cyberlights – week 18/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🤖 CISA unveils guidelines for AI and critical infrastructure security news https://fedscoop.com/cisa-unveils-guidelines-for-ai-and-critical-infrastructure/
🔍 Watchdog reveals lingering Google Privacy Sandbox worries privacy https://go.theregister.com/feed/www.theregister.com/2024/04/29/uk_cma_google/
⚠️ Bewertungen entfernen lassen? Vorsicht vor entferno.at warning https://www.watchlist-internet.at/news/google-bewertungen-entfernen-lassen-vorsicht-vor-entfernoat/
🔒 UK becomes first country to ban default bad passwords on IoT devices security news https://therecord.media/united-kingdom-bans-defalt-passwords-iot-devices
🔓 FBCS data breach impacted 2M individuals data breach https://securityaffairs.com/162514/cyber-crime/fbcs-data-breach.html
😶 Russia Clones Wikipedia, Censors It, Bans Original security news – Russia clones Wikipedia to censor and ban original content. https://www.404media.co/russia-clones-wikipedia-censors-it-bans-original/
🐄 The UK beefs up smart home security by going after bad default passwords security news https://www.theverge.com/2024/4/29/24144325/uk-psti-password-requirements-network-connected-devices-iot-smart-home
📍 FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data – Krebs on Security privacy https://krebsonsecurity.com/2024/04/fcc-fines-major-u-s-wireless-carriers-for-selling-customer-location-data/
🔐 Apple's 'incredibly private' Safari not so private in Europe privacy – Apple's Safari browser in Europe exposed to privacy flaws due to third-party app store feature, leaking user activity and identifiers to approved marketplaces. Implementation lacks security measures, raising concerns about tracking. https://go.theregister.com/feed/www.theregister.com/2024/04/30/apple_safari_europe_tracking/
🚗 Carmakers lying about requiring warrants before sharing location data, Senate probe finds privacy – Senate probe finds automakers deceive customers by sharing driver location data without warrants, contradicting pledges, and misleading for years. Requested FTC investigation. Automakers store location data for years. Alliance for Automotive Innovation statement conflicts with findings. https://therecord.media/carmakers-lying-about-warrants-location-data
💸 UnitedHealth CEO confirms company paid $22 million ransom in heated Senate hearing security news – UnitedHealth Group paid ransom to BlackCat/AlphV gang post-ransomware attack. CEO admits multifactor authentication lapse. Senators criticize data restoration issues and impact on medical organizations. https://therecord.media/unitedhealth-ceo-testifies-senate-hearing
🌐 We can have a different web Blogpost – Reflections on the evolution of the web from an open space to commercialized walled gardens. Call for reclaiming the web's original spirit of innovation, authenticity, connection, and less surveillance. https://www.citationneeded.news/we-can-have-a-different-web/
🗝️ Microsoft launches passkey support for all consumer accounts security news – allowing face, fingerprint, PIN, or security key authentication across devices to streamline signing in without traditional passwords. https://www.theverge.com/2024/5/2/24147124/microsoft-passkeys-support-consumer-msa
🛡️ Organizations patch CISA KEV list bugs 3.5 times faster than others, researchers find security news https://therecord.media/kev-list-vulnerabilities-patched-significantly-faster
🕵️ Indonesia sneakily buys spyware, says Amnesty International security news – Amnesty International reveals Indonesia's purchase of spyware from various suppliers through intermediary companies, citing the lack of transparency and regulation in dual-use technology exports. https://go.theregister.com/feed/www.theregister.com/2024/05/03/amnesty_indonesia_surveillance/
👔 Microsoft ties executive pay to security following multiple failures and breaches security news – Microsoft faces severe criticism for security failures and breaches, including breaches by China and Russia-based hacking groups; response under scrutiny by lawmakers and regulators. Introduces 'Secure Future Initiative' and ties executive pay to security milestones, emphasizing robust security practices. https://arstechnica.com/information-technology/2024/05/microsoft-ties-executive-pay-to-security-following-multiple-failures-and-breaches/
💑 Dating apps kiss'n'tell all sorts of sensitive user info privacy – Most dating apps collect excessive user data, poor privacy practices revealed by Mozilla research. Grindr singled out for historically weak data protection. Concerns raised over user data sharing, AI integration, and privacy violations. https://www.theregister.com/2024/05/04/dating_apps_privacy_mozilla/
Some More, For the Curious
🛡️ Brokewell: do not go broke from new banking malware! malware – Brokewell, a dangerous mobile banking malware with device takeover capabilities. https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware
🔒 How we fought bad apps and bad actors in 2023 security news – Google Play's security measures in 2023. https://security.googleblog.com/2024/04/how-we-fought-bad-apps-and-bad-actors-in-2023.html
🔓 Multiple Brocade SANnav SAN Management SW flaws allow device compromise vulnerability https://securityaffairs.com/162473/uncategorized/brocade-sannav-flaws.html
🦠 Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams security research – JFrog's security research team discovered nearly 20% of Docker Hub repositories hosting malicious content, ranging from spam to harmful entities like malware and phishing sites, driven by fake imageless repositories. Identified massive malicious campaigns targeting Docker Hub, leading to removal of 3.2 million suspicious repositories. https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/
💻 AWS S3 storage bucket with unlucky name nearly cost developer $1,300 security news – Developer's AWS S3 bucket with common name faces massive unauthorized requests due to an open-source tool, accumulating over $1,300 bill in one day. https://arstechnica.com/information-technology/2024/04/aws-s3-storage-bucket-with-unlucky-name-nearly-cost-developer-1300/
⚔️ Uncharmed: Untangling Iran's APT42 Operations security research – APT42 operations by Iranian state-sponsored threat actor with focus on enhanced social engineering, credential harvesting, cloud operations, and custom backdoors NICECURL and TAMECAT. Mandiant links APT42 to IRGC-IO and outlines their methods of stealing Microsoft, Yahoo, Google credentials. https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/
🍯 Examining the Deception infrastructure in place behind code.microsoft.com security research – Microsoft repurposes the dangling subdomain code.microsoft.com into a honeypot to gather threat intelligence, simulating attacker interactions for research and protection. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/examining-the-deception-infrastructure-in-place-behind-code/ba-p/4124464
🛡️ “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps security research – Microsoft identifies a path traversal vulnerability pattern in popular Android apps, facilitating arbitrary code execution and token theft, with potential disastrous consequences. https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/
🗽 State of Exploitation – A Peek into the Last Decade of Vulnerability Exploitation security research – Explores vulnerability trends from 2014 to 2023. Increase in known exploitation and POC exploits. https://vulncheck.com/blog/state-of-exploitation-a-decade
CISA Corner Microsoft SmartScreen Prompt https://www.cisa.gov/news-events/alerts/2024/04/30/cisa-adds-one-known-exploited-vulnerability-catalog GitLab Community and Enterprise Editions https://www.cisa.gov/news-events/alerts/2024/05/01/cisa-adds-one-known-exploited-vulnerability-catalog CERT/CC Reports R Programming Language Vulnerability https://www.cisa.gov/news-events/alerts/2024/05/01/certcc-reports-r-programming-language-vulnerability
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.