To Know cybercrime โ€“ RansomHub, a Ransomware-as-a-Service group, exploits a vulnerability in the email servers and has quickly risen as a significant threat. https://www.tripwire.com/state-of-security/ransomhub-ransomware-what-you-need-know

๐Ÿ“ฑ You can now protect your high-risk Google account with just your phone privacy โ€“ Google's Advanced Protection Program now allows high-risk users to enroll using a single phone-based passkey. https://www.theverge.com/2024/7/10/24195306/google-accounts-advanced-protection-passkey-enrollment-support-security-key

๐Ÿ“ž AT&T breach leaked call and text records from โ€˜nearly allโ€™ wireless customers data breach โ€“ accessed through a third-party cloud platform. https://www.theverge.com/2024/7/12/24197052/att-data-breach-call-text-records-hack


Some More, For the Curious

๐Ÿ”ฆ Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough hacking writeup โ€“ Shelltorch exposes critical vulnerabilities in PyTorch TorchServe, allowing remote code execution and unauthorized server access. https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server

โš ๏ธ CVE-2024-4577 Exploits in the Wild One Day After Disclosure security research โ€“ Exploitation of PHP vulnerability CVE-2024-4577 for remote code execution with malicious PHP code, emphasizing swift patching and monitoring. https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure

๐Ÿง‘โ€๐Ÿฆฏ CISA broke into a US federal agency, and no one noticed for a full 5 months security news โ€“ CISA red team exercise uncovers security flaws at US federal agency, lasting undetected for five months. https://www.theregister.com/2024/07/12/cisa_broke_into_fed_agency/

๐ŸŒ Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO security news โ€“ NATO faces cyber threats from state-sponsored actors, hacktivists, and cybercriminals, impacting espionage, disruptive attacks, and disinformation campaigns targeting critical infrastructure and political entities. https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-facing-nato/

๐Ÿฆท Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK security research โ€“ Exploring the prioritization of MITRE ATT&CK techniques for detection in Security Operation Centers, Threat Intelligence, and Incident Response. Emphasizing source evaluation, technique relevance, and optimizing detection logic development. https://securelist.com/detection-engineering-backlog-prioritization/113099/

โ˜ข๏ธ New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere security news โ€“ A new attack named Blast RADIUS exploits the 30-year-old RADIUS protocol due to its continued use of MD5, despite known vulnerabilities, allowing adversaries to gain admin access to various networks; the attack has led to a coordinated response from vendors. https://arstechnica.com/security/2024/07/new-blast-radius-attack-breaks-30-year-old-protocol-used-in-networks-everywhere/

๐Ÿ—ž๏ธ Chinese cyber agency accused of 'false and baseless' claims about US interfering in Volt Typhoon research security news โ€“ China's cybersecurity agency inaccurately claimed a U.S. threat intelligence company succumbed to U.S. influence, mischaracterizing the company's report on Dark Power ransomware, leading to pushback and accusations of false representation and manipulation from Western organizations. https://therecord.media/china-cyber-agency-claims-us-interference-volt-typhoon-research

๐Ÿ“ง Exim vulnerability affecting 1.5M servers lets attackers attach malicious files vulnerability โ€“ 1.5 million servers with Exim mail agent are vulnerable to delivering malicious executable attachments due to a critical CVE-2024-39929, prompting urgent updates to address the security issue. https://arstechnica.com/security/2024/07/more-than-1-5-million-email-servers-running-exim-vulnerable-to-critical-attacks/

๐Ÿชฐ Palo Alto Networks fixed a critical bug in the Expedition tool vulnerability โ€“ Palo Alto Networks fixed an admin account takeover bug in its Expedition tool and addressed multiple other vulnerabilities impacting its products. https://securityaffairs.com/165641/security/palo-alto-networks-critical-bug-expedition.html

๐Ÿ” The president ordered a board to probe a massive Russian cyberattack. It never did. security news โ€“ Despite a directive to investigate the SolarWinds attack, the Cyber Safety Review Board did not conduct the investigation, raising concerns about government accountability and cybersecurity oversight. https://arstechnica.com/security/2024/07/the-president-ordered-a-board-to-probe-a-massive-russian-cyberattack-it-never-did/

๐Ÿ’ฐ Wallets tied to CDK ransom group received $25 million two days after attack cybercrime โ€“ CDK Global paid over $25 million in ransom following a ransomware attack, with most of the funds going through a complex money laundering process involving multiple exchanges. https://cyberscoop.com/cdk-ransom-blacksuit-25-million/

๐Ÿ“… DDoSecrets Mirrors Wikileaks Data After Assange Plea Deal security news โ€“ DDoSecrets mirrored Wikileaks data to preserve transparency and ensure data availability, following Julian Assange's plea deal. https://www.404media.co/ddosecrets-mirrors-wikileaks-data-after-assange-plea-deal/

๐Ÿญ Critical infrastructure organizations want CISA to dial back cyber reporting security news โ€“ Critical infrastructure organizations request scaled-back cyber reporting to CISA, expressing concerns over definitions, reporting entities resource burden. https://cyberscoop.com/cisa-cyber-reporting-circia-2024/

๐Ÿ Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine security research โ€“ JFrog Security Research prevented a potential severe supply chain attack by detecting and reporting a leaked access token compromising Python infrastructure. https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/

7๏ธโƒฃ The Stark Truth Behind the Resurgence of Russiaโ€™s Fin7 cybercrime โ€“ The notorious Fin7 cybercrime group reemerges, setting up thousands of malicious sites targeting various brands for phishing attacks. https://krebsonsecurity.com/2024/07/the-stark-truth-behind-the-resurgence-of-russias-fin7/


CISA Corner

๐Ÿฆฟ Peopleโ€™s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action security research โ€“ APT40 compromises organization networks via multiple access vectors with enumeration, web shells, and exfiltration of sensitive data, leading to targeted threat actor investigation. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a

๐Ÿ›ก๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability โ€“ CISA lists three actively exploited vulnerabilities: Rejetto HTTP File Server flaw, Windows Hyper-V privilege escalation issue, and Windows MSHTML platform spoofing flaw. https://www.cisa.gov/news-events/alerts/2024/07/09/cisa-adds-three-known-exploited-vulnerabilities-catalog

CISA Releases Seven Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2024/07/09/cisa-releases-seven-industrial-control-systems-advisories CISA Releases Twenty-one Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2024/07/11/cisa-releases-twenty-one-industrial-control-systems-advisories Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/07/09/adobe-releases-security-updates-multiple-products Microsoft Releases July 2024 Security Updates https://www.cisa.gov/news-events/alerts/2024/07/09/microsoft-releases-july-2024-security-updates Citrix Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/07/09/citrix-releases-security-updates-multiple-products


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿšจ Hijacked: How hacked YouTube channels spread scams and malware cybercrime โ€“ Cybercriminals hijack YouTube channels to spread scams and malware, targeting viewers and content creators. https://www.welivesecurity.com/en/scams/hijacked-hacked-youtube-channels-scams-malware/

๐Ÿš“ Police allege 'evil twin' in-flight Wi-Fi used to steal info cybercrime โ€“ Australian man charged for creating fake in-flight Wi-Fi network to steal credentials; AFP warns against using public Wi-Fi without precautions. https://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/

๐Ÿ“น San Francisco app livestreams local bars to draw more patrons privacy โ€“ 2Night app allows livestreaming of SF bars, raising privacy concerns and backlash from patrons and venue owners. https://sfstandard.com/2024/06/29/2night-live-stream-bars-privacy-concerns/

๐Ÿฅ LockBit claims cyberattack on Croatiaโ€™s largest hospital security news โ€“ LockBit ransomware gang targets Croatia's largest hospital; patient data compromised, impacting emergency services and hospital operations. https://therecord.media/lockbit-claims-cyberattack-croatia-hospital

โš ๏ธ 3 million iOS and macOS apps were exposed to potent supply-chain attacks vulnerability โ€“ Vulnerabilities in CocoaPods server exposed 3 million iOS and macOS apps to code injection attacks for a decade. https://arstechnica.com/?p=2034866

๐Ÿ”‘ The End of Passwords? Embrace the Future with Passkeys. security news โ€“ Passkeys offer enhanced security and privacy, along with convenience, as a passwordless authentication solution. https://blog.nviso.eu/2024/07/02/the-end-of-passwords-embrace-the-future-with-passkeys/

๐Ÿ•ต๏ธ Fiverr Freelancers Offer to Dox Anyone With Powerful U.S. Data Tool security news โ€“ Fiverr freelancers offer doxing services with access to data tool TLOxp https://www.404media.co/fiverr-freelancers-offer-to-dox-anyone-with-powerful-u-s-data-tool-tloxp/

๐Ÿ“ก UN urges Russia to โ€˜immediatelyโ€™ cease interference in European satellites security news โ€“ UN condemns Russian satellite interference, calls for immediate cessation of harmful actions affecting European countries' GPS signals and TV programs. https://therecord.media/un-russia-satellite-interference-europe

๐Ÿชผ Polish government investigates Russia-linked cyberattack on state news agency security news โ€“ Suspicion of Russian involvement in cyberattack on Polish state news agency; aimed at spreading disinformation before European Parliament election. https://securityaffairs.com/165139/intelligence/polish-government-investigating-russia-attack.html

๐ŸŽ’ Alabama Department of Education stops ransomware attack but confirms data stolen data breach โ€“ Alabama Department of Education halts ransomware attack but confirms data breach, potential exposure of student and employee information. https://therecord.media/alabama-education-department-data-breach

๐Ÿ” Google: AI Potentially Breaking Reality Is a Feature Not a Bug security research โ€“ Google researchers co-author a paper detailing real harm caused by generative AI misuse, which can distort reality by producing deceptive content without violating terms of service. It highlights the need for collaboration to address this issue. https://www.404media.co/google-ai-potentially-breaking-reality-is-a-feature-not-a-bug/

โ›“๏ธ New ransomware group uses phone calls to pressure victims, researchers say cybercrime โ€“ New ransomware group Volcano Demon uses phone calls to intimidate victims, threatens to expose data if ransom is not paid. The group employs a double extortion technique and remains a challenge to track. https://therecord.media/ransomware-group-volcano-demon-lukalocker

๐Ÿ”ฅ Traeger smokes security bugs threatening grillers' hard work vulnerability โ€“ Traeger grills vulnerable to high-severity flaw allowing remote attackers to control temperature or shutdown grill; exploitation could ruin cooking. https://www.theregister.com/2024/07/03/traeger_security_bugs/

โ˜˜๏ธ OpenAIโ€™s ChatGPT Mac app was storing conversations in plain text security news โ€“ OpenAI's ChatGPT Mac app stored conversations in plain text; fixed after demonstration, highlighting a potential privacy concern. https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text

โ˜Ž๏ธ Twilio alerts Authy two-factor app users that โ€˜threat actorsโ€™ have their phone numbers security news โ€“ Twilio alerts Authy users of phone number leak, warns of phishing attacks. Previous breach affects 163 Twilio and 93 Authy accounts, leading to the unauthorized registration of additional devices. https://www.theverge.com/2024/7/3/24191791/twilio-authy-2fa-app-phone-numbers-hack-data-breach

๐Ÿ›ฃ๏ธ Europol says mobile roaming tech is hampering crimefighters security news โ€“ Europol is concerned about SMS home routing that hampers criminal investigations due to privacy-enhancing technologies, specifically service-level encryption, enabling suspects to maintain communication privacy within their home network while roaming. https://www.theregister.com/2024/07/05/europol_home_routing_complaint/

๐Ÿฅท Hackers stole OpenAI secrets in a 2023 security breach security news โ€“ OpenAI faced a security breach in 2023, compromising internal discussions but not source code or customer data. Concerns about AI security and possible cyber espionage linked to nation-state actors raised. https://securityaffairs.com/165349/data-breach/openai-2023-security-breach.html


Some More, For the Curious

โ›” Qualys Security Blog security news โ€“ Qualys blog faced unauthorized spam content, investigated, no impact on customer data, production environment, or data exfiltration. https://blog.qualys.com/qualys-insights/2024/07/03/qualys-blog

๐ŸŒ  Like Shooting Phish in a Barrel security research โ€“ Article explores techniques to bypass email link crawlers used by security gateways, including parsers, CAPTCHAs, redirects, browser fingerprinting, and ASN blocking. https://posts.specterops.io/like-shooting-phish-in-a-barrel-926c1905bb4b

๐Ÿค• Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769 warning โ€“ Threat actors exploit CVE-2024-0769 in D-Link DIR-859 routers for information disclosure. GreyNoise observes attackers collecting account details. https://securityaffairs.com/165045/hacking/d-link-dir-859-actively-exploited.html

โš”๏ธ Sanctioned and exposed, Predator spyware maker group has gone awfully quiet security news โ€“ The Predator spyware group, Intellexa, shows decreased activity post sanctions. Observers suggest impact on operations, but caution about potential retooling. https://cyberscoop.com/sanctioned-and-exposed-predator-spyware-maker-group-has-gone-awfully-quiet/

๐Ÿ”’ Emergency patches now available for Juniper Networks routers vulnerability โ€“ Emergency patches released for Juniper Networks routers to fix critical authentication bypass vulnerability (CVE-2024-2973). Users urged to apply patches promptly. https://www.theregister.com/2024/07/01/emergency_patches_available_for_juniper/

๐Ÿ˜“ TeamViewer: Hackers copied employee directory data and encrypted passwords data breach โ€“ TeamViewer breach linked to Russian government-backed APT29; employee directory data and encrypted passwords stolen. https://therecord.media/teamviewer-cyberattack-employee-directory-encrypted-passwords

๐Ÿฆ‡ Exposing FakeBat loader: distribution methods and adversary infrastructure security research โ€“ Sekoia presents FakeBat loader distribution using malvertising, software impersonation, fake browser updates, and social engineering schemes. https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/

๐Ÿณ Vulnerabilities in PanelView Plus devices could lead to remote code execution vulnerability โ€“ Microsoft discovered and disclosed RCE and DoS vulnerabilities in Rockwell Automation PanelView Plus devices. https://www.microsoft.com/en-us/security/blog/2024/07/02/vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution/

๐Ÿฅ… Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers security research โ€“ Recorded Future used infostealer logs to detect consumers of child sexual abuse material on the dark web, aiding law enforcement. https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers

๐Ÿซ… โ€œRegreSSHionโ€ vulnerability in OpenSSH gives attackers root on Linux vulnerability โ€“ Critical OpenSSH vulnerability CVE-2024-6387 allows remote code execution with root system rights on Linux based on glibc systems, leading to full system compromise. https://arstechnica.com/?p=2035011

๐Ÿฉน Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform vulnerability โ€“ Splunk fixes 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including high-severity flaws like Remote Code Execution. https://securityaffairs.com/165204/security/splunk-enterprise-and-cloud-platform-flaws.html

๐Ÿ’” Secret Network Access Broker x999xx โ€“ Krebs on Security cybercrime โ€“ Russian hacker x999xx, a known access broker, trades network access, databases, and stolen data; identified. Acknowledges identity when reached by email and denies interest in harming healthcare institutions. Operates freely in Russia. https://krebsonsecurity.com/2024/07/the-not-so-secret-network-access-broker-x999xx/

๐Ÿ—ƒ๏ธ Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692) security research โ€“ A remote execution vulnerability in HTTP File Server (HFS) was used to exploit user systems, install malware, and establish malicious backdoors. https://asec.ahnlab.com/en/67650/

๐ŸŒ Europol and pals band together in Cobalt Strike disruption security news โ€“ Europol conducted a week-long operation named Operation Morpheus, disrupting nearly 600 IP addresses linked to illegal copies of Cobalt Strike. https://www.theregister.com/2024/07/04/europol_cobalt_strike_crackdown/

๐Ÿ˜ธ Kimsuky Groupโ€™s New Backdoor Appears (HappyDoor) security research https://asec.ahnlab.com/en/67660/

๐Ÿค– New Golang Zergeca Botnet appeared in the threat landscape malware โ€“ New Golang-based Zergeca Botnet emerges, capable of DDoS attacks and additional functionalities like scanning and reverse shell. https://securityaffairs.com/165288/cyber-crime/golang-based-zergeca-botnet.html

๐Ÿฅง Polyfill.io Supply Chain Attack: Censys detected 384,773 hosts still embedding a polyfill JS script linking to the malicious domain security research โ€“ Censys identifies hosts still linking to the malicious polyfill.io domain, affecting major platforms and websites. https://securityaffairs.com/165302/hacking/polyfill-io-supply-chain-attack.html

๐Ÿชถ Apache fixed a source code disclosure flaw in Apache HTTP Server vulnerability โ€“ Apache fixed a source code disclosure vulnerability (CVE-2024-39884) in Apache HTTP Server, urging users to upgrade promptly. https://securityaffairs.com/165422/security/apache-source-code-disclosure-flaw-apache-http-server.html


CISA Corner

๐Ÿญ CISA Releases Seven Industrial Control Systems Advisories vulnerability โ€“ Johnson Controls, mySCADA, ICONICS, Mitsubishi Electric https://www.cisa.gov/news-events/alerts/2024/07/02/cisa-releases-seven-industrial-control-systems-advisories

๐Ÿ›œ Juniper Networks Releases Security Bulletin for Junos OS: SRX Series vulnerability โ€“ Juniper Networks issued a security bulletin for Junos OS: SRX Series to fix a vulnerability leading to denial-of-service. https://www.cisa.gov/news-events/alerts/2024/07/02/juniper-networks-releases-security-bulletin-junos-os-srx-series

โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog โ€“ Cisco NX-OS warning โ€“ CISA added a known exploited vulnerability (CVE-2024-20399) to its catalog, emphasizing the risks and need for prompt mitigation. https://www.cisa.gov/news-events/alerts/2024/07/02/cisa-adds-one-known-exploited-vulnerability-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlights

๐Ÿ”’ Brauchst du wirklich ein VPN? privacy โ€“ Share article on privacy with friends via social media. https://www.kuketz-blog.de/brauchst-du-wirklich-ein-vpn/

๐Ÿ’” Europe and Australia will both not break encryption! Weโ€™ve interviewed Patrick Breyer โ€“ the guy who coined the term Chat Control. privacy โ€“ Germany and Australia push back against encryption legislation. https://tuta.com/blog/interview-patrick-breyer-on-chat-control

โš ๏ธ Angriffen gegen รถsterreichische Unternehmen und Organisationen Published warning โ€“ DDoS-Angriffe gegen รถsterreichische Unternehmen und Organisationen. https://www.cert.at/de/aktuelles/2024/6/akute-welle-an-ddos-angriffen-gegen-osterreichische-unternehmen-und-organisationen


News For All

๐ŸŽต Music industry giants allege mass copyright violation by AI firms security news โ€“ Music labels sue AI firms for copyright infringement in training data. https://arstechnica.com/?p=2033128

โ›” Watchlist Internet โ€“ Falscher Ryanair-Support auf X warning โ€“ Scamming customers by requesting passenger details for further checks, apologizing for inconvenience. https://www.watchlist-internet.at/news/falscher-ryanair-support-auf-x/

๐Ÿšจ French police shut down chat website reviled as 'den of predators' cybercrime โ€“ shut down chat website Coco for serious crimes. https://therecord.media/coco-website-takedown-cybercrime-france

๐Ÿ The inside view of spywareโ€™s 'dirty interference,' from two recent Pegasus victims cybercrime โ€“ Activists and journalists targeted by Pegasus spyware face privacy violations and assert their determination. https://therecord.media/pegasus-spyware-victims-sannikov-erlikh

๐Ÿ‘๏ธ Tagesschaukommentar zur Chatkontrolle: Empรถrte Ahnungslosigkeit privacy โ€“ Criticism towards public coverage of the chat monitoring proposal. https://www.kuketz-blog.de/tagesschaukommentar-zur-chatkontrolle-empoerte-ahnungslosigkeit/

๐Ÿ”ž Lawsuit Claims Microsoft Tracked Sex Toy Shoppers With 'Recording in Real Time' Software privacy โ€“ Microsoft accused of tracking sex toy shoppers without consent. https://www.404media.co/lawsuit-claims-microsoft-tracked-sex-toy-shoppers-with-recording-in-real-time-software/

๐Ÿ’ฐ Predators steal additional $10M from crypto scam victims cybercrime โ€“ Crypto scammers pose as lawyers to defraud victims out of $10 million in a year, taking advantage of the vulnerable to extract further payments. https://www.theregister.com/2024/06/25/predators_steal_additional_10m/

๐Ÿ–ฒ๏ธ Organized crime and domestic violence perps buy trackers security research โ€“ Australian study reveals top tracker purchasers linked to organized crime and domestic violence, using devices to facilitate acts like murder, kidnapping, and drug theft. https://www.theregister.com/2024/06/26/criminals_use_gps_bluetooth_trackers/

๐Ÿฆ  If you're using Polyfill.io code on your site โ€“ like 100,000+ are โ€“ remove it immediately malware โ€“ Malicious code injected via Polyfill.io https://www.theregister.com/2024/06/25/polyfillio_china_crisis/

๐Ÿ”“ ID Verification Service for TikTok, Uber, X Exposed Driver Licenses data breach โ€“ AU10TIX, an ID verification service for TikTok, Uber, and X users, exposed administrative credentials online, risking access to users' sensitive data like driver's licenses. https://www.404media.co/id-verification-service-for-tiktok-uber-x-exposed-driver-licenses-au10tix/

๐Ÿ’ธ US boosts reward for info on 'Missing Cryptoqueen' Ruja Ignatova to $5 million cybercrime โ€“ The US offers $5 million reward for information leading to the arrest of fugitive cryptocurrency fraudster Ruja Ignatova, indicted for alleged role in defrauding victims of over $4 billion in the OneCoin scam and missing since 2017. https://therecord.media/ruja-ignatova-onecoin-cryptoqueen-us-5million-reward

โš–๏ธ Julian Assange pleads guilty, leaves courtroom a free man security news โ€“ Julian Assange pleads guilty to one charge, receives a 62-month sentence which he has already served, leaving him free, following a plea deal, long-standing legal battles, and high-profile leaks through WikiLeaks, including the 'Collateral Murder' video. https://www.theregister.com/2024/06/26/assange_pleads_guilty_sentenced_freed/

๐Ÿ“š Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins malware https://www.wordfence.com/blog/2024/06/supply-chain-attack-on-wordpress-org-plugins-leads-to-5-maliciously-compromised-wordpress-plugins/

๐Ÿ’ป How to manage deleted files on iOS, iPadOS, and macOS cyber defense โ€“ To manage and permanently delete files on iOS, iPadOS, and macOS, ensure files are deleted across iCloud sync. Check sync status, sync apps, and activate sync on Apple devices. https://www.theverge.com/24188104/ios-icloud-iphone-mac-delete-files


Some More, For the Curious

โ›‘๏ธ New cyberthreat research for SMB in 2024 security research โ€“ Small Medium Business' face rising cyberthreats requiring multifaceted cybersecurity measures. https://securelist.com/smb-threat-report-2024/113010/

๐Ÿ’ซ CISA confirms hackers may have accessed data from chemical facilities during January incident security news โ€“ CISA confirms potential data access from cyberattack on chemical facilities. https://therecord.media/cisa-confirms-hackers-chemical-facilities

โš”๏ธ Troy Hunt โ€“ The State of Data Breaches data breach โ€“ Challenges in disclosing breaches and notifying victims; bugbears with breach notifications. https://www.troyhunt.com/the-state-of-data-breaches/

๐Ÿคช I am Goot (Loader) security research โ€“ Cybereason investigates GootLoader malware, part of GootKit family, utilized by UNC2565 for post-exploitation. GootLoader leverages SEO for infection, targets victims with legal document masquerade, believed to be associated with financial incentives. https://www.cybereason.com/blog/i-am-goot-loader

๐Ÿ“Š Taking an Evidence-Based Approach to Vulnerability Prioritization security research โ€“ VulnCheck's blog emphasizes the importance of prioritizing vulnerabilities based on exploit evidence, recommending Known Exploited Vulnerabilities (KEV), weaponized vulnerabilities, and Proof of Concept (POC) exploit codes as top priorities, alongside additional considerations such as ransomware usage, botnet exploitation, and threat actors' activities. https://vulncheck.com/blog/vulnerability-prioritization

โ˜ƒ๏ธ Snowflake isnโ€™t an outlier, itโ€™s the canary in the coal mine security news โ€“ Recent attacks on Snowflake were a result of stolen credentials originating from infostealers, highlighting an industry-wide shift towards identity-focused threats; extensive use of credentials from phishing, infostealers and insider threats; the importance of protecting data with MFA; emphasis on rapid response to infostealer infections, password resets, and secure credential storage. https://blog.talosintelligence.com/infostealer-landscape-facilitates-breaches/

๐Ÿ‘น Global Revival of Hacktivism Requires Increased Vigilance from Defenders security news โ€“ Mandiant observes a resurgence in hacktivism involving complex tactics, including intrusion, information operations, and physical world tampering. https://cloud.google.com/blog/topics/threat-intelligence/global-revival-of-hacktivism/

๐Ÿ‘ƒ LockBit group falsely claimed the hack of the Federal Reserve ransomware โ€“ The LockBit ransomware group falsely claimed to have hacked the US Federal Reserve when in fact the victim was Evolve Bank & Trust. Media outlets reported that the Federal Reserve had previously penalized the bank for deficiencies in risk management, anti-money laundering, and compliance practices. https://securityaffairs.com/164988/cyber-crime/lockbit-has-not-hacked-federal-reserve.html

๐ŸชŸ TeamViewer responds to security 'irregularity' in IT network security news โ€“ TeamViewer detected a security 'irregularity' in its corporate IT environment, prompting an immediate investigation and implementation of remediation measures. The company downplays the incident, asserting that the product environment and customer data remain unaffected. https://www.theregister.com/2024/06/28/teamviewer_network_breach/

๐ŸŽ‘ Sustaining Digital Certificate Security โ€“ Entrust Certificate Distrust security news โ€“ Chrome to distrust some Entrust certificates due to compliance failures. https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html

๐Ÿง‹ TeamViewer says Russia broke into its corp IT network security news โ€“ Russian cyber-spies breached TeamViewer's corporate IT network, contained to non-production systems, no customer data accessed. https://www.theregister.com/2024/06/28/teamviewer_russia/

๐ŸŽ๏ธ Supply-chain ransomware attack cripples thousands of car dealerships cybercrime โ€“ A ransomware attack by the BlackSuit gang targeted CDK Global, a platform widely used by car dealerships, leading to system shutdowns and disruptions in business operations. https://www.exponential-e.com/blog/supply-chain-ransomware-attack-cripples-thousands-of-car-dealerships

๐Ÿฉป Mitigating Skeleton Key, a new type of generative AI jailbreak technique security research โ€“ Skeleton Key, a new type of generative AI jailbreak technique called Explicit: forced instruction-following, bypasses guardrails in AI models, enabling the production of harmful content. Microsoft discovered and mitigated this vulnerability with Prompt Shields. https://www.microsoft.com/en-us/security/blog/2024/06/26/mitigating-skeleton-key-a-new-type-of-generative-ai-jailbreak-technique/

โ„๏ธ Russia's Midnight Blizzard stole email of more Microsoft customers security news โ€“ Microsoft warns more customers of email theft by Russia-linked Midnight Blizzard hacking campaign. Incident response team reaching out to customer administrators to provide a secure portal to view stolen emails from the cyberespionage group. https://securityaffairs.com/165038/hacking/midnight-blizzard-email-microsoft-customers.html

๐Ÿ” Google will address Androidโ€™s Find My Device network issues โ€˜over the coming weeksโ€™ security news โ€“ Google addressing issues with Android's Find My Device network. https://www.theverge.com/2024/6/26/24186381/google-find-my-device-tracking-pixel-android


CISA Corner

๐Ÿ” CISA Releases Two Industrial Control Systems Advisories security news https://www.cisa.gov/news-events/alerts/2024/06/25/cisa-releases-two-industrial-control-systems-advisories ๐Ÿ”’ CISA Adds Three Known Exploited Vulnerabilities to Catalog security news https://www.cisa.gov/news-events/alerts/2024/06/26/cisa-adds-three-known-exploited-vulnerabilities-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿ’Œ Security bug allows anyone to spoof Microsoft employee emails vulnerability โ€“ Bug allows MS employee email spoofing, not yet patched. https://techcrunch.com/2024/06/18/security-bug-allows-anyone-to-spoof-microsoft-employee-emails/?guccounter=1

๐Ÿ’ณ First million breached Ticketmaster records released for free data breach โ€“ Ticketmaster breached records leaked, potential for phishing attacks. https://www.malwarebytes.com/blog/news/2024/06/first-million-breached-ticketmaster-records-released-for-free

๐Ÿ—จ๏ธ Signal president Meredith Whittaker criticizes EU attempts to tackle child abuse material privacy โ€“ Signal Foundation president criticizes EU proposal. https://therecord.media/european-council-e2ee-proposal-signal-whittaker-criticism

โš–๏ธ Signal, MEPs urge EU Council to drop encryption-eroding law security news โ€“ EU Council set to vote on law aiming to fight child exploitation online by requiring client-side scanning of digital communication to prevent dissemination of unlawful content, jeopardizing encryption. Signal and MEPs strongly advocate against the proposal, highlighting privacy and security risks. https://www.theregister.com/2024/06/18/signal_eu_upload_moderation/

๐Ÿฆฅ Federal contractors pay multimillion-dollar settlements over cybersecurity lapses security news โ€“ Federal contractors fined for cybersecurity failures during NY program. https://therecord.media/federal-contractors-pay-multimillion-settlement

๐Ÿ–ผ๏ธ AI Images in Google Search Results Have Opened a Portal to Hell privacy โ€“ Google Search results show AI-generated images without indication of origin. https://www.404media.co/google-image-search-ai-results-have-opened-a-portal-to-hell/

๐Ÿชฌ Proton is taking its privacy-first apps to a nonprofit foundation model privacy โ€“ Proton transitions to nonprofit foundation model with emphasis on privacy. https://arstechnica.com/gadgets/2024/06/proton-is-taking-its-privacy-first-apps-to-a-nonprofit-foundation-model/

๐Ÿ’ธ The Financial Dynamics Behind Ransomware Attacks cybercrime โ€“ Ransomware attacks evolve with financial incentives using cryptocurrency for anonymity. https://securityaffairs.com/164636/cyber-crime/financial-dynamics-ransomware-attacks.html

๐Ÿคน How are attackers trying to bypass MFA? security news โ€“ Increased incidents related to MFA bypass attempts, including push notifications and social engineering tactics. https://blog.talosintelligence.com/how-are-attackers-trying-to-bypass-mfa/

๐Ÿ”‘ How quickly can attackers guess your password? security research โ€“ Study reveals most passwords can be cracked in less than an hour. https://securelist.com/passworde-brute-force-time/112984/

โŒ› Meta delays training its AI using public content shared by EU users privacy โ€“ Meta postpones training its large language models with public content from adult users in the EU due to a request from the Irish Data Protection Commission, highlighting disappointment over the decision and emphasizing the need to bring the benefits of AI to people in Europe. https://securityaffairs.com/164652/laws-and-regulations/meta-postponing-training-llm-eu-data.html

๐Ÿš— Car dealerships hit with massive computer system outage cybercrime โ€“ CDK Global cyberattack disrupts car dealerships in North America. https://www.theverge.com/2024/6/20/24182484/car-dealerships-massive-computer-system-outage-cdk-global

๐Ÿš… Amtrak forces password changes after user account break-ins security news โ€“ Amtrak's Guest Rewards program faces a security breach due to credential stuffing, prompting mandatory multi-factor authentication and password resets for affected users. https://www.theregister.com/2024/06/19/amtrak_has_had_another_breach/

๐Ÿ’› Google Chrome 126 update addresses multiple vulnerabilities security news โ€“ high-severity vulnerabilities reported by security researchers at a hacking competition, including type confusion and memory access issues. https://securityaffairs.com/164688/security/google-chrome-126-update.html

๐Ÿ˜ต Qilin Ransomware: What You Need To Know cybercrime โ€“ Qilin, a ransomware-as-a-service operation with Russian links, demands high ransoms; targeted London hospitals sparked attention. https://www.tripwire.com/state-of-security/qilin-ransomware-what-you-need-know

โ›” Biden administration bans sale of Kaspersky software in US security news โ€“ The Biden administration bans Kaspersky Labs from selling software in the USA due to concerns about ties to the Russian government and potential exploitation in cyberoperations. https://cyberscoop.com/biden-administration-bans-sale-of-kaspersky-software-in-us/

๐Ÿฆโ€โฌ› Australian regulator blames lack of multi-factor authentication for Medibank hack security news https://therecord.media/medibank-hack-australian-government-report-mfa


Some More, For the Curious

๐Ÿ•ต๏ธ TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution security research โ€“ TikTag exploits ARM's ME for data exposure through speculation. https://arxiv.org/abs/2406.08719

๐Ÿฎ Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages vulnerability โ€“ Mailcow code vulnerabilities lead to remote code execution. https://www.sonarsource.com/blog/remote-code-execution-in-mailcow-always-sanitize-error-messages/

๐Ÿ’ป Road to redemption: GhostSec's hacktivists went to the dark side. Now they want to come back security news โ€“ GhostSec shifts from hacktivism to cybercrime with ransomware attacks and claims to shift back. https://therecord.media/ghostsec-hacktivism-cybercrime-interview-click-here-podcast

๐Ÿงƒ Multiple vulnerabilities resolved in Juniper Secure Analytics in 7.5.0 UP8 IF03 vulnerability https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03

๐Ÿชง Schneier on Security โ€“ Rethinking Democracy for the Age of AI security opinion โ€“ Bruce Schneier discusses rethinking governance systems for the age of AI, pointing out the need for new systems that align incentives and resist hacking, addressing issues like misinformation, misaligned incentives, and inadequate governance structures. https://www.schneier.com/blog/archives/2024/06/rethinking-democracy-for-the-age-of-ai.html

๐Ÿฉ NHS boss says Scottish trust didn't meet attackers' demands data breach โ€“ NHS Dumfries and Galloway's CEO informs residents of a cyberattack where data was stolen but not altered; the criminals published the data. https://www.theregister.com/2024/06/18/nhs_dumfries_and_galloway_letter/

๐Ÿฉน VMware fixed RCE and privilege escalation bugs in vCenter Server security news โ€“ VMware patched vCenter Server vulnerabilities allowing remote code execution and privilege escalation, impacting multiple versions. https://securityaffairs.com/164659/hacking/vmware-fixed-vcenter-server-flaws.html

๐Ÿชผ AMD is investigating claims of stolen company data security news โ€“ AMD is investigating allegations of stolen company data, including future product information, being offered for sale by a threat actor known as IntelBroker. https://www.theverge.com/2024/6/18/24181406/amd-investigating-claims-stolen-company-data-sale-intelbroker

๐Ÿšจ Qilin has โ€˜no regretsโ€™ over the healthcare crisis it caused security news โ€“ The ransomware gang Qilin, responsible for a deliberate and politically motivated attack on London hospitals to leverage against political elites of specific countries, demanded a $50 million ransom. They claim to have stolen over one terabyte of data to be leaked, potentially causing a healthcare crisis in the UK capital. https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/

๐Ÿ” High severity bugs in Confluence vulnerability โ€“ Atlassian fixed nine high-severity vulnerabilities in Confluence, Jira, and Crucible products, including improper authorization flaws and SSRF issues. https://securityaffairs.com/164743/security/atlassian-confluence-crucible-jira-flaws.html

โšก UK's largest nuclear site denies being hacked but pleads guilty over cybersecurity failures cybercrime โ€“ Sellafield nuclear site in UK faces charges related to cybersecurity failings under Nuclear Industries Security Regulations 2003. https://therecord.media/sellafield-guilty-plea-uk-nuclear-facility-cybersecurity

๐Ÿ” SCCM Exploitation: Evading Defenses and Moving Laterally with SCCM Application Deployment security research โ€“ SCCM exploitation risks and attacks explained. https://www.guidepointsecurity.com/blog/sccm-exploitation-evading-defenses-and-moving-laterally-with-sccm-application-deployment/

๐Ÿฅ A Birdโ€™s-eye view: ShareFinder-How Threat Actors Discover File Shares (The DFIR Report) security research โ€“ Attackers exploit file shares, Canaries detect malicious activity. https://blog.thinkst.com/2024/06/a-birds-eye-view-sharefinder-how-threat-actors-discover-file-shares-the-dfir-report.html

๐Ÿด Polish investigators seize Pegasus spyware systems as part of probe into alleged abuse security news โ€“ investigations ongoing regarding the legality and purchase of the software, which allegedly targeted opposition politicians in Poland. https://therecord.media/poland-seizure-pegasus-spyware-systems

๐ŸฆŸ Phoenix UEFI bug affects long list of Intel chip families vulnerability โ€“ A UEFI firmware vulnerability, CVE-2024-0762, affecting Phoenix Technologies UEFI firmware used across various Intel chip families poses threats such as buffer overflow and code execution. https://www.theregister.com/2024/06/21/uefi_vulnerability_intel_chips/

๐Ÿ›ก๏ธ Threat actors exploited SolarWinds Serv-U vulnerability vulnerability โ€“ CVE-2024-28995, a directory traversal issue allowing access to sensitive files; GreyNoise reports extensive attempts following public disclosure and availability of proof-of-concept code. https://securityaffairs.com/164806/hacking/solarwinds-serv-u-cve-2024-28995-exploit.html


CISA Corner

๐Ÿฆฎ CISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs) security news โ€“ CISA shared a detailed report on challenges to SSO adoption by SMBs and suggested ways to enhance security. https://www.cisa.gov/news-events/alerts/2024/06/20/cisa-releases-guidance-single-sign-sso-adoption-small-and-medium-sized-businesses-smbs

๐Ÿฆฎ CISA and Partners Release Guidance for Modern Approaches to Network Access Security security news โ€“ advocate for modern security solutions like Zero Trust, SSE, and SASE for improved network access security. https://www.cisa.gov/news-events/alerts/2024/06/18/cisa-and-partners-release-guidance-modern-approaches-network-access-security

๐Ÿ”’ RAD Data Communications SecFlow-2 vulnerability โ€“ RAD Data Communications' SecFlow-2 device is vulnerable to path traversal, allowing attackers to retrieve files from the operating system remotely. https://www.cisa.gov/news-events/ics-advisories/icsa-24-170-01

๐Ÿ”’ CISA Releases Three Industrial Control Systems Advisories security news โ€“ security issues affecting Yokogawa CENTUM, CAREL Boss-Mini, and Westermo L210-F2G. https://www.cisa.gov/news-events/alerts/2024/06/20/cisa-releases-three-industrial-control-systems-advisories


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

๐Ÿ“ข Android: Werbung/Tracker schnell und einfach systemweit loswerden privacy https://www.kuketz-blog.de/android-werbung-tracker-schnell-und-einfach-systemweit-loswerden/


News For All

โš•๏ธ Microsoft, Google pledge 'low cost' cybersecurity services to rural hospitals security news โ€“ Microsoft and Google, in collaboration with the White House, are offering reduced-price cybersecurity services to rural hospitals to address the rising cyber threat in the healthcare sector. https://therecord.media/microsoft-google-rural-hospital-cybersecurity

๐Ÿ—ณ๏ธ AI and the Indian Election โ€œsecurityโ€ research โ€“ Indian election features (legitimate) AI, including deepfakes and personalized communication. https://www.schneier.com/blog/archives/2024/06/ai-and-the-indian-election.html

๐Ÿงฌ Privacy authorities in Canada and UK announce joint probe of 23andMe data breach data breach โ€“ privacy regulators launch a joint investigation into the global data breach at genetic testing company 23andMe, which exposed the genetic data of at least 5 million users in October 2023. https://therecord.media/23andme-data-breach-canada-uk-privacy-investigation

๐Ÿš— One of the major sellers of detailed driver behavioral data is shutting down privacy https://arstechnica.com/cars/2024/06/one-of-the-major-sellers-of-detailed-driver-behavioral-data-is-shutting-down/

โš”๏ธ China state hackers infected 20,000 Fortinet VPNs, Dutch spy service says security news โ€“ The backdoor malware CoatHanger was installed, persisting despite reboots. Fortinet's delayed disclosure of the vulnerability impacted response. https://arstechnica.com/security/2024/06/china-state-hackers-infected-20000-fortinet-vpns-dutch-spy-service-says/

๐Ÿซ— Cylance clarifies breach, dodges questions about the source data breach โ€“ Cybersecurity firm Cylance confirms a data breach related to marketing data from 2015-2018 before BlackBerry acquisition. Data allegedly includes customer, partner, and employee names and email addresses, with no compromise to current systems. https://www.theregister.com/2024/06/11/cylance_clarifies_data_breach_details/

โบ๏ธ Patch Tuesday, June 2024 โ€œRecallโ€ Edition โ€“ Krebs on Security security news โ€“ including a critical flaw in Microsoft Message Queuing that could allow attackers to remotely control a system. Adobe also released security updates for multiple products. https://krebsonsecurity.com/2024/06/patch-tuesday-june-2024-recall-edition/

๐Ÿฆพ Semiconductor giants Nvidia and Arm warn of new flaws in their graphics processors security news โ€“ Arm warns of an actively exploited zero-day flaw in its Mali GPU Kernel Driver, CVE-2024-4610, allowing unauthorized access to sensitive information. Nvidia discloses 10 new vulnerabilities in its GPU Display Driver and vGPU software. https://therecord.media/nvidia-arm-semiconductor-flaws-patches

๐Ÿ“ถ Microsoft fixes hack-me-via-Wi-Fi Windows security hole security news โ€“ Microsoft's June Patch Tuesday addresses multiple CVEs, including a publicly known DNSSEC flaw, a severe remote code execution flaw in MSMQ, and a Wi-Fi driver remote code execution hole. Adobe releases 10 patches covering 166 CVEs, addressing various critical vulnerabilities. SAP issues a dozen security notes, including high-priority alerts for bugs affecting NetWeaver. PHP, Arm, Apple, Google, SolarWinds, Fortinet, and Cisco also release security updates. https://www.theregister.com/2024/06/12/june_patch_tuesday/

๐Ÿ‘ฟ CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog security news โ€“ CISA lists exploited vulnerabilities in Android, Windows, and Telerik. https://securityaffairs.com/164525/security/cisa-adds-android-pixel-microsoft-windows-progress-telerik-report-server-known-exploited-vulnerabilities-catalog.html

๐Ÿฆน Ukrainian police identify suspected affiliate of Conti, LockBit groups cybercrime โ€“ Ukrainian cyber police identify a Kyiv resident, specializing in developing cryptors to evade antivirus detection. The Dutch police expressed gratitude for the cooperation in apprehending the suspect. https://therecord.media/ukraine-suspected-lockbit-conti-affiliate

๐Ÿฎ How Chinaโ€™s Cyber Ecosystem Feeds Off Its Superstar Hackers security research โ€“ Analysis highlights China's leveraging of civilian talent for state-sponsored cyber operations through hacking contests and bug bounties. Chinese researchers dominate hacking competitions, leading to vulnerability research being harnessed by state operations. https://news.risky.biz/how-chinas-cyber-ecosystem-feeds-off-its-superstar-hackers/

๐Ÿ›ค๏ธ Google faces GDPR complaint over Privacy Sandbox privacy โ€“ Privacy campaigner noyb files a GDPR complaint against Google, alleging that the 'Privacy Feature' in the Chrome browser resulted in unwanted tracking, contrary to its promotion of eliminating third-party tracking cookies through the Privacy Sandbox API. https://www.theregister.com/2024/06/13/noyb_gdpr_privacy_sandbox/

๐Ÿฅธ Watch Out! CISA Warns It Is Being Impersonated By Scammers warning โ€“ CISA warns of rising impersonation scams where scammers pretend to be trusted entities to trick victims into sharing sensitive information or money, using social engineering tactics. https://www.tripwire.com/state-of-security/watch-out-cisa-warns-it-being-impersonated-scammers

โธ๏ธ Meta hits pause on EU AI training plans under pressure privacy โ€“ Meta postpones plans to train AI models on EU Facebook and Instagram posts after privacy complaints, affecting launch of Meta AI in the economic zone, but continues with plans for other regions. https://www.theregister.com/2024/06/14/meta_eu_privacy/

๐Ÿ“” CERT.at โ€“ How we cover your back cyber defense โ€“ CERT.at proactively informs network operators about potential security issues affecting Austrian companies. https://www.cert.at/en/blog/2024/6/how-we-cover-your-back

HIBP Corner ๐Ÿ†• Telegram Combolists and 361M Email Addresses security news โ€“ 151M mail new addresses with passwords some connected websites. https://www.troyhunt.com/telegram-combolists-and-361m-email-addresses/


Some More, For the Curious

๐Ÿ•ต๏ธ Bypassing Veeam Authentication CVE-2024-29849 security research โ€“ authentication bypass vulnerability explained with code analysis. https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/

โณ 1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension hacking write-up โ€“ Creators developed malicious VSCode extension in 30 minutes, exposing source code to remote server. https://medium.com/@amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7

๐Ÿชž Microsoft Refused to Fix Flaw Years Before SolarWinds Hack โ€” ProPublica security news โ€“ Microsoft ignored critical security flaw for years pre-SolarWinds hack. https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

๐Ÿ•ต๏ธ How scammers bypass 2FA cybercrime โ€“ Scammers utilize OTP bots and phishing kits to bypass 2FA by social engineering victims and intercepting OTPs. OTP bots automate scam calls to victims for obtaining codes, providing various features. https://securelist.com/2fa-phishing/112805/

๐Ÿ“ณ Hacking Millions of Modems (and Investigating Who Hacked My Modem) hacking write-up https://samcurry.net/hacking-millions-of-modems

๐Ÿ›ก๏ธ Windows flaw may have been exploited with Black Basta ransomware before it was patched security research โ€“ Symantec evidence suggests pre-patch exploitation. https://therecord.media/black-basta-ransomware-zero-day-windows

๐Ÿ‘‘ Alleged Boss of โ€˜Scattered Spiderโ€™ Hacking Group Arrested โ€“ Krebs on Security cybercrime โ€“ A 22-year-old UK man was arrested in Spain. The group is accused of hacking into multiple organizations, accessing critical data and funds. Noyb and UK authorities accuse him of SIM-swapping and heading the notorious gang involved in cyber theft activities, including costly ransom attacks at casinos. https://krebsonsecurity.com/2024/06/alleged-boss-of-scattered-spider-hacking-group-arrested/

๐Ÿ‘Ÿ Ransomware Group Exploits PHP Vulnerability Days After Disclosure vulnerability https://www.securityweek.com/ransomware-group-exploits-php-vulnerability-days-after-disclosure/

๐Ÿ‘‹ ASUS fixed critical remote authentication bypass bug in several routers security news https://securityaffairs.com/164549/security/asus-router-models-critical-rce.html


CISA Corner

๐Ÿ” Fortinet Releases Security Updates for FortiOS https://www.cisa.gov/news-events/alerts/2024/06/11/fortinet-releases-security-updates-fortios ๐Ÿ›ก๏ธ Microsoft Releases June 2024 Security Updates https://www.cisa.gov/news-events/alerts/2024/06/11/microsoft-releases-june-2024-security-updates ๐Ÿ”“ CISA Adds Two Known Exploited Vulnerabilities to Catalog CVE-2024-4610 ARM Mali GPU Use-After-Free and CVE-2024-4577 PHP-CGI Command Injection. https://www.cisa.gov/news-events/alerts/2024/06/12/cisa-adds-two-known-exploited-vulnerabilities-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

๐Ÿ”’ Sichere und datenschutzfreundliche Browser: Meine Empfehlungen โ€“ Teil 1 privacy โ€“ Detailed analysis of browser security and privacy features, recommendations for multiple browsers, focusing on anti-tracking and anti-fingerprinting measures. https://www.kuketz-blog.de/sichere-und-datenschutzfreundliche-browser-meine-empfehlungen-teil-1/


News For All

๐Ÿฑโ€๐Ÿ’ป Germany's Christian Democratic party hit by 'serious' cyberattack cybercrime โ€“ Germany's CDU faces 'serious' cyberattack; takes IT systems offline. https://www.reuters.com/technology/cybersecurity/germanys-christian-democratic-party-hit-by-serious-cyberattack-2024-06-01/

๐Ÿ“บ Fake Tom Cruise warns of violence at Paris Olympics in pro-Russian info op cybercrime โ€“ Pro-Russian groups spread fake violence threats for Paris Olympics. https://cyberscoop.com/russia-tom-cruise-ai-paris-olympics/

โ„น๏ธ Experts found information of European politicians on dark web privacy https://securityaffairs.com/164036/deep-web/info-european-politicians-dark-web.html

๐Ÿ’ผ 5 Reasons Why You Should Use a Password Manager security news โ€“ using a password manager is a wise move to secure data. https://www.techrepublic.com/article/5-reasons-why-you-should-use-a-password-manager/

โš•๏ธ Rural hospitals are particularly vulnerable to ransomware, report finds security news โ€“ highly susceptible due to limited resources and critical access roles. https://cyberscoop.com/rural-hospital-ransomware-cyber/

๐Ÿ‘ถ Microsoft accused of tracking kids with education software privacy โ€“ Noyb requests Austrian data protection authority to investigate Microsoft 365 Education for potential GDPR violations regarding transparency. https://www.theregister.com/2024/06/04/noyb_microsoft_complaint/

โšก TikTok warns of exploit aimed at 'high-profile accounts' cybercrime โ€“ TikTok addresses account takeover campaign targeting high-profile users; malware spreads via direct messages. https://therecord.media/tiktok-exploit-high-profile-accounts

๐Ÿค– Zoom CEO envisions AI deepfakes attending meetings in your place security news โ€“ Zoom CEO envisions AI-powered digital twins to attend meetings on behalf of individuals. https://arstechnica.com/?p=2028754

๐Ÿฆฆ Warning Against Phishing Emails Prompting Execution of Commands via Paste (CTRL+V) malware โ€“ Phishing emails distribute HTML files prompting users to run malicious PowerShell commands via pasting (CTRL+V), leading to the execution of the DarkGate malware. https://asec.ahnlab.com/en/66300/

๐Ÿก Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics warning โ€“ Mandiant warns of elevated cyber threat risks facing the 2024 Paris Olympics, including cyber espionage, disruptive operations, and financially motivated activity. https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics/

๐Ÿ“ฝ๏ธ Cisco addressed Webex flaws used to compromise German government meetings security news โ€“ vulnerabilities allowed unauthorized access to meeting information, including topics and participants. https://securityaffairs.com/164173/breaking-news/cisco-webex-flaws-german-government-meetings.html

๐Ÿณ๏ธโ€๐ŸŒˆ Language app Duolingo removes LGBTQ+ content from Russian platforms security news โ€“ in compliance with Roskomnadzor's request, which labels LGBTQ+ advocates as 'extremists' in Russia. https://therecord.media/language-app-duolingo-lgbtq-removes

๐ŸŽฏ Hit by LockBit? The FBI is waiting to help you with over 7,000 decryption keys cybercrime โ€“ Victims are encouraged to contact the FBI for help in decrypting their data and to assist in ongoing cybercrime investigations. https://www.tripwire.com/state-of-security/hit-lockbit-fbi-waiting-help-you-over-7000-decryption-keys

๐Ÿฆ† DuckDuckGo offers โ€œanonymousโ€ access to AI chatbots through new service security news โ€“ enabling interaction with various language models from OpenAI, Anthropic, Meta, and Mistral, ensuring chats are anonymized and promptly deleted to uphold privacy. https://arstechnica.com/information-technology/2024/06/duckduckgo-offers-anonymous-access-to-ai-chatbots-through-new-service/

๐Ÿ˜ค AI jailbreaks: What they are and how they can be mitigated security research โ€“ AI jailbreaks are techniques that bypass guardrails in AI systems, leading to undesired outcomes; Microsoft outlines the risks, characteristics, and mitigation strategies for AI jailbreaks, emphasizing defense in depth and detection mechanisms to prevent unauthorized data access, content misuse, and system subversion. https://www.microsoft.com/en-us/security/blog/2024/06/04/ai-jailbreaks-what-they-are-and-how-they-can-be-mitigated/


Recall Corner ๐Ÿฅท Malware can steal data collected by the Windows Recall tool security research โ€“ Researchers demonstrated accessing and extracting Recall-captured snapshots stored in an unencrypted database. https://securityaffairs.com/164181/digital-id/malware-steal-data-windows-recall-tool.html

๐Ÿคท Microsoft Research chief scientist has no issue with Recall security news โ€“ Jaime Teevan, chief scientist at Microsoft Research, dismissed concerns about Microsoft's Recall feature despite privacy and security risks raised by critics; Recall builds an archive of user screenshots and logs activities, stored locally. https://www.theregister.com/2024/06/06/microsoft_research_recall/

๐Ÿ™ƒ Update on the Recall preview feature for Copilot+ PCs security news โ€“ Microsoft provides an update on the Recall feature for Copilot+ PCs. https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/

๐Ÿงป Microsoft rolls back โ€˜dumbest cybersecurity move in a decadeโ€™ security news โ€“ Microsoft revises Recall feature after severe criticism over privacy concerns; changes include opt-in, biometric enrollment, and enhanced encryption amid backlash from security researchers over potential data exposure in screenshots of users' screens. https://cyberscoop.com/microsoft-rolls-back-dumbest-cybersecurity-move-in-a-decade/


Some More, For the Curious

๐Ÿฆ  PikaBot: a Guide to its Deep Secrets and Operations malware โ€“ Detailed analysis of PikaBot malware, including anti-analysis techniques and C2 infrastructure. https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/

๐Ÿ‘† Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools security research โ€“ Increase in ransomware activity observed in 2023, reliance on legitimate tools for attacks, escalation of extortion tactics, rise of new ransomware families, and common tactics observed. https://cloud.google.com/blog/topics/threat-intelligence/ransomware-attacks-surge-rely-on-public-legitimate-tools/

๐Ÿ™… Snowflake says thereโ€™s no evidence attackers breached its platform to hack Ticketmaster security news โ€“ Snowflake denies responsibility for Ticketmaster and Santander breaches; joint statement with CrowdStrike and Mandiant supports claim. https://www.theverge.com/2024/6/3/24170876/snowflake-ticketmaster-santander-data-breach-details

๐Ÿ›‹๏ธ Most of the security teamsโ€™ work has nothing to do with chasing advanced adversaries security news โ€“ Security teams' day-to-day reality involves mundane tasks like communication, cross-functional collaboration, security evangelism, tooling management, and resource planning, contrary to the glamorous portrayal in movies and marketing. https://ventureinsecurity.net/p/most-of-the-security-teams-work-has

๐Ÿ’ Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab security news โ€“ sophisticated attack named Operation Triangulation targeted iPhones of Kaspersky employees and Russian diplomats. https://therecord.media/kaspersky-apple-bug-bounty-declined

๐Ÿ’ญ Shostack + Friends Blog > The Universal Cloud TM security research โ€“ Rich Mogull and Chris Farris released 'The Universal Cloud Threat Model' (UCTM), designed to update traditional threat modeling for public cloud operations. https://shostack.org/blog/universal-cloud-threat-model-threat-model-thurs/

๐Ÿ‘พ New York Times source code compromised via exposed GitHub token data breach โ€“ The New York Times' source code and data were leaked on 4chan by an anonymous user who targeted the company's GitHub repositories in January 2024 using an exposed GitHub token, with confirmation from The New York Times that the leaked data is legitimate. https://securityaffairs.com/164280/data-breach/new-york-times-source-code-leaked.html

๐Ÿง‘โ€๐ŸŒพ What is RansomHub? Looks like a Knight ransomware reboot malware โ€“ RansomHub likely Knight ransomware rebrand; exploits ZeroLogon vulnerability. https://www.theregister.com/2024/06/05/ransomhub_knight_reboot/

๐Ÿšช Microsoft shows venerable and vulnerable NTLM security protocol the door security news โ€“ Microsoft deprecates NTLM protocol, advises switch to Kerberos for security. https://www.theregister.com/2024/06/06/microsoft_deprecates_ntlm/

โš”๏ธ Leveraging Escalation Attacks in Penetration Testing Environments โ€“ Part 1 security research โ€“ Exploring AD CS vulnerabilities and attacks in penetration testing. https://www.guidepointsecurity.com/blog/leveraging-escalation-attacks-in-penetration-testing-environments-part-1/

๐Ÿ’ธ Pandabuy was extorted twice by the same threat actor cybercrime โ€“ Pandabuy extorted twice by same threat actor after paying ransom. https://securityaffairs.com/164263/cyber-crime/pandabuy-extorted-again.html

๐Ÿชฒ Nasty bug with very simple exploit hits PHP just in time for the weekend vulnerability โ€“ Critical PHP vulnerability allows code execution on Windows; urgent action required. https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/


CISA Corner

๐Ÿ“ข Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access security news โ€“ Snowflake warns of cyber threats targeting accounts, urges vigilance. https://www.cisa.gov/news-events/alerts/2024/06/03/snowflake-recommends-customers-take-steps-prevent-unauthorized-access

๐Ÿ’ฃ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability โ€“ CISA adds Oracle WebLogic Server vulnerability to exploited list. https://www.cisa.gov/news-events/alerts/2024/06/03/cisa-adds-one-known-exploited-vulnerability-catalog


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlight

โ›ณ CERT.at Sicherheitslรผcke in Check Point Network Security Gateways (Mobile Access) vulnerability โ€“ Security vulnerability in Check Point Network Security Gateways. https://www.cert.at/de/warnungen/2024/5/sicherheitslucke-in-check-point-network-security-gateways-mobile-access-fix-verfugbar

Operation Endgame โš”๏ธ Operation Endgame, the largest law enforcement operation ever against botnets security news โ€“ Operation Endgame, led by Europol and involving multiple countries, targeted various botnets like IcedID, SystemBC, and Pikabot used to facilitate malicious activities including ransomware deployment. https://securityaffairs.com/163876/cyber-crime/operation-endgame.html ๐ŸŽฏ โ€˜Operation Endgameโ€™ Hits Malware Delivery Platforms โ€“ Krebs on Security security news โ€“ Operation Endgame targets malware droppers, disrupts infrastructure and arrests suspects in a coordinated international law enforcement effort. Europol seizes servers and domains, adding criminals to Most Wanted list. https://krebsonsecurity.com/2024/05/operation-endgame-hits-malware-delivery-platforms/ ๐Ÿ”š Troy Hunt: Operation Endgame security news โ€“ Law enforcement agencies provide 16.5M email addresses and 13.5M unique passwords to Have I Been Pwned (HIBP) as part of Operation Endgame. The data, gathered from a botnet takedown, helps identify compromised credentials and inform impacted individuals to strengthen their online security practices. https://www.troyhunt.com/operation-endgame/


News For All

๐Ÿ“ฐ Risky Biz News: Google distrusts GlobalTrust certs Austrian business!! security news โ€“ Google plans to stop trusting GlobalTrust TLS certificates, recent cyberattacks and threat intel highlights. https://news.risky.biz/risky-biz-news-google-throws-out-globaltrust-certs/

๐Ÿ›น How scammers trick message board users cybercrime โ€“ Scammers target message board users in buyer and seller scams, using phishing links for financial theft. https://securelist.com/message-board-scam/112691/

๐Ÿซฆ WordPress Plugin abused to install e-skimmers in e-commerce sites malware โ€“ Threat actors abuse WordPress plugin to insert e-skimmers in e-commerce sites, stealing credit card data. https://securityaffairs.com/163777/malware/wordpress-plugin-insert-e-skimmer.html

๐Ÿ˜ Researchers crack 11-year-old password, recover $3 million in bitcoin security research โ€“ after failed attempts by others, Grand and a friend successfully recover the password. https://arstechnica.com/information-technology/2024/05/researchers-crack-11-year-old-password-recover-3-million-in-bitcoin/

๐Ÿฅ… Is Your Computer Part of โ€˜The Largest Botnet Ever?โ€™ โ€“ Krebs on Security cybercrime โ€“ Alleged operator of 911 S5, a large botnet used to facilitate cybercrime, arrested. Service turned computers into proxies for traffic relay. Billions lost in online fraud. https://krebsonsecurity.com/2024/05/is-your-computer-part-of-the-largest-botnet-ever/

๐Ÿง‘โ€๐Ÿ’ผ Three-day DDoS attack batters the Internet Archive security news โ€“ The Internet Archive has been targeted by a sustained DDoS attack affecting services like the online library and the Wayback Machine. However, the bigger threat comes from ongoing lawsuits by major US book publishing companies and record labels alleging copyright infringement and seeking significant damages, potentially endangering the non-profit archive's future. https://www.theregister.com/2024/05/29/ddos_internet_archive/

๐Ÿ  From Phish to Phish Phishing: How Email Scams Got Smart security news โ€“ Evolution of phishing scams from simple to AI-driven complex attacks. https://blog.checkpoint.com/security/from-phish-to-phish-phishing-how-email-scams-got-smart/

๐Ÿค A list of cybersecurity-focused charities and nonprofits security news โ€“ A list of cybersecurity-focused charities and nonprofits aimed at helping individuals and organizations within the cybersecurity industry, advancing the field, and contributing to a better world. https://ventureinsecurity.net/p/a-list-of-cybersecurity-focused-charities

๐Ÿฅ™ Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature warning โ€“ Observed suspicious activity starting on April 15. The attacks exploited the cross-origin authentication feature in Customer Identity Cloud (CIC), posing a risk of unauthorized access to user accounts. https://securityaffairs.com/163867/cyber-crime/okta-credential-stuffing-cross-origin-authentication.html

๐Ÿฆ„ Phones of journalists and activists in Europe targeted with Pegasus security news โ€“ European journalists and activists targeted with Pegasus spyware, highlighting continued threat to press freedom. Recommendations for moratorium on spyware. EU faces criticism for lack of action on spyware issues. https://cyberscoop.com/spyware-europe-nso-pegasus/

๐Ÿ›๏ธ EU Parliament member suspected of being paid to promote Russian propaganda security news โ€“ Belgian and French police search properties of European Parliament employee suspected of receiving money from Russia to promote propaganda. Investigation involves promotion of Kremlin propaganda via Voice of Europe news website. https://therecord.media/eu-parliament-member-paid-propaganda

๐ŸงŸ Stalkerware app pcTattletale announces it is 'out of business' after suffering data breach and website defacement security news โ€“ Leaked data included customer details and spyware victims' data. Lessons on cybersecurity importance and ethical usage of stalkerware highlighted. https://www.bitdefender.com/blog/hotforsecurity/stalkerware-app-pctattletale-announces-it-is-out-of-business-after-suffering-data-breach-and-website-defacement/

๐ŸŽซ Massive Ticketmaster, Santander data breaches linked to Snowflake cloud storage data breach โ€“ Ticketmaster and Santander Bank data breaches, potentially affecting millions of users, traced back to attacks on Snowflake cloud storage. https://www.theverge.com/2024/5/31/24168984/ticketmaster-santander-data-breach-snowflake-cloud-storage

๐Ÿ“บ Twitch ditches expert safety advisors for 'ambassador' team security news โ€“ Twitch reportedly disbands its Safety Advisory Council and plans to replace it with Twitch ambassadors. Twitch ambassadors are active users contributing positively to the community, but it is unclear if they are experts on online safety. https://www.theregister.com/2024/05/31/twitch_safety_advisory_council/


Some More, For the Curious

๐ŸŽƒ The Pumpkin Eclipse malware โ€“ 600,000 routers rendered inoperable by Chalubo RAT. https://blog.lumen.com/the-pumpkin-eclipse/

๐Ÿ’ฃ DDoS-as-a-Service: The Rebirth Botnet cybercrime โ€“ RebirthLtd offers DDoS-as-a-Service targeting gamers for profit. https://sysdig.com/blog/ddos-as-a-service-the-rebirth-botnet/

๐Ÿ‘… CVE-2024-22058 Ivanti Landesk LPE vulnerability โ€“ Exploit for Ivanti Landesk Local Privilege Escalation. https://mantodeasecurity.de/en/2024/05/cve-2024-22058-ivanti-landesk-lpe/

๐Ÿ” Check Point โ€“ Wrong Check Point (CVE-2024-24919) vulnerability โ€“ Check Point CloudGuard Network Security vulnerability exploited in the wild for arbitrary file read. https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

โ›น๏ธโ€โ™‚๏ธ Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges vulnerability โ€“ Cisco Talos' team discovers vulnerabilities in Adobe Acrobat Reader, Foxit PDF Reader, PLC CPU modules, and an image-processing library; patches released for all vulnerabilities. https://blog.talosintelligence.com/vulnerability-roundup-may-29-2024/

๐Ÿ”™ NIST expects to clear backlog in vulnerabilities database by end of fiscal year security news โ€“ NIST has awarded a contract to address the backlogged vulnerabilities in the National Vulnerability Database; the backlog is due to increased submissions and changes in interagency support.. https://therecord.media/nist-nvd-backlog-clear-end-fiscal-2024

๐Ÿฆ  Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.) security research โ€“ A threat actor is distributing malware disguised as cracked versions of legitimate software like Hangul Word Processor, infecting many systems in South Korea. The attacker adds layers to the infection by registering to the Task Scheduler, enabling persistence. https://asec.ahnlab.com/en/66017/

๐ŸŒ Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices security news โ€“ The attacks, by nation-backed actors like 'CyberAv3ngers' and pro-Russian hacktivists, underscore the urgent need to enhance OT device security to prevent critical infrastructure from becoming vulnerable. https://www.microsoft.com/en-us/security/blog/2024/05/30/exposed-and-vulnerable-recent-attacks-highlight-critical-need-to-protect-internet-exposed-ot-devices/

๐Ÿฆ‘ LilacSquid APT targeted orgs in the U.S., Europe, and Asia security research โ€“ Uncovered APT group LilacSquid launches data theft campaigns since 2021. Their TTPs overlap with North Korea-linked APT groups. https://securityaffairs.com/163927/apt/lilacsquid-targeted-orgs-in-us-europe-asia.html

๐Ÿช’ Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud vulnerability โ€“ A detailed account of an XML External Entity (XXE) injection vulnerability found in SharePoint that affects both on-prem and cloud instances. https://www.thezdi.com/blog/2024/5/29/cve-2024-30043-abusing-url-parsing-confusion-to-exploit-xxe-on-sharepoint-server-and-cloud

CISA Corner KEV โ€“ Checkpoint, Linux Kernel, JAVS, Google Chromium https://www.cisa.gov/news-events/alerts/2024/05/30/cisa-adds-two-known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2024/05/29/cisa-adds-one-known-exploited-vulnerability-catalog https://www.cisa.gov/news-events/alerts/2024/05/28/cisa-adds-one-known-exploited-vulnerability-catalog Industrial Advisories https://www.cisa.gov/news-events/alerts/2024/05/30/cisa-releases-seven-industrial-control-systems-advisories https://www.cisa.gov/news-events/alerts/2024/05/28/cisa-releases-one-industrial-control-systems-advisory


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, missing or in any other way off, please let me know!


Highlight

๐Ÿง‘โ€โœˆ๏ธ Recall feature in Microsoft Copilot+ PCs raises privacy concerns privacy โ€“ Microsoft's Recall feature in Copilot+ PCs, raises privacy concerns and undergoes investigation by the UK data watchdog. Users may be able manage and delete snapshots, but potential risks to privacy and security remain. https://securityaffairs.com/163609/security/microsoft-recall-feature-copilot-pcs.html

๐Ÿ” New Windows AI feature records everything youโ€™ve done on your PC privacy โ€“ Microsoft's Recall feature records user activities, raising privacy concerns. https://arstechnica.com/gadgets/2024/05/microsofts-new-recall-feature-will-record-everything-you-do-on-your-pc/

๐Ÿ•โ€๐Ÿฆบ Personal AI Assistants and Privacy โ€“ Schneier on Security privacy โ€“ Bruce Schneier explores the privacy concerns surrounding Microsoft's AI-powered digital assistant, Recall, highlighting the need for trustworthy AI to protect users' data and emphasizing transparency in the development of such systems. https://www.schneier.com/blog/archives/2024/05/personal-ai-assistants-and-privacy.html


News For All

๐ŸŒช๏ธ Privacy, human rights, and Tornado Cash privacy โ€“ Developer of Tornado Cash service sentenced in laundering case, igniting concerns over financial privacy, law enforcement intervention, and crypto misuse. Privacy rights clash with anti-money laundering laws, sparking debates over encryption and financial surveillance. https://www.citationneeded.news/tornado-cash/

๐Ÿš” Police caught circumventing city bans on face recognition privacy โ€“ Police bypassing facial recognition bans through neighboring agencies. https://www.theregister.com/2024/05/20/cops_circumvent_facial_recognition/

๐Ÿ’ฐ HHS offering $50 million for proposals to improve hospital cybersecurity security news โ€“ HHS funds hospital cybersecurity tools to combat cyberattacks. https://therecord.media/hhs-offering-funding-cybersecurity-hospital

๐Ÿ’ง EPA will step up inspections of water sector cybersecurity security news โ€“ EPA increasing water sector cybersecurity inspections due to rising threats. https://cyberscoop.com/epa-water-inspections-cyber-alert/

๐ŸŒ Fi Router Doubles as an Apple AirTag โ€“ Krebs on Security security research โ€“ Research finds Apple's Wi-Fi geolocation API used to track devices globally. https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/

๐Ÿงฌ Homeland Security has collected DNA data from 1.5 million immigrants in four years, researchers find privacy โ€“ DHS collected DNA from 1.5M immigrants for database, raising privacy concerns. https://therecord.media/homeland-security-collected-dna-millions-immigrants

๐Ÿ™…โ€โ™‚๏ธ From trust to trickery: Brand impersonation over the email attack vector security research โ€“ Talos researchers uncover techniques used by threat actors to embed brand logos in emails for brand impersonation, with insights into detected cases. https://blog.talosintelligence.com/from-trust-to-trickery-brand-impersonation/

๐Ÿ‘€ A consumer-grade spyware app found in check-in systems of 3 US hotels security news โ€“ spyware app pcTattletale discovered on check-in systems of three Wyndham hotels, enabling unauthorized access to guest details and vulnerabilities, highlighting concerns over privacy and security. https://securityaffairs.com/163550/uncategorized/spyware-app-check-in-systems-3-wyndham-hotels.html

๏ธ๐Ÿง‘โ€โš–๏ธ Crooks plant backdoor in software used by courtrooms around the world security news https://arstechnica.com/security/2024/05/crooks-plant-backdoor-in-software-used-by-courtrooms-around-the-world/

๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ You can now share passwords within your Google family group security news โ€“ Google's newest Google Play services update allows family group members to securely share passwords saved in Google Password Manager. https://www.theverge.com/2024/5/23/24163560/google-password-manager-share-passwords-family-group

๐Ÿ’ณ Cyber Signals: Inside the growing risk of gift card fraud cybercrime โ€“ Microsoft observes rise in gift card fraud by group Storm-0539 targeting cloud environments for fraudulent gift card creation. https://www.microsoft.com/en-us/security/blog/2024/05/23/cyber-signals-inside-the-growing-risk-of-gift-card-fraud/

๐Ÿค– Googleโ€™s โ€œAI Overviewโ€ can give false, misleading, and dangerous answers security news โ€“ sometimes humorous or misleading answers, especially when treating jokes as facts and relying on questionable sourcing like troll forums or fan fiction sites. https://arstechnica.com/information-technology/2024/05/googles-ai-overview-can-give-false-misleading-and-dangerous-answers/


Some More, For the Curious

๐ŸŽ’ KB4581: Veeam Backup Enterprise Manager Vulnerabilities (CVE vulnerability https://www.veeam.com/kb4581

๐Ÿ“ง New 'Siren' mailing list aims to share threat intelligence for open source projects security news โ€“ Siren mailing list for open source threat intelligence sharing. https://therecord.media/openssf-siren-open-source-threat-intelligence-mailing-list

๐Ÿ˜ฎโ€๐Ÿ’จ Master of Puppets: Uncovering the DoppelGรคnger pro-Russian influence campaign security research โ€“ pro-Russian influence campaign targets Western democracies. https://blog.sekoia.io/master-of-puppets-uncovering-the-doppelganger-pro-russian-influence-campaign/

๐Ÿช€ Critical Fluent Bit bug affects all major cloud providers vulnerability โ€“ Critical vulnerability in Fluent Bit affects major cloud providers. https://www.theregister.com/2024/05/21/fluent_bit_flaw/

โฉ Beyond the Basics: Exploring Uncommon NTLM Relay Attack Techniques hacking write-up https://www.guidepointsecurity.com/blog/beyond-the-basics-exploring-uncommon-ntlm-relay-attack-techniques/

๐Ÿ‘จโ€๐Ÿ’ป GitHub Enterprise Server patches critical vulnerability vulnerability https://www.theregister.com/2024/05/22/github_enterprise_server_patch/

๐Ÿฎ Crimeware report: Acrid, ScarletStealer and Sys01 stealers security research https://securelist.com/crimeware-report-stealers/112633/

๐ŸŒ€ 5 Reasons Why Every Developer Should Incorporate Common Weakness Enumeration (CWE) into Their Software Development Life Cycle (SDLC) security research https://infosec-mashup.santolaria.net/p/5-reasons-why-every-developer-should

๐Ÿ”š Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM) vulnerability โ€“ Ivanti addressed multiple critical SQL injection vulnerabilities in Endpoint Manager (EPM) 2022 SU5 and prior versions, allowing attackers within the network to execute code. https://securityaffairs.com/163587/security/ivanti-endpoint-manager-critical-sql-injection.html

โš”๏ธ How ransomware abuses BitLocker security news โ€“ BitLocker repurposed for ransomware in incident response effort, using VBS script for unauthorized file encryption. https://securelist.com/ransomware-abuses-bitlocker/112643/

๐Ÿ•ต๏ธ Stark Industries Solutions: An Iron Hammer in the Cloud โ€“ Krebs on Security cybercrime โ€“ Stark Industries Solutions emerged before the Russian invasion of Ukraine and is behind massive DDoS attacks, used to conceal cyberattacks and disinformation campaigns. https://krebsonsecurity.com/2024/05/stark-industries-solutions-an-iron-hammer-in-the-cloud/

๐Ÿฅก An XSS flaw in GitLab allows attackers to take over accounts vulnerability https://securityaffairs.com/163649/hacking/gitlab-xss-flaw.html

๐Ÿ›– MITRE December 2023 attack: threat actors created rogue VMs to evade detection security news โ€“ MITRE Corporation reported a breach in their NERVE network caused by China-linked nation-state actors, who chained two Ivanti Connect Secure zero-day flaws. https://securityaffairs.com/163658/apt/mitre-december-2023-attack-rogue-vms.html more info https://mastodon.social/@campuscodi/112503791372484604

CISA Corner ๐Ÿ‘€ [...]remove connectivity on all [...] devices connected to the [...] internet https://www.cisa.gov/news-events/alerts/2024/05/21/rockwell-automation-encourages-customers-assess-and-secure-public-internet-exposed-assets Chromium again, NextGen Healthcare Mirth Connect https://www.cisa.gov/news-events/alerts/2024/05/20/cisa-adds-two-known-exploited-vulnerabilities-catalog Apache Flink https://www.cisa.gov/news-events/alerts/2024/05/23/cisa-adds-one-known-exploited-vulnerability-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

โš ๏ธ Not all scams are easy to spot warning โ€“ Scammers utilize coincidental timing and correct details to trick even smart individuals. https://www.emsisoft.com/en/blog/45650/not-all-scams-are-easy-to-spot/

๐Ÿฆฎ Guidance for organisations considering payment in ransomware incidents cyber defense โ€“ Guidance for organizations on ransomware incidents, emphasizing alternatives to paying. https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents

๐Ÿ›ก๏ธ CISA and Partners Release Guidance for Civil Society Organizations on Mitigating Cyber Threats with Limited Resources security news โ€“ CISA, DHS, FBI, and international partners release cyber threat mitigation guidance for civil society organizations to combat state-sponsored threats. https://www.cisa.gov/news-events/alerts/2024/05/14/cisa-and-partners-release-guidance-civil-society-organizations-mitigating-cyber-threats-limited

๐Ÿ›ค๏ธ Google and Apple deliver support for unwanted tracking alerts in Android and iOS security news โ€“ Google and Apple collaborate on alerting users of unwanted tracking. https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html

๐Ÿ”’ Encrypted mail service still okay with giving PII to cops security news โ€“ ProtonMail under scrutiny for disclosing user data to police; US Patent and Trademark Office exposes private addresses online again; LockBit ransomware hits Wichita, Kansas, disrupting city services. https://www.theregister.com/2024/05/13/infosec_in_brief/

๐Ÿ”“ Europol confirms incident after data break-in claims security news โ€“ Europol investigates claims of stolen data from Europol Platform for Experts by cybercriminal IntelBroker. No compromise of core systems, but confidential data samples leaked. Incident raises concerns over security of sensitive EU and law enforcement data. https://www.theregister.com/2024/05/13/europol_data_breach/

๐Ÿ’ป How Did Authorities Identify the Alleged Lockbit Boss? โ€“ Krebs on Security cybercrime โ€“ The U.S. DoJ charges Russian Dmitry Yuryevich Khoroshev as LockBit leader involved in extensive ransomware-related crimes, traced through forum usernames and domain registrations. Khoroshev's cyber activity predates notorious cybercrime forums, suggesting prior involvement in ransomware schemes. Indictment details financial strategy and offers insight into underground activities. https://krebsonsecurity.com/2024/05/how-did-authorities-identify-the-alleged-lockbit-boss/

๐Ÿค– Android is getting an AI-powered scam call detection feature security news โ€“ Google is developing an AI-powered scam call detection feature for Android, utilizing Gemini Nano to spot fraudulent language and warn users in real-time, aiming to prevent falling victim to phone scams. It will be an opt-in feature, ensuring privacy by running locally and offline. https://www.theverge.com/2024/5/14/24156212/google-android-ai-gemini-scam-call-detection-feature-io

๐Ÿ™๏ธ City of Helsinki suffered a data breach data breach โ€“ The City of Helsinki experienced a significant data breach that impacted students, guardians, and personnel, with threat actors gaining access to various personal and sensitive information. https://securityaffairs.com/163088/data-breach/city-of-helsinki-data-breach.html

๐Ÿ”จ Christie's takes website offline after cyberattack, delays live auction security news โ€“ Christie's auction house website taken offline due to a cyberattack, delaying a live auction; clients can still participate in auctions via different methods while the issue is resolved. Limited information was provided about the cyberattack. https://therecord.media/christies-website-down-auction-delayed-cyberattack

๐Ÿ”’ Threat actors may have exploited a zero security news โ€“ Apple releases urgent security updates addressing code execution vulnerabilities in iPhones, iPads, and macOS, including a memory corruption flaw in the Real-Time Kernel (RTKit) which may have been exploited as a zero-day. https://securityaffairs.com/163096/hacking/apple-iphones-zero-day-exploited.html

๐Ÿ“ฑ Android will be able to detect if your phone has been snatched security news โ€“ Google introduces security features in Android 15 beta, including Theft Detection Lock to prevent unauthorized access if the phone is stolen, private spaces for hidden apps with unique PIN, and Play Protect updates for threat detection and app permissions monitoring. https://www.theverge.com/2024/5/15/24157068/android-15-ai-theft-detection-lock-privacy-security

๐Ÿ” EU probes Meta over its provisions for protecting children security news โ€“ European Commission probes Meta over potential breaches of Digital Services Act (DSA) related to protecting minors on Facebook and Instagram, examining issues such as addictive behavior, access to inappropriate content, and privacy measures. https://www.theregister.com/2024/05/16/eu_investigates_meta_over_its/


Some More, For the Curious

๐Ÿ•ต๏ธ In den Datenstrom eintauchen: Ein Werkzeugkasten fรผr Analysten von Android-Apps security research https://www.kuketz-blog.de/in-den-datenstrom-eintauchen-ein-werkzeugkasten-fuer-analysten-von-android-apps/

๐Ÿšซ Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule vulnerability โ€“ Injecting specific strings can shut down websites protected by WAF, causing Denial of Service. https://blog.sicuranext.com/response-filter-denial-of-service-a-new-way-to-shutdown-a-website/

๐ŸŸ Using MITM to bypass FIDO2 phishing security research โ€“ Research reveals potential vulnerabilities in FIDO2 authentication, highlighting the importance of implementing Token Binding for enhanced security. https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/

๐ŸŒœ To the Moon and back(doors): Lunar landing in diplomatic missions security research โ€“ ESET Lunar toolset infiltrated European MFA using backdoors LunarWeb and LunarMail, attributed to Turla APT group. https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/

๐Ÿชต Log4Shell shows no sign of fading, spotted in 30% of CVE exploits security news โ€“ survey reveals organizations still have insecure protocols on WAN, aiding lateral movement; Log4Shell exploit identified in 30% of outbound CVE exploits despite being three years old. https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols/

๐Ÿ”’ The xz apocalypse that almost was security news โ€“ A recap of the backdoor incident in the xz library, detailing the timeline of events, community contributions, potential scale of impact, and industry insights on OpenSSH servers. Despite the wide adoption of OpenSSH and xz, the incident, while significant, was not as catastrophic as feared due to the vigilance of the large community. https://www.bitsight.com/blog/xz-apocalypse-almost-was

๐Ÿ”ฃ Diagrams and Symbols in Threat Models security research https://shostack.org/blog/diagrams-and-symbols-in-threat-models/

๐Ÿ‘ฎ FBI Seizes BreachForums Website security news https://www.schneier.com/blog/archives/2024/05/fbi-seizes-breachforums-website.html

โ™จ๏ธ CISA spreads Black Basta advice amid Ascension infection security news โ€“ CISA and Health-ISAC issue bulletins on Black Basta ransomware gang after the attack on US healthcare provider Ascension, advising on defense strategies and outlining the group's tactics. https://www.theregister.com/2024/05/13/cisa_ascension_ransomware/

๐Ÿฆ† QakBot attacks with Windows zero-day (CVE-2024-30051) vulnerability โ€“ A zero-day vulnerability in the Windows Desktop Window Manager was discovered and exploited in the wild, leading to privilege escalation. The vulnerability, CVE-2024-30051, was reported to Microsoft and a patch was released on May 14, 2024. https://securelist.com/cve-2024-30051/112618/

๐Ÿ›น MITRE released EMB3D Threat Model for embedded devices cyber defense โ€“ MITRE released the EMB3D threat model for critical infrastructure embedded devices, aiming to improve security by providing insights on cyber threats and device features for vendors, operators, and researchers across various industries. https://securityaffairs.com/163144/security/mitre-released-emb3d-framework.html

๐ŸฆŠ Foxit PDF Reader โ€œFlawed Designโ€ : Hidden Dangers Lurking in Common Tools security research https://blog.checkpoint.com/research/foxit-pdf-reader-flawed-design-hidden-dangers-lurking-in-common-tools/

๐Ÿ›ž Rounding up some of the major headlines from RSA security news โ€“ Recap of top stories and trends from RSA Conference, focusing on AI, build security initiative, technologies countering deepfakes, and Microsoft disclosing a zero-day vulnerability. Major headlines include healthcare network disruption, Google and Apple alert for unwanted device tracking, and Christie's cyber attack. https://blog.talosintelligence.com/threat-source-newsletter-may-16-2024/

CISA Corner KEV โ€“ Google Chromium, D-Link and Microsoft https://www.cisa.gov/news-events/alerts/2024/05/13/cisa-adds-one-known-exploited-vulnerability-catalog https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-adds-three-known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2024/05/14/cisa-adds-two-known-exploited-vulnerabilities-catalog Siemens Advisories https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-releases-seventeen-industrial-control-systems-advisories Updates by Adobe, Microsoft, Apple and Cisco https://www.cisa.gov/news-events/alerts/2024/05/15/adobe-releases-security-updates-multiple-products https://www.cisa.gov/news-events/alerts/2024/05/14/microsoft-releases-may-2024-security-updates https://www.cisa.gov/news-events/alerts/2024/05/14/apple-releases-security-updates-multiple-products https://www.cisa.gov/news-events/alerts/2024/05/16/cisco-releases-security-updates-multiple-products


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


Highlights

๐Ÿ’ฐ Krypto-Betrรผger: Sechs ร–sterreicher festgenommen cybercrime โ€“ Six Austrians were arrested for running an online scam involving a supposed new cryptocurrency, defrauding investors of millions. Europol coordinated the operation, seizing over 500,000 euros in cryptocurrencies, 250,000 euros in fiat, and other assets. The suspects falsely claimed to open an online trading company with a new cryptocurrency, carrying out an Initial Coin Offering (ICO) without transparency, leading investors to realize they were deceived in February 2018. https://www.heise.de/news/Krypto-Betrueger-Sechs-Oesterreicher-festgenommen-9714300.html

Lockbit Corner ๐Ÿ›‘ Law enforcement seized Lockbit group's website again cybercrime โ€“ Law enforcement seizes Lockbit group's website, threatens to reveal identities. https://securityaffairs.com/162778/cyber-crime/law-enforcement-seized-lockbit-site-again.html

โ›“๏ธ U.S. Charges Russian Man as Boss of LockBit Ransomware Group โ€“ Krebs on Security cybercrime โ€“ U.S. charges Russian man as boss of LockBit ransomware group, part of elaborate criminal network. https://krebsonsecurity.com/2024/05/u-s-charges-russian-man-as-boss-of-lockbit-ransomware-group/

๐ŸŽ™๏ธ In interview, LockbitSupp says authorities outed the wrong guy cybercrime โ€“ LockBit leader denies being correctly identified. https://therecord.media/lockbitsupp-interview-ransomware-cybercrime-lockbit

๐Ÿง LockBit gang claimed responsibility for the attack on City of Wichita cybercrime โ€“ The City of Wichita was hit by a LockBit ransomware attack, leading to network shutdown. The LockBit gang threatened to leak stolen data, prompting an investigation by third-party experts and law enforcement. Systems remain offline, with no definitive timeline for restoration. https://securityaffairs.com/162910/cyber-crime/city-of-wichita-lockbit-ransomware.html


News For All

๐Ÿฅ  Stealing cookies: Researchers describe how to bypass modern authentication security research โ€“ Researchers detail bypassing modern authentication via MITM attack. https://cyberscoop.com/stealing-cookies-researchers-describe-how-to-bypass-modern-authentication/

๐Ÿ” Why Your VPN May Not Be As Secure As It Claims โ€“ Krebs on Security security research โ€“ Researchers reveal VPN vulnerability via rogue DHCP server attacks. https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/

๐Ÿ’ธ Online Scams: Are These All Scams? Distinguishing the Legit from the Scam cybercrime โ€“ Sophisticated scammers create fake websites and emails, deceiving users. https://asec.ahnlab.com/en/65091/

๐Ÿ”‘ Yubico bolsters authentication security with updated YubiKey 5 series devices security news โ€“ Yubico releases updated security keys with enhanced features. https://www.theverge.com/2024/5/7/24150918/yubico-5-7-firmware-update-security-key-yubikey-5

๐Ÿ”— April 2024โ€™s Most Wanted Malware: Surge in Androxgh0st Attacks and the Decline of LockBit3 security research โ€“ significant increase in AndroXgh0st malware attacks during April 2024, alongside a noticeable decrease in LockBit3.0 attacks, highlighting the shifting landscape of cybersecurity threats. https://blog.checkpoint.com/security/april-2024s-most-wanted-malware-surge-in-androxgh0st-attacks-and-the-decline-of-lockbit3/

๐Ÿ” New Case Study: The Malicious Comment security news โ€“ Malicious code hidden in 'Thank you' image compromised online shoppers. https://thehackernews.com/2024/05/new-case-study-malicious-comment.html

โ›” Stolen childrenโ€™s health records posted online in extortion bid data breach โ€“ Children's health records from NHS Dumfries and Galloway published by cybercriminals for extortion. https://therecord.media/scotland-nhs-children-records-posted-extortion-ransomware

๐Ÿง  Back to the Hype: An Update on How Cybercriminals Are Using GenAI cybercrime โ€“ Cybercriminals continue to use generative AI, focusing on jailbreaking capabilities and emerging deepfake services for criminal activities. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai

โœˆ๏ธ Boeing confirms attempted $200 million ransomware extortion attempt cybercrime โ€“ Boeing faced a $200 million ransomware demand from LockBit, part of a larger cyberattack. Boeing did not pay the ransom and the incident impacted its parts and distribution business. https://cyberscoop.com/boeing-confirms-attempted-200-million-ransomware-extortion-attempt/

๐Ÿš” FBI Warns US Retailers That Cybercriminals Are Targeting Their Gift Card Systems warning โ€“ FBI warns US retailers of a cybercriminal group targeting staff with phishing attacks to create fraudulent gift cards, highlighting the financial losses and sophisticated tactics used. https://www.tripwire.com/state-of-security/fbi-warns-us-retailers-cybercriminals-are-targeting-their-gift-card-systems

โค๏ธโ€๐Ÿฉน Major health care system hobbled by โ€˜cyber incidentโ€™ cybercrime โ€“ Ascension health care system suffers a cyber incident causing disruptions to clinical operations, affecting medical services, patient records access, and necessitating manual documentation. Incident follows recent high-profile attacks in the healthcare industry, highlighting the need for cybersecurity standards. https://cyberscoop.com/major-health-care-system-hobbled-by-cyber-incident/

๐Ÿ“ข Dell discloses data breach impacting millions of customers data breach โ€“ Dell revealed a data breach affecting millions of customers, exposing names, physical addresses, and hardware purchase data. Financial details and sensitive information were not compromised. https://securityaffairs.com/162942/cyber-crime/dell-data-breach-2.html

๐Ÿ“ฑ Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials malware โ€“ Malicious Android apps impersonate popular services to trick users into installing them, then request extensive permissions to steal credentials and perform malicious activities, such as accessing contact lists, SMS messages, and launching phishing pages mimicking social media and financial services. https://thehackernews.com/2024/05/malicious-android-apps-pose-as-google.html

๐Ÿชฒ Google fixes fifth actively exploited Chrome zero vulnerability โ€“ Google patched the fifth zero-day vulnerability in Chrome this year, a use-after-free issue in the Visuals component, actively exploited in the wild, without disclosing details about the attacks. https://securityaffairs.com/162976/hacking/5th-chrome-zero-day-2024.html

๐Ÿ˜จ You've Been Breached: What Now? cyber defense โ€“ Breaches are inevitable in cybersecurity; after a breach, focus shifts to identifying the blast radius, providing temporary work credentials for affected employees, accountability at the executive level, and implementing incident response planning and a comprehensive cybersecurity strategy for recovery. https://www.darkreading.com/cyberattacks-data-breaches/you-have-been-breached-what-now


Some More, For the Curious

โš”๏ธ MITRE attributes the recent attack to China security news โ€“ MITRE discloses security breach attributed to China-linked UNC5221. https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html

๐Ÿซข RemcosRAT Distributed Using Steganography security research โ€“ RemcosRAT distributed using steganography technique, warns of malware infection risks. https://asec.ahnlab.com/en/65111/

๐Ÿ—ฃ๏ธ Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution vulnerability โ€“ Cisco Talos discloses three zero-day vulnerabilities, two allowing code execution. https://blog.talosintelligence.com/vulnerability-roundup-zero-days-may-8-2024/

๐ŸคŒ Breaking down Microsoftโ€™s pivot to placing cybersecurity as a top priority security news โ€“ Microsoft faced criticism over their security practices, prompting a new focus on cybersecurity as a top priority with six pillars. The announcement includes re-prioritizing efforts to enhance internal systems and respond to threats promptly. The new governance structure is designed to centralize security efforts and hold leadership accountable for progress. Despite past issues, this shift demonstrates a commitment to improving security practices and ensuring Microsoft products are a safe choice for users. https://doublepulsar.com/breaking-down-microsofts-pivot-to-placing-cybersecurity-as-a-top-priority-734467a8db01

โš™๏ธ 21115: An Oracle VirtualBox LPE Used to Win Pwn2Own vulnerability โ€“ The exploit involved a bug in the VGA device heap memory, which could be triggered by setting specific values. Through a series of steps, the exploit gained increased VRAM access, disabled critical sections, achieved buffer overread and overflow, and executed arbitrary code, ultimately demonstrating control over the host system. https://www.thezdi.com/blog/2024/5/9/cve-2024-21115-an-oracle-virtualbox-lpe-used-to-win-pwn2own

๐Ÿš— GhostStripe attack haunts self-driving cars by making them ignore road signs security news โ€“ novel hack called โ€œGhostStripeโ€ that targets autonomous vehicles by manipulating road sign visibility to the vehicles' cameras, making the signs unrecognizable to the self-driving system and thus potentially leading to dangerous driving errors. https://www.theregister.com/2024/05/10/baidu_apollo_hack/

๐Ÿฅ… Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation cyber defense โ€“ Juniper Threat Labs is monitoring the Ivanti Pulse Secure authentication bypass and remote code execution vulnerabilities being exploited by Mirai botnet. https://blogs.juniper.net/en-us/security/protecting-your-network-from-opportunistic-ivanti-pulse-secure-vulnerability-exploitation

๐Ÿก Unmasking Tycoon 2FA: A Stealthy Phishing Kit Used to Bypass Microsoft 365 and Google MFA security research โ€“ the Tycoon 2FA phishing kit, which exploits session cookies to bypass multifactor authentication for Microsoft 365 and Gmail, employing a business model via Telegram to sell phishing services and significantly impacting cybersecurity efforts. https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass

CISA Corner ๐Ÿชซ CISA Advisory โ€“ alpitronic Hypercharger EV Charger vulnerability โ€“ Vulnerability in alpitronic Hypercharger EV charger allows attackers to disable the device, bypass payment, and access payment data due to the use of default credentials. Mitigations include changing default passwords, limiting network exposure, and implementing secure access methods. https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02

โš ๏ธ #StopRansomware: Black Basta security news โ€“ The joint advisory from FBI, CISA, HHS, and MS-ISAC reveals details on Black Basta, a ransomware variant impacting critical infrastructure sectors, including Healthcare and Public Health, outlining TTPs and IOCs to assist organizations in protecting against Black Basta and other ransomware threats. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a

๐Ÿคน ASDโ€™s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies https://www.cisa.gov/news-events/alerts/2024/05/09/asds-acsc-cisa-and-partners-release-secure-design-guidance-choosing-secure-and-verifiable


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub