cyberlights – week 19/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
Highlights
💰 Krypto-Betrüger: Sechs Österreicher festgenommen cybercrime – Six Austrians were arrested for running an online scam involving a supposed new cryptocurrency, defrauding investors of millions. Europol coordinated the operation, seizing over 500,000 euros in cryptocurrencies, 250,000 euros in fiat, and other assets. The suspects falsely claimed to open an online trading company with a new cryptocurrency, carrying out an Initial Coin Offering (ICO) without transparency, leading investors to realize they were deceived in February 2018. https://www.heise.de/news/Krypto-Betrueger-Sechs-Oesterreicher-festgenommen-9714300.html
Lockbit Corner 🛑 Law enforcement seized Lockbit group's website again cybercrime – Law enforcement seizes Lockbit group's website, threatens to reveal identities. https://securityaffairs.com/162778/cyber-crime/law-enforcement-seized-lockbit-site-again.html
⛓️ U.S. Charges Russian Man as Boss of LockBit Ransomware Group – Krebs on Security cybercrime – U.S. charges Russian man as boss of LockBit ransomware group, part of elaborate criminal network. https://krebsonsecurity.com/2024/05/u-s-charges-russian-man-as-boss-of-lockbit-ransomware-group/
🎙️ In interview, LockbitSupp says authorities outed the wrong guy cybercrime – LockBit leader denies being correctly identified. https://therecord.media/lockbitsupp-interview-ransomware-cybercrime-lockbit
🍧 LockBit gang claimed responsibility for the attack on City of Wichita cybercrime – The City of Wichita was hit by a LockBit ransomware attack, leading to network shutdown. The LockBit gang threatened to leak stolen data, prompting an investigation by third-party experts and law enforcement. Systems remain offline, with no definitive timeline for restoration. https://securityaffairs.com/162910/cyber-crime/city-of-wichita-lockbit-ransomware.html
News For All
🥠 Stealing cookies: Researchers describe how to bypass modern authentication security research – Researchers detail bypassing modern authentication via MITM attack. https://cyberscoop.com/stealing-cookies-researchers-describe-how-to-bypass-modern-authentication/
🔐 Why Your VPN May Not Be As Secure As It Claims – Krebs on Security security research – Researchers reveal VPN vulnerability via rogue DHCP server attacks. https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/
💸 Online Scams: Are These All Scams? Distinguishing the Legit from the Scam cybercrime – Sophisticated scammers create fake websites and emails, deceiving users. https://asec.ahnlab.com/en/65091/
🔑 Yubico bolsters authentication security with updated YubiKey 5 series devices security news – Yubico releases updated security keys with enhanced features. https://www.theverge.com/2024/5/7/24150918/yubico-5-7-firmware-update-security-key-yubikey-5
🔗 April 2024’s Most Wanted Malware: Surge in Androxgh0st Attacks and the Decline of LockBit3 security research – significant increase in AndroXgh0st malware attacks during April 2024, alongside a noticeable decrease in LockBit3.0 attacks, highlighting the shifting landscape of cybersecurity threats. https://blog.checkpoint.com/security/april-2024s-most-wanted-malware-surge-in-androxgh0st-attacks-and-the-decline-of-lockbit3/
🔍 New Case Study: The Malicious Comment security news – Malicious code hidden in 'Thank you' image compromised online shoppers. https://thehackernews.com/2024/05/new-case-study-malicious-comment.html
⛔ Stolen children’s health records posted online in extortion bid data breach – Children's health records from NHS Dumfries and Galloway published by cybercriminals for extortion. https://therecord.media/scotland-nhs-children-records-posted-extortion-ransomware
🧠 Back to the Hype: An Update on How Cybercriminals Are Using GenAI cybercrime – Cybercriminals continue to use generative AI, focusing on jailbreaking capabilities and emerging deepfake services for criminal activities. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai
✈️ Boeing confirms attempted $200 million ransomware extortion attempt cybercrime – Boeing faced a $200 million ransomware demand from LockBit, part of a larger cyberattack. Boeing did not pay the ransom and the incident impacted its parts and distribution business. https://cyberscoop.com/boeing-confirms-attempted-200-million-ransomware-extortion-attempt/
🚔 FBI Warns US Retailers That Cybercriminals Are Targeting Their Gift Card Systems warning – FBI warns US retailers of a cybercriminal group targeting staff with phishing attacks to create fraudulent gift cards, highlighting the financial losses and sophisticated tactics used. https://www.tripwire.com/state-of-security/fbi-warns-us-retailers-cybercriminals-are-targeting-their-gift-card-systems
❤️🩹 Major health care system hobbled by ‘cyber incident’ cybercrime – Ascension health care system suffers a cyber incident causing disruptions to clinical operations, affecting medical services, patient records access, and necessitating manual documentation. Incident follows recent high-profile attacks in the healthcare industry, highlighting the need for cybersecurity standards. https://cyberscoop.com/major-health-care-system-hobbled-by-cyber-incident/
📢 Dell discloses data breach impacting millions of customers data breach – Dell revealed a data breach affecting millions of customers, exposing names, physical addresses, and hardware purchase data. Financial details and sensitive information were not compromised. https://securityaffairs.com/162942/cyber-crime/dell-data-breach-2.html
📱 Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials malware – Malicious Android apps impersonate popular services to trick users into installing them, then request extensive permissions to steal credentials and perform malicious activities, such as accessing contact lists, SMS messages, and launching phishing pages mimicking social media and financial services. https://thehackernews.com/2024/05/malicious-android-apps-pose-as-google.html
🪲 Google fixes fifth actively exploited Chrome zero vulnerability – Google patched the fifth zero-day vulnerability in Chrome this year, a use-after-free issue in the Visuals component, actively exploited in the wild, without disclosing details about the attacks. https://securityaffairs.com/162976/hacking/5th-chrome-zero-day-2024.html
😨 You've Been Breached: What Now? cyber defense – Breaches are inevitable in cybersecurity; after a breach, focus shifts to identifying the blast radius, providing temporary work credentials for affected employees, accountability at the executive level, and implementing incident response planning and a comprehensive cybersecurity strategy for recovery. https://www.darkreading.com/cyberattacks-data-breaches/you-have-been-breached-what-now
Some More, For the Curious
⚔️ MITRE attributes the recent attack to China security news – MITRE discloses security breach attributed to China-linked UNC5221. https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html
🫢 RemcosRAT Distributed Using Steganography security research – RemcosRAT distributed using steganography technique, warns of malware infection risks. https://asec.ahnlab.com/en/65111/
🗣️ Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution vulnerability – Cisco Talos discloses three zero-day vulnerabilities, two allowing code execution. https://blog.talosintelligence.com/vulnerability-roundup-zero-days-may-8-2024/
🤌 Breaking down Microsoft’s pivot to placing cybersecurity as a top priority security news – Microsoft faced criticism over their security practices, prompting a new focus on cybersecurity as a top priority with six pillars. The announcement includes re-prioritizing efforts to enhance internal systems and respond to threats promptly. The new governance structure is designed to centralize security efforts and hold leadership accountable for progress. Despite past issues, this shift demonstrates a commitment to improving security practices and ensuring Microsoft products are a safe choice for users. https://doublepulsar.com/breaking-down-microsofts-pivot-to-placing-cybersecurity-as-a-top-priority-734467a8db01
⚙️ 21115: An Oracle VirtualBox LPE Used to Win Pwn2Own vulnerability – The exploit involved a bug in the VGA device heap memory, which could be triggered by setting specific values. Through a series of steps, the exploit gained increased VRAM access, disabled critical sections, achieved buffer overread and overflow, and executed arbitrary code, ultimately demonstrating control over the host system. https://www.thezdi.com/blog/2024/5/9/cve-2024-21115-an-oracle-virtualbox-lpe-used-to-win-pwn2own
🚗 GhostStripe attack haunts self-driving cars by making them ignore road signs security news – novel hack called “GhostStripe” that targets autonomous vehicles by manipulating road sign visibility to the vehicles' cameras, making the signs unrecognizable to the self-driving system and thus potentially leading to dangerous driving errors. https://www.theregister.com/2024/05/10/baidu_apollo_hack/
🥅 Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation cyber defense – Juniper Threat Labs is monitoring the Ivanti Pulse Secure authentication bypass and remote code execution vulnerabilities being exploited by Mirai botnet. https://blogs.juniper.net/en-us/security/protecting-your-network-from-opportunistic-ivanti-pulse-secure-vulnerability-exploitation
🐡 Unmasking Tycoon 2FA: A Stealthy Phishing Kit Used to Bypass Microsoft 365 and Google MFA security research – the Tycoon 2FA phishing kit, which exploits session cookies to bypass multifactor authentication for Microsoft 365 and Gmail, employing a business model via Telegram to sell phishing services and significantly impacting cybersecurity efforts. https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass
CISA Corner 🪫 CISA Advisory – alpitronic Hypercharger EV Charger vulnerability – Vulnerability in alpitronic Hypercharger EV charger allows attackers to disable the device, bypass payment, and access payment data due to the use of default credentials. Mitigations include changing default passwords, limiting network exposure, and implementing secure access methods. https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02
⚠️ #StopRansomware: Black Basta security news – The joint advisory from FBI, CISA, HHS, and MS-ISAC reveals details on Black Basta, a ransomware variant impacting critical infrastructure sectors, including Healthcare and Public Health, outlining TTPs and IOCs to assist organizations in protecting against Black Basta and other ransomware threats. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
🤹 ASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies https://www.cisa.gov/news-events/alerts/2024/05/09/asds-acsc-cisa-and-partners-release-secure-design-guidance-choosing-secure-and-verifiable
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.