📰wrzlbrmpft's cyberlights💥

weekly cybersecurity highlights (for everyone!)

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🎮 Be Internet Awesome World: A fun new game to learn about online safety security news – Google's new game, Be Internet Awesome World, teaches kids online safety through interactive lessons on scams, passwords, and personal information sharing. https://blog.google/technology/safety-security/be-internet-awesome-roblox/

🚨 Staying a Step Ahead: Mitigating the DPRK IT Worker Threat security research – Mandiant reports on DPRK IT workers posing as non-North Koreans to infiltrate global companies, generating revenue for the regime and posing cybersecurity risks; awareness and vigilance are crucial. https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat/

🚴‍♂️ Hacking the “Bike Angels” System for Moving Bikeshares security news – New York City's bikeshare system, Bike Angels, is being exploited by users creating artificial shortages to maximize rewards, prompting a need for system modifications to prevent such hacks. https://www.schneier.com/blog/archives/2024/09/hacking-the-bike-angels-system-for-moving-bikeshares.html

🚗 White House proposes rule to ban Chinese, Russian parts for networked vehicles security news – The White House proposes banning Chinese and Russian components in connected vehicles to address national security threats, targeting parts for connectivity systems amid rising surveillance and hacking concerns. https://cyberscoop.com/us-government-ban-china-russia-connected-cars/

☑️ Privacy Service Optery Faces Backlash After Plan to Send OpenAI User Data privacy – Optery faced criticism for defaulting to transferring user data to OpenAI, leading to a backlash from privacy advocates and a subsequent shift to an opt-in model for data sharing. https://www.404media.co/privacy-service-optery-faces-backlash-after-plan-to-send-openai-user-data/

🧻 Telegram will now hand over your phone number and IP if you’re a criminal suspect security news – Telegram will disclose users' phone numbers and IP addresses to authorities upon valid requests for criminal suspects, reflecting a shift in its privacy policy amid concerns over illegal activities on the platform. https://www.theverge.com/2024/9/23/24252276/telegram-disclose-user-data-legal-requests-criminal-activity

⛰️ Pro-Russia hackers aim DDoS campaign at Austrian websites ahead of elections security news – Pro-Russia hacker groups, including NoName057(16) and OverFlame, have launched DDoS attacks on over 40 Austrian websites ahead of the upcoming elections, causing temporary outages but no lasting damage. https://therecord.media/austria-websites-ddos-incidents-pro-russia-hacktivists

📸 New twist on sextortion scam includes pictures of people's homes cybercrime – A new sextortion scam involves emails with photos of victims' homes, threatening to reveal their online activity unless they pay a ransom, leveraging personal data for intimidation. https://therecord.media/new-twist-on-sextortion-scam-pictures-of-peoples-homes

🍰 Iranian-linked election interference operation shows signs of recent access security news – An alleged Iranian hacking effort targeting Trump’s campaign continues, sharing materials with journalists, suggesting ongoing access to campaign documents, with U.S. officials linking the activity to the Iranian government. https://cyberscoop.com/trump-campaign-hack-new-material-ongoing-access/

🛤️ Who is tracking web behavior the most? Google, obviously privacy – Kaspersky's report reveals Google as the top tracker of online behavior, with its systems like Google Analytics and YouTube Analytics leading the way in data collection across various regions. https://www.theregister.com/2024/09/24/google_online_tracker/

🚙 Study finds many European car resellers fail to delete driver data privacy – A study reveals that 80% of resold cars in Europe contain previous owners' personal data, violating data privacy laws; dealerships are urged to implement structured data deletion processes to avoid legal consequences. https://therecord.media/study-finds-european-car-resellers-fail-to-delete-data

💳 New Android banking trojan Octo2 targets European banks malware – The Octo2 banking trojan has emerged, enhancing remote takeover capabilities and targeting European banks. Its advanced features and leaked source code could expand its use among cybercriminals. https://securityaffairs.com/168857/malware/octo2-android-banking-trojan.html

🪤 New Windows Malware Locks Computer in Kiosk Mode malware – A new malware campaign locks users in their browser's kiosk mode on Google's login page, coercing them to enter their credentials, which are then stolen by information-stealing malware. https://www.schneier.com/blog/archives/2024/09/new-windows-malware-locks-computer-in-kiosk-mode.html

🦊 Data privacy watchdog files complaint against Mozilla for new ad tracking feature privacy – The advocacy group noyb has filed a complaint against Mozilla for implementing a new ad tracking feature in Firefox without user consent, claiming it undermines data privacy rights. https://therecord.media/noyb-europe-complaint-mozilla-firefox-privacy-preserving-attribution

🏎️ Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug vulnerability – Researchers discovered a flaw in Kia's web portal that allowed them to track and control millions of vehicles, highlighting serious security vulnerabilities in the automotive industry’s web-based systems. https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/

📰 When UK rail stations Wi-Fi was defaced by hackers the only casualty was the truth security news – Hackers defaced public Wi-Fi at 19 UK rail stations with a hate-filled message, but the incident was downplayed as a minor cybersecurity breach rather than a major attack, contradicting sensational media coverage. https://www.bitdefender.com/blog/hotforsecurity/when-uk-rail-stations-wi-fi-was-defaced-by-hackers-the-only-casualty-was-the-truth/

💷 UK data watchdog confirms it's investigating MoneyGram data breach data breach – The UK's ICO is investigating MoneyGram following a reported data breach that caused significant operational downtime, affecting customer transactions and partnerships; details on the breach remain unclear. https://techcrunch.com/2024/09/27/uk-data-watchdog-confirms-investigating-moneygram-data-breach/

🖨️ CUPS flaws allow remote code execution on Linux systems under certain conditions vulnerability – A critical vulnerability in the CUPS printing system allows unauthenticated remote code execution on Linux systems. Researchers disclosed multiple flaws, urging users to disable the affected service as a temporary mitigation. https://securityaffairs.com/169001/hacking/cups-flaws-allow-rce-on-linux-systems.html

🤑 Irish Data Protection Commission fines Meta €91 million for passwords stored in plaintext privacy – The Irish Data Protection Commission fined Meta €91 million for violating GDPR by storing users' passwords in plaintext, following a 2019 investigation where Meta disclosed the issue to regulators. https://cyberscoop.com/meta-fined-passwords-plaintext-ireland-millions-users/

📷 Microsoft details security/privacy overhaul for Windows Recall ahead of relaunch security news – Microsoft is revamping its Recall feature for Windows after security concerns, making it opt-in, enhancing encryption, and requiring user re-authentication to access stored data. https://arstechnica.com/?p=2052960


Some More, For the Curious

🤔 The Cyber Resilience Act, an Accidental European Alien Torts Statute? security news – The Cyber Resilience Act may allow the EU to restrict tech sales based on fundamental rights violations, blending cybersecurity with accountability for international actions. https://www.lawfaremedia.org/article/the-cyber-resilience-act--an-accidental-european-alien-torts-statute

🚒 Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall security research – China's Great Firewall manipulates DNS responses, creating vulnerabilities for domains routed through Chinese infrastructure, risking attacks like subdomain takeovers and XSS. https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall

🐀 Move over, Cobalt Strike, there's a new post-exploit tool security research – Attackers are now using Splinter, a new post-exploitation tool capable of executing commands and stealing data, raising concerns for organizations despite being less advanced than Cobalt Strike. https://www.theregister.com/2024/09/23/splinter_red_team_tool/

💀 Necro Trojan infiltrates Google Play and Spotify and WhatsApp mods malware – The Necro Trojan has re-emerged, infecting popular apps on Google Play and modified versions of Spotify and WhatsApp, using techniques like steganography to evade detection and execute malicious activities. https://securelist.com/necro-trojan-is-back-on-google-play/113881/

🔂 Microsoft’s largest ever security transformation detailed in new report security news – Microsoft reveals its largest security overhaul, emphasizing a cultural shift towards security, with 34,000 engineers involved and new governance structures, following criticism of its previous security practices. https://www.theverge.com/2024/9/23/24251945/microsoft-security-report-secure-future-initiative

🤖 A generative artificial intelligence malware used in phishing attacks malware – HP researchers found malware generated by AI in a phishing attack that delivered AsyncRAT, highlighting how generative AI is making it easier for cybercriminals to create sophisticated threats. https://securityaffairs.com/168840/malware/generative-artificial-intelligence-malware.html

🤡 CrowdStrike exec apologizes in front of Congress over huge global IT outage security news – A CrowdStrike executive apologized to Congress for a faulty update that caused a massive IT outage affecting 8.5 million systems, outlining new measures to prevent future incidents. https://cyberscoop.com/crowdstrike-exec-apologizes-congressional-hearing-it-outage/

🎯 China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs) security news – The China-linked APT group Salt Typhoon has compromised several U.S. ISPs, aiming for intelligence gathering and potential cyberattacks, raising concerns about security in critical infrastructure. https://securityaffairs.com/168941/apt/salt-typhoon-china-linked-threat-actors-breached-us-isp.html

🏥 Senate bill eyes minimum cybersecurity standards for health care industry security news – Senators Wyden and Warner introduced the Health Infrastructure Security and Accountability Act to enforce mandatory cybersecurity standards in the health care sector following a ransomware attack on Change Healthcare. https://cyberscoop.com/minimum-cybersecurity-standards-health-care-wyden-warner-bill/

🔒 HPE patches three critical security holes in Aruba PAPI vulnerability – HPE has released urgent patches for three critical vulnerabilities in Aruba access points that allow unauthenticated attackers to execute code remotely, urging upgrades to affected systems. https://www.theregister.com/2024/09/26/hpe_aruba_patch_papi/

📏 NIST Recommends Some Common-Sense Password Rules security news – NIST's draft guidelines propose sensible password rules, including a minimum length of 8-15 characters, no mandatory complexity requirements, and no periodic changes unless compromised. https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-sense-password-rules.html

⚠️ Critical Nvidia bug allows container escape, host takeover vulnerability – A critical vulnerability in Nvidia's Container Toolkit (CVE-2024-0132) allows attackers to escape containers and gain control of the host system, affecting 33% of cloud environments; fixes have been issued. https://www.theregister.com/2024/09/26/critical_nvidia_bug_container_escape/

⚖️ The Data Breach Disclosure Conundrum security news – The article discusses the complexities of data breach disclosure, emphasizing the legal and ethical obligations organizations have to notify affected individuals and the potential backlash from non-disclosure, highlighting examples like Deezer and Uber. https://www.troyhunt.com/the-data-breach-disclosure-conundrum/


CISA Corner

🛡️ Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means securnty news – CISA warns that cyber threat actors exploit vulnerable OT/ICS devices using basic methods like default credentials and brute force attacks, urging operators to enhance their security measures. https://www.cisa.gov/news-events/alerts/2024/09/25/threat-actors-continue-exploit-otics-through-unsophisticated-means

📜 ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises security news – A joint guide by ASD ACSC and CISA offers strategies for organizations to detect and mitigate Active Directory compromises, crucial for securing enterprise IT networks against malicious actors. https://www.cisa.gov/news-events/alerts/2024/09/26/asds-acsc-cisa-and-us-and-international-partners-release-guidance-detecting-and-mitigating-active

🛠️ CISA Releases Eight Industrial Control Systems Advisories vulnerability – CISA has issued eight advisories highlighting vulnerabilities in various Industrial Control Systems, urging users to review them for important security updates and mitigations. https://www.cisa.gov/news-events/alerts/2024/09/24/cisa-releases-eight-industrial-control-systems-advisories 🛠️ CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA has published five advisories addressing vulnerabilities in various Industrial Control Systems, urging users to review them for essential security updates and mitigations. https://www.cisa.gov/news-events/alerts/2024/09/26/cisa-releases-five-industrial-control-systems-advisories

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA has included CVE-2024-7593, an authentication bypass vulnerability in Ivanti Virtual Traffic Manager, in its Known Exploited Vulnerabilities Catalog due to active exploitation. https://www.cisa.gov/news-events/alerts/2024/09/24/cisa-adds-one-known-exploited-vulnerability-catalog

🔧 Citrix Releases Security Updates for XenServer and Citrix Hypervisor vulnerability – Citrix has issued security updates for XenServer and Citrix Hypervisor to fix vulnerabilities that could lead to denial of service attacks; users are urged to apply these updates. https://www.cisa.gov/news-events/alerts/2024/09/25/citrix-releases-security-updates-xenserver-and-citrix-hypervisor 🔒 Cisco Releases Security Updates for IOS and IOS XE Software vulnerability – Cisco's September 2024 advisory addresses vulnerabilities in IOS and IOS XE software that could allow cyber actors to take control of affected systems; users are advised to apply updates. https://www.cisa.gov/news-events/alerts/2024/09/26/cisco-releases-security-updates-ios-and-ios-xe-software


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.


Highlight

🚨 Akute Welle an DDoS-Angriffen gegen österreichische Unternehmen und Organisationen security news – Austrian organizations face DDoS attacks, likely linked to hacktivism. Companies should review their defenses and maintain offline contact info for emergencies. https://www.cert.at/de/aktuelles/2024/9/ddos-angriffe-september-2024


News For All

🗳️ Germany’s CDU still struggling with cyberattack fallout security news – Germany's CDU party is facing challenges restoring member data after a June cyberattack, risking its election processes. The restoration deadline has been pushed to November. https://www.theregister.com/2024/09/16/nein_luck_for_germanys_cdu/

🚫 Meta blocks RT and other Russian state media; Kremlin says it's 'unacceptable' security news – Meta bans Russian state media accounts, including RT, citing deceptive influence operations. The Kremlin calls this decision 'unacceptable' and complicates relations with the company. https://therecord.media/meta-bans-russian-state-owned-media-facebook-instagram

🔑 Google’s passkey syncing makes it easier to move on from passwords security news – Google enhances passkey support in Chrome, allowing users to sync passkeys across devices using a Password Manager PIN instead of QR codes, ensuring secure access with end-to-end encryption. https://www.theverge.com/2024/9/19/24248820/google-chrome-passkey-logins-device-sync-password-manager-pin

🐦‍🔥 No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom privacy – The FTC's report reveals that major tech firms inadequately handle vast amounts of user data, particularly concerning children's privacy, and calls for comprehensive federal privacy regulations to address ongoing data extraction issues. https://www.theregister.com/2024/09/19/social_media_data_harvesting_handling_ftc/

🤔 Ever wonder how crooks get the credentials to unlock stolen phones? cybercrime – Law enforcement shut down iServer, a phishing-as-a-service platform that helped unlock over 1.2 million stolen phones by obtaining user credentials through phishing attacks, leading to multiple arrests. https://arstechnica.com/?p=2051165

🤳 Snapchat Reserves the Right to Use AI-Generated Images of Your Face in Ads privacy – Snapchat's 'My Selfie' feature can use users' likenesses in ads by default, unless opted out. The 'See My Selfie in Ads' option is enabled automatically. https://www.404media.co/snapchat-reserves-the-right-to-use-ai-generated-images-of-your-face-in-ads/

🔒 Discord launches end-to-end encrypted voice and video chats privacy – Discord introduces end-to-end encryption for voice and video calls, enhancing user privacy while maintaining content moderation for messages, which remain unencrypted. https://techcrunch.com/2024/09/17/discord-launches-end-to-end-encrypted-voice-and-video-chats/

🖼️ Instagram to bolster privacy and safety features for millions of teen users privacy – Instagram plans to enhance privacy for teen users by making accounts private, limiting content exposure, and implementing features to reduce social media addiction, amid growing regulatory pressure. https://therecord.media/instagram-bolster-privacy-security-teens-children-social-media

⚰️ Scam ‘Funeral Streaming’ Groups Thrive on Facebook cybercrime – Scammers exploit Facebook by creating fake funeral streaming groups, tricking users into providing credit card info. The scheme has expanded to various events, with ties to a group in Bangladesh. https://krebsonsecurity.com/2024/09/scam-funeral-streaming-groups-thrive-on-facebook/

💥 The Mystery of Hezbollah’s Deadly Exploding Pagers security news – Exploding pagers used by Hezbollah have killed 11 and injured nearly 2,800 in Lebanon. Experts suggest a supply chain compromise, not a cyberattack, may be responsible for the blasts. https://www.wired.com/story/pager-explosion-hezbollah/

💣 Walkie-Talkies Explode in New Attack on Hezbollah security news – Exploding two-way radios targeted Hezbollah members in Lebanon, causing multiple deaths and injuries, following a previous attack involving detonating pagers. Experts suspect deep supply chain infiltration by attackers. https://www.wired.com/story/walkie-talkie-explosions-hezbollah/

📱 Your Phone Won’t Be the Next Exploding Pager security news – Recent attacks using booby-trapped pagers and walkie-talkies against Hezbollah have raised concerns about supply chain security. However, modern smartphones are unlikely to be weaponized similarly due to manufacturing complexities. https://www.wired.com/story/exploding-pagers-hezbollah-phones/

📩 U.S. agencies say Iranian hackers tried to pass ‘non-public’ Trump campaign docs to Biden’s campaign security news – U.S. authorities revealed that Iranian hackers sent emails containing stolen Trump campaign information to Biden campaign associates, aiming to influence the 2024 election and stoke political discord. https://cyberscoop.com/iran-hackers-trump-campaign-emails-biden/

🛑 Project Analyzing Human Language Usage Shuts Down Because ‘Generative AI Has Polluted the Data’ security news – The Wordfreq project, which tracked language usage across various media, has been discontinued due to generative AI spam corrupting data quality, rendering the tool ineffective. https://www.404media.co/project-analyzing-human-language-usage-shuts-down-because-generative-ai-has-polluted-the-data/

🔐 D-Link addressed three critical RCE in wireless router models vulnerability – D-Link fixed three critical remote code execution vulnerabilities in WiFi 6 routers, allowing unauthorized access and control. Users are urged to update their firmware to mitigate risks. https://securityaffairs.com/168471/security/d-link-rce-wireless-router-models.html

👨‍💻 Ticketmaster boss who repeatedly hacked rival firm sentenced cybercrime – Stephen Mead, former Ticketmaster boss, was sentenced for hacking rival CrowdSurge, stealing sensitive data, and sharing credentials with colleagues. He faces a year of supervised release and fines. https://www.bitdefender.com/blog/hotforsecurity/ticketmaster-boss-who-repeatedly-hacked-rival-firm-sentenced/

🕵️‍♂️ US government expands sanctions against spyware maker Intellexa cybercrime – The U.S. imposes new sanctions on Intellexa executives linked to the spyware Predator, used to surveil targets including U.S. officials. This action continues efforts against the spyware industry. https://techcrunch.com/2024/09/16/us-government-expands-sanctions-against-spyware-maker-intellexa/

💼 Python Developers Targeted with Malware During Fake Job Interviews malware – The Lazarus Group targets Python developers with fake job interviews to install malware disguised as coding tests. This new tactic complements an ongoing campaign against the Python community. https://www.schneier.com/blog/archives/2024/09/python-developers-targeted-with-malware-during-fake-job-interviews.html


Some More, For the Curious

🩹 Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024 security news – CVE-2024-43461, a recently patched Windows flaw, was exploited as a zero-day, allowing attackers to execute arbitrary code via malicious files. Users are urged to apply the latest updates. https://securityaffairs.com/168467/hacking/windows-cve-2024-43461-actively-exploited-before-july-2024.html

🔑 Secure Boot-neutering PKfail debacle is more prevalent than anyone knew security research – A supply chain failure involving non-production keys compromises Secure Boot protections across various devices, including ATMs and voting machines. The issue affects nearly 1,000 models and highlights significant security risks. https://arstechnica.com/?p=2050182

⚓ Rhysida ships off Port of Seattle data for $6M cybercrime – The Rhysida ransomware group claims to have stolen over 3 TB of data from the Port of Seattle, offering it for 100 Bitcoin. The Port confirmed the attack but refused to pay the ransom. https://www.theregister.com/2024/09/17/rhysida_port_of_seattle/

💸 AT&T agrees to $13 million fine for third-party cloud breach data breach – AT&T settles with the FCC for $13 million over a January 2023 breach affecting 8.9 million customers due to lapses by a third-party vendor, leading to enhanced data protection measures. https://cyberscoop.com/att-agrees-to-13-million-dollar-fcc-fine/

⛓️‍💥 US government 'took control' of a botnet run by Chinese government hackers, says FBI director security news – The FBI seized a botnet of 260,000 devices operated by the Chinese hacking group Flax Typhoon, targeting critical infrastructure in the U.S. and abroad. Malware was removed from compromised devices. https://techcrunch.com/2024/09/18/u-s-government-took-control-of-a-botnet-run-by-chinese-government-hackers-says-fbi-director/

🧅 Tor insists its safe after cops convict CSAM site admin privacy – The Tor Project defends its anonymity after reports of German police using timing analysis to identify users, asserting that vulnerabilities in outdated software, not flaws in Tor, were exploited. https://www.theregister.com/2024/09/19/tor_police_germany/

🧘 SIEM for Small and Medium-Sized Enterprises: What you need to know cyber defense – SMEs are frequent cybercrime targets, with 73% experiencing attacks in 2023. SIEM solutions can enhance their security posture affordably, providing threat detection, compliance, and automated incident response. https://securityaffairs.com/168584/security/siem-sbms-enterprises.html

👻 International law enforcement operation dismantled criminal communication platform Ghost cybercrime – A global law enforcement operation infiltrated the encrypted messaging app Ghost, leading to numerous arrests, including its alleged administrator, and disrupting serious organized crime activities. https://securityaffairs.com/168575/cyber-crime/police-dismantled-criminal-communication-platform-ghost.html

🐡 This Windows PowerShell Phish Has Scary Potential – Krebs on Security security news – A new phishing email targeting GitHub users tricks victims into executing malware via PowerShell by posing as a security alert. The scam poses a significant risk to less tech-savvy Windows users. https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/

🔄 UnitedHealth Group CISO: We had to ‘start over’ after Change Healthcare attack security news – Following a ransomware attack on Change Healthcare, UnitedHealth Group's CISO revealed they had to completely overhaul their IT systems. The recovery involved long hours and focused communication with stakeholders. https://cyberscoop.com/unitedhealth-group-steven-martin-ciso-ransomware-attack-recovery/

🔘 Germany shuts down 47 cryptocurrency exchange services used by cybercriminals cybercrime – German law enforcement has shut down 47 unregistered cryptocurrency exchange services used for money laundering by cybercriminals, seizing extensive user and transaction data to aid investigations. https://therecord.media/germany-cryptocurrency-exchanges-shut-down-money-laundering

🧮 Secret calculator hack brings ChatGPT to the TI-84, enabling easy cheating hacking write-up – A YouTuber modified a TI-84 calculator to access ChatGPT via the internet, allowing students to cheat by receiving answers during tests. The hack includes a custom circuit and software for various cheating tools. https://arstechnica.com/?p=2051342

💻 Hacker behind Snowflake customer data breaches remains active cybercrime – The hacker known as 'Judische' remains active, targeting SaaS providers following the April Snowflake data breach affecting 165 customers. He has reportedly extorted up to $2.7 million. https://cyberscoop.com/snowflake-hacker-judische-labscon-2024/


CISA Corner

⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog vulnerability – CISA identifies two actively exploited vulnerabilities in Microsoft Windows and Progress WhatsUp Gold, urging federal agencies to address these risks promptly to enhance security. https://www.cisa.gov/news-events/alerts/2024/09/16/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog vulnerability – CISA includes four Adobe Flash Player vulnerabilities in its catalog, highlighting their active exploitation and urging federal agencies to remediate them to mitigate risks. https://www.cisa.gov/news-events/alerts/2024/09/17/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Five Known Exploited Vulnerabilities to Catalog vulnerability – CISA adds five vulnerabilities, including issues in Apache, Microsoft, and Oracle products, to its catalog, warning of their exploitation and urging federal agencies to act swiftly. https://www.cisa.gov/news-events/alerts/2024/09/18/cisa-adds-five-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA adds Ivanti's path traversal vulnerability to its catalog, highlighting its active exploitation and urging federal agencies to address this significant security risk promptly. https://www.cisa.gov/news-events/alerts/2024/09/19/cisa-adds-one-known-exploited-vulnerability-catalog

🛠️ CISA Releases Three Industrial Control Systems Advisories warning – CISA issues advisories for Siemens, Millbeck, and Yokogawa ICS, highlighting vulnerabilities and urging users to review for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/09/17/cisa-releases-three-industrial-control-systems-advisories 🛠️ CISA Releases Six Industrial Control Systems Advisories warning – CISA issues six advisories on vulnerabilities in various ICS products, urging users to review the details and implement necessary mitigations to enhance security. https://www.cisa.gov/news-events/alerts/2024/09/19/cisa-releases-six-industrial-control-systems-advisories

🍏 Apple Releases Security Updates for Multiple Products security news – Apple's latest security updates fix vulnerabilities that could allow cyber attackers to take control of devices. Users are urged to review and apply these updates promptly. https://www.cisa.gov/news-events/alerts/2024/09/18/apple-releases-security-updates-multiple-products ☁️ VMware Releases Security Advisory for VMware Cloud Foundation and vCenter Server security news – VMware's advisory highlights vulnerabilities in Cloud Foundation and vCenter Server that could allow attackers to gain control. Users are advised to review and apply updates immediately. https://www.cisa.gov/news-events/alerts/2024/09/19/vmware-releases-security-advisory-vmware-cloud-foundation-and-vcenter-server 🔒 Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance security news – Ivanti addresses an admin bypass vulnerability in its Cloud Services Appliance, urging users to upgrade to the latest version due to confirmed limited exploitation risks. https://www.cisa.gov/news-events/alerts/2024/09/19/ivanti-releases-admin-bypass-security-update-cloud-services-appliance 🔍 Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229 security news – Versa Networks warns of a vulnerability in Versa Director that allows unauthorized access to REST APIs. Organizations are urged to update systems and monitor for malicious activity. https://www.cisa.gov/news-events/alerts/2024/09/20/versa-networks-releases-advisory-vulnerability-versa-director-cve-2024-45229


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.


News For All

🕸️ Google’s dark web monitoring service will soon be free for all users privacy – Google is making its dark web monitoring service available for all users, enhancing privacy protection by alerting individuals to potential leaks of their personal information. https://www.theverge.com/2024/7/9/24194970/google-one-free-dark-web-monitoring

🧞‍♀️ What You Need to Know About Grok AI and Your Privacy privacy – Grok AI, integrated with X, raises privacy concerns by automatically using user data for training. Users can opt out, but awareness of data sharing settings is crucial for protecting privacy. https://www.wired.com/story/grok-ai-privacy-opt-out/

🚗 Thousands of Avis car rental customers had personal data stolen in cyberattack data breach – Avis has reported a cyberattack affecting nearly 300,000 customers, with stolen data including names, addresses, and driver’s license numbers. The breach raises concerns about data security practices. https://techcrunch.com/2024/09/09/thousands-of-avis-car-rental-customers-had-personal-data-stolen-in-cyberattack/

💳 1.7M potentially pwned by payment services provider breach data breach – Slim CD has notified around 1.7 million customers of a data breach affecting credit card information and personal details, detected nearly a year after the initial intrusion. https://www.theregister.com/2024/09/09/slim_cd_breach/

📢 Ford seeks patent for tech that listens to driver conversations to serve ads privacy – Ford is pursuing a patent for technology that tailors in-car ads by listening to conversations and analyzing vehicle data, raising privacy concerns over data protection measures. https://therecord.media/ford-patent-application-in-vehicle-listening-advertising

1️⃣ WhatsApp 'View Once' could be 'View Whenever' due to a flaw security news – A flaw in WhatsApp's 'View Once' feature allows recipients to bypass privacy controls, enabling media to be saved and shared despite intended restrictions. A fix is reportedly in progress. https://www.theregister.com/2024/09/09/whatsapp_view_once_flaw/

💸 Crypto scams rake in $5.6B a year for lowlifes, FBI says cybercrime – The FBI reports that crypto-related scams cost Americans over $5.6 billion in 2023, with a sharp rise in investment scams targeting older individuals. Victims often lose money to fraudulent schemes and recovery scams. https://www.theregister.com/2024/09/10/crypto_scams_rake_in_56/

🚫 In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram cybercrime – Following the arrest of Telegram's founder, many cybercriminals are abandoning the platform over fears that user data may be shared with authorities, impacting their operations. https://www.404media.co/in-wake-of-durov-arrest-some-cybercriminals-ditch-telegram/

💔 You paid the ransom, and now the decryptor doesn't work security news – Organizations paying ransoms for Hazard ransomware found that the provided decryptor failed to work, highlighting the risks of relying on criminals for data recovery post-breach. https://www.theregister.com/2024/09/11/ransomware_decryptor_not_working/

💵 TD Bank fined $28 million for sharing inaccurate and negative data on customers privacy – TD Bank has been fined $28 million by the CFPB for sharing incorrect negative data about customers, harming their ability to obtain credit and employment. Nearly $8 million will go to affected consumers. https://therecord.media/td-bank-fined-28-million-cfpb-data-sharing

🚨 Stalker Allegedly Created AI Chatbot on NSFW Platform to Dox and Harass Woman cybercrime – A Massachusetts man, James Florence Jr., was arrested for stalking and harassing a professor for seven years, using AI to create fake nudes and chatbots that shared her personal information online. https://www.404media.co/stalker-allegedly-created-ai-chatbot-on-nsfw-platform-to-dox-and-harass-woman/

🏥 Healthcare giant settles patient data theft lawsuit for $65M data breach – Lehigh Valley Health Network will pay $65 million to settle a lawsuit after a ransomware attack by the ALPHV gang exposed sensitive data, including nude photographs of patients. https://www.theregister.com/2024/09/12/lvhn_lawsuit_ransom/

🚔 British teen arrested over cyberattack on London transportation agency security news – A 17-year-old was arrested for a cyberattack on Transport for London, which compromised customer data including names and bank details. The agency continues to address the ongoing security incident. https://cyberscoop.com/british-teen-arrested-over-cyberattack-on-london-transportation-agency/

📺 Vo1d malware infected 1.3M Android malware – The Vo1d malware has infected 1.3 million Android TV boxes across 197 countries, acting as a backdoor to allow secret software installations, primarily targeting devices with outdated OS versions. https://securityaffairs.com/168342/malware/vo1d-android-malware-tv-boxes.html

🚸 Tennessee school district loses $3.4 million to a fake curriculum vendor cybercrime – A Tennessee school district lost $3.36 million after an employee was tricked by a fraudulent email impersonating Pearson, leading to unauthorized wire transfers for online curriculum materials. https://therecord.media/tennessee-school-district-loses-3-million-bec-scam

💰 23andMe agrees to pay $30 million to settle lawsuit over massive data breach data breach – 23andMe will pay $30 million to settle a class-action lawsuit stemming from a 2023 data breach that exposed over 6.9 million customers, particularly targeting users with specific heritage. https://www.theverge.com/2024/9/13/24243986/23andme-settlement-dna-data-breach-lawsuit

🔍 Yubikey Key Vulnerability – How It Affects You vulnerability – Yubico's new vulnerability may allow key extraction but requires physical access and a PIN. Most users are safe, though high-security organizations should reconsider attestation trust. https://fy.blackhats.net.au/blog/2024-09-09-yubikey-key-vulnerability/


Some More, For the Curious

🦁 Predator spyware operation is back with a new infrastructure cybercrime – Researchers report a resurgence of Predator spyware, utilizing new infrastructure to evade detection after U.S. sanctions against its developers. The spyware poses significant risks to high-profile targets. https://securityaffairs.com/168222/intelligence/predator-spyware-new-infrastructure.html

📡 Gap Computers by Spelling Covert Radio Signals from Computer RAM security research – This research reveals how malware can leak sensitive data from air-gapped computers by emitting covert radio signals. https://arxiv.org/abs/2409.02292

🔧 Zero Day Initiative — The September 2024 Security Update Review security news – September updates from Adobe and Microsoft address multiple critical vulnerabilities across various products, including code execution and security feature bypasses, highlighting urgent patching needs. https://www.thezdi.com/blog/2024/9/10/the-september-2024-security-update-review

🛡️ Taking steps that drive resiliency and security for Windows customers security news – At a recent summit, Microsoft and security vendors discussed enhancing Windows endpoint security and resilience, emphasizing collaboration and transparency to combat modern threats effectively. https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/

📊 CISA Releases Analysis of FY23 Risk and Vulnerability Assessments security research – CISA's latest analysis reveals insights from 143 Risk and Vulnerability Assessments, illustrating attack paths and mapping threat actor behaviors to the MITRE ATT&CK® framework. https://www.cisa.gov/news-events/alerts/2024/09/13/cisa-releases-analysis-fy23-risk-and-vulnerability-assessments

©️ New Chrome Zero-Day vulnerability – Microsoft researchers report that North Korean hackers are exploiting a Chrome zero-day vulnerability to steal cryptocurrency, highlighting ongoing security risks. https://www.schneier.com/blog/archives/2024/09/new-chrome-zero-day.html

📍 Rogue WHOIS server gives researcher superpowers no one should ever have security research – Security researcher Benjamin Harris exploited a defunct WHOIS server, gaining the ability to issue counterfeit HTTPS certificates and track emails, raising concerns about misplaced trust in the WHOIS system. https://arstechnica.com/?p=2048683

🔑 As quantum computing threats loom, Microsoft updates its core crypto library security news – Microsoft has updated its SymCrypt library with two new encryption algorithms designed to resist quantum computing attacks, marking the beginning of a major overhaul to enhance cryptographic security. https://arstechnica.com/?p=2049244

🔮 Mastercard buys Recorded Future for $2.65 billion security news – Mastercard has announced its acquisition of cybersecurity firm Recorded Future for $2.65 billion, aiming to enhance its cybersecurity services and threat intelligence capabilities. https://cyberscoop.com/mastercard-buys-recorded-future/

👺 Monitoring High Risk Azure Logins cyber defense – After a potential business email compromise, the SOC investigated high-risk logins via Azure AD Identity Protection, focusing on user behavior and multi-factor authentication to detect compromised accounts. https://www.blackhillsinfosec.com/monitoring-high-risk-azure-logins/

🗣️ Microsoft is building new Windows security features to prevent another CrowdStrike incident security news – Microsoft plans to enhance Windows security features following a CrowdStrike incident that affected millions of systems, aiming to move security vendors out of the Windows kernel for better reliability. https://www.theverge.com/2024/9/12/24242947/microsoft-windows-security-kernel-access-features-crowdstrike

🧱 Fortinet confirms customer data breach data breach – Fortinet has confirmed a data breach affecting less than 0.3% of its customers, with files accessed from a third-party cloud drive, potentially impacting around 1,500 corporate clients. https://techcrunch.com/2024/09/13/fortinet-confirms-customer-data-breach/

⚖️ ‘Terrorgram’ Charges Show US Has Had Tools to Crack Down on Far-Right Terrorism All Along security news – The indictment of two members of the Terrorgram Collective reveals a shift in U.S. law enforcement's approach to far-right terrorism, utilizing a rarely applied legal strategy to address violent extremism and inspire future attacks. https://www.wired.com/story/terrorgram-collective-indictments/

👉 US accuses RT, others of covert arms dealing, global influence operations security news – The U.S. has sanctioned RT for operating a crowdfunding site that allegedly funneled weapons to Russian soldiers, revealing ties to Russian intelligence and efforts to influence global elections. https://cyberscoop.com/rt-arms-dealing-global-influence-operations/

⚓ Port of Seattle refuses to pay Rhysida ransom, warns of data leak cybercrime – The Port of Seattle declined to pay a ransom to the Rhysida ransomware group, which caused disruptions at the airport and seaport, warning of potential data leaks while restoring affected systems. https://therecord.media/seattle-port-rhysida-ransom-refused

💣 A Creative Trick Makes ChatGPT Spit Out Bomb-Making Instructions security research – An artist tricked ChatGPT into providing bomb-making instructions by framing the request within a science-fiction narrative, exploiting the AI's storytelling context to bypass safety restrictions. https://www.wired.com/story/chatgpt-jailbreak-homemade-bomb-instructions/


CISA Corner

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability – CISA has added three vulnerabilities to its catalog, highlighting risks to federal networks due to active exploitation. Agencies must address these threats to enhance cybersecurity. https://www.cisa.gov/news-events/alerts/2024/09/09/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog vulnerability – CISA has added four new Microsoft vulnerabilities to its catalog, highlighting serious risks due to active exploitation and urging federal agencies to address them promptly. https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA has included a new Ivanti vulnerability in its catalog, emphasizing the significant risks it poses to federal networks due to active exploitation. https://www.cisa.gov/news-events/alerts/2024/09/13/cisa-adds-one-known-exploited-vulnerability-catalog

🏭 CISA Releases Four Industrial Control Systems Advisories warning – CISA has issued four advisories addressing vulnerabilities in Industrial Control Systems, urging users to review them for crucial security information and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/09/10/cisa-releases-four-industrial-control-systems-advisories

🆙 Citrix Releases Security Updates for Citrix Workspace App for Windows vulnerability – Citrix has issued security updates for its Workspace App for Windows to fix multiple vulnerabilities that could allow attackers to take control of affected systems. https://www.cisa.gov/news-events/alerts/2024/09/10/citrix-releases-security-updates-citrix-workspace-app-windows 🆙 Ivanti Releases Security Updates for Endpoint Manager, Cloud Service Application, and Workspace Control vulnerability – Ivanti has released updates to fix multiple vulnerabilities in its Endpoint Manager and Cloud Service Application, which could potentially allow attackers to take control of affected systems. https://www.cisa.gov/news-events/alerts/2024/09/10/ivanti-releases-security-updates-endpoint-manager-cloud-service-application-and-workspace-control


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

Back after vacation – My weekly shortlist of cyber security highlights. (maybe I'll even redo the skipped weeks 😏) The short summaries are AI generated! If something is wrong, please let me know.


News For All

🕵️‍♂️ Ausweiskopie und persönliche Daten an Kriminelle weitergegeben? Das können Sie tun security news – Criminals exploit job offers and ads to steal personal data and ID copies, leading to identity theft, fraudulent accounts, and potential legal consequences for victims. https://www.watchlist-internet.at/news/umgang-mit-datendiebstahl/

✈️ SQL Injection Attack on Airport Security vulnerability – A serious SQL injection vulnerability allows unauthorized users to bypass airport security checks, risking safety by granting access to restricted areas like cockpits. https://www.schneier.com/blog/archives/2024/09/sql-injection-attack-on-airport-security.html

🛫 German air traffic control agency confirms cyberattack, says operations unaffected security news – Germany's air traffic control agency confirmed a cyberattack affecting administrative systems but assured that flight safety remains intact and operations were not disrupted. https://therecord.media/german-air-traffic-control-company-deutsche-flugsicherung-cyberattack

🚍 Transport for London (TfL) is dealing with an ongoing cyberattack security news – TfL is investigating a cyberattack affecting internal systems but reports no evidence of customer data compromise, assuring that services remain unaffected. https://securityaffairs.com/167946/hacking/transport-for-london-tfl-ongoing-cyberattack.html

🔑 Owners of 1-Time Passcode Theft Service Plead Guilty cybercrime – Three men pleaded guilty for operating OTP Agency, a service that intercepted one-time passcodes for account takeovers, affecting over 12,500 victims before its shutdown. https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/

🦠 Disinfo group Spamouflage more aggressively targeting U.S. elections, candidates cybercrime – The disinformation group Spamouflage has intensified efforts to impersonate U.S. voters, undermining political candidates and institutions, though its impact on engagement remains limited. https://cyberscoop.com/spamouflage-targeting-us-election-candidates/

📸 Sextortion Scams Now Include Photos of Your Home – Krebs on Security cybercrime – Sextortion scams are evolving, now featuring personalized threats with photos of victims' homes, increasing fear and urgency to pay ransoms, often near $2,000 in Bitcoin. https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/

💰 Data watchdog fines Clearview AI $33M privacy – The Dutch Data Protection Authority fined Clearview AI €30.5 million for illegally collecting images without consent, stating the company's practices violate GDPR and threaten individual privacy. https://www.theregister.com/2024/09/03/clearview_ai_dutch_fine/

🔒 Google releases Pixel update to get rid of surveillance vulnerability vulnerability – Google's latest Pixel update removes the insecure Showcase.apk, originally intended for Verizon demos, which posed risks of man-in-the-middle attacks and spyware, ensuring enhanced device security. https://www.theverge.com/2024/9/3/24235127/google-pixel-showcase-vulnerability-patch

🔑 YubiKeys have an unfixable security flaw — but it’s difficult to exploit vulnerability – A vulnerability in older YubiKey devices allows cloning but is hard to exploit, requiring physical access and additional knowledge. Devices prior to firmware version 5.7 remain permanently affected. https://www.theverge.com/2024/9/4/24235635/yubikey-unfixable-security-vulnerability-side-channel-explot

🚨 846 routers are affected by code execution flaws. Replace them! vulnerability – D-Link's discontinued DIR-846 routers are vulnerable to multiple critical remote code execution flaws (CVSS scores up to 9.8). Users are advised to replace these devices as they are no longer supported. https://securityaffairs.com/168041/security/d-link-dir-846-routers-code-execution-flaws.html

☢️ Zyxel warns of vulnerabilities in a wide range of its products vulnerability – Zyxel has disclosed nearly a dozen vulnerabilities across its products, with the most critical (CVE-2024-7261) allowing unauthenticated OS command execution, rated 9.8. Users are urged to patch immediately. https://arstechnica.com/?p=2047312

🗳️ Biden cracks down on Putin's election meddling cybercrime – The Biden administration seized 32 websites linked to Russian propaganda efforts and charged two RT employees in a $10 million scheme to influence the upcoming U.S. presidential election. https://www.theregister.com/2024/09/05/biden_cracks_down_on_putins/

🎣 Warning Against Phishing Emails Impersonating Netflix warning – AhnLab warns of phishing emails posing as Netflix, claiming payment failures and urging users to update payment methods via malicious links. Users are advised to verify URLs before clicking. https://asec.ahnlab.com/en/82969/

⚡ Quishing, an insidious threat to electric car owners security news – Quishing is a phishing attack using counterfeit QR codes at electric car charging stations to steal sensitive information. Users are urged to use recharge cards and verify URLs to protect against scams. https://securityaffairs.com/168059/hacking/quishing-electric-car-owners.html

♀️ New report shows ongoing gender pay gap in cybersecurity security news – The ISC2 Cybersecurity Workforce Study reveals a persistent gender pay gap in cybersecurity, with men earning more than women, and highlights the underrepresentation of women in the field, emphasizing the need for targeted DEI hiring initiatives. https://securityintelligence.com/articles/new-report-shows-gender-pay-gap-in-cybersecurity/

🦠 Predator spyware resurfaces with signs of activity, Recorded Future says security news – Recorded Future reports renewed activity from Predator spyware, linked to Intellexa, with new infrastructure identified and potential customers in Angola, Saudi Arabia, and the Democratic Republic of the Congo. https://cyberscoop.com/predator-spyware-resurfaces-with-signs-of-activity-recorded-future-says/

🔎 Colombian president suggests prior administration illegally sent $11 million in cash to Israel for spyware security news – Colombian President Gustavo Petro announced an investigation into $11 million allegedly used by the previous administration to purchase Pegasus spyware, questioning the legality of the transactions. https://therecord.media/colombian-president-pegasus-spyware-israel-missing-money

📎 Telegram changes its tone on moderating private chats after CEO’s arrest security news – Following CEO Pavel Durov's arrest, Telegram revised its FAQ to allow reporting of illegal content in private chats, shifting from a previous stance of non-cooperation with moderation requests. https://www.theverge.com/2024/9/5/24237254/telegram-pavel-durov-arrest-private-chats-moderation-policy-change

🛋️ Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database data breach – Confidant Health inadvertently exposed sensitive patient data, including therapy session recordings, due to an unsecured database. The incident highlights the urgent need for improved data security in healthcare organizations. https://www.wired.com/story/confidant-health-therapy-records-database-exposure/

🔓 Hackers Threaten to Leak Planned Parenthood Data cybercrime – RansomHub ransomware group claims to have hacked Planned Parenthood's Montana branch, threatening to leak 93 GB of sensitive data after a cybersecurity incident was reported on August 28. https://www.wired.com/story/hackers-threaten-to-leak-planned-parenthood-data/


Some More, For the Curious

🔍 Most interesting IR cases in 2023: insider threats and more security research – Kaspersky's Global Emergency Response Team highlights 2023's notable incident response cases, including insider fraud and advanced persistent threats, emphasizing the need for enhanced monitoring and threat intelligence. https://securelist.com/incident-response-interesting-cases-2023/113611/

🔒 Vulnerabilities in Microsoft apps for macOS allow stealing permissions vulnerability – Eight vulnerabilities in Microsoft apps for macOS could enable attackers to steal permissions, allowing unauthorized access to sensitive resources like cameras and microphones without user knowledge. https://securityaffairs.com/167973/hacking/microsoft-apps-for-macos-flaws.html

🛑 VMWare releases Fusion vulnerability with 8.8 rating vulnerability – A critical vulnerability in VMWare Fusion (CVE-2024-38811) allows code execution with standard user privileges, rated 8.8 on the CVSS scale, prompting a software patch. https://cyberscoop.com/vmware-vulnerability-fushion-cve-2024-38811/

💻 Rust in Linux lead retires rather than deal with more “nontechnical nonsense” security news – Wedson Almeida Filho, leader of the Rust for Linux project, retires citing frustration with nontechnical disputes, expressing concern that the Linux kernel must embrace memory-safe languages like Rust to remain relevant. https://arstechnica.com/?p=2046763

🧬 Evolution of Mallox: from private ransomware to RaaS security research – Mallox ransomware has evolved from targeted attacks to a Ransomware-as-a-Service model, with over 700 samples identified. Its affiliate program seeks experienced partners for cybercrime, indicating a shift in operational strategy. https://securelist.com/mallox-ransomware/113529/

🐍 Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk security research – The 'Revival Hijack' technique allows attackers to reclaim deleted PyPI packages, risking 22,000 packages and potentially leading to malicious downloads. JFrog has taken action to protect the community. https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/

📃 Validate your Windows Audit Policy Configuration with KQL cyber defense – Ensuring proper configuration of Windows audit policies is essential for security. This article discusses using Kusto Query Language (KQL) to validate and troubleshoot audit policy application across environments. https://blog.nviso.eu/2024/09/05/validate-your-windows-audit-policy-configuration-with-kql/

🦗 Cicada Ransomware – What You Need To Know security news – Cicada ransomware, discovered in June 2024, has targeted over 20 organizations primarily in North America and the UK. Written in Rust, it threatens to publish stolen data unless a ransom is paid. https://www.tripwire.com/state-of-security/cicada-ransomware-what-you-need-know

🪅 Veeam fixed a critical flaw in Veeam Backup & Replication software vulnerability – Veeam patched 18 high and critical vulnerabilities in its Backup & Replication software, including a critical RCE flaw (CVE-2024-40711) with a CVSS score of 9.8, requiring immediate attention. https://securityaffairs.com/168088/security/veeam-backup-replication-cve-2024-40711.html

🧱 SonicWall warns that SonicOS bug exploited in attacks vulnerability – SonicWall alerts users of a critical access control vulnerability (CVE-2024-40766) in SonicOS that may be actively exploited, urging immediate patching to prevent unauthorized access and potential firewall crashes. https://securityaffairs.com/168112/hacking/sonicwall-sonicos-bug-exploited.html

🔧 Building a Hardware Hacking Arsenal: The Right Bits for Every Byte security research – This article outlines essential tools for hardware hacking, emphasizing cost-effective options that support learning and experimentation in security assessments. Safety and accessibility are also highlighted. https://www.guidepointsecurity.com/blog/building-a-hardware-hacking-arsenal-the-right-bits-for-every-byte/


CISA Corner

⚠️ LOYTEC Electronics LINX Series vulnerability – Multiple vulnerabilities in LOYTEC's LINX series devices could allow attackers to exploit sensitive information and gain unauthorized access, with high CVSS scores indicating significant risks. https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability – CISA has added three vulnerabilities, including two in Draytek VigorConnect and one in Kingsoft WPS Office, to its catalog due to active exploitation risks for federal networks. https://www.cisa.gov/news-events/alerts/2024/09/03/cisa-adds-three-known-exploited-vulnerabilities-catalog

⚙️ CISA Releases Four Industrial Control Systems Advisories vulnerability – On September 5, 2024, CISA released four advisories addressing security vulnerabilities in various Industrial Control Systems, urging users to review for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/09/05/cisa-releases-four-industrial-control-systems-advisories

⚔️ Russian Military Cyber Actors Target US and Global Critical Infrastructure security news – The FBI, CISA, and NSA report that Russian GRU Unit 29155 is behind ongoing cyber operations targeting critical infrastructure, utilizing tools like WhisperGate malware and exploiting various vulnerabilities since at least 2020. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🚫 Videos: Van der Bellen & Assinger werben nicht für Investmentplattformen security news – The article discusses that videos featuring Van der Bellen and Assinger do not promote investment platforms, clarifying any misconceptions surrounding their appearances. https://www.watchlist-internet.at/news/fake-videos-van-der-bellen-assinger-werben-nicht-fuer-investmentplattformen/

💸 Should Organizations Pay Ransom Demands? cybercrime – Organizations are urged to avoid paying ransomware demands as it funds cybercriminals and doesn't guarantee data recovery. Proactive cybersecurity measures are emphasized as a better defense. https://securityaffairs.com/166650/uncategorized/ransomware-organizations-should-avoid-paying-ransoms.html

📧 Users: Microsoft must update Outlook's friendly name feature security news – Users are urging Microsoft to change how Outlook displays sender names to combat phishing, as friendly names can mislead users into clicking malicious links. Calls for disabling aliases have grown. https://www.theregister.com/2024/08/06/users_call_for_microsoft_to/

🛑 Consumer Reports study finds data removal services are often ineffective privacy – A Consumer Reports study found that data removal services are largely ineffective, with only 35% of personal data removed from people-search sites within four months, raising concerns about their reliability. https://therecord.media/data-removal-services-mostly-worthless-study

💻 Report: Myths about tech still plaguing the IT world security news – A Kaspersky survey reveals widespread misconceptions about digital security among tech-savvy Brits, including beliefs about webcam safety, incognito mode, and the effectiveness of encryption, highlighting a need for better cybersecurity education. https://www.theregister.com/2024/08/08/report_tech_misconceptions_plague_the/

🪖 Russia's Kursk region suffers 'massive' DDoS attack amid Ukraine offensive cyber defense – Kursk, Russia, experienced a significant DDoS attack targeting government and business websites, coinciding with Ukraine's military advances, though critical infrastructure remained protected from damage. https://therecord.media/kursk-military-offensive-ddos-russia-ukraine

🐄 Crooks took control of a cow milking robot causing the death of a cow cybercrime – Cybercriminals hacked a farmer's milking robot, demanding a $10,000 ransom. The farmer refused to pay, leading to the death of a cow due to lost data on insemination dates. https://securityaffairs.com/166839/cyber-crime/cow-milking-robot-hacked.html

🔊 Sonos smart speakers flaw allowed to eavesdrop on users vulnerability – NCC Group discovered vulnerabilities in Sonos smart speakers, including CVE-2023-50809, allowing remote code execution and potential eavesdropping. Sonos released a patch to address the issues. https://securityaffairs.com/166823/hacking/sonos-smart-speakers-flaw.html

🔑 How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards security research – Researchers reveal a method to extract HID encoder keys, allowing easy cloning of keycards. https://www.wired.com/story/hid-keycard-authentication-key-vulnerability/

🛡️ Security Tips for Modern Web Administrators security news – Website security is vital for user trust. Employ multi-layered defenses, keep software updated, and follow best practices to safeguard against attacks and protect sensitive data. https://blog.sucuri.net/2024/08/security-tips-for-modern-web-administrators.html

🆙 Mac and Windows users infected by software updates delivered over hacked ISP malware – Hackers compromised an ISP to deliver malware to users via tampered software updates. This attack exploited unencrypted connections, enabling malicious file downloads for Windows and macOS users. https://arstechnica.com/security/2024/08/hacked-isp-infects-users-receiving-unsecure-software-updates/

👁️ Illinois relaxes biometric privacy law, reduces penalties privacy – Illinois has amended its Biometric Information Privacy Act, reducing penalties for breaches by counting multiple data distributions as one violation, which critics say lowers potential damages. https://www.theregister.com/2024/08/06/illinois_bipa_amendment_reduces_penalties/

🔒 Google says Android zero-day was exploited in the wild vulnerability – Google has patched a high-severity Android vulnerability (CVE-2024-36971) allowing remote code execution, amid reports of targeted exploitation. This reflects a rising trend in zero-day attacks. https://therecord.media/android-zero-day-google-fix-august-patch

💻 Students scramble after security breach wipes 13,000 devices data breach – A security breach at Mobile Guardian led to the remote wiping of data from 13,000 school-issued devices in Singapore, prompting the Ministry of Education to halt its services and remove the app. https://arstechnica.com/security/2024/08/students-scramble-after-security-breach-wipes-13000-devices/

🐍 SharpRhino malware targets IT admins, Hunters Intl suspected malware – The SharpRhino malware, disguised as Angry IP Scanner, targets network admins and is linked to the Hunters International gang, known for ransomware-as-a-service tactics and double extortion. https://www.theregister.com/2024/08/07/sharprhino_malware_admins/

❎ Problems with Georgia’s Voter Registration Portal security news – Georgia's voter registration portal has security flaws allowing unauthorized cancellation of registrations and exposing sensitive voter data, highlighting challenges in balancing usability and security. https://www.schneier.com/blog/archives/2024/08/problems-with-georgias-voter-registration-portal.html

💰 US offers $10 million for info on Iranian leaders behind CyberAv3ngers water utility attacks cybercrime – The U.S. State Department has offered a $10 million reward for information on six Iranian hackers linked to cyberattacks on U.S. water utilities, attributed to the CyberAv3ngers group. https://therecord.media/us-offers-reward-for-info-on-iranian-hackers-water-utilities

🧓 Researchers find decades-old vulnerability in major web browsers vulnerability – A zero-day vulnerability discovered by Oligo Security affects major browsers, allowing attackers to exploit network requests to 0.0.0.0, potentially breaching local networks and accessing private data. https://cyberscoop.com/browser-zero-day-oligo-security-0-0-0-0-day/

🧑‍🌾 Nashville man arrested for running “laptop farm” to get jobs for North Koreans cybercrime – Matthew Isaac Knoot was arrested for hosting laptops to deceive US companies into hiring North Korean nationals, funneling their earnings to fund North Korea’s weapons program. https://arstechnica.com/security/2024/08/nashville-man-arrested-for-running-laptop-farm-to-get-jobs-for-north-koreans/


Some More, For the Curious

⚡ Hacking a Virtual Power Plant hacking write-up – A security researcher exploited a vulnerability in a virtual power plant's API using weak 512-bit RSA keys, revealing how easily sensitive data could be accessed. https://rya.nc/vpp-hack.html

📊 State of Exploitation – A Peek into 1H-2024 Vulnerability Exploitation security research – In the first half of 2024, 390 new vulnerabilities were added to the Known Exploited Vulnerabilities Catalog, highlighting ongoing threats and trends in exploitation and weaponization. https://vulncheck.com/blog/state-of-exploitation-1h-2024

💼 Florida firm sued over theft of 2.9B personal records data breach – A lawsuit claims Jerico Pictures negligently failed to secure 2.9 billion records, leading to a data breach where personal information was sold on the dark web, risking identity theft. https://www.theregister.com/2024/08/05/national_public_data_lawsuit/

💰 Drama ‘Dark Angels’ Reap Record Ransoms cybercrime – The Dark Angels ransomware group made headlines after receiving a record $75 million ransom from a Fortune 50 company, focusing on massive data theft while avoiding disruption and publicity. https://krebsonsecurity.com/2024/08/low-drama-dark-angels-reap-record-ransoms/

🗽 Intelligence bill would elevate ransomware to a terrorist threat security news – A Senate proposal aims to treat ransomware attacks as terrorism, enhancing legal authority to combat cybercriminals and sanction states harboring them, despite concerns over effectiveness. https://cyberscoop.com/ransomware-terrorism-ndaa-2025/

🌮 Turning the screws: The pressure tactics of ransomware gangs cybercrime – Ransomware gangs are escalating pressure tactics, using media, legislation, and personal threats to coerce victims into paying ransoms, including targeting secondary victims for leverage. https://news.sophos.com/en-us/2024/08/06/turning-the-screws-the-pressure-tactics-of-ransomware-gangs/

➖ Best security practices for ESXi environments cyber defense – Organizations using VMware ESXi should implement ten security practices to mitigate risks, as native EDR is unavailable, including ensuring patching, enforcing strong passwords, and enabling lockdown modes. https://news.sophos.com/en-us/2024/08/07/best-security-practices-for-esxi-environments/

🧠 Mental Health – An Infosec Challenge security news – Cybersecurity professionals face unique mental health challenges like burnout and anxiety due to constant stress. The article offers tips for prevention, emphasizing self-care, communication, and community support. https://www.blackhillsinfosec.com/mental-health-an-infosec-challenge/

🤑 Hackers return $12 million taken during Ronin network breach cybercrime – Hackers returned $12 million stolen from the Ronin gaming blockchain, claiming to act as white-hats after exploiting a vulnerability. The company plans to enhance security and awarded the hackers a $500,000 bounty. https://therecord.media/hackers-return-12-million-taken-from-ronin-network

🎩 The top stories coming out of the Black Hat cybersecurity conference security news – At the Black Hat conference, AI's role in cybersecurity takes center stage, alongside vulnerabilities in car infotainment systems and the impact of upcoming elections on cybersecurity policy. https://blog.talosintelligence.com/threat-source-newsletter-aug-8-2024/


CISA Corner

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA has included CVE-2018-0824, a Microsoft vulnerability, in its catalog due to active exploitation, emphasizing the need for federal agencies to address such risks promptly. https://www.cisa.gov/news-events/alerts/2024/08/05/cisa-adds-one-known-exploited-vulnerability-catalog 🚨 CISA Adds Two Known Exploited Vulnerabilities to Catalog vulnerability – CISA has included CVE-2024-36971 and CVE-2024-32113 in its catalog due to active exploitation, highlighting risks to federal networks and the need for timely remediation. https://www.cisa.gov/news-events/alerts/2024/08/07/cisa-adds-two-known-exploited-vulnerabilities-catalog

🛠️ Delta Electronics DIAScreen vulnerability – A stack-based buffer overflow vulnerability in Delta Electronics DIAScreen could allow arbitrary code execution. Users are urged to update to version 1.4.2 to mitigate risks. https://www.cisa.gov/news-events/ics-advisories/icsa-24-219-01 🔍 Dorsett Controls InfoScan vulnerability – Dorsett Controls InfoScan has vulnerabilities allowing unauthorized access to sensitive information and path traversal. Users should update to version 1.38 or later to mitigate risks. https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01

🛒 Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem cyber defense – This guide empowers software customers to demand security in product design, offering questions to assess manufacturers' cybersecurity practices and ensuring resilience against cyber threats. https://www.cisa.gov/resources-tools/resources/secure-demand-guide

🔐 Best Practices for Cisco Device Configuration security news – CISA advises disabling the Cisco Smart Install feature and using type 8 password protection to secure configurations, reducing the risk of password cracking and unauthorized access. https://www.cisa.gov/news-events/alerts/2024/08/08/best-practices-cisco-device-configuration


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

❌ Here’s How To Stop X From Using Your Data To Train Its AI privacy – X.ai, affiliated with Elon Musk's X network, utilizes Twitter data for AI training; users can opt out in settings. https://www.forbes.com/sites/johnkoetsier/2024/07/26/x-just-gave-itself-permission-to-use-all-your-data-to-train-grok/

®️ Massenüberwachung als Dienstleistung: Der Handel mit Standortdaten privacy – Data brokers sell billions of location data, threatening privacy and national security, leading to concerns about espionage. Commercial surveillance infrastructure poses systemic problems. https://www.kuketz-blog.de/massenueberwachung-als-dienstleistung-der-handel-mit-standortdaten/

🫥 New Mandrake Android spyware version discovered on Google Play malware – Mandrake spyware resurfaces on Google Play with new evasion techniques, targeting users globally. Sophisticated malware embedded in file sharing app, using complex infection chain and anti-analysis methods. https://securelist.com/mandrake-apps-return-to-google-play/113147/

🖖 IBM, Nike, Disney, others caught in Proofpoint phish palaver security news – Phishing campaign exploited Proofpoint security gap, sending 3 million daily spoofed emails; blamed on insecure Proofpoint Microsoft 365 integration. https://www.theregister.com/2024/07/30/scammers_spoofed_emails/

🎣 A crafty phishing campaign targets Microsoft OneDrive users security news – A phishing campaign targets Microsoft OneDrive users with a PowerShell script through a deceptive email instructing users to fix a fake “Error 0x8004de86.” The attack tricks victims into running malicious commands for system compromise. https://securityaffairs.com/166312/hacking/microsoft-onedrive-phishing.html

🦈 'LockBit of phishing' EvilProxy used in 1M+ attacks monthly security news – EvilProxy, a phishing-as-a-service kit, leverages Cloudflare services to disguise traffic in phishing attacks targeting C-Suite executives. Attacks use redirection through legitimate sites, culminating in phishing Microsoft login pages. https://www.theregister.com/2024/07/30/evilproxy_phishing_kit_analysis/

🤑 Meta to pay Texas $1.4 billion to settle lawsuit alleging it illegally captured users’ faces privacy – Meta agrees to pay Texas $1.4 billion to settle a lawsuit over unauthorized use of facial recognition software on users, violating Texas law and consumer protection regulations. https://therecord.media/meta-texas-facial-recognition-settlement

🦆 Don’t Let Your Domain Name Become a “Sitting Duck” security news – Over a million vulnerable domains are at risk of takeover due to authentication weaknesses at hosting providers and registrars, allowing possible cybercriminal exploitation. https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-become-a-sitting-duck/

💸 Scammer Allegedly Makes $600,000 a Month Holding Instagram Accounts Hostage cybercrime – Idriss Qibaa, aka 'Dani' and 'Unlocked,' allegedly extorted victims through locking their Instagram accounts, threatening them, demanding money to regain access, and using personal information for extortion. https://www.404media.co/unlocked4life-instagram-scam-no-jumper/

🧑‍💼 Germany summons Chinese ambassador over cyberattack on cartography agency security news – German authorities link a Beijing-backed threat actor to a 2021 cyberattack on the Federal Agency for Cartography and Geodesy, summoning the Chinese ambassador. https://therecord.media/germany-summons-chinese-ambassador-over-hack

🌐 Nearly 7% of Internet Traffic Is Malicious security news – Cloudflare reports 6.8% of Internet traffic is malicious, with CVEs exploited as quickly as 22 minutes after proof-of-concepts are published. https://www.schneier.com/blog/archives/2024/07/nearly-7-of-internet-traffic-is-malicious.html

🪝 Microsoft seizes domain used by Vietnamese group to sell fake accounts, services cybercrime – Microsoft seizes domain used by Vietnamese group selling fake accounts and services after previous seizures for creating fraudulent Microsoft accounts and CAPTCHA bypass services. https://cyberscoop.com/microsoft-seizes-domain-used-by-vietnamese-group-to-sell-fake-accounts-services/

💐 Begging for Bounties and More Info Stealer Logs cybercrime – Fraudsters try to extort bug bounties using stolen credentials from info stealer logs, which originated from victims' malware-infected devices, creating a malicious chain propagated on platforms like Telegram. https://www.troyhunt.com/begging-for-bounties-and-more-info-stealer-logs/ Personal comment: HIBP added a lot of new breaches this week – go check your accounts at https://haveibeenpwned.com/

💸 $75 Million Record-Breaking Ransom Paid To Cybercriminals, Say Researchers cybercrime – A record-breaking $75 million ransom was paid to Dark Angels ransomware group by an undisclosed Fortune 50 company. https://www.tripwire.com/state-of-security/75-million-record-breaking-ransom-paid-cybercriminals-say-researchers

💊 Pharma Giant Cencora confirmed the theft of personal and health information data breach – Pharmaceutical giant Cencora confirms theft of personal and health information in a data breach, affecting individuals' data, including personally identifiable information and protected health information. https://securityaffairs.com/166422/data-breach/cencora-confirmed-theft-pii-heath-data.html

📱 Keeping your Android device safe from text message fraud privacy – SMS Blaster fraud, threats from SMS phishing via cell-site simulators, and Android security features against fraud. https://security.googleblog.com/2024/08/keeping-your-android-device-safe-from.html

🚗 Ford wants patent for tech allowing cars to surveil and report speeding drivers privacy – Ford seeks patent for cars to surveil speeding drivers, sparking privacy concerns from advocates and experts. https://therecord.media/ford-seeks-patent-cars-surveil-speeders-report-to-police

🏈 NFL to roll out facial authentication software league-wide privacy – The NFL will implement facial authentication software at all 32 stadiums this season to enhance event security. The technology aims to streamline authentication processes for media, officials, and staff. Privacy concerns, noting potential inaccuracies and discriminatory impacts of facial recognition technology. https://therecord.media/nfl-to-roll-out-facial-authentication-league-wide

📇 Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach data breach – National Public Data, reportedly exposed the personal data of close to 3 billion people, disclosed by a threat actor named USDoD, who tried to sell the database for $3.5 million on the dark web. https://securityaffairs.com/166539/data-breach/personal-data-3-billion-people-data-breach.html


Some More, For the Curious

🌀 StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms security research – StormBamboo leverages ISP compromise to manipulate DNS updates, installing malware through insecure software updates on macOS and Windows. https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/

🚀🖨️ Reverse engineering the 59-pound printer onboard the Space Shuttle geeky news – The Space Shuttle's Interim Teleprinter, a stop-gap measure, remained in use for over 50 flights, printing thousands of lines; cost $1.5 million per flight. https://www.righto.com/2024/08/space-shuttle-interim-teleprinter.html

😞 Too big to care? – Our disappointment with Cloudflare’s anti-abuse posture cyber defense – Spamhaus criticizes Cloudflare for facilitating cybercriminal activity by providing services to abusive actors, despite having tools to prevent abuse. Calls for Cloudflare to suspend services to abusers. https://www.spamhaus.org/resource-hub/service-providers/too-big-to-care-our-disappointment-with-cloudflares-anti-abuse-posture/

🤖 Websites are Blocking the Wrong AI Scrapers (Because AI Companies Keep Making New Ones) security news – Website owners struggling to block AI scrapers due to constantly changing crawler names and outdated robots.txt files. https://www.404media.co/websites-are-blocking-the-wrong-ai-scrapers-because-ai-companies-keep-making-new-ones/

⚙️ Zero Day Initiative — Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1 security research – “Link following” vulnerabilities on Windows involve applications improperly resolving filenames, allowing malicious users to redirect to unintended resources. Techniques to exploit these vulnerabilities using file operations are discussed with defensive strategies from developers. https://www.thezdi.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1

✈️ Delta Air Lines may sue CrowdStrike, Microsoft over outage security news – Delta Air Lines considers legal action against CrowdStrike and Microsoft following operational losses of up to $500 million due to a recent outage that led millions of Windows machines offline. https://www.theregister.com/2024/07/30/crowdstrike_delta_microsoft_lawsuit/

🌋 'Error' in Microsoft's DDoS defenses amplified Azure outage security news – Microsoft's DDoS defenses amplified an Azure outage caused by a DDoS attack, triggering global service disruptions, despite the company's unique defense and threat intelligence capabilities. https://www.theregister.com/2024/07/31/microsoft_ddos_azure/

🌽 Driving lessons: The kernel drivers in Sophos Intercept X Advanced security research – Sophos Intercept X Advanced uses five kernel drivers for cybersecurity, explaining their functionality, security measures, customer options, gradual rollouts for software updates, and vulnerabilities working in kernel-space. https://news.sophos.com/en-us/2024/08/01/driving-lessons-the-kernel-drivers-in-sophos-intercept-x-advanced/

💵 Leaked ransomware variants give rise to new cybercrime groups cybercrime – Cybercriminals exploit leaked ransomware variants, forming groups utilizing multiple ransomware families for attacks and demanding bug bounties, leading to a rise in cybercrime and affiliate programs. https://securelist.com/sexi-key-group-mallox-ransomware/113183/

🛋️ Education in Secure Software Development security news – Survey by Linux Foundation and OpenSSF shows developers lack essential secure software development skills, raising concerns about software security. https://www.schneier.com/blog/archives/2024/08/education-in-secure-software-development.html

👿 Millions of Websites Susceptible to XSS Attack via OAuth Implementation Flaw vulnerability – Millions of websites vulnerable to XSS attack via OAuth due to flawed implementation, potentially leading to full account takeovers. https://www.securityweek.com/millions-of-websites-susceptible-xss-attack-via-oauth-implementation-flaw/

🛜 WifiForge – WiFi Exploitation for the Classroom hacking write-up – WifiForge, a program allowing safe WiFi hacking lessons through an interactive virtual network platform called Mininet-Wifi. WifiForge facilitates teaching various exploits with pre-built labs, such as WEP key-cracking, eliminating the need for physical network gear. https://www.blackhillsinfosec.com/wififorge/

🧐 One Does Not Simply … Get a Cybersecurity Job security news – Getting a cybersecurity job requires upskilling, certifications, networking, staying informed on trends, and focusing on job opportunities from within your network. https://www.guidepointsecurity.com/blog/one-does-not-simply-get-a-cybersecurity-job/


CISA Corner

⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability – CISA adds three actively exploited vulnerabilities to catalog: ServiceNow input validation issues and Acronis default password flaw. https://www.cisa.gov/news-events/alerts/2024/07/29/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CVE-2024-37085 VMware ESXi Authentication Bypass. https://www.cisa.gov/news-events/alerts/2024/07/30/cisa-adds-one-known-exploited-vulnerability-catalog

🍏 Apple Releases Security Updates for Multiple Products vulnerability – Apple issued security updates for Safari, iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. https://www.cisa.gov/news-events/alerts/2024/07/30/apple-releases-security-updates-multiple-products

⏰ DigiCert Certificate Revocations security news – DigiCert is revoking TLS certificates due to a domain control verification issue, potentially causing temporary disruptions, with updated information available on their status page. https://www.cisa.gov/news-events/alerts/2024/07/30/digicert-certificate-revocations

🧑‍🏭 CISA Releases Nine Industrial Control Systems Advisories vulnerability – vulnerabilities in various systems like Johnson Controls, AVTECH IP Camera, Vonets WiFi Bridges, and Rockwell Automation Logix Controllers. https://www.cisa.gov/news-events/alerts/2024/08/01/cisa-releases-nine-industrial-control-systems-advisories


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🧑‍💻 Double Dipping Cheat Developer Gets Caught Red-Handed security research – EvolvedAim cheat developer includes information stealer, targeting Escape From Tarkov players, double-dipping into profits, and causing significant damage. https://www.cyberark.com/resources/threat-research-blog/double-dipping-cheat-developer-gets-caught-red-handed

🔂 Anyone can Access Deleted and Private Repository Data on GitHub security research – GitHub exposes deleted and private repository data, posing security risks through Cross Fork Object Reference (CFOR) vulnerability. https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github

👻 A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub security research – A network of 3,000 'ghost' accounts on GitHub spreading ransomware and info stealers using fake likes and shares. https://www.wired.com/story/github-malware-spreading-network-stargazer-goblin/

🗳️ Understanding the Election Cybersecurity Landscape cyber defense – Complex election cybersecurity landscape includes diverse targets, tactics, and actors; understanding essential for safeguarding democracy. https://www.greynoise.io/blog/understanding-the-election-cybersecurity-landscape

💰 Oracle coughs up $115M to make privacy case go away privacy – Oracle settles $115 million class action lawsuit over alleged misuse of user data, promising privacy improvements. https://www.theregister.com/2024/07/22/oracle_settles_privacy_case/

📲 Telegram 0-day allowed sending malicious APKs disguised as videos security news – ESET discovers Telegram Android zero-day exploit EvilVideo, allowing attackers to send malicious APKs disguised as videos. https://securityaffairs.com/166042/hacking/evilvideo-telegram-android-zero-day.html

🎲 Chinese ‘cybercrime syndicate’ behind gambling sites advertised at European sporting events cybercrime – Infoblox uncovers Chinese cybercrime syndicate Vigorish Viper behind illegal global gambling network connected to human trafficking and cyber fraud. https://therecord.media/chinese-cybercrime-syndicate-gambling-football-europe

🍪 Google abandons plan to drop third-party cookies in Chrome privacy – Google opting for user choice between Privacy Sandbox and cookies amidst concerns of competitive distortion. https://www.theregister.com/2024/07/23/google_cookies_third_party_continue/

📲 iOS 17: Von einem iPhone kontaktierte Domains privacy https://www.kuketz-blog.de/ios-17-von-einem-iphone-kontaktierte-domains/

🥶 Simple ‘FrostyGoop’ malware responsible for turning off Ukrainians’ heat in January attack security research – Simple but impactful FrostyGoop malware uses Modbus protocol to disrupt heating in Ukrainian apartment buildings, showcasing attackers' focus on critical infrastructure. https://cyberscoop.com/frostygoop-ics-malware-dragos-ukraine/

💥 Inside the 78 minutes that took down millions of Windows machines security news – A faulty update by cybersecurity company CrowdStrike caused global Windows crashes, affecting millions of machines due to a driver flaw. Prospects to avoid such tech disasters involve enabling intelligent boot logic and limiting third-party kernel access. https://www.theverge.com/2024/7/23/24204196/crowdstrike-windows-bsod-faulty-update-microsoft-responses

🪼 AI-Powered Voice Spoofing for Next-Gen Vishing Attacks security research – AI-powered voice cloning advancements enable more realistic vishing attacks, posing significant security risks. Mandiant Red Team incorporated AI voice spoofing in testing, showcasing attackers' potential to exploit this technique for initial access, lateral movement, and privilege escalation. Security defenses must adapt through identifying inconsistencies, source verification, and implementing audio protection measures. https://cloud.google.com/blog/topics/threat-intelligence/ai-powered-voice-spoofing-vishing-attacks/

🤑 TracFone to pay $16 million to settle FCC cyber and privacy investigation security news – TracFone Wireless, owned by Verizon, will pay a $16 million fine to settle an FCC investigation into data breaches caused by API vulnerabilities. The breaches exposed customer data, leading to privacy compromises, necessitating improved API security measures and overall information security protocols. https://therecord.media/tracfone-16-million-to-settle-fcc-investigation

🗺️ Friendly Domain Registry “.top” Put on Notice security news – ICANN has issued a warning to the .top domain registry, expressing concerns over its failure to address phishing reports and suspend abusive domains, with reports showing .top domains were popular choices for phishing websites. https://krebsonsecurity.com/2024/07/phish-friendly-domain-registry-top-put-on-notice/

🎰 Philippines to end online casinos, maybe scams too cybercrime – The Philippines aims to shut down online gambling providers embroiled in crimes like tax evasion and human trafficking. Despite economic benefits, the industry faces international pressure due to illicit activities such as scams and exploitation. https://www.theregister.com/2024/07/24/phillipines_bans_online_gambling_operators/

🦸 Google's reCAPTCHA v2 just labor exploitation, boffins say security research – Researchers criticize Google's reCAPTCHA v2, suggesting it exploits human labor without providing significant security benefits, raising concerns about information harvesting and user experience. https://www.theregister.com/2024/07/24/googles_recaptchav2_labor/

🚸 School in hot water over facial recognition in canteen privacy – ICO reprimands a UK school for introducing facial recognition for canteen payments without proper assessments, consent, or consultation, highlighting the importance of data protection in new technologies at educational institutions. https://www.theregister.com/2024/07/24/essex_school_facial_recognition/

🧪 CrowdStrike blames test software for taking down 8.5 million Windows machines security news – CrowdStrike attributes the issue that caused 8.5 million Windows machines to crash to a bug in their test software that failed to properly validate a content update, leading to detailed post-incident corrective measures for improved testing and deployment processes. https://www.theverge.com/2024/7/24/24205020/crowdstrike-test-software-bug-windows-bsod-issue

🍆 SEXi / APT Inc Ransomware – What You Need To Know cybercrime – The SEXi ransomware group targets VMware ESXi servers, encrypting virtual machine-related files and demanding high ransoms. Victims' files are appended with '.SEXi' and a ransom note named SEXi.txt is left. No known weaknesses exist for data recovery. Protection includes updating systems, disabling default accounts, and using strong, unique passwords. https://www.tripwire.com/state-of-security/sexi-apt-inc-ransomware-what-you-need-know

🎮 LummaC2 Malware Abusing the Game Platform 'Steam' security research – LummaC2 malware disguised as illegal programs uses SEO poisoning and abuse of Steam to acquire C2 domains, targeting wallets, browsers, extensions, and more. https://asec.ahnlab.com/en/68309/


Some More, For the Curious

🔭 Astronomers discover technique to spot AI fakes using galaxy-measurement tools security research – University of Hull researchers use astronomy tools to detect AI-generated deepfake images by analyzing eye reflections for inconsistencies. https://arstechnica.com/information-technology/2024/07/astronomers-discover-technique-to-spot-ai-fakes-using-galaxy-measurement-tools/

🙋‍♂️ Ransomware takedowns leave crims scrambling for stability security news – Europol reports ransomware landscape fragmentation post RaaS disruptions, with criminals adapting by working independently or developing own payloads. https://www.theregister.com/2024/07/22/europol_says_ransomware_takedowns_make/

⛔ DDoS-for-hire site DigitalStress taken down by police, suspected owner arrested cybercrime – DDoS-for-hire site DigitalStress taken down by police, data collected from users, suspected owner arrested in Northern Ireland. https://www.bitdefender.com/blog/hotforsecurity/ddos-for-hire-site-digitalstress-taken-down-by-police-suspected-owner-arrested/

💼 Cyber firm KnowBe4 hired a fake IT worker from North Korea security news – KnowBe4 discovered a North Korean threat actor posing as a remote IT worker through an elaborate deception involving stolen identities and AI-augmented imagery, prompting an investigation and alerting authorities as part of the response. https://cyberscoop.com/cyber-firm-knowbe4-hired-a-fake-it-worker-from-north-korea/

🏝️ Unfashionably secure: why we use isolated VMs cyber defense – Canary's security architecture relies on isolated VMs for complete customer data separation, safeguarding against unauthorized access and ensuring individual tenant privacy, despite operational drawbacks. https://blog.thinkst.com/2024/07/unfashionably-secure-why-we-use-isolated-vms.html

🥼 Build a Home Lab: Equipment, Tools, and Tips cyber defense – Building a home lab with virtual machines allows for experimentation and learning in a safe environment, emphasizing the importance of commitment over expensive equipment. Fundamental components include network setup, virtual machines, and physical hardware, and key considerations include VM options, equipment needs, and backup strategies. https://www.blackhillsinfosec.com/build-a-home-lab-equipment-tools-and-tips/

🪖 North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs cybercrime – North Korea's Andariel cyber group targets aerospace, nuclear, and defense industries for espionage, using ransomware to fund operations. Known for sophisticated reconnaissance, custom and commodity malware, system manipulation, credential theft, lateral movement, and data exfiltration. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a

🌊 Zero Day Initiative — Multiple Vulnerabilities in the Deep Sea Electronics DSE855 security research – ZDI reported multiple vulnerabilities in Deep Sea Electronics DSE855, prompting no response from the vendor and leading to zero-day disclosure in June. Lack of authentication in configuration backup allowed unauthorized access. https://www.thezdi.com/blog/2024/7/25/multiple-vulnerabilities-in-the-deep-sea-electronics-dse855

🔐 Secure Boot is completely broken on 200+ models from 5 big device makers vulnerability – Cryptographic key underpinning Secure Boot compromised in 2022, allowing an unlimited bypass on over 200 device models from major manufacturers. Serious doubts raised about the integrity of Secure Boot. https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/

🗣️ Microsoft calls for Windows changes and resilience after CrowdStrike outage security news – Microsoft calls for Windows changes for resilience after CrowdStrike outage, considering restricting kernel access for security vendors. https://www.theverge.com/2024/7/26/24206719/microsoft-windows-changes-crowdstrike-kernel-driver

💉 French authorities launch disinfection operation to eradicate PlugX malware from infected hostss security news – French authorities and Europol conduct a 'disinfection operation' against PlugX malware, addressing espionage activities with insights from cybersecurity firm. https://securityaffairs.com/166213/cyber-crime/plugx-malware-disinfection-operation.html


CISA Corner

🧑‍🏭 CISA Releases Four Industrial Control Systems Advisories vulnerability – CISA issues advisories on current ICS security issues for National Instruments and Hitachi products https://www.cisa.gov/news-events/alerts/2024/07/23/cisa-releases-four-industrial-control-systems-advisories vulnerability – CISA issued advisories for Siemens SICAM and Positron Broadcast Signal Processor. https://www.cisa.gov/news-events/alerts/2024/07/25/cisa-releases-two-industrial-control-systems-advisories

⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog vulnerability – CISA adds two known exploited vulnerabilities to its catalog: CVE-2012-4792 affecting Microsoft Internet Explorer and CVE-2024-39891 affecting Twilio Authy. https://www.cisa.gov/news-events/alerts/2024/07/23/cisa-adds-two-known-exploited-vulnerabilities-catalog

🔒 ISC Releases Security Advisories for BIND 9 security news – ISC released BIND 9 security advisories addressing vulnerabilities that can lead to denial-of-service attacks. https://www.cisa.gov/news-events/alerts/2024/07/24/isc-releases-security-advisories-bind-9


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🌍 Data Broker Files: How data brokers sell our location data and jeopardise national security privacy – Data brokers sell German location data, jeopardizing privacy and national security, leading to calls for regulation and concerns about data misuse. https://netzpolitik.org/2024/data-broker-files-how-data-brokers-sell-our-location-data-and-jeopardise-national-security/#netzpolitik-pw

🪪 It's best to just assume you’ve been involved in a data breach somehow privacy – Multiple data breaches in 2024, including AT&T and Snowflake, imply personal data compromise. Recommendations include strong passwords, multi-factor authentication, fraud alerts. https://blog.talosintelligence.com/threat-source-newsletter-july-18-2024/

🔍 Data breach exposes millions of mSpy spyware customers data breach – Data breach at mSpy exposes millions of customers who purchased phone spyware apps over a decade, revealing emails, personal documents, and requests for surveillance without consent by various individuals including U.S. officials. https://techcrunch.com/2024/07/11/mspy-spyware-millions-customers-data-breach/

📱 The FBI says it has ‘gained access’ to the Trump rally shooter’s phone security news – The FBI has accessed the phone of the suspect who shot at a Trump rally without disclosing how, continuing analysis of electronic devices and urging the public for tips. https://www.theverge.com/2024/7/15/24199239/fbi-encryption-phone-trump-shooter-pennsylvania-gained-access

🧔‍♂️ Kaspersky leaves U.S. market following the ban on the sale of its software in the country security news – Kaspersky exits the U.S. market after a ban on its software due to national security risks posed by Russia. The company denies links to the Russian government and will shut down its U.S. operations by September. https://securityaffairs.com/165799/breaking-news/kaspersky-is-leaving-the-u-s-market.html

💰 AT&T ransom laundered through mixers, gambling services cybercrime – AT&T's $370,000 ransom is being laundered through cryptocurrency mixing platforms and gambling services, identified by TRM Labs. Money laundering tactics include using swap services and privacy coins, often employed by cybercriminals to hide the funds' origins. https://therecord.media/att-ransom-laundered-mixers-research

⛑️ Rite Aid says 'limited' cyber incident affected data of 2.2 million people data breach – Rite Aid reports a 'limited' cyber incident after a hacker impersonated an employee accessing purchase-related data. Law enforcement contacted, victims offered identity protection services. https://therecord.media/rite-aid-data-breach-2-million-people

🦠 Private HTS Program Continuously Used in Attacks malware – A threat actor has been distributing malware through the private home trading system (HTS) program named HPlus, replacing the NSIS installer with an MSI format installer and supporting remote assistance with AnyDesk. The malware includes Quasar RAT aimed at stealing personal data. https://asec.ahnlab.com/en/67969/

🪓 HardBit Ransomware – What You Need to Know malware – HardBit ransomware, a ransomware-as-a-service (RaaS), resurfaces with a new version, HardBit 4.0, focused on thwarting security researchers with passphrase protection and improved customization that caters to different criminal operator technical levels. https://www.tripwire.com/state-of-security/hardbit-ransomware-what-you-need-know

💦 Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock security news – Cellebrite struggled to unlock a significant portion of modern iPhones as of April 2024, per leaked documents. https://www.404media.co/leaked-docs-show-what-phones-cellebrite-can-and-cant-unlock/

🏳️‍🌈 LGBTQ+ people in Middle East and North Africa subject to intense digital oppression, research finds privacy – LGBTQ+ individuals face intense digital oppression, with police using dating and social media apps for persecution. Research reveals high levels of violence, forced device searches, and abuse. https://therecord.media/lgbtq-mena-region-digital-harassment

🛜 Mobile internet and social media disrupted in Bangladesh amid student protests security news – Bangladesh orders a nationwide mobile internet shutdown amid violent student protests against a government job quota system. The disruption is linked to social media usage by protesters. https://therecord.media/bangladesh-mobile-internet-social-media-outages-student-protests

🏠 How a little-known tool is sweeping the real estate industry by giving instant access to vast amounts of homebuyer data security news – Forewarn app offers real estate professionals instant access to detailed data about prospective clients for a low fee. Although primarily marketed as a safety tool, it also provides financial and criminal records instantly. However, privacy concerns and potential for misusing the data exist despite its explosive adoption in the real estate industry. https://therecord.media/forewarn-app-real-estate-homebuyer-data

🏥 MediSecure data breach impacted 12.9 million individuals data breach – Australian digital prescription provider MediSecure suffered a ransomware attack exposing personal and health information of 12.9 million individuals. The breach resulted in the theft of 6.5TB of data impacting users between March 2019 and November 2023. https://securityaffairs.com/165932/uncategorized/medisecure-databreach-12-9m-individuals.html

Crowdstrike Corner 🚨 Global Microsoft Meltdown Tied to Bad Crowdstrike Update security news – Crowdstrike update causes global Windows system crashes; airports, hospitals, and businesses affected. Recovery may take time, requiring manual fix per machine. https://krebsonsecurity.com/2024/07/global-microsoft-meltdown-tied-to-bad-crowstrike-update/

🐦‍⬛ What is CrowdStrike, and what happened? security news – CrowdStrike caused a global outage after a faulty update to Windows machines, affecting essential services. The issue came from an update that caused Windows systems to crash. Recovery may take days to weeks. https://www.theverge.com/2024/7/19/24201864/crowdstrike-outage-explained-microsoft-windows-bsod

🛹 Threat actors attempted to capitalize CrowdStrike incident security news – Threat actors exploit CrowdStrike IT outage to distribute Remcos RAT malware in a Latin America-targeted campaign under the disguise of an emergency fix via a ZIP file named 'crowdstrike-hotfix.zip.' CrowdStrike provides IOCs for the malicious campaign. https://securityaffairs.com/165953/uncategorized/threat-actors-capitalize-crowdstrike-incident.html


Some More, For the Curious

➿ CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks security research – CVE-2024-38112 used by Void Banshee to exploit IE vulnerability, leading to Atlantida stealer deployment against Windows users. https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html

🖼️ Fake AWS Packages Ship Command and Control Malware In JPEG Files security research – Fake AWS npm packages hide command and control malware in JPEG images, jeopardizing package installations and highlighting the need for increased vigilance in open source ecosystems. https://blog.phylum.io/fake-aws-packages-ship-command-and-control-malware-in-jpeg-files/

0️⃣ Zero Day Initiative – Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD security news – Gap in coordinated vulnerability disclosure leads to lack of vendor transparency, disputes on severity ratings, and challenges in bug reporting, highlighting the importance of improved communication and accountability within the cybersecurity industry. https://www.thezdi.com/blog/2024/7/15/uncoordinated-vulnerability-disclosure-the-continuing-issues-with-cvd

🥴 Weak Security Defaults Enabled Squarespace Domains Hijacks – Krebs on Security security news – Weak security defaults at Squarespace allowed domain hijacking incidents targeting cryptocurrency businesses, with vulnerabilities arising from the migration process from Google Domains, lack of email verification for new accounts, and limited control over account access and activity. https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/

🃏 Punch Card Hacking – Exploring a Mainframe Attack Vector security research – Article explores using punch card concepts in mainframe hacking for penetration testing, detailing JCL basics, FTP job submission, debugging with spool files, and potential privilege escalation. https://blog.nviso.eu/2024/07/16/punch-card-hacking-exploring-a-mainframe-attack-vector/

👻 ‘GhostEmperor’ returns: Mysterious Chinese hacking group spotted for first time in two years cybercrime – After a two-year hiatus, the sophisticated Chinese hacking group GhostEmperor, known for supply-chain attacks in Southeast Asia, has reappeared, deploying a rootkit to evade detection and carrying out attacks on business partners as seen in a recent incident investigated by cybersecurity company Sygnia. https://therecord.media/ghostemperor-spotted-first-time-in-two-years

🧑‍💼 Vulnerability in Cisco Smart Software Manager lets attackers change any user password vulnerability – Cisco Smart Software Manager On-Prem vulnerability (CVE-2024-20419) allows unauthorized users to change any user's password, posing a severe security risk with a maximum CVSS score of 10. https://arstechnica.com/security/2024/07/vulnerability-in-cisco-smart-software-manager-lets-attackers-change-any-user-password/

⚖️ Judge dismisses much of SEC suit against SolarWinds over cybersecurity disclosures security news – U.S. Judge dismissed most SEC claims against SolarWinds related to cybersecurity disclosures regarding the Sunburst attack. The ruling is seen as a victory for industry officials and a setback for SEC in holding executives accountable. https://cyberscoop.com/judge-dismisses-much-of-sec-suit-against-solarwinds-over-cybersecurity-disclosures/

🤒 APT41 Has Arisen From the DUST security research – APT41, in collaboration with Google's TAG, launched a campaign targeting various sectors across multiple countries, using techniques like web shells, backdoors, SQL export, and OneDrive exfiltration. https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust/

🧑‍🏭 CISA publishes resilience-planning playbook for critical infrastructure cyber defense – CISA releases playbook for infrastructure resilience planning, aiming to enhance security and minimize impact of cyberattacks on critical infrastructure. https://statescoop.com/cisa-cybersecurity-resilience-planning-playbook-critical-infrastructure/

🔒 Cisco fixed a critical flaw in Security Email Gateway that could allow attackers to add root users vulnerability – Cisco fixed a critical vulnerability in Secure Email Gateway allowing attackers to add root users and crash SEG appliances. https://securityaffairs.com/165905/uncategorized/cisco-fixed-a-critical-flaw-in-security-email-gateway-that-could-allow-attackers-to-add-root-users.html

🖲️ Attacking Connection Tracking Frameworks as used by Virtual Private Networks security research – Study demonstrates successful attacks on VPN connection tracking frameworks, highlighting vulnerabilities and proposing mitigations for enhanced security and privacy. https://petsymposium.org/popets/2024/popets-2024-0070.pdf


CISA Corner KEV – Adobe, Solarwinds, vmware, OSGeo https://www.cisa.gov/news-events/alerts/2024/07/15/cisa-adds-one-known-exploited-vulnerability-catalog https://www.cisa.gov/news-events/alerts/2024/07/17/cisa-adds-three-known-exploited-vulnerabilities-catalog security updates – Cisco, Ivanti, Oracle https://www.cisa.gov/news-events/alerts/2024/07/18/cisco-releases-security-updates-multiple-products https://www.cisa.gov/news-events/alerts/2024/07/18/ivanti-releases-security-updates-endpoint-manager https://www.cisa.gov/news-events/alerts/2024/07/18/oracle-releases-critical-patch-update-advisory-july-2024 industrial – rockwell, Subnet, Philips, Mitsubishi https://www.cisa.gov/news-events/ics-advisories/icsa-24-198-01 https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-02 https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 https://www.cisa.gov/news-events/ics-advisories/icsa-24-200-01


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🍪 Linksys-Router senden wohl WLAN-Passwörter an US-Server security research – zwei getestete Routermodelle übermitteln wohl sensible Daten an einen Server in den USA. https://www.golem.de/news/im-klartext-linksys-router-senden-wohl-wlan-passwoerter-an-us-server-2407-186894.html

🍏 Apple warns iPhone users in 98 countries of spyware attacks warning – Apple warns iPhone users globally about targeted mercenary spyware attacks, emphasizing privacy and ongoing threat notifications. https://techcrunch.com/2024/07/10/apple-alerts-iphone-users-in-98-countries-to-mercenary-spyware-attacks/

🎓 ‘Serious hacker attack’ forces Frankfurt university to shut down IT systems cyberattack – Frankfurt University of Applied Sciences faces a hacker attack, leading to a total IT system shutdown, impacting services and communication. https://therecord.media/serious-hacker-attack-shutdown-frankfurt

‼️ Scammers double-dip by offering help to recover from scams warning – Scammers target victims of previous scams with fake offers to recover lost money, posing as trusted entities and requesting upfront fees or sensitive information, with the most vulnerable being victims over 65 years old. https://www.theregister.com/2024/07/09/australia_rescam_warning/

🏃‍♂️ Gadgetbridge: Smartwatches/Fitness-Tracker datenschutzfreundlich nutzen – Teil 1 privacy – Gadgetbridge ist eine datenschutzfreundliche Open-Source-App für Android, die es ermöglicht, Smartwatches und Fitness-Tracker unabhängig von den herstellereigenen Apps zu verwenden, um die volle Kontrolle über persönliche Daten zu behalten und lokale Speicherung zu gewährleisten. https://www.kuketz-blog.de/gadgetbridge-smartwatches-fitness-tracker-datenschutzfreundlich-nutzen-teil-1/

🔮 Avast released a decryptor for DoNex Ransomware and its predecessors security news – Avast developed a decryptor for the DoNex ransomware family due to a cryptographic flaw, allowing victims to recover files for free since March 2024. https://securityaffairs.com/165469/malware/donex-ransomware-decryptor.html

🐻 Apple removed 25 VPN apps from the App Store in Russia privacy – Apple removed 25 VPN apps from the Russian App Store due to government requests, part of Russia's control over internet access, leading to bypass difficulty for users. https://securityaffairs.com/165437/hacking/apple-removed-vpn-apps-from-app-store-in-russia.html

🎫 The Ticketmaster Hack Is Becoming a Logistical Nightmare for Fans and Brokers data breach – A hacking group released data allowing the creation of over 38,000 concert tickets, posing a potential logistical nightmare for Ticketmaster, venues, fans, brokers, and resale platforms. The hack can lead to issues such as duplicated tickets for sold seats and legitimate buyers being denied entry. https://www.404media.co/the-ticketmaster-hack-is-becoming-a-logistical-nightmare-for-fans-and-brokers/

🥓 More than 31M email addresses exposed following Neiman Marcus data breach data breach – Neiman Marcus data breach exposed over 31 million customer email addresses, affecting 64,472 individuals with leaked names, addresses, and more sold by threat actors. https://securityaffairs.com/165492/data-breach/neiman-marcus-data-breach-2.html

🤖 US, international authorities seize Russian AI bot farm cybercrime – U.S. authorities seized Russian AI bot farm domains linked to RT, accusing operatives of using Meliorator software to create social media personas and spread disinformation primarily aimed at U.S. politics. https://cyberscoop.com/us-international-authorities-seize-russian-ai-bot-farm/

🪛 Google’s dark web monitoring service will soon be free for all users security news – Google's dark web monitoring service, previously exclusive to Google One subscribers, will be free for all Google account holders starting soon, providing a combined solution to protect online presence. https://www.theverge.com/2024/7/9/24194970/google-one-free-dark-web-monitoring

🕵️ Hacktivists release two gigabytes of Heritage Foundation data data breach – The hacktivist group SiegedSec released two gigabytes of data from the Heritage Foundation in response to their Project 2025 initiative, claiming they wanted to expose supporters of the conservative think tank; however, Heritage denies being hacked, stating the data was from a publicly accessible archive. https://cyberscoop.com/hackvists-release-two-gigabytes-of-heritage-foundation-data/

📰 How disinformation from a Russian AI spam farm ended up on top of Google search results security research – A piece of Russian disinformation about Ukrainian president's wife buying a luxury car spread rapidly online, originating from a fake French website and promoted by pro-Kremlin accounts. https://arstechnica.com/ai/2024/07/how-disinformation-from-a-russian-ai-spam-farm-ended-up-on-top-of-google-search-results/

🦍 Scammers harness AI and deepfakes to sell bogus ‘miracle cures’ on Meta platforms security news – Artificial intelligence and deepfake videos fuel health-related scam campaigns on Meta platforms, promoting fake 'miracle cures' endorsed by celebrities and bogus medical experts, targeting millions of users worldwide, based on research by Bitdefender Labs. https://therecord.media/scammers-harness-ai-deepfakes-medical-bogus

🙊 Spear phishing techniques in mass phishing: a new trend security news – An increasing trend shows elements of spear phishing being incorporated into regular mass phishing campaigns, with sophisticated email design, personalized details, and imitation of HR notifications, showcasing a shift in attackers' techniques and an escalation in decentralized attacks. https://securelist.com/spear-phishing-meets-mass/113125/

🦹 RansomHub Ransomware – What You Need To Know cybercrime – RansomHub, a Ransomware-as-a-Service group, exploits a vulnerability in the email servers and has quickly risen as a significant threat. https://www.tripwire.com/state-of-security/ransomhub-ransomware-what-you-need-know

📱 You can now protect your high-risk Google account with just your phone privacy – Google's Advanced Protection Program now allows high-risk users to enroll using a single phone-based passkey. https://www.theverge.com/2024/7/10/24195306/google-accounts-advanced-protection-passkey-enrollment-support-security-key

📞 AT&T breach leaked call and text records from ‘nearly all’ wireless customers data breach – accessed through a third-party cloud platform. https://www.theverge.com/2024/7/12/24197052/att-data-breach-call-text-records-hack


Some More, For the Curious

🔦 Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough hacking writeup – Shelltorch exposes critical vulnerabilities in PyTorch TorchServe, allowing remote code execution and unauthorized server access. https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server

⚠️ CVE-2024-4577 Exploits in the Wild One Day After Disclosure security research – Exploitation of PHP vulnerability CVE-2024-4577 for remote code execution with malicious PHP code, emphasizing swift patching and monitoring. https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure

🧑‍🦯 CISA broke into a US federal agency, and no one noticed for a full 5 months security news – CISA red team exercise uncovers security flaws at US federal agency, lasting undetected for five months. https://www.theregister.com/2024/07/12/cisa_broke_into_fed_agency/

🌐 Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO security news – NATO faces cyber threats from state-sponsored actors, hacktivists, and cybercriminals, impacting espionage, disruptive attacks, and disinformation campaigns targeting critical infrastructure and political entities. https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-facing-nato/

🦷 Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK security research – Exploring the prioritization of MITRE ATT&CK techniques for detection in Security Operation Centers, Threat Intelligence, and Incident Response. Emphasizing source evaluation, technique relevance, and optimizing detection logic development. https://securelist.com/detection-engineering-backlog-prioritization/113099/

☢️ New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere security news – A new attack named Blast RADIUS exploits the 30-year-old RADIUS protocol due to its continued use of MD5, despite known vulnerabilities, allowing adversaries to gain admin access to various networks; the attack has led to a coordinated response from vendors. https://arstechnica.com/security/2024/07/new-blast-radius-attack-breaks-30-year-old-protocol-used-in-networks-everywhere/

🗞️ Chinese cyber agency accused of 'false and baseless' claims about US interfering in Volt Typhoon research security news – China's cybersecurity agency inaccurately claimed a U.S. threat intelligence company succumbed to U.S. influence, mischaracterizing the company's report on Dark Power ransomware, leading to pushback and accusations of false representation and manipulation from Western organizations. https://therecord.media/china-cyber-agency-claims-us-interference-volt-typhoon-research

📧 Exim vulnerability affecting 1.5M servers lets attackers attach malicious files vulnerability – 1.5 million servers with Exim mail agent are vulnerable to delivering malicious executable attachments due to a critical CVE-2024-39929, prompting urgent updates to address the security issue. https://arstechnica.com/security/2024/07/more-than-1-5-million-email-servers-running-exim-vulnerable-to-critical-attacks/

🪰 Palo Alto Networks fixed a critical bug in the Expedition tool vulnerability – Palo Alto Networks fixed an admin account takeover bug in its Expedition tool and addressed multiple other vulnerabilities impacting its products. https://securityaffairs.com/165641/security/palo-alto-networks-critical-bug-expedition.html

🔍 The president ordered a board to probe a massive Russian cyberattack. It never did. security news – Despite a directive to investigate the SolarWinds attack, the Cyber Safety Review Board did not conduct the investigation, raising concerns about government accountability and cybersecurity oversight. https://arstechnica.com/security/2024/07/the-president-ordered-a-board-to-probe-a-massive-russian-cyberattack-it-never-did/

💰 Wallets tied to CDK ransom group received $25 million two days after attack cybercrime – CDK Global paid over $25 million in ransom following a ransomware attack, with most of the funds going through a complex money laundering process involving multiple exchanges. https://cyberscoop.com/cdk-ransom-blacksuit-25-million/

📅 DDoSecrets Mirrors Wikileaks Data After Assange Plea Deal security news – DDoSecrets mirrored Wikileaks data to preserve transparency and ensure data availability, following Julian Assange's plea deal. https://www.404media.co/ddosecrets-mirrors-wikileaks-data-after-assange-plea-deal/

🏭 Critical infrastructure organizations want CISA to dial back cyber reporting security news – Critical infrastructure organizations request scaled-back cyber reporting to CISA, expressing concerns over definitions, reporting entities resource burden. https://cyberscoop.com/cisa-cyber-reporting-circia-2024/

🏁 Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine security research – JFrog Security Research prevented a potential severe supply chain attack by detecting and reporting a leaked access token compromising Python infrastructure. https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/

7️⃣ The Stark Truth Behind the Resurgence of Russia’s Fin7 cybercrime – The notorious Fin7 cybercrime group reemerges, setting up thousands of malicious sites targeting various brands for phishing attacks. https://krebsonsecurity.com/2024/07/the-stark-truth-behind-the-resurgence-of-russias-fin7/


CISA Corner

🦿 People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action security research – APT40 compromises organization networks via multiple access vectors with enumeration, web shells, and exfiltration of sensitive data, leading to targeted threat actor investigation. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a

🛡️ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability – CISA lists three actively exploited vulnerabilities: Rejetto HTTP File Server flaw, Windows Hyper-V privilege escalation issue, and Windows MSHTML platform spoofing flaw. https://www.cisa.gov/news-events/alerts/2024/07/09/cisa-adds-three-known-exploited-vulnerabilities-catalog

CISA Releases Seven Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2024/07/09/cisa-releases-seven-industrial-control-systems-advisories CISA Releases Twenty-one Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2024/07/11/cisa-releases-twenty-one-industrial-control-systems-advisories Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/07/09/adobe-releases-security-updates-multiple-products Microsoft Releases July 2024 Security Updates https://www.cisa.gov/news-events/alerts/2024/07/09/microsoft-releases-july-2024-security-updates Citrix Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/07/09/citrix-releases-security-updates-multiple-products


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🚨 Hijacked: How hacked YouTube channels spread scams and malware cybercrime – Cybercriminals hijack YouTube channels to spread scams and malware, targeting viewers and content creators. https://www.welivesecurity.com/en/scams/hijacked-hacked-youtube-channels-scams-malware/

🚓 Police allege 'evil twin' in-flight Wi-Fi used to steal info cybercrime – Australian man charged for creating fake in-flight Wi-Fi network to steal credentials; AFP warns against using public Wi-Fi without precautions. https://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/

📹 San Francisco app livestreams local bars to draw more patrons privacy – 2Night app allows livestreaming of SF bars, raising privacy concerns and backlash from patrons and venue owners. https://sfstandard.com/2024/06/29/2night-live-stream-bars-privacy-concerns/

🏥 LockBit claims cyberattack on Croatia’s largest hospital security news – LockBit ransomware gang targets Croatia's largest hospital; patient data compromised, impacting emergency services and hospital operations. https://therecord.media/lockbit-claims-cyberattack-croatia-hospital

⚠️ 3 million iOS and macOS apps were exposed to potent supply-chain attacks vulnerability – Vulnerabilities in CocoaPods server exposed 3 million iOS and macOS apps to code injection attacks for a decade. https://arstechnica.com/?p=2034866

🔑 The End of Passwords? Embrace the Future with Passkeys. security news – Passkeys offer enhanced security and privacy, along with convenience, as a passwordless authentication solution. https://blog.nviso.eu/2024/07/02/the-end-of-passwords-embrace-the-future-with-passkeys/

🕵️ Fiverr Freelancers Offer to Dox Anyone With Powerful U.S. Data Tool security news – Fiverr freelancers offer doxing services with access to data tool TLOxp https://www.404media.co/fiverr-freelancers-offer-to-dox-anyone-with-powerful-u-s-data-tool-tloxp/

📡 UN urges Russia to ‘immediately’ cease interference in European satellites security news – UN condemns Russian satellite interference, calls for immediate cessation of harmful actions affecting European countries' GPS signals and TV programs. https://therecord.media/un-russia-satellite-interference-europe

🪼 Polish government investigates Russia-linked cyberattack on state news agency security news – Suspicion of Russian involvement in cyberattack on Polish state news agency; aimed at spreading disinformation before European Parliament election. https://securityaffairs.com/165139/intelligence/polish-government-investigating-russia-attack.html

🎒 Alabama Department of Education stops ransomware attack but confirms data stolen data breach – Alabama Department of Education halts ransomware attack but confirms data breach, potential exposure of student and employee information. https://therecord.media/alabama-education-department-data-breach

🔍 Google: AI Potentially Breaking Reality Is a Feature Not a Bug security research – Google researchers co-author a paper detailing real harm caused by generative AI misuse, which can distort reality by producing deceptive content without violating terms of service. It highlights the need for collaboration to address this issue. https://www.404media.co/google-ai-potentially-breaking-reality-is-a-feature-not-a-bug/

⛓️ New ransomware group uses phone calls to pressure victims, researchers say cybercrime – New ransomware group Volcano Demon uses phone calls to intimidate victims, threatens to expose data if ransom is not paid. The group employs a double extortion technique and remains a challenge to track. https://therecord.media/ransomware-group-volcano-demon-lukalocker

🔥 Traeger smokes security bugs threatening grillers' hard work vulnerability – Traeger grills vulnerable to high-severity flaw allowing remote attackers to control temperature or shutdown grill; exploitation could ruin cooking. https://www.theregister.com/2024/07/03/traeger_security_bugs/

☘️ OpenAI’s ChatGPT Mac app was storing conversations in plain text security news – OpenAI's ChatGPT Mac app stored conversations in plain text; fixed after demonstration, highlighting a potential privacy concern. https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text

☎️ Twilio alerts Authy two-factor app users that ‘threat actors’ have their phone numbers security news – Twilio alerts Authy users of phone number leak, warns of phishing attacks. Previous breach affects 163 Twilio and 93 Authy accounts, leading to the unauthorized registration of additional devices. https://www.theverge.com/2024/7/3/24191791/twilio-authy-2fa-app-phone-numbers-hack-data-breach

🛣️ Europol says mobile roaming tech is hampering crimefighters security news – Europol is concerned about SMS home routing that hampers criminal investigations due to privacy-enhancing technologies, specifically service-level encryption, enabling suspects to maintain communication privacy within their home network while roaming. https://www.theregister.com/2024/07/05/europol_home_routing_complaint/

🥷 Hackers stole OpenAI secrets in a 2023 security breach security news – OpenAI faced a security breach in 2023, compromising internal discussions but not source code or customer data. Concerns about AI security and possible cyber espionage linked to nation-state actors raised. https://securityaffairs.com/165349/data-breach/openai-2023-security-breach.html


Some More, For the Curious

⛔ Qualys Security Blog security news – Qualys blog faced unauthorized spam content, investigated, no impact on customer data, production environment, or data exfiltration. https://blog.qualys.com/qualys-insights/2024/07/03/qualys-blog

🌠 Like Shooting Phish in a Barrel security research – Article explores techniques to bypass email link crawlers used by security gateways, including parsers, CAPTCHAs, redirects, browser fingerprinting, and ASN blocking. https://posts.specterops.io/like-shooting-phish-in-a-barrel-926c1905bb4b

🤕 Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769 warning – Threat actors exploit CVE-2024-0769 in D-Link DIR-859 routers for information disclosure. GreyNoise observes attackers collecting account details. https://securityaffairs.com/165045/hacking/d-link-dir-859-actively-exploited.html

⚔️ Sanctioned and exposed, Predator spyware maker group has gone awfully quiet security news – The Predator spyware group, Intellexa, shows decreased activity post sanctions. Observers suggest impact on operations, but caution about potential retooling. https://cyberscoop.com/sanctioned-and-exposed-predator-spyware-maker-group-has-gone-awfully-quiet/

🔒 Emergency patches now available for Juniper Networks routers vulnerability – Emergency patches released for Juniper Networks routers to fix critical authentication bypass vulnerability (CVE-2024-2973). Users urged to apply patches promptly. https://www.theregister.com/2024/07/01/emergency_patches_available_for_juniper/

😓 TeamViewer: Hackers copied employee directory data and encrypted passwords data breach – TeamViewer breach linked to Russian government-backed APT29; employee directory data and encrypted passwords stolen. https://therecord.media/teamviewer-cyberattack-employee-directory-encrypted-passwords

🦇 Exposing FakeBat loader: distribution methods and adversary infrastructure security research – Sekoia presents FakeBat loader distribution using malvertising, software impersonation, fake browser updates, and social engineering schemes. https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/

🍳 Vulnerabilities in PanelView Plus devices could lead to remote code execution vulnerability – Microsoft discovered and disclosed RCE and DoS vulnerabilities in Rockwell Automation PanelView Plus devices. https://www.microsoft.com/en-us/security/blog/2024/07/02/vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution/

🥅 Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers security research – Recorded Future used infostealer logs to detect consumers of child sexual abuse material on the dark web, aiding law enforcement. https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers

🫅 “RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux vulnerability – Critical OpenSSH vulnerability CVE-2024-6387 allows remote code execution with root system rights on Linux based on glibc systems, leading to full system compromise. https://arstechnica.com/?p=2035011

🩹 Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform vulnerability – Splunk fixes 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including high-severity flaws like Remote Code Execution. https://securityaffairs.com/165204/security/splunk-enterprise-and-cloud-platform-flaws.html

💔 Secret Network Access Broker x999xx – Krebs on Security cybercrime – Russian hacker x999xx, a known access broker, trades network access, databases, and stolen data; identified. Acknowledges identity when reached by email and denies interest in harming healthcare institutions. Operates freely in Russia. https://krebsonsecurity.com/2024/07/the-not-so-secret-network-access-broker-x999xx/

🗃️ Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692) security research – A remote execution vulnerability in HTTP File Server (HFS) was used to exploit user systems, install malware, and establish malicious backdoors. https://asec.ahnlab.com/en/67650/

🌍 Europol and pals band together in Cobalt Strike disruption security news – Europol conducted a week-long operation named Operation Morpheus, disrupting nearly 600 IP addresses linked to illegal copies of Cobalt Strike. https://www.theregister.com/2024/07/04/europol_cobalt_strike_crackdown/

😸 Kimsuky Group’s New Backdoor Appears (HappyDoor) security research https://asec.ahnlab.com/en/67660/

🤖 New Golang Zergeca Botnet appeared in the threat landscape malware – New Golang-based Zergeca Botnet emerges, capable of DDoS attacks and additional functionalities like scanning and reverse shell. https://securityaffairs.com/165288/cyber-crime/golang-based-zergeca-botnet.html

🥧 Polyfill.io Supply Chain Attack: Censys detected 384,773 hosts still embedding a polyfill JS script linking to the malicious domain security research – Censys identifies hosts still linking to the malicious polyfill.io domain, affecting major platforms and websites. https://securityaffairs.com/165302/hacking/polyfill-io-supply-chain-attack.html

🪶 Apache fixed a source code disclosure flaw in Apache HTTP Server vulnerability – Apache fixed a source code disclosure vulnerability (CVE-2024-39884) in Apache HTTP Server, urging users to upgrade promptly. https://securityaffairs.com/165422/security/apache-source-code-disclosure-flaw-apache-http-server.html


CISA Corner

🏭 CISA Releases Seven Industrial Control Systems Advisories vulnerability – Johnson Controls, mySCADA, ICONICS, Mitsubishi Electric https://www.cisa.gov/news-events/alerts/2024/07/02/cisa-releases-seven-industrial-control-systems-advisories

🛜 Juniper Networks Releases Security Bulletin for Junos OS: SRX Series vulnerability – Juniper Networks issued a security bulletin for Junos OS: SRX Series to fix a vulnerability leading to denial-of-service. https://www.cisa.gov/news-events/alerts/2024/07/02/juniper-networks-releases-security-bulletin-junos-os-srx-series

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog – Cisco NX-OS warning – CISA added a known exploited vulnerability (CVE-2024-20399) to its catalog, emphasizing the risks and need for prompt mitigation. https://www.cisa.gov/news-events/alerts/2024/07/02/cisa-adds-one-known-exploited-vulnerability-catalog


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub