cyberlights – week 17/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.
A little late this week and a little shorter, but with some work put into the summary-thingy. Enjoy.
News For All
🔐 Firstyear's blog – Passkeys – A shattered dream privacy – Author expresses frustration with the direction of Passkeys and issues with Webauthn standards, emphasizing the importance of password managers. https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/
🚗 How G.M. Tricked Millions of Drivers Into Being Spied On (Including Me) privacy – G.M. collected driving data from OnStar users, shared with insurers. https://www.nytimes.com/2024/04/23/technology/general-motors-spying-driver-data-consent.html?unlocked_article_code=1.m00.gIzH.YdQ-yszzdzq6
⚠️ A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites vulnerability – Forminator plugin allows unrestricted file uploads, other vulnerabilities. https://securityaffairs.com/162113/security/forminator-wordpress-plugin-flaws.html
🔒 Europol asks tech firms, governments to get rid of E2EE privacy – Europol calls for end to E2EE to combat crimes, sparking debate on privacy versus law enforcement access. https://www.theregister.com/2024/04/22/europol_becomes_latest_cop_shop/
🛡️ Hackers infect users of antivirus service that delivered updates over HTTP cybercrime – Hackers exploit eScan antivirus service for five years via MitM attack to deliver malware to end users. https://arstechnica.com/security/2024/04/hackers-infect-users-of-antivirus-service-that-delivered-updates-over-http/
⚕️ Nurses Protest 'Deeply Troubling' Use of AI in Hospitals security news – Nurses protest AI implementation in healthcare for potential negative impact on patient care and job roles. https://www.404media.co/nurses-protest-ai-automation/
🔒 Ring to pay $5.6M to settle claims of poor privacy practices privacy – The FTC fines Ring for poor privacy practices, leading to unauthorized access to customer cameras by cybercriminals and rogue employees. https://www.theregister.com/2024/04/25/ring_ftc_settlement/
📱 Flaws in Chinese keyboard apps expose smartphones to snoops privacy – Chinese keyboard apps, including major manufacturers' offerings, leak keystrokes due to weak encryption potentially exposing over 780 million smartphone users to surveillance. https://www.theregister.com/2024/04/26/pinyin_keyboard_security_risks/
🍷 Sweden’s liquor supply severely impacted by ransomware attack cybercrime – A ransomware attack on Swedish logistics company Skanlog severely impacts Sweden's liquor supply. https://securityaffairs.com/162333/cyber-crime/swedens-liquor-supply-ransomware-attack.html
🔒 Discord Shuts Down ‘Spy Pet’ Bots That Scraped, Sold User Messages privacy https://www.404media.co/discord-shuts-down-spy-pet-bots-that-scraped-sold-user-messages/
⚠️ Experts warn of malware campaign targeting WP vulnerability – A critical SQL injection vulnerability in the WordPress Automatic plugin allows attackers to inject backdoors and compromise websites. Admins are urged to update immediately. https://securityaffairs.com/162364/hacking/wordpress-automatic-critical-flaw.html
🔒 Okta warns of unprecedented scale in credential stuffing attacks on online services https://securityaffairs.com/162464/hacking/okta-warned-spike-credential-stuffing-attacks.html
🔒 How to Remove Personal Information From Data Broker Sites privacy – Data brokers, like Acxiom and Epsilon, collect personal information for marketing purposes. Advises visiting each broker's site, create an account, locate your information, and request removal to safeguard privacy. Opting out may vary require annual repetition. https://www.mcafee.com/blogs/tips-tricks/how-to-remove-personal-information-from-data-broker-sites/
🔒 (The) Postman Carries Lots of Secrets ◆ Truffle Security Co. security news – Postman, known for hosting a vast collection of public APIs, has become a major source of leaked secrets with over 4,000 live credentials exposed. https://trufflesecurity.com/blog/postman-carries-lots-of-secretsf
Some More, For the Curious
🐍 CERT.at Double Agents and User Agents: Navigating the Realm of Malicious Python Packages malware – Malicious Python packages act as double agents, tricking users to build grabbers that collect data for nefarious purposes. https://cert.at/en/blog/2024/4/double-agents-and-user-agents-navigating-the-realm-of-malicious-python-packages
⚔️ M-Trends 2024: Our View from the Frontlines security research – Mandiant Consulting's M-Trends report highlights increased attacker evasion tactics and improved defender detection, emphasizing the need for ongoing vigilance in cybersecurity. https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2024/
🔍 Distribution of Infostealer Made With Electron malware – Infostealer malware strain created with Electron framework; evades detection with NSIS installer format. https://asec.ahnlab.com/en/64445/
🪝 Unplugging PlugX: Sinkholing the PlugX USB worm botnet security research – Sophos and Sekoia sinkhole PlugX worm botnet to control its activities and explore remote system disinfection methods. https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
📵 A Briefing on SIM Hijacking cybercrime – SIM hijacking: stealing phone numbers for cryptocurrency theft and account takeovers. https://intel471.com/blog/a-briefing-on-sim-hijacking
🦮 Microsoft Security – Guidance for Incident Responders cyber defense https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/IR-Guidebook-Final.pdf
🔐 The private sector probably isn’t coming to save the NVD security news – Major backlogs in U.S. National Vulnerability Database prompt potential solutions from government and private sector https://blog.talosintelligence.com/threat-source-newsletter-april-25-2024/
🧠 Microsoft Deleted Its LLM Because It Didn’t Get a Safety Test, But Now It’s Everywhere security news – Microsoft releases powerful language model, WizardLM 2, without safety testing, leading to unintended spread on the internet. https://www.404media.co/microsoft-deleted-its-llm-because-it-didnt-get-a-safety-test-but-now-its-everywhere/
CISA Corner Cicso ASA & CrushFTP added to KEV https://www.cisa.gov/news-events/alerts/2024/04/24/cisa-adds-three-known-exploited-vulnerabilities-catalog Microsoft Print Spooler PEV added to KEV https://www.cisa.gov/news-events/alerts/2024/04/23/cisa-adds-one-known-exploited-vulnerability-catalog
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.