cyberlights – week 24/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
Highlight
📢 Android: Werbung/Tracker schnell und einfach systemweit loswerden privacy https://www.kuketz-blog.de/android-werbung-tracker-schnell-und-einfach-systemweit-loswerden/
News For All
⚕️ Microsoft, Google pledge 'low cost' cybersecurity services to rural hospitals security news – Microsoft and Google, in collaboration with the White House, are offering reduced-price cybersecurity services to rural hospitals to address the rising cyber threat in the healthcare sector. https://therecord.media/microsoft-google-rural-hospital-cybersecurity
🗳️ AI and the Indian Election “security” research – Indian election features (legitimate) AI, including deepfakes and personalized communication. https://www.schneier.com/blog/archives/2024/06/ai-and-the-indian-election.html
🧬 Privacy authorities in Canada and UK announce joint probe of 23andMe data breach data breach – privacy regulators launch a joint investigation into the global data breach at genetic testing company 23andMe, which exposed the genetic data of at least 5 million users in October 2023. https://therecord.media/23andme-data-breach-canada-uk-privacy-investigation
🚗 One of the major sellers of detailed driver behavioral data is shutting down privacy https://arstechnica.com/cars/2024/06/one-of-the-major-sellers-of-detailed-driver-behavioral-data-is-shutting-down/
⚔️ China state hackers infected 20,000 Fortinet VPNs, Dutch spy service says security news – The backdoor malware CoatHanger was installed, persisting despite reboots. Fortinet's delayed disclosure of the vulnerability impacted response. https://arstechnica.com/security/2024/06/china-state-hackers-infected-20000-fortinet-vpns-dutch-spy-service-says/
🫗 Cylance clarifies breach, dodges questions about the source data breach – Cybersecurity firm Cylance confirms a data breach related to marketing data from 2015-2018 before BlackBerry acquisition. Data allegedly includes customer, partner, and employee names and email addresses, with no compromise to current systems. https://www.theregister.com/2024/06/11/cylance_clarifies_data_breach_details/
⏺️ Patch Tuesday, June 2024 “Recall” Edition – Krebs on Security security news – including a critical flaw in Microsoft Message Queuing that could allow attackers to remotely control a system. Adobe also released security updates for multiple products. https://krebsonsecurity.com/2024/06/patch-tuesday-june-2024-recall-edition/
🦾 Semiconductor giants Nvidia and Arm warn of new flaws in their graphics processors security news – Arm warns of an actively exploited zero-day flaw in its Mali GPU Kernel Driver, CVE-2024-4610, allowing unauthorized access to sensitive information. Nvidia discloses 10 new vulnerabilities in its GPU Display Driver and vGPU software. https://therecord.media/nvidia-arm-semiconductor-flaws-patches
📶 Microsoft fixes hack-me-via-Wi-Fi Windows security hole security news – Microsoft's June Patch Tuesday addresses multiple CVEs, including a publicly known DNSSEC flaw, a severe remote code execution flaw in MSMQ, and a Wi-Fi driver remote code execution hole. Adobe releases 10 patches covering 166 CVEs, addressing various critical vulnerabilities. SAP issues a dozen security notes, including high-priority alerts for bugs affecting NetWeaver. PHP, Arm, Apple, Google, SolarWinds, Fortinet, and Cisco also release security updates. https://www.theregister.com/2024/06/12/june_patch_tuesday/
👿 CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog security news – CISA lists exploited vulnerabilities in Android, Windows, and Telerik. https://securityaffairs.com/164525/security/cisa-adds-android-pixel-microsoft-windows-progress-telerik-report-server-known-exploited-vulnerabilities-catalog.html
🦹 Ukrainian police identify suspected affiliate of Conti, LockBit groups cybercrime – Ukrainian cyber police identify a Kyiv resident, specializing in developing cryptors to evade antivirus detection. The Dutch police expressed gratitude for the cooperation in apprehending the suspect. https://therecord.media/ukraine-suspected-lockbit-conti-affiliate
🏮 How China’s Cyber Ecosystem Feeds Off Its Superstar Hackers security research – Analysis highlights China's leveraging of civilian talent for state-sponsored cyber operations through hacking contests and bug bounties. Chinese researchers dominate hacking competitions, leading to vulnerability research being harnessed by state operations. https://news.risky.biz/how-chinas-cyber-ecosystem-feeds-off-its-superstar-hackers/
🛤️ Google faces GDPR complaint over Privacy Sandbox privacy – Privacy campaigner noyb files a GDPR complaint against Google, alleging that the 'Privacy Feature' in the Chrome browser resulted in unwanted tracking, contrary to its promotion of eliminating third-party tracking cookies through the Privacy Sandbox API. https://www.theregister.com/2024/06/13/noyb_gdpr_privacy_sandbox/
🥸 Watch Out! CISA Warns It Is Being Impersonated By Scammers warning – CISA warns of rising impersonation scams where scammers pretend to be trusted entities to trick victims into sharing sensitive information or money, using social engineering tactics. https://www.tripwire.com/state-of-security/watch-out-cisa-warns-it-being-impersonated-scammers
⏸️ Meta hits pause on EU AI training plans under pressure privacy – Meta postpones plans to train AI models on EU Facebook and Instagram posts after privacy complaints, affecting launch of Meta AI in the economic zone, but continues with plans for other regions. https://www.theregister.com/2024/06/14/meta_eu_privacy/
📔 CERT.at – How we cover your back cyber defense – CERT.at proactively informs network operators about potential security issues affecting Austrian companies. https://www.cert.at/en/blog/2024/6/how-we-cover-your-back
HIBP Corner 🆕 Telegram Combolists and 361M Email Addresses security news – 151M mail new addresses with passwords some connected websites. https://www.troyhunt.com/telegram-combolists-and-361m-email-addresses/
Some More, For the Curious
🕵️ Bypassing Veeam Authentication CVE-2024-29849 security research – authentication bypass vulnerability explained with code analysis. https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
⏳ 1/6 | How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension hacking write-up – Creators developed malicious VSCode extension in 30 minutes, exposing source code to remote server. https://medium.com/@amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7
🪞 Microsoft Refused to Fix Flaw Years Before SolarWinds Hack — ProPublica security news – Microsoft ignored critical security flaw for years pre-SolarWinds hack. https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
🕵️ How scammers bypass 2FA cybercrime – Scammers utilize OTP bots and phishing kits to bypass 2FA by social engineering victims and intercepting OTPs. OTP bots automate scam calls to victims for obtaining codes, providing various features. https://securelist.com/2fa-phishing/112805/
📳 Hacking Millions of Modems (and Investigating Who Hacked My Modem) hacking write-up https://samcurry.net/hacking-millions-of-modems
🛡️ Windows flaw may have been exploited with Black Basta ransomware before it was patched security research – Symantec evidence suggests pre-patch exploitation. https://therecord.media/black-basta-ransomware-zero-day-windows
👑 Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested – Krebs on Security cybercrime – A 22-year-old UK man was arrested in Spain. The group is accused of hacking into multiple organizations, accessing critical data and funds. Noyb and UK authorities accuse him of SIM-swapping and heading the notorious gang involved in cyber theft activities, including costly ransom attacks at casinos. https://krebsonsecurity.com/2024/06/alleged-boss-of-scattered-spider-hacking-group-arrested/
👟 Ransomware Group Exploits PHP Vulnerability Days After Disclosure vulnerability https://www.securityweek.com/ransomware-group-exploits-php-vulnerability-days-after-disclosure/
👋 ASUS fixed critical remote authentication bypass bug in several routers security news https://securityaffairs.com/164549/security/asus-router-models-critical-rce.html
CISA Corner
🔐 Fortinet Releases Security Updates for FortiOS https://www.cisa.gov/news-events/alerts/2024/06/11/fortinet-releases-security-updates-fortios 🛡️ Microsoft Releases June 2024 Security Updates https://www.cisa.gov/news-events/alerts/2024/06/11/microsoft-releases-june-2024-security-updates 🔓 CISA Adds Two Known Exploited Vulnerabilities to Catalog CVE-2024-4610 ARM Mali GPU Use-After-Free and CVE-2024-4577 PHP-CGI Command Injection. https://www.cisa.gov/news-events/alerts/2024/06/12/cisa-adds-two-known-exploited-vulnerabilities-catalog
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.