cyberlights – week 22/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
Highlight
⛳ CERT.at Sicherheitslücke in Check Point Network Security Gateways (Mobile Access) vulnerability – Security vulnerability in Check Point Network Security Gateways. https://www.cert.at/de/warnungen/2024/5/sicherheitslucke-in-check-point-network-security-gateways-mobile-access-fix-verfugbar
Operation Endgame ⚔️ Operation Endgame, the largest law enforcement operation ever against botnets security news – Operation Endgame, led by Europol and involving multiple countries, targeted various botnets like IcedID, SystemBC, and Pikabot used to facilitate malicious activities including ransomware deployment. https://securityaffairs.com/163876/cyber-crime/operation-endgame.html 🎯 ‘Operation Endgame’ Hits Malware Delivery Platforms – Krebs on Security security news – Operation Endgame targets malware droppers, disrupts infrastructure and arrests suspects in a coordinated international law enforcement effort. Europol seizes servers and domains, adding criminals to Most Wanted list. https://krebsonsecurity.com/2024/05/operation-endgame-hits-malware-delivery-platforms/ 🔚 Troy Hunt: Operation Endgame security news – Law enforcement agencies provide 16.5M email addresses and 13.5M unique passwords to Have I Been Pwned (HIBP) as part of Operation Endgame. The data, gathered from a botnet takedown, helps identify compromised credentials and inform impacted individuals to strengthen their online security practices. https://www.troyhunt.com/operation-endgame/
News For All
📰 Risky Biz News: Google distrusts GlobalTrust certs Austrian business!! security news – Google plans to stop trusting GlobalTrust TLS certificates, recent cyberattacks and threat intel highlights. https://news.risky.biz/risky-biz-news-google-throws-out-globaltrust-certs/
🛹 How scammers trick message board users cybercrime – Scammers target message board users in buyer and seller scams, using phishing links for financial theft. https://securelist.com/message-board-scam/112691/
🫦 WordPress Plugin abused to install e-skimmers in e-commerce sites malware – Threat actors abuse WordPress plugin to insert e-skimmers in e-commerce sites, stealing credit card data. https://securityaffairs.com/163777/malware/wordpress-plugin-insert-e-skimmer.html
🍘 Researchers crack 11-year-old password, recover $3 million in bitcoin security research – after failed attempts by others, Grand and a friend successfully recover the password. https://arstechnica.com/information-technology/2024/05/researchers-crack-11-year-old-password-recover-3-million-in-bitcoin/
🥅 Is Your Computer Part of ‘The Largest Botnet Ever?’ – Krebs on Security cybercrime – Alleged operator of 911 S5, a large botnet used to facilitate cybercrime, arrested. Service turned computers into proxies for traffic relay. Billions lost in online fraud. https://krebsonsecurity.com/2024/05/is-your-computer-part-of-the-largest-botnet-ever/
🧑💼 Three-day DDoS attack batters the Internet Archive security news – The Internet Archive has been targeted by a sustained DDoS attack affecting services like the online library and the Wayback Machine. However, the bigger threat comes from ongoing lawsuits by major US book publishing companies and record labels alleging copyright infringement and seeking significant damages, potentially endangering the non-profit archive's future. https://www.theregister.com/2024/05/29/ddos_internet_archive/
🐠 From Phish to Phish Phishing: How Email Scams Got Smart security news – Evolution of phishing scams from simple to AI-driven complex attacks. https://blog.checkpoint.com/security/from-phish-to-phish-phishing-how-email-scams-got-smart/
🤝 A list of cybersecurity-focused charities and nonprofits security news – A list of cybersecurity-focused charities and nonprofits aimed at helping individuals and organizations within the cybersecurity industry, advancing the field, and contributing to a better world. https://ventureinsecurity.net/p/a-list-of-cybersecurity-focused-charities
🥙 Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature warning – Observed suspicious activity starting on April 15. The attacks exploited the cross-origin authentication feature in Customer Identity Cloud (CIC), posing a risk of unauthorized access to user accounts. https://securityaffairs.com/163867/cyber-crime/okta-credential-stuffing-cross-origin-authentication.html
🦄 Phones of journalists and activists in Europe targeted with Pegasus security news – European journalists and activists targeted with Pegasus spyware, highlighting continued threat to press freedom. Recommendations for moratorium on spyware. EU faces criticism for lack of action on spyware issues. https://cyberscoop.com/spyware-europe-nso-pegasus/
🏛️ EU Parliament member suspected of being paid to promote Russian propaganda security news – Belgian and French police search properties of European Parliament employee suspected of receiving money from Russia to promote propaganda. Investigation involves promotion of Kremlin propaganda via Voice of Europe news website. https://therecord.media/eu-parliament-member-paid-propaganda
🧟 Stalkerware app pcTattletale announces it is 'out of business' after suffering data breach and website defacement security news – Leaked data included customer details and spyware victims' data. Lessons on cybersecurity importance and ethical usage of stalkerware highlighted. https://www.bitdefender.com/blog/hotforsecurity/stalkerware-app-pctattletale-announces-it-is-out-of-business-after-suffering-data-breach-and-website-defacement/
🎫 Massive Ticketmaster, Santander data breaches linked to Snowflake cloud storage data breach – Ticketmaster and Santander Bank data breaches, potentially affecting millions of users, traced back to attacks on Snowflake cloud storage. https://www.theverge.com/2024/5/31/24168984/ticketmaster-santander-data-breach-snowflake-cloud-storage
📺 Twitch ditches expert safety advisors for 'ambassador' team security news – Twitch reportedly disbands its Safety Advisory Council and plans to replace it with Twitch ambassadors. Twitch ambassadors are active users contributing positively to the community, but it is unclear if they are experts on online safety. https://www.theregister.com/2024/05/31/twitch_safety_advisory_council/
Some More, For the Curious
🎃 The Pumpkin Eclipse malware – 600,000 routers rendered inoperable by Chalubo RAT. https://blog.lumen.com/the-pumpkin-eclipse/
💣 DDoS-as-a-Service: The Rebirth Botnet cybercrime – RebirthLtd offers DDoS-as-a-Service targeting gamers for profit. https://sysdig.com/blog/ddos-as-a-service-the-rebirth-botnet/
👅 CVE-2024-22058 Ivanti Landesk LPE vulnerability – Exploit for Ivanti Landesk Local Privilege Escalation. https://mantodeasecurity.de/en/2024/05/cve-2024-22058-ivanti-landesk-lpe/
🔍 Check Point – Wrong Check Point (CVE-2024-24919) vulnerability – Check Point CloudGuard Network Security vulnerability exploited in the wild for arbitrary file read. https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
⛹️♂️ Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges vulnerability – Cisco Talos' team discovers vulnerabilities in Adobe Acrobat Reader, Foxit PDF Reader, PLC CPU modules, and an image-processing library; patches released for all vulnerabilities. https://blog.talosintelligence.com/vulnerability-roundup-may-29-2024/
🔙 NIST expects to clear backlog in vulnerabilities database by end of fiscal year security news – NIST has awarded a contract to address the backlogged vulnerabilities in the National Vulnerability Database; the backlog is due to increased submissions and changes in interagency support.. https://therecord.media/nist-nvd-backlog-clear-end-fiscal-2024
🦠 Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.) security research – A threat actor is distributing malware disguised as cracked versions of legitimate software like Hangul Word Processor, infecting many systems in South Korea. The attacker adds layers to the infection by registering to the Task Scheduler, enabling persistence. https://asec.ahnlab.com/en/66017/
🌐 Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices security news – The attacks, by nation-backed actors like 'CyberAv3ngers' and pro-Russian hacktivists, underscore the urgent need to enhance OT device security to prevent critical infrastructure from becoming vulnerable. https://www.microsoft.com/en-us/security/blog/2024/05/30/exposed-and-vulnerable-recent-attacks-highlight-critical-need-to-protect-internet-exposed-ot-devices/
🦑 LilacSquid APT targeted orgs in the U.S., Europe, and Asia security research – Uncovered APT group LilacSquid launches data theft campaigns since 2021. Their TTPs overlap with North Korea-linked APT groups. https://securityaffairs.com/163927/apt/lilacsquid-targeted-orgs-in-us-europe-asia.html
🪒 Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud vulnerability – A detailed account of an XML External Entity (XXE) injection vulnerability found in SharePoint that affects both on-prem and cloud instances. https://www.thezdi.com/blog/2024/5/29/cve-2024-30043-abusing-url-parsing-confusion-to-exploit-xxe-on-sharepoint-server-and-cloud
CISA Corner KEV – Checkpoint, Linux Kernel, JAVS, Google Chromium https://www.cisa.gov/news-events/alerts/2024/05/30/cisa-adds-two-known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2024/05/29/cisa-adds-one-known-exploited-vulnerability-catalog https://www.cisa.gov/news-events/alerts/2024/05/28/cisa-adds-one-known-exploited-vulnerability-catalog Industrial Advisories https://www.cisa.gov/news-events/alerts/2024/05/30/cisa-releases-seven-industrial-control-systems-advisories https://www.cisa.gov/news-events/alerts/2024/05/28/cisa-releases-one-industrial-control-systems-advisory
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.