cyberlights – week 01/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
Highlight
📧 Mails zur Rückerstattung von ORF warning – Aktuell erhalten viele Personen Phishing-E-Mails, die fälschlicherweise eine Rückerstattung von ORF-Gebühren in Höhe von 34,40 Euro versprechen, um Kontodaten zu stehlen. https://www.watchlist-internet.at/news/betruegerisches-orf-rueckerstattung-e-mail/
News For All
🧩 Large language models can do jaw-dropping things. But nobody knows exactly why. security research – Researchers explore the unpredictable behaviors of large language models, such as 'grokking' and 'double descent', revealing a lack of understanding behind their impressive capabilities and potential risks. https://www.technologyreview.com/2024/03/04/1089403/large-language-models-amazing-but-nobody-knows-why/
🦠 The Mac Malware of 2024 malware – A detailed overview of new macOS malware in 2024, including various types like info stealers, their infection vectors, persistence mechanisms, and technical insights into their operations. https://objective-see.org/blog/blog_0x7D.html
🚨 Threat actors attempt to exploit a flaw in Four vulnerability – Researchers warn of active exploitation of a high-severity OS command injection vulnerability in Four-Faith routers, allowing remote attackers to execute arbitrary commands using default credentials. https://securityaffairs.com/172450/hacking/four-faith-routers-flaw-exploited.html
🔑 Passkey technology is elegant, but it’s most definitely not usable security security news – Despite their security advantages, passkeys face usability issues due to inconsistent implementations across platforms, confusing workflows, and reliance on passwords, undermining their intended benefits. https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/
🔒 AT&T and Verizon say networks are secure after being breached by China-linked Salt Typhoon hackers cybercrime – AT&T and Verizon claim their networks are secure after being targeted by the China-linked Salt Typhoon hackers, stating they have contained the incident with no ongoing threat activity detected. https://techcrunch.com/2024/12/30/verizon-says-it-has-secured-its-network-after-breach-by-china-linked-salt-typhoon-group/
🌐 The Most Dangerous People on the Internet in 2024 cybercrime – In 2024, the internet remains perilous, driven by disruptive figures like Elon Musk, Donald Trump, state-sponsored hackers, and ransomware groups, all contributing to a chaotic online environment. https://www.wired.com/story/the-most-dangerous-people-on-the-internet-in-2024/
🚗 Volkswagen leak exposed location data for 800,000 electric cars data breach – A data leak exposed precise location data for 800,000 Volkswagen electric vehicles, potentially allowing tracking of drivers, along with personal information like emails and phone numbers. https://www.theverge.com/2024/12/30/24332181/volkswagen-data-leak-exposed-location-evs
📰 Telegram blocks Russian state media channels in several EU countries security news – Telegram has blocked access to Russian state media channels in multiple EU countries, citing local law violations, prompting accusations of censorship from Moscow and highlighting ongoing tensions over media control. https://therecord.media/telegram-blocks-russian-state-channels
🔓 AT&T, Verizon, Lumen confirm Salt Typhoon breach data breach – AT&T, Verizon, and Lumen confirmed breaches by the Chinese state-sponsored Salt Typhoon group, which allowed access to geolocation data and potential recording of calls, highlighting significant cybersecurity vulnerabilities. https://www.theregister.com/2024/12/30/att_verizon_confirm_salt_typhoon_breach/
🍏 Not just one bad apple: FTX's practices were business as usual in crypto security research – The collapse of FTX reveals widespread unethical practices in the crypto industry, including secret acquisitions, unaudited financials, and connections to criminal activity, indicating that FTX's behavior was not an isolated incident. https://www.citationneeded.news/not-just-one-bad-apple/
💳 Gift Card Fraud cybercrime – Organized crime is increasingly using gift card fraud tactics, such as card draining, where criminals tamper with gift cards and return them to stores, enabling them to steal funds loaded by unsuspecting customers. https://www.schneier.com/blog/archives/2024/12/gift-card-fraud.html
🔒 New Year’s cybersecurity resolutions that every startup should keep security news – As 2024 ended with numerous data breaches, startups should adopt cybersecurity resolutions like using password managers, implementing multi-factor authentication, applying software patches, backing up data, being cautious with phone calls, and maintaining transparency about incidents. https://techcrunch.com/2024/12/31/new-year-cybersecurity-resolutions-that-every-startup-should-keep/
🔓 Rhode Island ’s data from health benefits system leaked on the dark web data breach – Rhode Island's health benefits system was hacked, resulting in leaked resident data on the dark web. The state is informing affected individuals and advising them to take protective measures. https://securityaffairs.com/172503/cyber-crime/rhode-island-data-breach.html
🗑️ Hey, Maybe It's Time to Delete Some Old Chat Histories privacy – As old chat histories may expose sensitive information, users are encouraged to declutter their digital footprint by deleting outdated messages and utilizing features like auto-delete to enhance privacy. https://www.wired.com/story/old-chat-history-delete/
💰 Apple to pay $95 million to settle Siri privacy lawsuit privacy – Apple will pay $95 million to settle a class-action lawsuit claiming Siri recorded conversations without consent and shared them with third parties. Affected users may receive up to $20 each. https://therecord.media/apple-to-pay-95-million-siri-lawsuit
🔍 Google Is Allowing Device Fingerprinting privacy – Google's decision to permit device fingerprinting starting in 2025 has been criticized as a significant setback for user privacy. https://www.schneier.com/blog/archives/2025/01/google-is-allowing-device-fingerprinting.html
📞 A US soldier was arrested for leaking presidential call logs security news – US Army soldier Cameron John Wagenius was arrested for allegedly leaking presidential call logs and selling stolen records from AT&T and Verizon under the alias 'Kiberphant0m.' https://securityaffairs.com/172589/cyber-crime/us-soldier-arrested-for-leaking-presidential-call-logs.html
🔒 Time to check if you ran any of these 33 malicious Chrome extensions malware – A recent discovery revealed that 33 malicious Chrome extensions, used by approximately 2.6 million devices, siphoned sensitive data through a double-click attack, prompting users to change passwords and review their security. https://arstechnica.com/security/2025/01/dozens-of-backdoored-chrome-extensions-discovered-on-2-6-million-devices/
🤖 Meta's AI Profiles Are Indistinguishable From Terrible Spam That Took Over Facebook security news – Meta's plan to introduce AI character profiles on Instagram and Facebook has sparked concerns as existing, poorly received AI profiles have led users to fear an influx of spam-like content on the platforms. https://www.404media.co/metas-ai-profiles-are-indistinguishable-from-terrible-spam-that-took-over-facebook/
🔒 Atos mostly denies Space Bears' ransomware claims security news – Atos denied a ransomware breach by Space Bears but acknowledged that third-party infrastructure containing data linked to Atos was compromised. The company emphasized that its own systems were not affected. https://www.theregister.com/2025/01/04/atos_denies_space_bears_ransomware/
🔐 Encryption backdoor debate 'done and dusted' security news – Following the Salt Typhoon hacks, US officials have reversed their stance on encryption, now advocating for end-to-end encryption without backdoors to protect communications from cyber threats. https://www.theregister.com/2025/01/04/encryption_backdoor_debate/
Some More, For the Curious
🔧 Why Configurations Are the Wrong Thing to Get Wrong cyber defense – Misconfigurations remain a leading cause of data breaches, with many organizations neglecting basic security practices. Proper management can significantly reduce vulnerabilities. https://www.tripwire.com/state-of-security/configurations-mega-blog-why-configurations-are-wrong-thing-get-wrong
🤔 10 Non-tech things you wish you had done after being breached security news – Post-breach recovery involves vital non-tech actions like reinforcing NDAs, reviewing third-party relationships, updating employee training, and conducting reputation assessments to strengthen resilience. https://www.pentestpartners.com/security-blog/10-non-tech-things-you-wish-you-had-done-after-being-breached/
🛠️ Prioritizing patching: A deep dive into frameworks and tools – Part 2: Alternative frameworks cyber defense – This article explores alternative frameworks like EPSS and SSVC for vulnerability prioritization, highlighting their strengths and limitations in comparison to CVSS, and emphasizing the need for a tailored approach based on organizational context. https://news.sophos.com/en-us/2024/12/30/prioritizing-patching-a-deep-dive-into-frameworks-and-tools-part-2-alternative-frameworks/
🔍 Log4j Log4Shell Vulnerability Q&A vulnerability – The article discusses the Log4j Log4Shell vulnerability, its detection, comparison to Shellshock, and solutions for identifying and remediating affected packages using tools like JFrog Xray. https://jfrog.com/blog/a-log4j-log4shell-vulnerability-qa/
🖱️ DoubleClickjacking allows clickjacking on major websites vulnerability – The 'DoubleClickjacking' exploit uses a double-click sequence to bypass clickjacking protections on major websites, potentially leading to account takeovers and unauthorized actions. https://securityaffairs.com/172572/hacking/doubleclickjacking-clickjacking-on-major-websites.html
💻 Japan's largest mobile carrier says cyberattack disrupted some services security news – NTT Docomo, Japan's largest mobile carrier, reported a DDoS cyberattack that temporarily disrupted services, including its news and video platforms. Most services have been restored, but delays may continue. https://therecord.media/ntt-docomo-japan-mobile-carrier-ddos-incident
📱 stealing malware supports spyware capabilities malware – FireScam malware targets Android devices by masquerading as a fake 'Telegram Premium' app, stealing sensitive information through notification monitoring and exfiltrating data to a Firebase database. https://securityaffairs.com/172656/malware/firescam-android-malware.html
⚠️ Malicious npm packages target Ethereum developers malware – A supply chain attack involving malicious npm packages is targeting Ethereum developers by impersonating Hardhat plugins, aiming to steal private keys and sensitive data from development environments. https://securityaffairs.com/172671/malware/malicious-npm-packages-target-ethereum-developers.html
🧬 Studie: Entwicklungsstand Quantencomputer Version 2.1 security research – This study examines the theoretical and practical developments in quantum computing, particularly in cryptanalysis, providing insights for scientists and actionable information for decision makers. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/Quantencomputer/Entwicklungstand_QC_V_2_1.html
CISA Corner
⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has included CVE-2024-3393, a vulnerability in Palo Alto Networks' PAN-OS, in its Known Exploited Vulnerabilities Catalog, emphasizing the need for federal agencies to remediate it to mitigate risks. https://www.cisa.gov/news-events/alerts/2024/12/30/cisa-adds-one-known-exploited-vulnerability-catalog
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.