📰wrzlbrmpft's cyberlights💥

cyberlights – week 29/2024

July 21, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

🌍 Data Broker Files: How data brokers sell our location data and jeopardise national security privacy – Data brokers sell German location data, jeopardizing privacy and national security, leading to calls for regulation and concerns about data misuse. https://netzpolitik.org/2024/data-broker-files-how-data-brokers-sell-our-location-data-and-jeopardise-national-security/#netzpolitik-pw

🪪 It's best to just assume you’ve been involved in a data breach somehow privacy – Multiple data breaches in 2024, including AT&T and Snowflake, imply personal data compromise. Recommendations include strong passwords, multi-factor authentication, fraud alerts. https://blog.talosintelligence.com/threat-source-newsletter-july-18-2024/

🔍 Data breach exposes millions of mSpy spyware customers data breach – Data breach at mSpy exposes millions of customers who purchased phone spyware apps over a decade, revealing emails, personal documents, and requests for surveillance without consent by various individuals including U.S. officials. https://techcrunch.com/2024/07/11/mspy-spyware-millions-customers-data-breach/

📱 The FBI says it has ‘gained access’ to the Trump rally shooter’s phone security news – The FBI has accessed the phone of the suspect who shot at a Trump rally without disclosing how, continuing analysis of electronic devices and urging the public for tips. https://www.theverge.com/2024/7/15/24199239/fbi-encryption-phone-trump-shooter-pennsylvania-gained-access

🧔‍♂️ Kaspersky leaves U.S. market following the ban on the sale of its software in the country security news – Kaspersky exits the U.S. market after a ban on its software due to national security risks posed by Russia. The company denies links to the Russian government and will shut down its U.S. operations by September. https://securityaffairs.com/165799/breaking-news/kaspersky-is-leaving-the-u-s-market.html

💰 AT&T ransom laundered through mixers, gambling services cybercrime – AT&T's $370,000 ransom is being laundered through cryptocurrency mixing platforms and gambling services, identified by TRM Labs. Money laundering tactics include using swap services and privacy coins, often employed by cybercriminals to hide the funds' origins. https://therecord.media/att-ransom-laundered-mixers-research

⛑️ Rite Aid says 'limited' cyber incident affected data of 2.2 million people data breach – Rite Aid reports a 'limited' cyber incident after a hacker impersonated an employee accessing purchase-related data. Law enforcement contacted, victims offered identity protection services. https://therecord.media/rite-aid-data-breach-2-million-people

🦠 Private HTS Program Continuously Used in Attacks malware – A threat actor has been distributing malware through the private home trading system (HTS) program named HPlus, replacing the NSIS installer with an MSI format installer and supporting remote assistance with AnyDesk. The malware includes Quasar RAT aimed at stealing personal data. https://asec.ahnlab.com/en/67969/

🪓 HardBit Ransomware – What You Need to Know malware – HardBit ransomware, a ransomware-as-a-service (RaaS), resurfaces with a new version, HardBit 4.0, focused on thwarting security researchers with passphrase protection and improved customization that caters to different criminal operator technical levels. https://www.tripwire.com/state-of-security/hardbit-ransomware-what-you-need-know

💦 Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock security news – Cellebrite struggled to unlock a significant portion of modern iPhones as of April 2024, per leaked documents. https://www.404media.co/leaked-docs-show-what-phones-cellebrite-can-and-cant-unlock/

🏳️‍🌈 LGBTQ+ people in Middle East and North Africa subject to intense digital oppression, research finds privacy – LGBTQ+ individuals face intense digital oppression, with police using dating and social media apps for persecution. Research reveals high levels of violence, forced device searches, and abuse. https://therecord.media/lgbtq-mena-region-digital-harassment

🛜 Mobile internet and social media disrupted in Bangladesh amid student protests security news – Bangladesh orders a nationwide mobile internet shutdown amid violent student protests against a government job quota system. The disruption is linked to social media usage by protesters. https://therecord.media/bangladesh-mobile-internet-social-media-outages-student-protests

🏠 How a little-known tool is sweeping the real estate industry by giving instant access to vast amounts of homebuyer data security news – Forewarn app offers real estate professionals instant access to detailed data about prospective clients for a low fee. Although primarily marketed as a safety tool, it also provides financial and criminal records instantly. However, privacy concerns and potential for misusing the data exist despite its explosive adoption in the real estate industry. https://therecord.media/forewarn-app-real-estate-homebuyer-data

🏥 MediSecure data breach impacted 12.9 million individuals data breach – Australian digital prescription provider MediSecure suffered a ransomware attack exposing personal and health information of 12.9 million individuals. The breach resulted in the theft of 6.5TB of data impacting users between March 2019 and November 2023. https://securityaffairs.com/165932/uncategorized/medisecure-databreach-12-9m-individuals.html

Crowdstrike Corner 🚨 Global Microsoft Meltdown Tied to Bad Crowdstrike Update security news – Crowdstrike update causes global Windows system crashes; airports, hospitals, and businesses affected. Recovery may take time, requiring manual fix per machine. https://krebsonsecurity.com/2024/07/global-microsoft-meltdown-tied-to-bad-crowstrike-update/

🐦‍⬛ What is CrowdStrike, and what happened? security news – CrowdStrike caused a global outage after a faulty update to Windows machines, affecting essential services. The issue came from an update that caused Windows systems to crash. Recovery may take days to weeks. https://www.theverge.com/2024/7/19/24201864/crowdstrike-outage-explained-microsoft-windows-bsod

🛹 Threat actors attempted to capitalize CrowdStrike incident security news – Threat actors exploit CrowdStrike IT outage to distribute Remcos RAT malware in a Latin America-targeted campaign under the disguise of an emergency fix via a ZIP file named 'crowdstrike-hotfix.zip.' CrowdStrike provides IOCs for the malicious campaign. https://securityaffairs.com/165953/uncategorized/threat-actors-capitalize-crowdstrike-incident.html

Some More, For the Curious

➿ CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks security research – CVE-2024-38112 used by Void Banshee to exploit IE vulnerability, leading to Atlantida stealer deployment against Windows users. https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html

🖼️ Fake AWS Packages Ship Command and Control Malware In JPEG Files security research – Fake AWS npm packages hide command and control malware in JPEG images, jeopardizing package installations and highlighting the need for increased vigilance in open source ecosystems. https://blog.phylum.io/fake-aws-packages-ship-command-and-control-malware-in-jpeg-files/

0️⃣ Zero Day Initiative – Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD security news – Gap in coordinated vulnerability disclosure leads to lack of vendor transparency, disputes on severity ratings, and challenges in bug reporting, highlighting the importance of improved communication and accountability within the cybersecurity industry. https://www.thezdi.com/blog/2024/7/15/uncoordinated-vulnerability-disclosure-the-continuing-issues-with-cvd

🥴 Weak Security Defaults Enabled Squarespace Domains Hijacks – Krebs on Security security news – Weak security defaults at Squarespace allowed domain hijacking incidents targeting cryptocurrency businesses, with vulnerabilities arising from the migration process from Google Domains, lack of email verification for new accounts, and limited control over account access and activity. https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/

🃏 Punch Card Hacking – Exploring a Mainframe Attack Vector security research – Article explores using punch card concepts in mainframe hacking for penetration testing, detailing JCL basics, FTP job submission, debugging with spool files, and potential privilege escalation. https://blog.nviso.eu/2024/07/16/punch-card-hacking-exploring-a-mainframe-attack-vector/

👻 ‘GhostEmperor’ returns: Mysterious Chinese hacking group spotted for first time in two years cybercrime – After a two-year hiatus, the sophisticated Chinese hacking group GhostEmperor, known for supply-chain attacks in Southeast Asia, has reappeared, deploying a rootkit to evade detection and carrying out attacks on business partners as seen in a recent incident investigated by cybersecurity company Sygnia. https://therecord.media/ghostemperor-spotted-first-time-in-two-years

🧑‍💼 Vulnerability in Cisco Smart Software Manager lets attackers change any user password vulnerability – Cisco Smart Software Manager On-Prem vulnerability (CVE-2024-20419) allows unauthorized users to change any user's password, posing a severe security risk with a maximum CVSS score of 10. https://arstechnica.com/security/2024/07/vulnerability-in-cisco-smart-software-manager-lets-attackers-change-any-user-password/

⚖️ Judge dismisses much of SEC suit against SolarWinds over cybersecurity disclosures security news – U.S. Judge dismissed most SEC claims against SolarWinds related to cybersecurity disclosures regarding the Sunburst attack. The ruling is seen as a victory for industry officials and a setback for SEC in holding executives accountable. https://cyberscoop.com/judge-dismisses-much-of-sec-suit-against-solarwinds-over-cybersecurity-disclosures/

🤒 APT41 Has Arisen From the DUST security research – APT41, in collaboration with Google's TAG, launched a campaign targeting various sectors across multiple countries, using techniques like web shells, backdoors, SQL export, and OneDrive exfiltration. https://cloud.google.com/blog/topics/threat-intelligence/apt41-arisen-from-dust/

🧑‍🏭 CISA publishes resilience-planning playbook for critical infrastructure cyber defense – CISA releases playbook for infrastructure resilience planning, aiming to enhance security and minimize impact of cyberattacks on critical infrastructure. https://statescoop.com/cisa-cybersecurity-resilience-planning-playbook-critical-infrastructure/

🔒 Cisco fixed a critical flaw in Security Email Gateway that could allow attackers to add root users vulnerability – Cisco fixed a critical vulnerability in Secure Email Gateway allowing attackers to add root users and crash SEG appliances. https://securityaffairs.com/165905/uncategorized/cisco-fixed-a-critical-flaw-in-security-email-gateway-that-could-allow-attackers-to-add-root-users.html

🖲️ Attacking Connection Tracking Frameworks as used by Virtual Private Networks security research – Study demonstrates successful attacks on VPN connection tracking frameworks, highlighting vulnerabilities and proposing mitigations for enhanced security and privacy. https://petsymposium.org/popets/2024/popets-2024-0070.pdf

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 28/2024

July 14, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

🍪 Linksys-Router senden wohl WLAN-Passwörter an US-Server security research – zwei getestete Routermodelle übermitteln wohl sensible Daten an einen Server in den USA. https://www.golem.de/news/im-klartext-linksys-router-senden-wohl-wlan-passwoerter-an-us-server-2407-186894.html

🍏 Apple warns iPhone users in 98 countries of spyware attacks warning – Apple warns iPhone users globally about targeted mercenary spyware attacks, emphasizing privacy and ongoing threat notifications. https://techcrunch.com/2024/07/10/apple-alerts-iphone-users-in-98-countries-to-mercenary-spyware-attacks/

🎓 ‘Serious hacker attack’ forces Frankfurt university to shut down IT systems cyberattack – Frankfurt University of Applied Sciences faces a hacker attack, leading to a total IT system shutdown, impacting services and communication. https://therecord.media/serious-hacker-attack-shutdown-frankfurt

‼️ Scammers double-dip by offering help to recover from scams warning – Scammers target victims of previous scams with fake offers to recover lost money, posing as trusted entities and requesting upfront fees or sensitive information, with the most vulnerable being victims over 65 years old. https://www.theregister.com/2024/07/09/australia_rescam_warning/

🏃‍♂️ Gadgetbridge: Smartwatches/Fitness-Tracker datenschutzfreundlich nutzen – Teil 1 privacy – Gadgetbridge ist eine datenschutzfreundliche Open-Source-App für Android, die es ermöglicht, Smartwatches und Fitness-Tracker unabhängig von den herstellereigenen Apps zu verwenden, um die volle Kontrolle über persönliche Daten zu behalten und lokale Speicherung zu gewährleisten. https://www.kuketz-blog.de/gadgetbridge-smartwatches-fitness-tracker-datenschutzfreundlich-nutzen-teil-1/

🔮 Avast released a decryptor for DoNex Ransomware and its predecessors security news – Avast developed a decryptor for the DoNex ransomware family due to a cryptographic flaw, allowing victims to recover files for free since March 2024. https://securityaffairs.com/165469/malware/donex-ransomware-decryptor.html

🐻 Apple removed 25 VPN apps from the App Store in Russia privacy – Apple removed 25 VPN apps from the Russian App Store due to government requests, part of Russia's control over internet access, leading to bypass difficulty for users. https://securityaffairs.com/165437/hacking/apple-removed-vpn-apps-from-app-store-in-russia.html

🎫 The Ticketmaster Hack Is Becoming a Logistical Nightmare for Fans and Brokers data breach – A hacking group released data allowing the creation of over 38,000 concert tickets, posing a potential logistical nightmare for Ticketmaster, venues, fans, brokers, and resale platforms. The hack can lead to issues such as duplicated tickets for sold seats and legitimate buyers being denied entry. https://www.404media.co/the-ticketmaster-hack-is-becoming-a-logistical-nightmare-for-fans-and-brokers/

🥓 More than 31M email addresses exposed following Neiman Marcus data breach data breach – Neiman Marcus data breach exposed over 31 million customer email addresses, affecting 64,472 individuals with leaked names, addresses, and more sold by threat actors. https://securityaffairs.com/165492/data-breach/neiman-marcus-data-breach-2.html

🤖 US, international authorities seize Russian AI bot farm cybercrime – U.S. authorities seized Russian AI bot farm domains linked to RT, accusing operatives of using Meliorator software to create social media personas and spread disinformation primarily aimed at U.S. politics. https://cyberscoop.com/us-international-authorities-seize-russian-ai-bot-farm/

🪛 Google’s dark web monitoring service will soon be free for all users security news – Google's dark web monitoring service, previously exclusive to Google One subscribers, will be free for all Google account holders starting soon, providing a combined solution to protect online presence. https://www.theverge.com/2024/7/9/24194970/google-one-free-dark-web-monitoring

🕵️ Hacktivists release two gigabytes of Heritage Foundation data data breach – The hacktivist group SiegedSec released two gigabytes of data from the Heritage Foundation in response to their Project 2025 initiative, claiming they wanted to expose supporters of the conservative think tank; however, Heritage denies being hacked, stating the data was from a publicly accessible archive. https://cyberscoop.com/hackvists-release-two-gigabytes-of-heritage-foundation-data/

📰 How disinformation from a Russian AI spam farm ended up on top of Google search results security research – A piece of Russian disinformation about Ukrainian president's wife buying a luxury car spread rapidly online, originating from a fake French website and promoted by pro-Kremlin accounts. https://arstechnica.com/ai/2024/07/how-disinformation-from-a-russian-ai-spam-farm-ended-up-on-top-of-google-search-results/

🦍 Scammers harness AI and deepfakes to sell bogus ‘miracle cures’ on Meta platforms security news – Artificial intelligence and deepfake videos fuel health-related scam campaigns on Meta platforms, promoting fake 'miracle cures' endorsed by celebrities and bogus medical experts, targeting millions of users worldwide, based on research by Bitdefender Labs. https://therecord.media/scammers-harness-ai-deepfakes-medical-bogus

🙊 Spear phishing techniques in mass phishing: a new trend security news – An increasing trend shows elements of spear phishing being incorporated into regular mass phishing campaigns, with sophisticated email design, personalized details, and imitation of HR notifications, showcasing a shift in attackers' techniques and an escalation in decentralized attacks. https://securelist.com/spear-phishing-meets-mass/113125/

🦹 RansomHub Ransomware – What You Need To Know cybercrime – RansomHub, a Ransomware-as-a-Service group, exploits a vulnerability in the email servers and has quickly risen as a significant threat. https://www.tripwire.com/state-of-security/ransomhub-ransomware-what-you-need-know

📱 You can now protect your high-risk Google account with just your phone privacy – Google's Advanced Protection Program now allows high-risk users to enroll using a single phone-based passkey. https://www.theverge.com/2024/7/10/24195306/google-accounts-advanced-protection-passkey-enrollment-support-security-key

📞 AT&T breach leaked call and text records from ‘nearly all’ wireless customers data breach – accessed through a third-party cloud platform. https://www.theverge.com/2024/7/12/24197052/att-data-breach-call-text-records-hack

Some More, For the Curious

🔦 Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough hacking writeup – Shelltorch exposes critical vulnerabilities in PyTorch TorchServe, allowing remote code execution and unauthorized server access. https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server

⚠️ CVE-2024-4577 Exploits in the Wild One Day After Disclosure security research – Exploitation of PHP vulnerability CVE-2024-4577 for remote code execution with malicious PHP code, emphasizing swift patching and monitoring. https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure

🧑‍🦯 CISA broke into a US federal agency, and no one noticed for a full 5 months security news – CISA red team exercise uncovers security flaws at US federal agency, lasting undetected for five months. https://www.theregister.com/2024/07/12/cisa_broke_into_fed_agency/

🌐 Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO security news – NATO faces cyber threats from state-sponsored actors, hacktivists, and cybercriminals, impacting espionage, disruptive attacks, and disinformation campaigns targeting critical infrastructure and political entities. https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-facing-nato/

🦷 Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK security research – Exploring the prioritization of MITRE ATT&CK techniques for detection in Security Operation Centers, Threat Intelligence, and Incident Response. Emphasizing source evaluation, technique relevance, and optimizing detection logic development. https://securelist.com/detection-engineering-backlog-prioritization/113099/

☢️ New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere security news – A new attack named Blast RADIUS exploits the 30-year-old RADIUS protocol due to its continued use of MD5, despite known vulnerabilities, allowing adversaries to gain admin access to various networks; the attack has led to a coordinated response from vendors. https://arstechnica.com/security/2024/07/new-blast-radius-attack-breaks-30-year-old-protocol-used-in-networks-everywhere/

🗞️ Chinese cyber agency accused of 'false and baseless' claims about US interfering in Volt Typhoon research security news – China's cybersecurity agency inaccurately claimed a U.S. threat intelligence company succumbed to U.S. influence, mischaracterizing the company's report on Dark Power ransomware, leading to pushback and accusations of false representation and manipulation from Western organizations. https://therecord.media/china-cyber-agency-claims-us-interference-volt-typhoon-research

📧 Exim vulnerability affecting 1.5M servers lets attackers attach malicious files vulnerability – 1.5 million servers with Exim mail agent are vulnerable to delivering malicious executable attachments due to a critical CVE-2024-39929, prompting urgent updates to address the security issue. https://arstechnica.com/security/2024/07/more-than-1-5-million-email-servers-running-exim-vulnerable-to-critical-attacks/

🪰 Palo Alto Networks fixed a critical bug in the Expedition tool vulnerability – Palo Alto Networks fixed an admin account takeover bug in its Expedition tool and addressed multiple other vulnerabilities impacting its products. https://securityaffairs.com/165641/security/palo-alto-networks-critical-bug-expedition.html

🔍 The president ordered a board to probe a massive Russian cyberattack. It never did. security news – Despite a directive to investigate the SolarWinds attack, the Cyber Safety Review Board did not conduct the investigation, raising concerns about government accountability and cybersecurity oversight. https://arstechnica.com/security/2024/07/the-president-ordered-a-board-to-probe-a-massive-russian-cyberattack-it-never-did/

💰 Wallets tied to CDK ransom group received $25 million two days after attack cybercrime – CDK Global paid over $25 million in ransom following a ransomware attack, with most of the funds going through a complex money laundering process involving multiple exchanges. https://cyberscoop.com/cdk-ransom-blacksuit-25-million/

📅 DDoSecrets Mirrors Wikileaks Data After Assange Plea Deal security news – DDoSecrets mirrored Wikileaks data to preserve transparency and ensure data availability, following Julian Assange's plea deal. https://www.404media.co/ddosecrets-mirrors-wikileaks-data-after-assange-plea-deal/

🏭 Critical infrastructure organizations want CISA to dial back cyber reporting security news – Critical infrastructure organizations request scaled-back cyber reporting to CISA, expressing concerns over definitions, reporting entities resource burden. https://cyberscoop.com/cisa-cyber-reporting-circia-2024/

🏁 Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine security research – JFrog Security Research prevented a potential severe supply chain attack by detecting and reporting a leaked access token compromising Python infrastructure. https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/

7️⃣ The Stark Truth Behind the Resurgence of Russia’s Fin7 cybercrime – The notorious Fin7 cybercrime group reemerges, setting up thousands of malicious sites targeting various brands for phishing attacks. https://krebsonsecurity.com/2024/07/the-stark-truth-behind-the-resurgence-of-russias-fin7/

CISA Corner

🦿 People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action security research – APT40 compromises organization networks via multiple access vectors with enumeration, web shells, and exfiltration of sensitive data, leading to targeted threat actor investigation. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a

🛡️ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability – CISA lists three actively exploited vulnerabilities: Rejetto HTTP File Server flaw, Windows Hyper-V privilege escalation issue, and Windows MSHTML platform spoofing flaw. https://www.cisa.gov/news-events/alerts/2024/07/09/cisa-adds-three-known-exploited-vulnerabilities-catalog

CISA Releases Seven Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2024/07/09/cisa-releases-seven-industrial-control-systems-advisories CISA Releases Twenty-one Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2024/07/11/cisa-releases-twenty-one-industrial-control-systems-advisories Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/07/09/adobe-releases-security-updates-multiple-products Microsoft Releases July 2024 Security Updates https://www.cisa.gov/news-events/alerts/2024/07/09/microsoft-releases-july-2024-security-updates Citrix Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/07/09/citrix-releases-security-updates-multiple-products

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 27/2024

July 7, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

🚨 Hijacked: How hacked YouTube channels spread scams and malware cybercrime – Cybercriminals hijack YouTube channels to spread scams and malware, targeting viewers and content creators. https://www.welivesecurity.com/en/scams/hijacked-hacked-youtube-channels-scams-malware/

🚓 Police allege 'evil twin' in-flight Wi-Fi used to steal info cybercrime – Australian man charged for creating fake in-flight Wi-Fi network to steal credentials; AFP warns against using public Wi-Fi without precautions. https://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/

📹 San Francisco app livestreams local bars to draw more patrons privacy – 2Night app allows livestreaming of SF bars, raising privacy concerns and backlash from patrons and venue owners. https://sfstandard.com/2024/06/29/2night-live-stream-bars-privacy-concerns/

🏥 LockBit claims cyberattack on Croatia’s largest hospital security news – LockBit ransomware gang targets Croatia's largest hospital; patient data compromised, impacting emergency services and hospital operations. https://therecord.media/lockbit-claims-cyberattack-croatia-hospital

⚠️ 3 million iOS and macOS apps were exposed to potent supply-chain attacks vulnerability – Vulnerabilities in CocoaPods server exposed 3 million iOS and macOS apps to code injection attacks for a decade. https://arstechnica.com/?p=2034866

🔑 The End of Passwords? Embrace the Future with Passkeys. security news – Passkeys offer enhanced security and privacy, along with convenience, as a passwordless authentication solution. https://blog.nviso.eu/2024/07/02/the-end-of-passwords-embrace-the-future-with-passkeys/

🕵️ Fiverr Freelancers Offer to Dox Anyone With Powerful U.S. Data Tool security news – Fiverr freelancers offer doxing services with access to data tool TLOxp https://www.404media.co/fiverr-freelancers-offer-to-dox-anyone-with-powerful-u-s-data-tool-tloxp/

📡 UN urges Russia to ‘immediately’ cease interference in European satellites security news – UN condemns Russian satellite interference, calls for immediate cessation of harmful actions affecting European countries' GPS signals and TV programs. https://therecord.media/un-russia-satellite-interference-europe

🪼 Polish government investigates Russia-linked cyberattack on state news agency security news – Suspicion of Russian involvement in cyberattack on Polish state news agency; aimed at spreading disinformation before European Parliament election. https://securityaffairs.com/165139/intelligence/polish-government-investigating-russia-attack.html

🎒 Alabama Department of Education stops ransomware attack but confirms data stolen data breach – Alabama Department of Education halts ransomware attack but confirms data breach, potential exposure of student and employee information. https://therecord.media/alabama-education-department-data-breach

🔍 Google: AI Potentially Breaking Reality Is a Feature Not a Bug security research – Google researchers co-author a paper detailing real harm caused by generative AI misuse, which can distort reality by producing deceptive content without violating terms of service. It highlights the need for collaboration to address this issue. https://www.404media.co/google-ai-potentially-breaking-reality-is-a-feature-not-a-bug/

⛓️ New ransomware group uses phone calls to pressure victims, researchers say cybercrime – New ransomware group Volcano Demon uses phone calls to intimidate victims, threatens to expose data if ransom is not paid. The group employs a double extortion technique and remains a challenge to track. https://therecord.media/ransomware-group-volcano-demon-lukalocker

🔥 Traeger smokes security bugs threatening grillers' hard work vulnerability – Traeger grills vulnerable to high-severity flaw allowing remote attackers to control temperature or shutdown grill; exploitation could ruin cooking. https://www.theregister.com/2024/07/03/traeger_security_bugs/

☘️ OpenAI’s ChatGPT Mac app was storing conversations in plain text security news – OpenAI's ChatGPT Mac app stored conversations in plain text; fixed after demonstration, highlighting a potential privacy concern. https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text

☎️ Twilio alerts Authy two-factor app users that ‘threat actors’ have their phone numbers security news – Twilio alerts Authy users of phone number leak, warns of phishing attacks. Previous breach affects 163 Twilio and 93 Authy accounts, leading to the unauthorized registration of additional devices. https://www.theverge.com/2024/7/3/24191791/twilio-authy-2fa-app-phone-numbers-hack-data-breach

🛣️ Europol says mobile roaming tech is hampering crimefighters security news – Europol is concerned about SMS home routing that hampers criminal investigations due to privacy-enhancing technologies, specifically service-level encryption, enabling suspects to maintain communication privacy within their home network while roaming. https://www.theregister.com/2024/07/05/europol_home_routing_complaint/

🥷 Hackers stole OpenAI secrets in a 2023 security breach security news – OpenAI faced a security breach in 2023, compromising internal discussions but not source code or customer data. Concerns about AI security and possible cyber espionage linked to nation-state actors raised. https://securityaffairs.com/165349/data-breach/openai-2023-security-breach.html

Some More, For the Curious

⛔ Qualys Security Blog security news – Qualys blog faced unauthorized spam content, investigated, no impact on customer data, production environment, or data exfiltration. https://blog.qualys.com/qualys-insights/2024/07/03/qualys-blog

🌠 Like Shooting Phish in a Barrel security research – Article explores techniques to bypass email link crawlers used by security gateways, including parsers, CAPTCHAs, redirects, browser fingerprinting, and ASN blocking. https://posts.specterops.io/like-shooting-phish-in-a-barrel-926c1905bb4b

🤕 Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769 warning – Threat actors exploit CVE-2024-0769 in D-Link DIR-859 routers for information disclosure. GreyNoise observes attackers collecting account details. https://securityaffairs.com/165045/hacking/d-link-dir-859-actively-exploited.html

⚔️ Sanctioned and exposed, Predator spyware maker group has gone awfully quiet security news – The Predator spyware group, Intellexa, shows decreased activity post sanctions. Observers suggest impact on operations, but caution about potential retooling. https://cyberscoop.com/sanctioned-and-exposed-predator-spyware-maker-group-has-gone-awfully-quiet/

🔒 Emergency patches now available for Juniper Networks routers vulnerability – Emergency patches released for Juniper Networks routers to fix critical authentication bypass vulnerability (CVE-2024-2973). Users urged to apply patches promptly. https://www.theregister.com/2024/07/01/emergency_patches_available_for_juniper/

😓 TeamViewer: Hackers copied employee directory data and encrypted passwords data breach – TeamViewer breach linked to Russian government-backed APT29; employee directory data and encrypted passwords stolen. https://therecord.media/teamviewer-cyberattack-employee-directory-encrypted-passwords

🦇 Exposing FakeBat loader: distribution methods and adversary infrastructure security research – Sekoia presents FakeBat loader distribution using malvertising, software impersonation, fake browser updates, and social engineering schemes. https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/

🍳 Vulnerabilities in PanelView Plus devices could lead to remote code execution vulnerability – Microsoft discovered and disclosed RCE and DoS vulnerabilities in Rockwell Automation PanelView Plus devices. https://www.microsoft.com/en-us/security/blog/2024/07/02/vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution/

🥅 Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers security research – Recorded Future used infostealer logs to detect consumers of child sexual abuse material on the dark web, aiding law enforcement. https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers

🫅 “RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux vulnerability – Critical OpenSSH vulnerability CVE-2024-6387 allows remote code execution with root system rights on Linux based on glibc systems, leading to full system compromise. https://arstechnica.com/?p=2035011

🩹 Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform vulnerability – Splunk fixes 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including high-severity flaws like Remote Code Execution. https://securityaffairs.com/165204/security/splunk-enterprise-and-cloud-platform-flaws.html

💔 Secret Network Access Broker x999xx – Krebs on Security cybercrime – Russian hacker x999xx, a known access broker, trades network access, databases, and stolen data; identified. Acknowledges identity when reached by email and denies interest in harming healthcare institutions. Operates freely in Russia. https://krebsonsecurity.com/2024/07/the-not-so-secret-network-access-broker-x999xx/

🗃️ Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692) security research – A remote execution vulnerability in HTTP File Server (HFS) was used to exploit user systems, install malware, and establish malicious backdoors. https://asec.ahnlab.com/en/67650/

🌍 Europol and pals band together in Cobalt Strike disruption security news – Europol conducted a week-long operation named Operation Morpheus, disrupting nearly 600 IP addresses linked to illegal copies of Cobalt Strike. https://www.theregister.com/2024/07/04/europol_cobalt_strike_crackdown/

😸 Kimsuky Group’s New Backdoor Appears (HappyDoor) security research https://asec.ahnlab.com/en/67660/

🤖 New Golang Zergeca Botnet appeared in the threat landscape malware – New Golang-based Zergeca Botnet emerges, capable of DDoS attacks and additional functionalities like scanning and reverse shell. https://securityaffairs.com/165288/cyber-crime/golang-based-zergeca-botnet.html

🥧 Polyfill.io Supply Chain Attack: Censys detected 384,773 hosts still embedding a polyfill JS script linking to the malicious domain security research – Censys identifies hosts still linking to the malicious polyfill.io domain, affecting major platforms and websites. https://securityaffairs.com/165302/hacking/polyfill-io-supply-chain-attack.html

🪶 Apache fixed a source code disclosure flaw in Apache HTTP Server vulnerability – Apache fixed a source code disclosure vulnerability (CVE-2024-39884) in Apache HTTP Server, urging users to upgrade promptly. https://securityaffairs.com/165422/security/apache-source-code-disclosure-flaw-apache-http-server.html

CISA Corner

🏭 CISA Releases Seven Industrial Control Systems Advisories vulnerability – Johnson Controls, mySCADA, ICONICS, Mitsubishi Electric https://www.cisa.gov/news-events/alerts/2024/07/02/cisa-releases-seven-industrial-control-systems-advisories

🛜 Juniper Networks Releases Security Bulletin for Junos OS: SRX Series vulnerability – Juniper Networks issued a security bulletin for Junos OS: SRX Series to fix a vulnerability leading to denial-of-service. https://www.cisa.gov/news-events/alerts/2024/07/02/juniper-networks-releases-security-bulletin-junos-os-srx-series

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog – Cisco NX-OS warning – CISA added a known exploited vulnerability (CVE-2024-20399) to its catalog, emphasizing the risks and need for prompt mitigation. https://www.cisa.gov/news-events/alerts/2024/07/02/cisa-adds-one-known-exploited-vulnerability-catalog

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 26/2024

June 30, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

Highlights

🔒 Brauchst du wirklich ein VPN? privacy – Share article on privacy with friends via social media. https://www.kuketz-blog.de/brauchst-du-wirklich-ein-vpn/

💔 Europe and Australia will both not break encryption! We’ve interviewed Patrick Breyer – the guy who coined the term Chat Control. privacy – Germany and Australia push back against encryption legislation. https://tuta.com/blog/interview-patrick-breyer-on-chat-control

⚠️ Angriffen gegen österreichische Unternehmen und Organisationen Published warning – DDoS-Angriffe gegen österreichische Unternehmen und Organisationen. https://www.cert.at/de/aktuelles/2024/6/akute-welle-an-ddos-angriffen-gegen-osterreichische-unternehmen-und-organisationen

News For All

🎵 Music industry giants allege mass copyright violation by AI firms security news – Music labels sue AI firms for copyright infringement in training data. https://arstechnica.com/?p=2033128

⛔ Watchlist Internet – Falscher Ryanair-Support auf X warning – Scamming customers by requesting passenger details for further checks, apologizing for inconvenience. https://www.watchlist-internet.at/news/falscher-ryanair-support-auf-x/

🚨 French police shut down chat website reviled as 'den of predators' cybercrime – shut down chat website Coco for serious crimes. https://therecord.media/coco-website-takedown-cybercrime-france

🐝 The inside view of spyware’s 'dirty interference,' from two recent Pegasus victims cybercrime – Activists and journalists targeted by Pegasus spyware face privacy violations and assert their determination. https://therecord.media/pegasus-spyware-victims-sannikov-erlikh

👁️ Tagesschaukommentar zur Chatkontrolle: Empörte Ahnungslosigkeit privacy – Criticism towards public coverage of the chat monitoring proposal. https://www.kuketz-blog.de/tagesschaukommentar-zur-chatkontrolle-empoerte-ahnungslosigkeit/

🔞 Lawsuit Claims Microsoft Tracked Sex Toy Shoppers With 'Recording in Real Time' Software privacy – Microsoft accused of tracking sex toy shoppers without consent. https://www.404media.co/lawsuit-claims-microsoft-tracked-sex-toy-shoppers-with-recording-in-real-time-software/

💰 Predators steal additional $10M from crypto scam victims cybercrime – Crypto scammers pose as lawyers to defraud victims out of $10 million in a year, taking advantage of the vulnerable to extract further payments. https://www.theregister.com/2024/06/25/predators_steal_additional_10m/

🖲️ Organized crime and domestic violence perps buy trackers security research – Australian study reveals top tracker purchasers linked to organized crime and domestic violence, using devices to facilitate acts like murder, kidnapping, and drug theft. https://www.theregister.com/2024/06/26/criminals_use_gps_bluetooth_trackers/

🦠 If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately malware – Malicious code injected via Polyfill.io https://www.theregister.com/2024/06/25/polyfillio_china_crisis/

🔓 ID Verification Service for TikTok, Uber, X Exposed Driver Licenses data breach – AU10TIX, an ID verification service for TikTok, Uber, and X users, exposed administrative credentials online, risking access to users' sensitive data like driver's licenses. https://www.404media.co/id-verification-service-for-tiktok-uber-x-exposed-driver-licenses-au10tix/

💸 US boosts reward for info on 'Missing Cryptoqueen' Ruja Ignatova to $5 million cybercrime – The US offers $5 million reward for information leading to the arrest of fugitive cryptocurrency fraudster Ruja Ignatova, indicted for alleged role in defrauding victims of over $4 billion in the OneCoin scam and missing since 2017. https://therecord.media/ruja-ignatova-onecoin-cryptoqueen-us-5million-reward

⚖️ Julian Assange pleads guilty, leaves courtroom a free man security news – Julian Assange pleads guilty to one charge, receives a 62-month sentence which he has already served, leaving him free, following a plea deal, long-standing legal battles, and high-profile leaks through WikiLeaks, including the 'Collateral Murder' video. https://www.theregister.com/2024/06/26/assange_pleads_guilty_sentenced_freed/

📚 Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins malware https://www.wordfence.com/blog/2024/06/supply-chain-attack-on-wordpress-org-plugins-leads-to-5-maliciously-compromised-wordpress-plugins/

💻 How to manage deleted files on iOS, iPadOS, and macOS cyber defense – To manage and permanently delete files on iOS, iPadOS, and macOS, ensure files are deleted across iCloud sync. Check sync status, sync apps, and activate sync on Apple devices. https://www.theverge.com/24188104/ios-icloud-iphone-mac-delete-files

Some More, For the Curious

⛑️ New cyberthreat research for SMB in 2024 security research – Small Medium Business' face rising cyberthreats requiring multifaceted cybersecurity measures. https://securelist.com/smb-threat-report-2024/113010/

💫 CISA confirms hackers may have accessed data from chemical facilities during January incident security news – CISA confirms potential data access from cyberattack on chemical facilities. https://therecord.media/cisa-confirms-hackers-chemical-facilities

⚔️ Troy Hunt – The State of Data Breaches data breach – Challenges in disclosing breaches and notifying victims; bugbears with breach notifications. https://www.troyhunt.com/the-state-of-data-breaches/

🤪 I am Goot (Loader) security research – Cybereason investigates GootLoader malware, part of GootKit family, utilized by UNC2565 for post-exploitation. GootLoader leverages SEO for infection, targets victims with legal document masquerade, believed to be associated with financial incentives. https://www.cybereason.com/blog/i-am-goot-loader

📊 Taking an Evidence-Based Approach to Vulnerability Prioritization security research – VulnCheck's blog emphasizes the importance of prioritizing vulnerabilities based on exploit evidence, recommending Known Exploited Vulnerabilities (KEV), weaponized vulnerabilities, and Proof of Concept (POC) exploit codes as top priorities, alongside additional considerations such as ransomware usage, botnet exploitation, and threat actors' activities. https://vulncheck.com/blog/vulnerability-prioritization

☃️ Snowflake isn’t an outlier, it’s the canary in the coal mine security news – Recent attacks on Snowflake were a result of stolen credentials originating from infostealers, highlighting an industry-wide shift towards identity-focused threats; extensive use of credentials from phishing, infostealers and insider threats; the importance of protecting data with MFA; emphasis on rapid response to infostealer infections, password resets, and secure credential storage. https://blog.talosintelligence.com/infostealer-landscape-facilitates-breaches/

👹 Global Revival of Hacktivism Requires Increased Vigilance from Defenders security news – Mandiant observes a resurgence in hacktivism involving complex tactics, including intrusion, information operations, and physical world tampering. https://cloud.google.com/blog/topics/threat-intelligence/global-revival-of-hacktivism/

👃 LockBit group falsely claimed the hack of the Federal Reserve ransomware – The LockBit ransomware group falsely claimed to have hacked the US Federal Reserve when in fact the victim was Evolve Bank & Trust. Media outlets reported that the Federal Reserve had previously penalized the bank for deficiencies in risk management, anti-money laundering, and compliance practices. https://securityaffairs.com/164988/cyber-crime/lockbit-has-not-hacked-federal-reserve.html

🪟 TeamViewer responds to security 'irregularity' in IT network security news – TeamViewer detected a security 'irregularity' in its corporate IT environment, prompting an immediate investigation and implementation of remediation measures. The company downplays the incident, asserting that the product environment and customer data remain unaffected. https://www.theregister.com/2024/06/28/teamviewer_network_breach/

🎑 Sustaining Digital Certificate Security – Entrust Certificate Distrust security news – Chrome to distrust some Entrust certificates due to compliance failures. https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html

🧋 TeamViewer says Russia broke into its corp IT network security news – Russian cyber-spies breached TeamViewer's corporate IT network, contained to non-production systems, no customer data accessed. https://www.theregister.com/2024/06/28/teamviewer_russia/

🏎️ Supply-chain ransomware attack cripples thousands of car dealerships cybercrime – A ransomware attack by the BlackSuit gang targeted CDK Global, a platform widely used by car dealerships, leading to system shutdowns and disruptions in business operations. https://www.exponential-e.com/blog/supply-chain-ransomware-attack-cripples-thousands-of-car-dealerships

🩻 Mitigating Skeleton Key, a new type of generative AI jailbreak technique security research – Skeleton Key, a new type of generative AI jailbreak technique called Explicit: forced instruction-following, bypasses guardrails in AI models, enabling the production of harmful content. Microsoft discovered and mitigated this vulnerability with Prompt Shields. https://www.microsoft.com/en-us/security/blog/2024/06/26/mitigating-skeleton-key-a-new-type-of-generative-ai-jailbreak-technique/

❄️ Russia's Midnight Blizzard stole email of more Microsoft customers security news – Microsoft warns more customers of email theft by Russia-linked Midnight Blizzard hacking campaign. Incident response team reaching out to customer administrators to provide a secure portal to view stolen emails from the cyberespionage group. https://securityaffairs.com/165038/hacking/midnight-blizzard-email-microsoft-customers.html

🔍 Google will address Android’s Find My Device network issues ‘over the coming weeks’ security news – Google addressing issues with Android's Find My Device network. https://www.theverge.com/2024/6/26/24186381/google-find-my-device-tracking-pixel-android

CISA Corner

🔐 CISA Releases Two Industrial Control Systems Advisories security news https://www.cisa.gov/news-events/alerts/2024/06/25/cisa-releases-two-industrial-control-systems-advisories 🔒 CISA Adds Three Known Exploited Vulnerabilities to Catalog security news https://www.cisa.gov/news-events/alerts/2024/06/26/cisa-adds-three-known-exploited-vulnerabilities-catalog

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 25/2024

June 23, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

💌 Security bug allows anyone to spoof Microsoft employee emails vulnerability – Bug allows MS employee email spoofing, not yet patched. https://techcrunch.com/2024/06/18/security-bug-allows-anyone-to-spoof-microsoft-employee-emails/?guccounter=1

💳 First million breached Ticketmaster records released for free data breach – Ticketmaster breached records leaked, potential for phishing attacks. https://www.malwarebytes.com/blog/news/2024/06/first-million-breached-ticketmaster-records-released-for-free

🗨️ Signal president Meredith Whittaker criticizes EU attempts to tackle child abuse material privacy – Signal Foundation president criticizes EU proposal. https://therecord.media/european-council-e2ee-proposal-signal-whittaker-criticism

⚖️ Signal, MEPs urge EU Council to drop encryption-eroding law security news – EU Council set to vote on law aiming to fight child exploitation online by requiring client-side scanning of digital communication to prevent dissemination of unlawful content, jeopardizing encryption. Signal and MEPs strongly advocate against the proposal, highlighting privacy and security risks. https://www.theregister.com/2024/06/18/signal_eu_upload_moderation/

🦥 Federal contractors pay multimillion-dollar settlements over cybersecurity lapses security news – Federal contractors fined for cybersecurity failures during NY program. https://therecord.media/federal-contractors-pay-multimillion-settlement

🖼️ AI Images in Google Search Results Have Opened a Portal to Hell privacy – Google Search results show AI-generated images without indication of origin. https://www.404media.co/google-image-search-ai-results-have-opened-a-portal-to-hell/

🪬 Proton is taking its privacy-first apps to a nonprofit foundation model privacy – Proton transitions to nonprofit foundation model with emphasis on privacy. https://arstechnica.com/gadgets/2024/06/proton-is-taking-its-privacy-first-apps-to-a-nonprofit-foundation-model/

💸 The Financial Dynamics Behind Ransomware Attacks cybercrime – Ransomware attacks evolve with financial incentives using cryptocurrency for anonymity. https://securityaffairs.com/164636/cyber-crime/financial-dynamics-ransomware-attacks.html

🤹 How are attackers trying to bypass MFA? security news – Increased incidents related to MFA bypass attempts, including push notifications and social engineering tactics. https://blog.talosintelligence.com/how-are-attackers-trying-to-bypass-mfa/

🔑 How quickly can attackers guess your password? security research – Study reveals most passwords can be cracked in less than an hour. https://securelist.com/passworde-brute-force-time/112984/

⌛ Meta delays training its AI using public content shared by EU users privacy – Meta postpones training its large language models with public content from adult users in the EU due to a request from the Irish Data Protection Commission, highlighting disappointment over the decision and emphasizing the need to bring the benefits of AI to people in Europe. https://securityaffairs.com/164652/laws-and-regulations/meta-postponing-training-llm-eu-data.html

🚗 Car dealerships hit with massive computer system outage cybercrime – CDK Global cyberattack disrupts car dealerships in North America. https://www.theverge.com/2024/6/20/24182484/car-dealerships-massive-computer-system-outage-cdk-global

🚅 Amtrak forces password changes after user account break-ins security news – Amtrak's Guest Rewards program faces a security breach due to credential stuffing, prompting mandatory multi-factor authentication and password resets for affected users. https://www.theregister.com/2024/06/19/amtrak_has_had_another_breach/

💛 Google Chrome 126 update addresses multiple vulnerabilities security news – high-severity vulnerabilities reported by security researchers at a hacking competition, including type confusion and memory access issues. https://securityaffairs.com/164688/security/google-chrome-126-update.html

😵 Qilin Ransomware: What You Need To Know cybercrime – Qilin, a ransomware-as-a-service operation with Russian links, demands high ransoms; targeted London hospitals sparked attention. https://www.tripwire.com/state-of-security/qilin-ransomware-what-you-need-know

⛔ Biden administration bans sale of Kaspersky software in US security news – The Biden administration bans Kaspersky Labs from selling software in the USA due to concerns about ties to the Russian government and potential exploitation in cyberoperations. https://cyberscoop.com/biden-administration-bans-sale-of-kaspersky-software-in-us/

🐦‍⬛ Australian regulator blames lack of multi-factor authentication for Medibank hack security news https://therecord.media/medibank-hack-australian-government-report-mfa

Some More, For the Curious

🕵️ TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution security research – TikTag exploits ARM's ME for data exposure through speculation. https://arxiv.org/abs/2406.08719

🐮 Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages vulnerability – Mailcow code vulnerabilities lead to remote code execution. https://www.sonarsource.com/blog/remote-code-execution-in-mailcow-always-sanitize-error-messages/

💻 Road to redemption: GhostSec's hacktivists went to the dark side. Now they want to come back security news – GhostSec shifts from hacktivism to cybercrime with ransomware attacks and claims to shift back. https://therecord.media/ghostsec-hacktivism-cybercrime-interview-click-here-podcast

🧃 Multiple vulnerabilities resolved in Juniper Secure Analytics in 7.5.0 UP8 IF03 vulnerability https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03

🪧 Schneier on Security – Rethinking Democracy for the Age of AI security opinion – Bruce Schneier discusses rethinking governance systems for the age of AI, pointing out the need for new systems that align incentives and resist hacking, addressing issues like misinformation, misaligned incentives, and inadequate governance structures. https://www.schneier.com/blog/archives/2024/06/rethinking-democracy-for-the-age-of-ai.html

🍩 NHS boss says Scottish trust didn't meet attackers' demands data breach – NHS Dumfries and Galloway's CEO informs residents of a cyberattack where data was stolen but not altered; the criminals published the data. https://www.theregister.com/2024/06/18/nhs_dumfries_and_galloway_letter/

🩹 VMware fixed RCE and privilege escalation bugs in vCenter Server security news – VMware patched vCenter Server vulnerabilities allowing remote code execution and privilege escalation, impacting multiple versions. https://securityaffairs.com/164659/hacking/vmware-fixed-vcenter-server-flaws.html

🪼 AMD is investigating claims of stolen company data security news – AMD is investigating allegations of stolen company data, including future product information, being offered for sale by a threat actor known as IntelBroker. https://www.theverge.com/2024/6/18/24181406/amd-investigating-claims-stolen-company-data-sale-intelbroker

🚨 Qilin has ‘no regrets’ over the healthcare crisis it caused security news – The ransomware gang Qilin, responsible for a deliberate and politically motivated attack on London hospitals to leverage against political elites of specific countries, demanded a $50 million ransom. They claim to have stolen over one terabyte of data to be leaked, potentially causing a healthcare crisis in the UK capital. https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/

🔐 High severity bugs in Confluence vulnerability – Atlassian fixed nine high-severity vulnerabilities in Confluence, Jira, and Crucible products, including improper authorization flaws and SSRF issues. https://securityaffairs.com/164743/security/atlassian-confluence-crucible-jira-flaws.html

⚡ UK's largest nuclear site denies being hacked but pleads guilty over cybersecurity failures cybercrime – Sellafield nuclear site in UK faces charges related to cybersecurity failings under Nuclear Industries Security Regulations 2003. https://therecord.media/sellafield-guilty-plea-uk-nuclear-facility-cybersecurity

🔍 SCCM Exploitation: Evading Defenses and Moving Laterally with SCCM Application Deployment security research – SCCM exploitation risks and attacks explained. https://www.guidepointsecurity.com/blog/sccm-exploitation-evading-defenses-and-moving-laterally-with-sccm-application-deployment/

🐥 A Bird’s-eye view: ShareFinder-How Threat Actors Discover File Shares (The DFIR Report) security research – Attackers exploit file shares, Canaries detect malicious activity. https://blog.thinkst.com/2024/06/a-birds-eye-view-sharefinder-how-threat-actors-discover-file-shares-the-dfir-report.html

🐴 Polish investigators seize Pegasus spyware systems as part of probe into alleged abuse security news – investigations ongoing regarding the legality and purchase of the software, which allegedly targeted opposition politicians in Poland. https://therecord.media/poland-seizure-pegasus-spyware-systems

🦟 Phoenix UEFI bug affects long list of Intel chip families vulnerability – A UEFI firmware vulnerability, CVE-2024-0762, affecting Phoenix Technologies UEFI firmware used across various Intel chip families poses threats such as buffer overflow and code execution. https://www.theregister.com/2024/06/21/uefi_vulnerability_intel_chips/

🛡️ Threat actors exploited SolarWinds Serv-U vulnerability vulnerability – CVE-2024-28995, a directory traversal issue allowing access to sensitive files; GreyNoise reports extensive attempts following public disclosure and availability of proof-of-concept code. https://securityaffairs.com/164806/hacking/solarwinds-serv-u-cve-2024-28995-exploit.html

CISA Corner

🦮 CISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs) security news – CISA shared a detailed report on challenges to SSO adoption by SMBs and suggested ways to enhance security. https://www.cisa.gov/news-events/alerts/2024/06/20/cisa-releases-guidance-single-sign-sso-adoption-small-and-medium-sized-businesses-smbs

🦮 CISA and Partners Release Guidance for Modern Approaches to Network Access Security security news – advocate for modern security solutions like Zero Trust, SSE, and SASE for improved network access security. https://www.cisa.gov/news-events/alerts/2024/06/18/cisa-and-partners-release-guidance-modern-approaches-network-access-security

🔒 RAD Data Communications SecFlow-2 vulnerability – RAD Data Communications' SecFlow-2 device is vulnerable to path traversal, allowing attackers to retrieve files from the operating system remotely. https://www.cisa.gov/news-events/ics-advisories/icsa-24-170-01

🔒 CISA Releases Three Industrial Control Systems Advisories security news – security issues affecting Yokogawa CENTUM, CAREL Boss-Mini, and Westermo L210-F2G. https://www.cisa.gov/news-events/alerts/2024/06/20/cisa-releases-three-industrial-control-systems-advisories

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 24/2024

June 16, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

Highlight

📢 Android: Werbung/Tracker schnell und einfach systemweit loswerden privacy https://www.kuketz-blog.de/android-werbung-tracker-schnell-und-einfach-systemweit-loswerden/

News For All

⚕️ Microsoft, Google pledge 'low cost' cybersecurity services to rural hospitals security news – Microsoft and Google, in collaboration with the White House, are offering reduced-price cybersecurity services to rural hospitals to address the rising cyber threat in the healthcare sector. https://therecord.media/microsoft-google-rural-hospital-cybersecurity

🗳️ AI and the Indian Election “security” research – Indian election features (legitimate) AI, including deepfakes and personalized communication. https://www.schneier.com/blog/archives/2024/06/ai-and-the-indian-election.html

🧬 Privacy authorities in Canada and UK announce joint probe of 23andMe data breach data breach – privacy regulators launch a joint investigation into the global data breach at genetic testing company 23andMe, which exposed the genetic data of at least 5 million users in October 2023. https://therecord.media/23andme-data-breach-canada-uk-privacy-investigation

🚗 One of the major sellers of detailed driver behavioral data is shutting down privacy https://arstechnica.com/cars/2024/06/one-of-the-major-sellers-of-detailed-driver-behavioral-data-is-shutting-down/

⚔️ China state hackers infected 20,000 Fortinet VPNs, Dutch spy service says security news – The backdoor malware CoatHanger was installed, persisting despite reboots. Fortinet's delayed disclosure of the vulnerability impacted response. https://arstechnica.com/security/2024/06/china-state-hackers-infected-20000-fortinet-vpns-dutch-spy-service-says/

🫗 Cylance clarifies breach, dodges questions about the source data breach – Cybersecurity firm Cylance confirms a data breach related to marketing data from 2015-2018 before BlackBerry acquisition. Data allegedly includes customer, partner, and employee names and email addresses, with no compromise to current systems. https://www.theregister.com/2024/06/11/cylance_clarifies_data_breach_details/

⏺️ Patch Tuesday, June 2024 “Recall” Edition – Krebs on Security security news – including a critical flaw in Microsoft Message Queuing that could allow attackers to remotely control a system. Adobe also released security updates for multiple products. https://krebsonsecurity.com/2024/06/patch-tuesday-june-2024-recall-edition/

🦾 Semiconductor giants Nvidia and Arm warn of new flaws in their graphics processors security news – Arm warns of an actively exploited zero-day flaw in its Mali GPU Kernel Driver, CVE-2024-4610, allowing unauthorized access to sensitive information. Nvidia discloses 10 new vulnerabilities in its GPU Display Driver and vGPU software. https://therecord.media/nvidia-arm-semiconductor-flaws-patches

📶 Microsoft fixes hack-me-via-Wi-Fi Windows security hole security news – Microsoft's June Patch Tuesday addresses multiple CVEs, including a publicly known DNSSEC flaw, a severe remote code execution flaw in MSMQ, and a Wi-Fi driver remote code execution hole. Adobe releases 10 patches covering 166 CVEs, addressing various critical vulnerabilities. SAP issues a dozen security notes, including high-priority alerts for bugs affecting NetWeaver. PHP, Arm, Apple, Google, SolarWinds, Fortinet, and Cisco also release security updates. https://www.theregister.com/2024/06/12/june_patch_tuesday/

👿 CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog security news – CISA lists exploited vulnerabilities in Android, Windows, and Telerik. https://securityaffairs.com/164525/security/cisa-adds-android-pixel-microsoft-windows-progress-telerik-report-server-known-exploited-vulnerabilities-catalog.html

🦹 Ukrainian police identify suspected affiliate of Conti, LockBit groups cybercrime – Ukrainian cyber police identify a Kyiv resident, specializing in developing cryptors to evade antivirus detection. The Dutch police expressed gratitude for the cooperation in apprehending the suspect. https://therecord.media/ukraine-suspected-lockbit-conti-affiliate

🏮 How China’s Cyber Ecosystem Feeds Off Its Superstar Hackers security research – Analysis highlights China's leveraging of civilian talent for state-sponsored cyber operations through hacking contests and bug bounties. Chinese researchers dominate hacking competitions, leading to vulnerability research being harnessed by state operations. https://news.risky.biz/how-chinas-cyber-ecosystem-feeds-off-its-superstar-hackers/

🛤️ Google faces GDPR complaint over Privacy Sandbox privacy – Privacy campaigner noyb files a GDPR complaint against Google, alleging that the 'Privacy Feature' in the Chrome browser resulted in unwanted tracking, contrary to its promotion of eliminating third-party tracking cookies through the Privacy Sandbox API. https://www.theregister.com/2024/06/13/noyb_gdpr_privacy_sandbox/

🥸 Watch Out! CISA Warns It Is Being Impersonated By Scammers warning – CISA warns of rising impersonation scams where scammers pretend to be trusted entities to trick victims into sharing sensitive information or money, using social engineering tactics. https://www.tripwire.com/state-of-security/watch-out-cisa-warns-it-being-impersonated-scammers

⏸️ Meta hits pause on EU AI training plans under pressure privacy – Meta postpones plans to train AI models on EU Facebook and Instagram posts after privacy complaints, affecting launch of Meta AI in the economic zone, but continues with plans for other regions. https://www.theregister.com/2024/06/14/meta_eu_privacy/

📔 CERT.at – How we cover your back cyber defense – CERT.at proactively informs network operators about potential security issues affecting Austrian companies. https://www.cert.at/en/blog/2024/6/how-we-cover-your-back

HIBP Corner 🆕 Telegram Combolists and 361M Email Addresses security news – 151M mail new addresses with passwords some connected websites. https://www.troyhunt.com/telegram-combolists-and-361m-email-addresses/

Some More, For the Curious

🕵️ Bypassing Veeam Authentication CVE-2024-29849 security research – authentication bypass vulnerability explained with code analysis. https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/

⏳ 1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension hacking write-up – Creators developed malicious VSCode extension in 30 minutes, exposing source code to remote server. https://medium.com/@amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7

🪞 Microsoft Refused to Fix Flaw Years Before SolarWinds Hack — ProPublica security news – Microsoft ignored critical security flaw for years pre-SolarWinds hack. https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

🕵️ How scammers bypass 2FA cybercrime – Scammers utilize OTP bots and phishing kits to bypass 2FA by social engineering victims and intercepting OTPs. OTP bots automate scam calls to victims for obtaining codes, providing various features. https://securelist.com/2fa-phishing/112805/

📳 Hacking Millions of Modems (and Investigating Who Hacked My Modem) hacking write-up https://samcurry.net/hacking-millions-of-modems

🛡️ Windows flaw may have been exploited with Black Basta ransomware before it was patched security research – Symantec evidence suggests pre-patch exploitation. https://therecord.media/black-basta-ransomware-zero-day-windows

👑 Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested – Krebs on Security cybercrime – A 22-year-old UK man was arrested in Spain. The group is accused of hacking into multiple organizations, accessing critical data and funds. Noyb and UK authorities accuse him of SIM-swapping and heading the notorious gang involved in cyber theft activities, including costly ransom attacks at casinos. https://krebsonsecurity.com/2024/06/alleged-boss-of-scattered-spider-hacking-group-arrested/

👟 Ransomware Group Exploits PHP Vulnerability Days After Disclosure vulnerability https://www.securityweek.com/ransomware-group-exploits-php-vulnerability-days-after-disclosure/

👋 ASUS fixed critical remote authentication bypass bug in several routers security news https://securityaffairs.com/164549/security/asus-router-models-critical-rce.html

CISA Corner

🔐 Fortinet Releases Security Updates for FortiOS https://www.cisa.gov/news-events/alerts/2024/06/11/fortinet-releases-security-updates-fortios 🛡️ Microsoft Releases June 2024 Security Updates https://www.cisa.gov/news-events/alerts/2024/06/11/microsoft-releases-june-2024-security-updates 🔓 CISA Adds Two Known Exploited Vulnerabilities to Catalog CVE-2024-4610 ARM Mali GPU Use-After-Free and CVE-2024-4577 PHP-CGI Command Injection. https://www.cisa.gov/news-events/alerts/2024/06/12/cisa-adds-two-known-exploited-vulnerabilities-catalog

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 23/2024

June 9, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

Highlight

🔒 Sichere und datenschutzfreundliche Browser: Meine Empfehlungen – Teil 1 privacy – Detailed analysis of browser security and privacy features, recommendations for multiple browsers, focusing on anti-tracking and anti-fingerprinting measures. https://www.kuketz-blog.de/sichere-und-datenschutzfreundliche-browser-meine-empfehlungen-teil-1/

News For All

🐱‍💻 Germany's Christian Democratic party hit by 'serious' cyberattack cybercrime – Germany's CDU faces 'serious' cyberattack; takes IT systems offline. https://www.reuters.com/technology/cybersecurity/germanys-christian-democratic-party-hit-by-serious-cyberattack-2024-06-01/

📺 Fake Tom Cruise warns of violence at Paris Olympics in pro-Russian info op cybercrime – Pro-Russian groups spread fake violence threats for Paris Olympics. https://cyberscoop.com/russia-tom-cruise-ai-paris-olympics/

ℹ️ Experts found information of European politicians on dark web privacy https://securityaffairs.com/164036/deep-web/info-european-politicians-dark-web.html

💼 5 Reasons Why You Should Use a Password Manager security news – using a password manager is a wise move to secure data. https://www.techrepublic.com/article/5-reasons-why-you-should-use-a-password-manager/

⚕️ Rural hospitals are particularly vulnerable to ransomware, report finds security news – highly susceptible due to limited resources and critical access roles. https://cyberscoop.com/rural-hospital-ransomware-cyber/

👶 Microsoft accused of tracking kids with education software privacy – Noyb requests Austrian data protection authority to investigate Microsoft 365 Education for potential GDPR violations regarding transparency. https://www.theregister.com/2024/06/04/noyb_microsoft_complaint/

⚡ TikTok warns of exploit aimed at 'high-profile accounts' cybercrime – TikTok addresses account takeover campaign targeting high-profile users; malware spreads via direct messages. https://therecord.media/tiktok-exploit-high-profile-accounts

🤖 Zoom CEO envisions AI deepfakes attending meetings in your place security news – Zoom CEO envisions AI-powered digital twins to attend meetings on behalf of individuals. https://arstechnica.com/?p=2028754

🦦 Warning Against Phishing Emails Prompting Execution of Commands via Paste (CTRL+V) malware – Phishing emails distribute HTML files prompting users to run malicious PowerShell commands via pasting (CTRL+V), leading to the execution of the DarkGate malware. https://asec.ahnlab.com/en/66300/

🐡 Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics warning – Mandiant warns of elevated cyber threat risks facing the 2024 Paris Olympics, including cyber espionage, disruptive operations, and financially motivated activity. https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics/

📽️ Cisco addressed Webex flaws used to compromise German government meetings security news – vulnerabilities allowed unauthorized access to meeting information, including topics and participants. https://securityaffairs.com/164173/breaking-news/cisco-webex-flaws-german-government-meetings.html

🏳️‍🌈 Language app Duolingo removes LGBTQ+ content from Russian platforms security news – in compliance with Roskomnadzor's request, which labels LGBTQ+ advocates as 'extremists' in Russia. https://therecord.media/language-app-duolingo-lgbtq-removes

🎯 Hit by LockBit? The FBI is waiting to help you with over 7,000 decryption keys cybercrime – Victims are encouraged to contact the FBI for help in decrypting their data and to assist in ongoing cybercrime investigations. https://www.tripwire.com/state-of-security/hit-lockbit-fbi-waiting-help-you-over-7000-decryption-keys

🦆 DuckDuckGo offers “anonymous” access to AI chatbots through new service security news – enabling interaction with various language models from OpenAI, Anthropic, Meta, and Mistral, ensuring chats are anonymized and promptly deleted to uphold privacy. https://arstechnica.com/information-technology/2024/06/duckduckgo-offers-anonymous-access-to-ai-chatbots-through-new-service/

😤 AI jailbreaks: What they are and how they can be mitigated security research – AI jailbreaks are techniques that bypass guardrails in AI systems, leading to undesired outcomes; Microsoft outlines the risks, characteristics, and mitigation strategies for AI jailbreaks, emphasizing defense in depth and detection mechanisms to prevent unauthorized data access, content misuse, and system subversion. https://www.microsoft.com/en-us/security/blog/2024/06/04/ai-jailbreaks-what-they-are-and-how-they-can-be-mitigated/

Recall Corner 🥷 Malware can steal data collected by the Windows Recall tool security research – Researchers demonstrated accessing and extracting Recall-captured snapshots stored in an unencrypted database. https://securityaffairs.com/164181/digital-id/malware-steal-data-windows-recall-tool.html

🤷 Microsoft Research chief scientist has no issue with Recall security news – Jaime Teevan, chief scientist at Microsoft Research, dismissed concerns about Microsoft's Recall feature despite privacy and security risks raised by critics; Recall builds an archive of user screenshots and logs activities, stored locally. https://www.theregister.com/2024/06/06/microsoft_research_recall/

🙃 Update on the Recall preview feature for Copilot+ PCs security news – Microsoft provides an update on the Recall feature for Copilot+ PCs. https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/

🧻 Microsoft rolls back ‘dumbest cybersecurity move in a decade’ security news – Microsoft revises Recall feature after severe criticism over privacy concerns; changes include opt-in, biometric enrollment, and enhanced encryption amid backlash from security researchers over potential data exposure in screenshots of users' screens. https://cyberscoop.com/microsoft-rolls-back-dumbest-cybersecurity-move-in-a-decade/

Some More, For the Curious

🦠 PikaBot: a Guide to its Deep Secrets and Operations malware – Detailed analysis of PikaBot malware, including anti-analysis techniques and C2 infrastructure. https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/

👆 Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools security research – Increase in ransomware activity observed in 2023, reliance on legitimate tools for attacks, escalation of extortion tactics, rise of new ransomware families, and common tactics observed. https://cloud.google.com/blog/topics/threat-intelligence/ransomware-attacks-surge-rely-on-public-legitimate-tools/

🙅 Snowflake says there’s no evidence attackers breached its platform to hack Ticketmaster security news – Snowflake denies responsibility for Ticketmaster and Santander breaches; joint statement with CrowdStrike and Mandiant supports claim. https://www.theverge.com/2024/6/3/24170876/snowflake-ticketmaster-santander-data-breach-details

🛋️ Most of the security teams’ work has nothing to do with chasing advanced adversaries security news – Security teams' day-to-day reality involves mundane tasks like communication, cross-functional collaboration, security evangelism, tooling management, and resource planning, contrary to the glamorous portrayal in movies and marketing. https://ventureinsecurity.net/p/most-of-the-security-teams-work-has

💐 Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab security news – sophisticated attack named Operation Triangulation targeted iPhones of Kaspersky employees and Russian diplomats. https://therecord.media/kaspersky-apple-bug-bounty-declined

💭 Shostack + Friends Blog > The Universal Cloud TM security research – Rich Mogull and Chris Farris released 'The Universal Cloud Threat Model' (UCTM), designed to update traditional threat modeling for public cloud operations. https://shostack.org/blog/universal-cloud-threat-model-threat-model-thurs/

👾 New York Times source code compromised via exposed GitHub token data breach – The New York Times' source code and data were leaked on 4chan by an anonymous user who targeted the company's GitHub repositories in January 2024 using an exposed GitHub token, with confirmation from The New York Times that the leaked data is legitimate. https://securityaffairs.com/164280/data-breach/new-york-times-source-code-leaked.html

🧑‍🌾 What is RansomHub? Looks like a Knight ransomware reboot malware – RansomHub likely Knight ransomware rebrand; exploits ZeroLogon vulnerability. https://www.theregister.com/2024/06/05/ransomhub_knight_reboot/

🚪 Microsoft shows venerable and vulnerable NTLM security protocol the door security news – Microsoft deprecates NTLM protocol, advises switch to Kerberos for security. https://www.theregister.com/2024/06/06/microsoft_deprecates_ntlm/

⚔️ Leveraging Escalation Attacks in Penetration Testing Environments – Part 1 security research – Exploring AD CS vulnerabilities and attacks in penetration testing. https://www.guidepointsecurity.com/blog/leveraging-escalation-attacks-in-penetration-testing-environments-part-1/

💸 Pandabuy was extorted twice by the same threat actor cybercrime – Pandabuy extorted twice by same threat actor after paying ransom. https://securityaffairs.com/164263/cyber-crime/pandabuy-extorted-again.html

🪲 Nasty bug with very simple exploit hits PHP just in time for the weekend vulnerability – Critical PHP vulnerability allows code execution on Windows; urgent action required. https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/

CISA Corner

📢 Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access security news – Snowflake warns of cyber threats targeting accounts, urges vigilance. https://www.cisa.gov/news-events/alerts/2024/06/03/snowflake-recommends-customers-take-steps-prevent-unauthorized-access

💣 CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA adds Oracle WebLogic Server vulnerability to exploited list. https://www.cisa.gov/news-events/alerts/2024/06/03/cisa-adds-one-known-exploited-vulnerability-catalog

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 22/2024

June 2, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

Highlight

⛳ CERT.at Sicherheitslücke in Check Point Network Security Gateways (Mobile Access) vulnerability – Security vulnerability in Check Point Network Security Gateways. https://www.cert.at/de/warnungen/2024/5/sicherheitslucke-in-check-point-network-security-gateways-mobile-access-fix-verfugbar

Operation Endgame ⚔️ Operation Endgame, the largest law enforcement operation ever against botnets security news – Operation Endgame, led by Europol and involving multiple countries, targeted various botnets like IcedID, SystemBC, and Pikabot used to facilitate malicious activities including ransomware deployment. https://securityaffairs.com/163876/cyber-crime/operation-endgame.html 🎯 ‘Operation Endgame’ Hits Malware Delivery Platforms – Krebs on Security security news – Operation Endgame targets malware droppers, disrupts infrastructure and arrests suspects in a coordinated international law enforcement effort. Europol seizes servers and domains, adding criminals to Most Wanted list. https://krebsonsecurity.com/2024/05/operation-endgame-hits-malware-delivery-platforms/ 🔚 Troy Hunt: Operation Endgame security news – Law enforcement agencies provide 16.5M email addresses and 13.5M unique passwords to Have I Been Pwned (HIBP) as part of Operation Endgame. The data, gathered from a botnet takedown, helps identify compromised credentials and inform impacted individuals to strengthen their online security practices. https://www.troyhunt.com/operation-endgame/

News For All

📰 Risky Biz News: Google distrusts GlobalTrust certs Austrian business!! security news – Google plans to stop trusting GlobalTrust TLS certificates, recent cyberattacks and threat intel highlights. https://news.risky.biz/risky-biz-news-google-throws-out-globaltrust-certs/

🛹 How scammers trick message board users cybercrime – Scammers target message board users in buyer and seller scams, using phishing links for financial theft. https://securelist.com/message-board-scam/112691/

🫦 WordPress Plugin abused to install e-skimmers in e-commerce sites malware – Threat actors abuse WordPress plugin to insert e-skimmers in e-commerce sites, stealing credit card data. https://securityaffairs.com/163777/malware/wordpress-plugin-insert-e-skimmer.html

🍘 Researchers crack 11-year-old password, recover $3 million in bitcoin security research – after failed attempts by others, Grand and a friend successfully recover the password. https://arstechnica.com/information-technology/2024/05/researchers-crack-11-year-old-password-recover-3-million-in-bitcoin/

🥅 Is Your Computer Part of ‘The Largest Botnet Ever?’ – Krebs on Security cybercrime – Alleged operator of 911 S5, a large botnet used to facilitate cybercrime, arrested. Service turned computers into proxies for traffic relay. Billions lost in online fraud. https://krebsonsecurity.com/2024/05/is-your-computer-part-of-the-largest-botnet-ever/

🧑‍💼 Three-day DDoS attack batters the Internet Archive security news – The Internet Archive has been targeted by a sustained DDoS attack affecting services like the online library and the Wayback Machine. However, the bigger threat comes from ongoing lawsuits by major US book publishing companies and record labels alleging copyright infringement and seeking significant damages, potentially endangering the non-profit archive's future. https://www.theregister.com/2024/05/29/ddos_internet_archive/

🐠 From Phish to Phish Phishing: How Email Scams Got Smart security news – Evolution of phishing scams from simple to AI-driven complex attacks. https://blog.checkpoint.com/security/from-phish-to-phish-phishing-how-email-scams-got-smart/

🤝 A list of cybersecurity-focused charities and nonprofits security news – A list of cybersecurity-focused charities and nonprofits aimed at helping individuals and organizations within the cybersecurity industry, advancing the field, and contributing to a better world. https://ventureinsecurity.net/p/a-list-of-cybersecurity-focused-charities

🥙 Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature warning – Observed suspicious activity starting on April 15. The attacks exploited the cross-origin authentication feature in Customer Identity Cloud (CIC), posing a risk of unauthorized access to user accounts. https://securityaffairs.com/163867/cyber-crime/okta-credential-stuffing-cross-origin-authentication.html

🦄 Phones of journalists and activists in Europe targeted with Pegasus security news – European journalists and activists targeted with Pegasus spyware, highlighting continued threat to press freedom. Recommendations for moratorium on spyware. EU faces criticism for lack of action on spyware issues. https://cyberscoop.com/spyware-europe-nso-pegasus/

🏛️ EU Parliament member suspected of being paid to promote Russian propaganda security news – Belgian and French police search properties of European Parliament employee suspected of receiving money from Russia to promote propaganda. Investigation involves promotion of Kremlin propaganda via Voice of Europe news website. https://therecord.media/eu-parliament-member-paid-propaganda

🧟 Stalkerware app pcTattletale announces it is 'out of business' after suffering data breach and website defacement security news – Leaked data included customer details and spyware victims' data. Lessons on cybersecurity importance and ethical usage of stalkerware highlighted. https://www.bitdefender.com/blog/hotforsecurity/stalkerware-app-pctattletale-announces-it-is-out-of-business-after-suffering-data-breach-and-website-defacement/

🎫 Massive Ticketmaster, Santander data breaches linked to Snowflake cloud storage data breach – Ticketmaster and Santander Bank data breaches, potentially affecting millions of users, traced back to attacks on Snowflake cloud storage. https://www.theverge.com/2024/5/31/24168984/ticketmaster-santander-data-breach-snowflake-cloud-storage

📺 Twitch ditches expert safety advisors for 'ambassador' team security news – Twitch reportedly disbands its Safety Advisory Council and plans to replace it with Twitch ambassadors. Twitch ambassadors are active users contributing positively to the community, but it is unclear if they are experts on online safety. https://www.theregister.com/2024/05/31/twitch_safety_advisory_council/

Some More, For the Curious

🎃 The Pumpkin Eclipse malware – 600,000 routers rendered inoperable by Chalubo RAT. https://blog.lumen.com/the-pumpkin-eclipse/

💣 DDoS-as-a-Service: The Rebirth Botnet cybercrime – RebirthLtd offers DDoS-as-a-Service targeting gamers for profit. https://sysdig.com/blog/ddos-as-a-service-the-rebirth-botnet/

👅 CVE-2024-22058 Ivanti Landesk LPE vulnerability – Exploit for Ivanti Landesk Local Privilege Escalation. https://mantodeasecurity.de/en/2024/05/cve-2024-22058-ivanti-landesk-lpe/

🔍 Check Point – Wrong Check Point (CVE-2024-24919) vulnerability – Check Point CloudGuard Network Security vulnerability exploited in the wild for arbitrary file read. https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

⛹️‍♂️ Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges vulnerability – Cisco Talos' team discovers vulnerabilities in Adobe Acrobat Reader, Foxit PDF Reader, PLC CPU modules, and an image-processing library; patches released for all vulnerabilities. https://blog.talosintelligence.com/vulnerability-roundup-may-29-2024/

🔙 NIST expects to clear backlog in vulnerabilities database by end of fiscal year security news – NIST has awarded a contract to address the backlogged vulnerabilities in the National Vulnerability Database; the backlog is due to increased submissions and changes in interagency support.. https://therecord.media/nist-nvd-backlog-clear-end-fiscal-2024

🦠 Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.) security research – A threat actor is distributing malware disguised as cracked versions of legitimate software like Hangul Word Processor, infecting many systems in South Korea. The attacker adds layers to the infection by registering to the Task Scheduler, enabling persistence. https://asec.ahnlab.com/en/66017/

🌐 Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices security news – The attacks, by nation-backed actors like 'CyberAv3ngers' and pro-Russian hacktivists, underscore the urgent need to enhance OT device security to prevent critical infrastructure from becoming vulnerable. https://www.microsoft.com/en-us/security/blog/2024/05/30/exposed-and-vulnerable-recent-attacks-highlight-critical-need-to-protect-internet-exposed-ot-devices/

🦑 LilacSquid APT targeted orgs in the U.S., Europe, and Asia security research – Uncovered APT group LilacSquid launches data theft campaigns since 2021. Their TTPs overlap with North Korea-linked APT groups. https://securityaffairs.com/163927/apt/lilacsquid-targeted-orgs-in-us-europe-asia.html

🪒 Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud vulnerability – A detailed account of an XML External Entity (XXE) injection vulnerability found in SharePoint that affects both on-prem and cloud instances. https://www.thezdi.com/blog/2024/5/29/cve-2024-30043-abusing-url-parsing-confusion-to-exploit-xxe-on-sharepoint-server-and-cloud

CISA Corner KEV – Checkpoint, Linux Kernel, JAVS, Google Chromium https://www.cisa.gov/news-events/alerts/2024/05/30/cisa-adds-two-known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2024/05/29/cisa-adds-one-known-exploited-vulnerability-catalog https://www.cisa.gov/news-events/alerts/2024/05/28/cisa-adds-one-known-exploited-vulnerability-catalog Industrial Advisories https://www.cisa.gov/news-events/alerts/2024/05/30/cisa-releases-seven-industrial-control-systems-advisories https://www.cisa.gov/news-events/alerts/2024/05/28/cisa-releases-one-industrial-control-systems-advisory

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 21/2024

May 26, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, missing or in any other way off, please let me know!

Highlight

🧑‍✈️ Recall feature in Microsoft Copilot+ PCs raises privacy concerns privacy – Microsoft's Recall feature in Copilot+ PCs, raises privacy concerns and undergoes investigation by the UK data watchdog. Users may be able manage and delete snapshots, but potential risks to privacy and security remain. https://securityaffairs.com/163609/security/microsoft-recall-feature-copilot-pcs.html

🔍 New Windows AI feature records everything you’ve done on your PC privacy – Microsoft's Recall feature records user activities, raising privacy concerns. https://arstechnica.com/gadgets/2024/05/microsofts-new-recall-feature-will-record-everything-you-do-on-your-pc/

🐕‍🦺 Personal AI Assistants and Privacy – Schneier on Security privacy – Bruce Schneier explores the privacy concerns surrounding Microsoft's AI-powered digital assistant, Recall, highlighting the need for trustworthy AI to protect users' data and emphasizing transparency in the development of such systems. https://www.schneier.com/blog/archives/2024/05/personal-ai-assistants-and-privacy.html

News For All

🌪️ Privacy, human rights, and Tornado Cash privacy – Developer of Tornado Cash service sentenced in laundering case, igniting concerns over financial privacy, law enforcement intervention, and crypto misuse. Privacy rights clash with anti-money laundering laws, sparking debates over encryption and financial surveillance. https://www.citationneeded.news/tornado-cash/

🚔 Police caught circumventing city bans on face recognition privacy – Police bypassing facial recognition bans through neighboring agencies. https://www.theregister.com/2024/05/20/cops_circumvent_facial_recognition/

💰 HHS offering $50 million for proposals to improve hospital cybersecurity security news – HHS funds hospital cybersecurity tools to combat cyberattacks. https://therecord.media/hhs-offering-funding-cybersecurity-hospital

💧 EPA will step up inspections of water sector cybersecurity security news – EPA increasing water sector cybersecurity inspections due to rising threats. https://cyberscoop.com/epa-water-inspections-cyber-alert/

🌐 Fi Router Doubles as an Apple AirTag – Krebs on Security security research – Research finds Apple's Wi-Fi geolocation API used to track devices globally. https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/

🧬 Homeland Security has collected DNA data from 1.5 million immigrants in four years, researchers find privacy – DHS collected DNA from 1.5M immigrants for database, raising privacy concerns. https://therecord.media/homeland-security-collected-dna-millions-immigrants

🙅‍♂️ From trust to trickery: Brand impersonation over the email attack vector security research – Talos researchers uncover techniques used by threat actors to embed brand logos in emails for brand impersonation, with insights into detected cases. https://blog.talosintelligence.com/from-trust-to-trickery-brand-impersonation/

👀 A consumer-grade spyware app found in check-in systems of 3 US hotels security news – spyware app pcTattletale discovered on check-in systems of three Wyndham hotels, enabling unauthorized access to guest details and vulnerabilities, highlighting concerns over privacy and security. https://securityaffairs.com/163550/uncategorized/spyware-app-check-in-systems-3-wyndham-hotels.html

️🧑‍⚖️ Crooks plant backdoor in software used by courtrooms around the world security news https://arstechnica.com/security/2024/05/crooks-plant-backdoor-in-software-used-by-courtrooms-around-the-world/

👨‍👩‍👧‍👦 You can now share passwords within your Google family group security news – Google's newest Google Play services update allows family group members to securely share passwords saved in Google Password Manager. https://www.theverge.com/2024/5/23/24163560/google-password-manager-share-passwords-family-group

💳 Cyber Signals: Inside the growing risk of gift card fraud cybercrime – Microsoft observes rise in gift card fraud by group Storm-0539 targeting cloud environments for fraudulent gift card creation. https://www.microsoft.com/en-us/security/blog/2024/05/23/cyber-signals-inside-the-growing-risk-of-gift-card-fraud/

🤖 Google’s “AI Overview” can give false, misleading, and dangerous answers security news – sometimes humorous or misleading answers, especially when treating jokes as facts and relying on questionable sourcing like troll forums or fan fiction sites. https://arstechnica.com/information-technology/2024/05/googles-ai-overview-can-give-false-misleading-and-dangerous-answers/

Some More, For the Curious

🎒 KB4581: Veeam Backup Enterprise Manager Vulnerabilities (CVE vulnerability https://www.veeam.com/kb4581

📧 New 'Siren' mailing list aims to share threat intelligence for open source projects security news – Siren mailing list for open source threat intelligence sharing. https://therecord.media/openssf-siren-open-source-threat-intelligence-mailing-list

😮‍💨 Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign security research – pro-Russian influence campaign targets Western democracies. https://blog.sekoia.io/master-of-puppets-uncovering-the-doppelganger-pro-russian-influence-campaign/

🪀 Critical Fluent Bit bug affects all major cloud providers vulnerability – Critical vulnerability in Fluent Bit affects major cloud providers. https://www.theregister.com/2024/05/21/fluent_bit_flaw/

⏩ Beyond the Basics: Exploring Uncommon NTLM Relay Attack Techniques hacking write-up https://www.guidepointsecurity.com/blog/beyond-the-basics-exploring-uncommon-ntlm-relay-attack-techniques/

👨‍💻 GitHub Enterprise Server patches critical vulnerability vulnerability https://www.theregister.com/2024/05/22/github_enterprise_server_patch/

🏮 Crimeware report: Acrid, ScarletStealer and Sys01 stealers security research https://securelist.com/crimeware-report-stealers/112633/

🌀 5 Reasons Why Every Developer Should Incorporate Common Weakness Enumeration (CWE) into Their Software Development Life Cycle (SDLC) security research https://infosec-mashup.santolaria.net/p/5-reasons-why-every-developer-should

🔚 Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM) vulnerability – Ivanti addressed multiple critical SQL injection vulnerabilities in Endpoint Manager (EPM) 2022 SU5 and prior versions, allowing attackers within the network to execute code. https://securityaffairs.com/163587/security/ivanti-endpoint-manager-critical-sql-injection.html

⚔️ How ransomware abuses BitLocker security news – BitLocker repurposed for ransomware in incident response effort, using VBS script for unauthorized file encryption. https://securelist.com/ransomware-abuses-bitlocker/112643/

🕵️ Stark Industries Solutions: An Iron Hammer in the Cloud – Krebs on Security cybercrime – Stark Industries Solutions emerged before the Russian invasion of Ukraine and is behind massive DDoS attacks, used to conceal cyberattacks and disinformation campaigns. https://krebsonsecurity.com/2024/05/stark-industries-solutions-an-iron-hammer-in-the-cloud/

🥡 An XSS flaw in GitLab allows attackers to take over accounts vulnerability https://securityaffairs.com/163649/hacking/gitlab-xss-flaw.html

🛖 MITRE December 2023 attack: threat actors created rogue VMs to evade detection security news – MITRE Corporation reported a breach in their NERVE network caused by China-linked nation-state actors, who chained two Ivanti Connect Secure zero-day flaws. https://securityaffairs.com/163658/apt/mitre-december-2023-attack-rogue-vms.html more info https://mastodon.social/@campuscodi/112503791372484604

CISA Corner 👀 [...]remove connectivity on all [...] devices connected to the [...] internet https://www.cisa.gov/news-events/alerts/2024/05/21/rockwell-automation-encourages-customers-assess-and-secure-public-internet-exposed-assets Chromium again, NextGen Healthcare Mirth Connect https://www.cisa.gov/news-events/alerts/2024/05/20/cisa-adds-two-known-exploited-vulnerabilities-catalog Apache Flink https://www.cisa.gov/news-events/alerts/2024/05/23/cisa-adds-one-known-exploited-vulnerability-catalog

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 20/2024

May 19, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

⚠️ Not all scams are easy to spot warning – Scammers utilize coincidental timing and correct details to trick even smart individuals. https://www.emsisoft.com/en/blog/45650/not-all-scams-are-easy-to-spot/

🦮 Guidance for organisations considering payment in ransomware incidents cyber defense – Guidance for organizations on ransomware incidents, emphasizing alternatives to paying. https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents

🛡️ CISA and Partners Release Guidance for Civil Society Organizations on Mitigating Cyber Threats with Limited Resources security news – CISA, DHS, FBI, and international partners release cyber threat mitigation guidance for civil society organizations to combat state-sponsored threats. https://www.cisa.gov/news-events/alerts/2024/05/14/cisa-and-partners-release-guidance-civil-society-organizations-mitigating-cyber-threats-limited

🛤️ Google and Apple deliver support for unwanted tracking alerts in Android and iOS security news – Google and Apple collaborate on alerting users of unwanted tracking. https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html

🔒 Encrypted mail service still okay with giving PII to cops security news – ProtonMail under scrutiny for disclosing user data to police; US Patent and Trademark Office exposes private addresses online again; LockBit ransomware hits Wichita, Kansas, disrupting city services. https://www.theregister.com/2024/05/13/infosec_in_brief/

🔓 Europol confirms incident after data break-in claims security news – Europol investigates claims of stolen data from Europol Platform for Experts by cybercriminal IntelBroker. No compromise of core systems, but confidential data samples leaked. Incident raises concerns over security of sensitive EU and law enforcement data. https://www.theregister.com/2024/05/13/europol_data_breach/

💻 How Did Authorities Identify the Alleged Lockbit Boss? – Krebs on Security cybercrime – The U.S. DoJ charges Russian Dmitry Yuryevich Khoroshev as LockBit leader involved in extensive ransomware-related crimes, traced through forum usernames and domain registrations. Khoroshev's cyber activity predates notorious cybercrime forums, suggesting prior involvement in ransomware schemes. Indictment details financial strategy and offers insight into underground activities. https://krebsonsecurity.com/2024/05/how-did-authorities-identify-the-alleged-lockbit-boss/

🤖 Android is getting an AI-powered scam call detection feature security news – Google is developing an AI-powered scam call detection feature for Android, utilizing Gemini Nano to spot fraudulent language and warn users in real-time, aiming to prevent falling victim to phone scams. It will be an opt-in feature, ensuring privacy by running locally and offline. https://www.theverge.com/2024/5/14/24156212/google-android-ai-gemini-scam-call-detection-feature-io

🏙️ City of Helsinki suffered a data breach data breach – The City of Helsinki experienced a significant data breach that impacted students, guardians, and personnel, with threat actors gaining access to various personal and sensitive information. https://securityaffairs.com/163088/data-breach/city-of-helsinki-data-breach.html

🔨 Christie's takes website offline after cyberattack, delays live auction security news – Christie's auction house website taken offline due to a cyberattack, delaying a live auction; clients can still participate in auctions via different methods while the issue is resolved. Limited information was provided about the cyberattack. https://therecord.media/christies-website-down-auction-delayed-cyberattack

🔒 Threat actors may have exploited a zero security news – Apple releases urgent security updates addressing code execution vulnerabilities in iPhones, iPads, and macOS, including a memory corruption flaw in the Real-Time Kernel (RTKit) which may have been exploited as a zero-day. https://securityaffairs.com/163096/hacking/apple-iphones-zero-day-exploited.html

📱 Android will be able to detect if your phone has been snatched security news – Google introduces security features in Android 15 beta, including Theft Detection Lock to prevent unauthorized access if the phone is stolen, private spaces for hidden apps with unique PIN, and Play Protect updates for threat detection and app permissions monitoring. https://www.theverge.com/2024/5/15/24157068/android-15-ai-theft-detection-lock-privacy-security

🔍 EU probes Meta over its provisions for protecting children security news – European Commission probes Meta over potential breaches of Digital Services Act (DSA) related to protecting minors on Facebook and Instagram, examining issues such as addictive behavior, access to inappropriate content, and privacy measures. https://www.theregister.com/2024/05/16/eu_investigates_meta_over_its/

Some More, For the Curious

🕵️ In den Datenstrom eintauchen: Ein Werkzeugkasten für Analysten von Android-Apps security research https://www.kuketz-blog.de/in-den-datenstrom-eintauchen-ein-werkzeugkasten-fuer-analysten-von-android-apps/

🚫 Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule vulnerability – Injecting specific strings can shut down websites protected by WAF, causing Denial of Service. https://blog.sicuranext.com/response-filter-denial-of-service-a-new-way-to-shutdown-a-website/

🐟 Using MITM to bypass FIDO2 phishing security research – Research reveals potential vulnerabilities in FIDO2 authentication, highlighting the importance of implementing Token Binding for enhanced security. https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/

🌜 To the Moon and back(doors): Lunar landing in diplomatic missions security research – ESET Lunar toolset infiltrated European MFA using backdoors LunarWeb and LunarMail, attributed to Turla APT group. https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/

🪵 Log4Shell shows no sign of fading, spotted in 30% of CVE exploits security news – survey reveals organizations still have insecure protocols on WAN, aiding lateral movement; Log4Shell exploit identified in 30% of outbound CVE exploits despite being three years old. https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols/

🔒 The xz apocalypse that almost was security news – A recap of the backdoor incident in the xz library, detailing the timeline of events, community contributions, potential scale of impact, and industry insights on OpenSSH servers. Despite the wide adoption of OpenSSH and xz, the incident, while significant, was not as catastrophic as feared due to the vigilance of the large community. https://www.bitsight.com/blog/xz-apocalypse-almost-was

🔣 Diagrams and Symbols in Threat Models security research https://shostack.org/blog/diagrams-and-symbols-in-threat-models/

👮 FBI Seizes BreachForums Website security news https://www.schneier.com/blog/archives/2024/05/fbi-seizes-breachforums-website.html

♨️ CISA spreads Black Basta advice amid Ascension infection security news – CISA and Health-ISAC issue bulletins on Black Basta ransomware gang after the attack on US healthcare provider Ascension, advising on defense strategies and outlining the group's tactics. https://www.theregister.com/2024/05/13/cisa_ascension_ransomware/

🦆 QakBot attacks with Windows zero-day (CVE-2024-30051) vulnerability – A zero-day vulnerability in the Windows Desktop Window Manager was discovered and exploited in the wild, leading to privilege escalation. The vulnerability, CVE-2024-30051, was reported to Microsoft and a patch was released on May 14, 2024. https://securelist.com/cve-2024-30051/112618/

🛹 MITRE released EMB3D Threat Model for embedded devices cyber defense – MITRE released the EMB3D threat model for critical infrastructure embedded devices, aiming to improve security by providing insights on cyber threats and device features for vendors, operators, and researchers across various industries. https://securityaffairs.com/163144/security/mitre-released-emb3d-framework.html

🦊 Foxit PDF Reader “Flawed Design” : Hidden Dangers Lurking in Common Tools security research https://blog.checkpoint.com/research/foxit-pdf-reader-flawed-design-hidden-dangers-lurking-in-common-tools/

🛞 Rounding up some of the major headlines from RSA security news – Recap of top stories and trends from RSA Conference, focusing on AI, build security initiative, technologies countering deepfakes, and Microsoft disclosing a zero-day vulnerability. Major headlines include healthcare network disruption, Google and Apple alert for unwanted device tracking, and Christie's cyber attack. https://blog.talosintelligence.com/threat-source-newsletter-may-16-2024/

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub