cyberlights – week 14/2024
A weekly shortlist of cyber security highlights.
The short summaries are AI generated and I only skim them! If something is wrong, please let me know!
Highlight 🔐 Microsoft could have prevented Chinese cloud email hack, US cyber report says security news – US report blames Microsoft, highlighting security culture issues and gaps in prevention. https://www.theverge.com/2024/4/3/24119787/microsoft-cloud-email-hack-china-us-cyber-report 🔐 Cyber review board blames cascading Microsoft failures for Chinese hack https://cyberscoop.com/microsoft-csrb-china-hacking/ 🛹 Cyber Safety Review Board – Review of the Summer 2023 Microsoft Exchange Online Intrusion The report! https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf
News For All
🔒 Google to delete billions of web browsing data records to resolve lawsuit privacy – Google settles landmark lawsuit by committing to delete or de-identify vast web browsing data records collected from users in Incognito mode. https://therecord.media/google-to-delete-web-browsing-records-to-resolve-lawsuit
📱 Google Patches Pixel Phone Zero-days After Exploitation by “Forensic Companies” security news https://www.tripwire.com/state-of-security/google-patches-pixel-phone-zero-days-after-exploitation-forensic-companies
⚠️ The Human Element in Cybersecurity: Understanding Trust and Social Engineering social engineering – Cybersecurity hinges on human trust vulnerabilities with social engineering tactics exploiting such trust for malicious ends. https://www.blackhillsinfosec.com/understanding-trust-and-social-engineering/
🛡️ PandaBuy data breach allegedly impacted +1.3M customers data breach – PandaBuy breached, threat actors announcing the breach and selling stolen data on a cybercrime forum. https://securityaffairs.com/161355/data-breach/pandabuy-data-breach.html
🔒YUBICO Security Advisory YSA-2024-01 vulnerability – YubiKey Manager GUI < 1.2.6 on Windows may lead to privilege escalation if run as Administrator opening browser windows as Administrator, affecting FIDO features. https://www.yubico.com/support/security-advisories/ysa-2024-01/
🦠 Bing ad posing as NordVPN aims to spread SecTopRAT malware malware – involving typosquatting and a malicious Dropbox link, leading to a RAT with advanced capabilities. https://www.scmagazine.com/news/bing-ad-posing-as-nordvpn-aims-to-spread-sectoprat-malware
🔍 KI und Datenschutz: Eine kritische Betrachtung privacy – KI in Bezug auf Datenschutz, Diskriminierung und gesellschaftliche Auswirkungen. https://www.kuketz-blog.de/ki-und-datenschutz-eine-kritische-betrachtung/
🔐 Have I Been Pwned: SurveyLama got breached. data breach – including passwords https://haveibeenpwned.com/PwnedWebsites#SurveyLama
📱 Essential iPhone security tips to protect your private data. security news – Tips include staying updated, avoiding suspicious apps, managing email security, and handling threats like phishing and Pegasus spyware. https://tuta.com/blog/iphone-security-essentials
🕹️ Threat Actors Deliver Malware via YouTube Video Game Cracks malware https://www.proofpoint.com/us/blog/threat-insight/threat-actors-deliver-malware-youtube-video-game-cracks
Some More, For the Curious
🔐 OWASP discloses a data breach data breach – OWASP discloses a data breach involving old member resumes due to misconfiguration of an old Wiki web server. https://securityaffairs.com/161371/data-breach/owasp-data-breach.html
🛡️ HTTP/2 CONTINUATION frames can be utilized for DoS attacks vulnerability – multiple HTTP/2 implementations enable attackers to cause out-of-memory crashes, DoS attacks, and CPU resource exhaustion. https://kb.cert.org/vuls/id/421644
🔒 Schneier on Security – Ross Anderson security news – Tribute to influential cryptographer and security engineer, Ross Anderson. https://www.schneier.com/blog/archives/2024/03/ross-anderson.html
🔧 Persistence – DLL Proxy Loading security research https://pentestlab.blog/2024/04/03/persistence-dll-proxy-loading/
🕵️ 5 ChatGPT Jailbreak Prompts Being Used By Cybercriminals security research – Cybercriminals using jailbreak prompts to bypass ChatGPT safety measures. https://abnormalsecurity.com/blog/chatgpt-jailbreak-prompts
🥷 Adversaries are leveraging remote access tools now more than ever – here’s how to stop them cyber defense – policy, technical controls, DNS security, and EDR blocks. https://blog.talosintelligence.com/adversaries-are-leveraging-remote-access-tools/
🔓 From OneNote to RansomNote: An Ice Cold Intrusion security research – Threat actors exploited OneNote files, deploying IcedID, using Cobalt Strike, AnyDesk, and FileZilla for data exfiltration and ransomware deployment. https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/
🔒 NVD Program Announcement security news – Growing backlog of vulnerabilities at NVD prompts prioritization, collaboration. https://nvd.nist.gov/general/news/nvd-program-transition-announcement
🪳 Earth Freybug Uses UNAPIMON for Unhooking Critical APIs malware – Earth Freybug (APT41) uses DLL hijacking and API unhooking to deploy malware UNAPIMON for defense evasion. https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.