cyberlights – week 10/2024
A weekly shortlist of cyber security highlights. While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
Highlights ✖️ The new X calling feature can hurt your privacy https://techcrunch.com/2024/03/04/elon-musk-x-twitter-calling-privacy-switch-off/ ⚠️ IP address X-posure now a feature on Musk's social media thing https://www.theregister.com/2024/03/05/ip_address_xposure_now_a/
🧠 Additional Critical Security Issues Affecting TeamCity On-Premises (CVE-2024-27198 and CVE-2024-27199) – Update to 2023.11.4 Now JetBrains TeamCity https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/
For All
🐄 Content farm impersonates 60+ major news outlets, like BBC, CNN, CNBC https://www.bleepingcomputer.com/news/security/content-farm-impersonates-60-plus-major-news-outlets-like-bbc-cnn-cnbc/
🐕 PetSmart warns of credential stuffing attacks trying to hack accounts Smart reaction! https://www.bleepingcomputer.com/news/security/petsmart-warns-of-credential-stuffing-attacks-trying-to-hack-accounts/
🦁 Predator spyware infrastructure taken down after exposure https://cyberscoop.com/predator-spyware-infrastructure-taken-down/
🎠 Pegasus spyware creator ordered to reveal code used to spy on WhatsApp users https://www.malwarebytes.com/blog/news/2024/03/pegasus-spyware-creator-ordered-to-reveal-code-used-to-spy-on-whatsapp-users
📳 Surveillance through Push Notifications https://www.schneier.com/blog/archives/2024/03/surveillance-through-push-notifications.html
🫨 Meta Abandons Hacking Victims, Draining Law Enforcement Resources, Officials Say https://www.wired.com/story/meta-hacked-users-draining-resources/
🍎 About the security content of iOS 17.4 and iPadOS 17.4 https://support.apple.com/en-us/HT214081
🖥️ VMware Releases Security Advisory for Multiple Products https://www.cisa.gov/news-events/alerts/2024/03/06/vmware-releases-security-advisory-multiple-products
❄️ Update on Microsoft Actions Following Attack by Nation State Actor Midnight Blizzard https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
Change Healthcare/Alphv Corner Choose your source – this is the big one at the moment 🐈⬛ Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment https://www.wired.com/story/alphv-change-healthcare-ransomware-payment/ ❤️🩹 BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare https://krebsonsecurity.com/2024/03/blackcat-ransomware-group-implodes-after-apparent-22m-ransom-payment-by-change-healthcare/ ↘️ BlackCat ransomware shuts down in exit scam, blames the “feds” https://www.bleepingcomputer.com/news/security/blackcat-ransomware-shuts-down-in-exit-scam-blames-the-feds/ 🥷 Ransomware group behind Change Healthcare attack goes dark https://cyberscoop.com/ransomware-group-behind-change-healthcare-attack-goes-dark/ 🏟️ After collecting $22 million, AlphV ransomware group stages FBI takedown https://arstechnica.com/security/2024/03/alphv-ransomware-site-claims-it-was-seized-by-fbi-researchers-suspect-22m-scam/
more, For the Curious
🪲 Critical Fortinet FortiOS bug CVE-2024-21762 potentially impacts 150,000 internet-facing devices https://securityaffairs.com/160224/hacking/fortios-bug-cve-2024-21762-150k-devices.html
🗨️ Stealthy GTPDOOR Linux malware targets mobile operator networks I missed this one last week https://www.bleepingcomputer.com/news/security/stealthy-gtpdoor-linux-malware-targets-mobile-operator-networks/
⌛ Hackers exploited Windows 0-day for 6 months after Microsoft knew of it https://arstechnica.com/security/2024/03/hackers-exploited-windows-0-day-for-6-months-after-microsoft-knew-of-it/
🧢 Living off the land with native SSH and split tunnelling https://www.pentestpartners.com/security-blog/living-off-the-land-with-native-ssh-and-split-tunnelling/
♣️ Delving into Dalvik: A Look Into DEX Files https://www.mandiant.com/resources/blog/dalvik-look-into-dex-files
🦅 CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices https://www.cisa.gov/news-events/alerts/2024/03/07/cisa-and-nsa-release-cybersecurity-information-sheets-cloud-security-best-practices
👐 CISA Announces New Efforts to Help Secure Open Source Ecosystem https://www.cisa.gov/news-events/news/cisa-announces-new-efforts-help-secure-open-source-ecosystem
🐚 Does Confluence Dream of Shells? https://vulncheck.com/blog/confluence-dreams-of-shells
🧲 Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/
📚 LEARNING LESSONS FROM THE CYBER-ATTACK “overview of the cyber-attack on the British Library that took place in October 2023” – 18 Pages worth the read https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.