cyberlights – week 20/2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

⚠️ Not all scams are easy to spot warning – Scammers utilize coincidental timing and correct details to trick even smart individuals. https://www.emsisoft.com/en/blog/45650/not-all-scams-are-easy-to-spot/

🦮 Guidance for organisations considering payment in ransomware incidents cyber defense – Guidance for organizations on ransomware incidents, emphasizing alternatives to paying. https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents

🛡️ CISA and Partners Release Guidance for Civil Society Organizations on Mitigating Cyber Threats with Limited Resources security news – CISA, DHS, FBI, and international partners release cyber threat mitigation guidance for civil society organizations to combat state-sponsored threats. https://www.cisa.gov/news-events/alerts/2024/05/14/cisa-and-partners-release-guidance-civil-society-organizations-mitigating-cyber-threats-limited

🛤️ Google and Apple deliver support for unwanted tracking alerts in Android and iOS security news – Google and Apple collaborate on alerting users of unwanted tracking. https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html

🔒 Encrypted mail service still okay with giving PII to cops security news – ProtonMail under scrutiny for disclosing user data to police; US Patent and Trademark Office exposes private addresses online again; LockBit ransomware hits Wichita, Kansas, disrupting city services. https://www.theregister.com/2024/05/13/infosec_in_brief/

🔓 Europol confirms incident after data break-in claims security news – Europol investigates claims of stolen data from Europol Platform for Experts by cybercriminal IntelBroker. No compromise of core systems, but confidential data samples leaked. Incident raises concerns over security of sensitive EU and law enforcement data. https://www.theregister.com/2024/05/13/europol_data_breach/

💻 How Did Authorities Identify the Alleged Lockbit Boss? – Krebs on Security cybercrime – The U.S. DoJ charges Russian Dmitry Yuryevich Khoroshev as LockBit leader involved in extensive ransomware-related crimes, traced through forum usernames and domain registrations. Khoroshev's cyber activity predates notorious cybercrime forums, suggesting prior involvement in ransomware schemes. Indictment details financial strategy and offers insight into underground activities. https://krebsonsecurity.com/2024/05/how-did-authorities-identify-the-alleged-lockbit-boss/

🤖 Android is getting an AI-powered scam call detection feature security news – Google is developing an AI-powered scam call detection feature for Android, utilizing Gemini Nano to spot fraudulent language and warn users in real-time, aiming to prevent falling victim to phone scams. It will be an opt-in feature, ensuring privacy by running locally and offline. https://www.theverge.com/2024/5/14/24156212/google-android-ai-gemini-scam-call-detection-feature-io

🏙️ City of Helsinki suffered a data breach data breach – The City of Helsinki experienced a significant data breach that impacted students, guardians, and personnel, with threat actors gaining access to various personal and sensitive information. https://securityaffairs.com/163088/data-breach/city-of-helsinki-data-breach.html

🔨 Christie's takes website offline after cyberattack, delays live auction security news – Christie's auction house website taken offline due to a cyberattack, delaying a live auction; clients can still participate in auctions via different methods while the issue is resolved. Limited information was provided about the cyberattack. https://therecord.media/christies-website-down-auction-delayed-cyberattack

🔒 Threat actors may have exploited a zero security news – Apple releases urgent security updates addressing code execution vulnerabilities in iPhones, iPads, and macOS, including a memory corruption flaw in the Real-Time Kernel (RTKit) which may have been exploited as a zero-day. https://securityaffairs.com/163096/hacking/apple-iphones-zero-day-exploited.html

📱 Android will be able to detect if your phone has been snatched security news – Google introduces security features in Android 15 beta, including Theft Detection Lock to prevent unauthorized access if the phone is stolen, private spaces for hidden apps with unique PIN, and Play Protect updates for threat detection and app permissions monitoring. https://www.theverge.com/2024/5/15/24157068/android-15-ai-theft-detection-lock-privacy-security

🔍 EU probes Meta over its provisions for protecting children security news – European Commission probes Meta over potential breaches of Digital Services Act (DSA) related to protecting minors on Facebook and Instagram, examining issues such as addictive behavior, access to inappropriate content, and privacy measures. https://www.theregister.com/2024/05/16/eu_investigates_meta_over_its/


Some More, For the Curious

🕵️ In den Datenstrom eintauchen: Ein Werkzeugkasten für Analysten von Android-Apps security research https://www.kuketz-blog.de/in-den-datenstrom-eintauchen-ein-werkzeugkasten-fuer-analysten-von-android-apps/

🚫 Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule vulnerability – Injecting specific strings can shut down websites protected by WAF, causing Denial of Service. https://blog.sicuranext.com/response-filter-denial-of-service-a-new-way-to-shutdown-a-website/

🐟 Using MITM to bypass FIDO2 phishing security research – Research reveals potential vulnerabilities in FIDO2 authentication, highlighting the importance of implementing Token Binding for enhanced security. https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/

🌜 To the Moon and back(doors): Lunar landing in diplomatic missions security research – ESET Lunar toolset infiltrated European MFA using backdoors LunarWeb and LunarMail, attributed to Turla APT group. https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/

🪵 Log4Shell shows no sign of fading, spotted in 30% of CVE exploits security news – survey reveals organizations still have insecure protocols on WAN, aiding lateral movement; Log4Shell exploit identified in 30% of outbound CVE exploits despite being three years old. https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols/

🔒 The xz apocalypse that almost was security news – A recap of the backdoor incident in the xz library, detailing the timeline of events, community contributions, potential scale of impact, and industry insights on OpenSSH servers. Despite the wide adoption of OpenSSH and xz, the incident, while significant, was not as catastrophic as feared due to the vigilance of the large community. https://www.bitsight.com/blog/xz-apocalypse-almost-was

🔣 Diagrams and Symbols in Threat Models security research https://shostack.org/blog/diagrams-and-symbols-in-threat-models/

👮 FBI Seizes BreachForums Website security news https://www.schneier.com/blog/archives/2024/05/fbi-seizes-breachforums-website.html

♨️ CISA spreads Black Basta advice amid Ascension infection security news – CISA and Health-ISAC issue bulletins on Black Basta ransomware gang after the attack on US healthcare provider Ascension, advising on defense strategies and outlining the group's tactics. https://www.theregister.com/2024/05/13/cisa_ascension_ransomware/

🦆 QakBot attacks with Windows zero-day (CVE-2024-30051) vulnerability – A zero-day vulnerability in the Windows Desktop Window Manager was discovered and exploited in the wild, leading to privilege escalation. The vulnerability, CVE-2024-30051, was reported to Microsoft and a patch was released on May 14, 2024. https://securelist.com/cve-2024-30051/112618/

🛹 MITRE released EMB3D Threat Model for embedded devices cyber defense – MITRE released the EMB3D threat model for critical infrastructure embedded devices, aiming to improve security by providing insights on cyber threats and device features for vendors, operators, and researchers across various industries. https://securityaffairs.com/163144/security/mitre-released-emb3d-framework.html

🦊 Foxit PDF Reader “Flawed Design” : Hidden Dangers Lurking in Common Tools security research https://blog.checkpoint.com/research/foxit-pdf-reader-flawed-design-hidden-dangers-lurking-in-common-tools/

🛞 Rounding up some of the major headlines from RSA security news – Recap of top stories and trends from RSA Conference, focusing on AI, build security initiative, technologies countering deepfakes, and Microsoft disclosing a zero-day vulnerability. Major headlines include healthcare network disruption, Google and Apple alert for unwanted device tracking, and Christie's cyber attack. https://blog.talosintelligence.com/threat-source-newsletter-may-16-2024/

CISA Corner KEV – Google Chromium, D-Link and Microsoft https://www.cisa.gov/news-events/alerts/2024/05/13/cisa-adds-one-known-exploited-vulnerability-catalog https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-adds-three-known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2024/05/14/cisa-adds-two-known-exploited-vulnerabilities-catalog Siemens Advisories https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-releases-seventeen-industrial-control-systems-advisories Updates by Adobe, Microsoft, Apple and Cisco https://www.cisa.gov/news-events/alerts/2024/05/15/adobe-releases-security-updates-multiple-products https://www.cisa.gov/news-events/alerts/2024/05/14/microsoft-releases-may-2024-security-updates https://www.cisa.gov/news-events/alerts/2024/05/14/apple-releases-security-updates-multiple-products https://www.cisa.gov/news-events/alerts/2024/05/16/cisco-releases-security-updates-multiple-products


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub