cyberlights – week 21/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, missing or in any other way off, please let me know!
Highlight
🧑✈️ Recall feature in Microsoft Copilot+ PCs raises privacy concerns privacy – Microsoft's Recall feature in Copilot+ PCs, raises privacy concerns and undergoes investigation by the UK data watchdog. Users may be able manage and delete snapshots, but potential risks to privacy and security remain. https://securityaffairs.com/163609/security/microsoft-recall-feature-copilot-pcs.html
🔍 New Windows AI feature records everything you’ve done on your PC privacy – Microsoft's Recall feature records user activities, raising privacy concerns. https://arstechnica.com/gadgets/2024/05/microsofts-new-recall-feature-will-record-everything-you-do-on-your-pc/
🐕🦺 Personal AI Assistants and Privacy – Schneier on Security privacy – Bruce Schneier explores the privacy concerns surrounding Microsoft's AI-powered digital assistant, Recall, highlighting the need for trustworthy AI to protect users' data and emphasizing transparency in the development of such systems. https://www.schneier.com/blog/archives/2024/05/personal-ai-assistants-and-privacy.html
News For All
🌪️ Privacy, human rights, and Tornado Cash privacy – Developer of Tornado Cash service sentenced in laundering case, igniting concerns over financial privacy, law enforcement intervention, and crypto misuse. Privacy rights clash with anti-money laundering laws, sparking debates over encryption and financial surveillance. https://www.citationneeded.news/tornado-cash/
🚔 Police caught circumventing city bans on face recognition privacy – Police bypassing facial recognition bans through neighboring agencies. https://www.theregister.com/2024/05/20/cops_circumvent_facial_recognition/
💰 HHS offering $50 million for proposals to improve hospital cybersecurity security news – HHS funds hospital cybersecurity tools to combat cyberattacks. https://therecord.media/hhs-offering-funding-cybersecurity-hospital
💧 EPA will step up inspections of water sector cybersecurity security news – EPA increasing water sector cybersecurity inspections due to rising threats. https://cyberscoop.com/epa-water-inspections-cyber-alert/
🌐 Fi Router Doubles as an Apple AirTag – Krebs on Security security research – Research finds Apple's Wi-Fi geolocation API used to track devices globally. https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/
🧬 Homeland Security has collected DNA data from 1.5 million immigrants in four years, researchers find privacy – DHS collected DNA from 1.5M immigrants for database, raising privacy concerns. https://therecord.media/homeland-security-collected-dna-millions-immigrants
🙅♂️ From trust to trickery: Brand impersonation over the email attack vector security research – Talos researchers uncover techniques used by threat actors to embed brand logos in emails for brand impersonation, with insights into detected cases. https://blog.talosintelligence.com/from-trust-to-trickery-brand-impersonation/
👀 A consumer-grade spyware app found in check-in systems of 3 US hotels security news – spyware app pcTattletale discovered on check-in systems of three Wyndham hotels, enabling unauthorized access to guest details and vulnerabilities, highlighting concerns over privacy and security. https://securityaffairs.com/163550/uncategorized/spyware-app-check-in-systems-3-wyndham-hotels.html
️🧑⚖️ Crooks plant backdoor in software used by courtrooms around the world security news https://arstechnica.com/security/2024/05/crooks-plant-backdoor-in-software-used-by-courtrooms-around-the-world/
👨👩👧👦 You can now share passwords within your Google family group security news – Google's newest Google Play services update allows family group members to securely share passwords saved in Google Password Manager. https://www.theverge.com/2024/5/23/24163560/google-password-manager-share-passwords-family-group
💳 Cyber Signals: Inside the growing risk of gift card fraud cybercrime – Microsoft observes rise in gift card fraud by group Storm-0539 targeting cloud environments for fraudulent gift card creation. https://www.microsoft.com/en-us/security/blog/2024/05/23/cyber-signals-inside-the-growing-risk-of-gift-card-fraud/
🤖 Google’s “AI Overview” can give false, misleading, and dangerous answers security news – sometimes humorous or misleading answers, especially when treating jokes as facts and relying on questionable sourcing like troll forums or fan fiction sites. https://arstechnica.com/information-technology/2024/05/googles-ai-overview-can-give-false-misleading-and-dangerous-answers/
Some More, For the Curious
🎒 KB4581: Veeam Backup Enterprise Manager Vulnerabilities (CVE vulnerability https://www.veeam.com/kb4581
📧 New 'Siren' mailing list aims to share threat intelligence for open source projects security news – Siren mailing list for open source threat intelligence sharing. https://therecord.media/openssf-siren-open-source-threat-intelligence-mailing-list
😮💨 Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign security research – pro-Russian influence campaign targets Western democracies. https://blog.sekoia.io/master-of-puppets-uncovering-the-doppelganger-pro-russian-influence-campaign/
🪀 Critical Fluent Bit bug affects all major cloud providers vulnerability – Critical vulnerability in Fluent Bit affects major cloud providers. https://www.theregister.com/2024/05/21/fluent_bit_flaw/
⏩ Beyond the Basics: Exploring Uncommon NTLM Relay Attack Techniques hacking write-up https://www.guidepointsecurity.com/blog/beyond-the-basics-exploring-uncommon-ntlm-relay-attack-techniques/
👨💻 GitHub Enterprise Server patches critical vulnerability vulnerability https://www.theregister.com/2024/05/22/github_enterprise_server_patch/
🏮 Crimeware report: Acrid, ScarletStealer and Sys01 stealers security research https://securelist.com/crimeware-report-stealers/112633/
🌀 5 Reasons Why Every Developer Should Incorporate Common Weakness Enumeration (CWE) into Their Software Development Life Cycle (SDLC) security research https://infosec-mashup.santolaria.net/p/5-reasons-why-every-developer-should
🔚 Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM) vulnerability – Ivanti addressed multiple critical SQL injection vulnerabilities in Endpoint Manager (EPM) 2022 SU5 and prior versions, allowing attackers within the network to execute code. https://securityaffairs.com/163587/security/ivanti-endpoint-manager-critical-sql-injection.html
⚔️ How ransomware abuses BitLocker security news – BitLocker repurposed for ransomware in incident response effort, using VBS script for unauthorized file encryption. https://securelist.com/ransomware-abuses-bitlocker/112643/
🕵️ Stark Industries Solutions: An Iron Hammer in the Cloud – Krebs on Security cybercrime – Stark Industries Solutions emerged before the Russian invasion of Ukraine and is behind massive DDoS attacks, used to conceal cyberattacks and disinformation campaigns. https://krebsonsecurity.com/2024/05/stark-industries-solutions-an-iron-hammer-in-the-cloud/
🥡 An XSS flaw in GitLab allows attackers to take over accounts vulnerability https://securityaffairs.com/163649/hacking/gitlab-xss-flaw.html
🛖 MITRE December 2023 attack: threat actors created rogue VMs to evade detection security news – MITRE Corporation reported a breach in their NERVE network caused by China-linked nation-state actors, who chained two Ivanti Connect Secure zero-day flaws. https://securityaffairs.com/163658/apt/mitre-december-2023-attack-rogue-vms.html more info https://mastodon.social/@campuscodi/112503791372484604
CISA Corner 👀 [...]remove connectivity on all [...] devices connected to the [...] internet https://www.cisa.gov/news-events/alerts/2024/05/21/rockwell-automation-encourages-customers-assess-and-secure-public-internet-exposed-assets Chromium again, NextGen Healthcare Mirth Connect https://www.cisa.gov/news-events/alerts/2024/05/20/cisa-adds-two-known-exploited-vulnerabilities-catalog Apache Flink https://www.cisa.gov/news-events/alerts/2024/05/23/cisa-adds-one-known-exploited-vulnerability-catalog
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.