cyberlights – week 25/2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

💌 Security bug allows anyone to spoof Microsoft employee emails vulnerability – Bug allows MS employee email spoofing, not yet patched. https://techcrunch.com/2024/06/18/security-bug-allows-anyone-to-spoof-microsoft-employee-emails/?guccounter=1

💳 First million breached Ticketmaster records released for free data breach – Ticketmaster breached records leaked, potential for phishing attacks. https://www.malwarebytes.com/blog/news/2024/06/first-million-breached-ticketmaster-records-released-for-free

🗨️ Signal president Meredith Whittaker criticizes EU attempts to tackle child abuse material privacy – Signal Foundation president criticizes EU proposal. https://therecord.media/european-council-e2ee-proposal-signal-whittaker-criticism

⚖️ Signal, MEPs urge EU Council to drop encryption-eroding law security news – EU Council set to vote on law aiming to fight child exploitation online by requiring client-side scanning of digital communication to prevent dissemination of unlawful content, jeopardizing encryption. Signal and MEPs strongly advocate against the proposal, highlighting privacy and security risks. https://www.theregister.com/2024/06/18/signal_eu_upload_moderation/

🦥 Federal contractors pay multimillion-dollar settlements over cybersecurity lapses security news – Federal contractors fined for cybersecurity failures during NY program. https://therecord.media/federal-contractors-pay-multimillion-settlement

🖼️ AI Images in Google Search Results Have Opened a Portal to Hell privacy – Google Search results show AI-generated images without indication of origin. https://www.404media.co/google-image-search-ai-results-have-opened-a-portal-to-hell/

🪬 Proton is taking its privacy-first apps to a nonprofit foundation model privacy – Proton transitions to nonprofit foundation model with emphasis on privacy. https://arstechnica.com/gadgets/2024/06/proton-is-taking-its-privacy-first-apps-to-a-nonprofit-foundation-model/

💸 The Financial Dynamics Behind Ransomware Attacks cybercrime – Ransomware attacks evolve with financial incentives using cryptocurrency for anonymity. https://securityaffairs.com/164636/cyber-crime/financial-dynamics-ransomware-attacks.html

🤹 How are attackers trying to bypass MFA? security news – Increased incidents related to MFA bypass attempts, including push notifications and social engineering tactics. https://blog.talosintelligence.com/how-are-attackers-trying-to-bypass-mfa/

🔑 How quickly can attackers guess your password? security research – Study reveals most passwords can be cracked in less than an hour. https://securelist.com/passworde-brute-force-time/112984/

⌛ Meta delays training its AI using public content shared by EU users privacy – Meta postpones training its large language models with public content from adult users in the EU due to a request from the Irish Data Protection Commission, highlighting disappointment over the decision and emphasizing the need to bring the benefits of AI to people in Europe. https://securityaffairs.com/164652/laws-and-regulations/meta-postponing-training-llm-eu-data.html

🚗 Car dealerships hit with massive computer system outage cybercrime – CDK Global cyberattack disrupts car dealerships in North America. https://www.theverge.com/2024/6/20/24182484/car-dealerships-massive-computer-system-outage-cdk-global

🚅 Amtrak forces password changes after user account break-ins security news – Amtrak's Guest Rewards program faces a security breach due to credential stuffing, prompting mandatory multi-factor authentication and password resets for affected users. https://www.theregister.com/2024/06/19/amtrak_has_had_another_breach/

💛 Google Chrome 126 update addresses multiple vulnerabilities security news – high-severity vulnerabilities reported by security researchers at a hacking competition, including type confusion and memory access issues. https://securityaffairs.com/164688/security/google-chrome-126-update.html

😵 Qilin Ransomware: What You Need To Know cybercrime – Qilin, a ransomware-as-a-service operation with Russian links, demands high ransoms; targeted London hospitals sparked attention. https://www.tripwire.com/state-of-security/qilin-ransomware-what-you-need-know

⛔ Biden administration bans sale of Kaspersky software in US security news – The Biden administration bans Kaspersky Labs from selling software in the USA due to concerns about ties to the Russian government and potential exploitation in cyberoperations. https://cyberscoop.com/biden-administration-bans-sale-of-kaspersky-software-in-us/

🐦‍⬛ Australian regulator blames lack of multi-factor authentication for Medibank hack security news https://therecord.media/medibank-hack-australian-government-report-mfa


Some More, For the Curious

🕵️ TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution security research – TikTag exploits ARM's ME for data exposure through speculation. https://arxiv.org/abs/2406.08719

🐮 Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages vulnerability – Mailcow code vulnerabilities lead to remote code execution. https://www.sonarsource.com/blog/remote-code-execution-in-mailcow-always-sanitize-error-messages/

💻 Road to redemption: GhostSec's hacktivists went to the dark side. Now they want to come back security news – GhostSec shifts from hacktivism to cybercrime with ransomware attacks and claims to shift back. https://therecord.media/ghostsec-hacktivism-cybercrime-interview-click-here-podcast

🧃 Multiple vulnerabilities resolved in Juniper Secure Analytics in 7.5.0 UP8 IF03 vulnerability https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03

🪧 Schneier on Security – Rethinking Democracy for the Age of AI security opinion – Bruce Schneier discusses rethinking governance systems for the age of AI, pointing out the need for new systems that align incentives and resist hacking, addressing issues like misinformation, misaligned incentives, and inadequate governance structures. https://www.schneier.com/blog/archives/2024/06/rethinking-democracy-for-the-age-of-ai.html

🍩 NHS boss says Scottish trust didn't meet attackers' demands data breach – NHS Dumfries and Galloway's CEO informs residents of a cyberattack where data was stolen but not altered; the criminals published the data. https://www.theregister.com/2024/06/18/nhs_dumfries_and_galloway_letter/

🩹 VMware fixed RCE and privilege escalation bugs in vCenter Server security news – VMware patched vCenter Server vulnerabilities allowing remote code execution and privilege escalation, impacting multiple versions. https://securityaffairs.com/164659/hacking/vmware-fixed-vcenter-server-flaws.html

🪼 AMD is investigating claims of stolen company data security news – AMD is investigating allegations of stolen company data, including future product information, being offered for sale by a threat actor known as IntelBroker. https://www.theverge.com/2024/6/18/24181406/amd-investigating-claims-stolen-company-data-sale-intelbroker

🚨 Qilin has ‘no regrets’ over the healthcare crisis it caused security news – The ransomware gang Qilin, responsible for a deliberate and politically motivated attack on London hospitals to leverage against political elites of specific countries, demanded a $50 million ransom. They claim to have stolen over one terabyte of data to be leaked, potentially causing a healthcare crisis in the UK capital. https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/

🔐 High severity bugs in Confluence vulnerability – Atlassian fixed nine high-severity vulnerabilities in Confluence, Jira, and Crucible products, including improper authorization flaws and SSRF issues. https://securityaffairs.com/164743/security/atlassian-confluence-crucible-jira-flaws.html

⚡ UK's largest nuclear site denies being hacked but pleads guilty over cybersecurity failures cybercrime – Sellafield nuclear site in UK faces charges related to cybersecurity failings under Nuclear Industries Security Regulations 2003. https://therecord.media/sellafield-guilty-plea-uk-nuclear-facility-cybersecurity

🔍 SCCM Exploitation: Evading Defenses and Moving Laterally with SCCM Application Deployment security research – SCCM exploitation risks and attacks explained. https://www.guidepointsecurity.com/blog/sccm-exploitation-evading-defenses-and-moving-laterally-with-sccm-application-deployment/

🐥 A Bird’s-eye view: ShareFinder-How Threat Actors Discover File Shares (The DFIR Report) security research – Attackers exploit file shares, Canaries detect malicious activity. https://blog.thinkst.com/2024/06/a-birds-eye-view-sharefinder-how-threat-actors-discover-file-shares-the-dfir-report.html

🐴 Polish investigators seize Pegasus spyware systems as part of probe into alleged abuse security news – investigations ongoing regarding the legality and purchase of the software, which allegedly targeted opposition politicians in Poland. https://therecord.media/poland-seizure-pegasus-spyware-systems

🦟 Phoenix UEFI bug affects long list of Intel chip families vulnerability – A UEFI firmware vulnerability, CVE-2024-0762, affecting Phoenix Technologies UEFI firmware used across various Intel chip families poses threats such as buffer overflow and code execution. https://www.theregister.com/2024/06/21/uefi_vulnerability_intel_chips/

🛡️ Threat actors exploited SolarWinds Serv-U vulnerability vulnerability – CVE-2024-28995, a directory traversal issue allowing access to sensitive files; GreyNoise reports extensive attempts following public disclosure and availability of proof-of-concept code. https://securityaffairs.com/164806/hacking/solarwinds-serv-u-cve-2024-28995-exploit.html


CISA Corner

🦮 CISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs) security news – CISA shared a detailed report on challenges to SSO adoption by SMBs and suggested ways to enhance security. https://www.cisa.gov/news-events/alerts/2024/06/20/cisa-releases-guidance-single-sign-sso-adoption-small-and-medium-sized-businesses-smbs

🦮 CISA and Partners Release Guidance for Modern Approaches to Network Access Security security news – advocate for modern security solutions like Zero Trust, SSE, and SASE for improved network access security. https://www.cisa.gov/news-events/alerts/2024/06/18/cisa-and-partners-release-guidance-modern-approaches-network-access-security

🔒 RAD Data Communications SecFlow-2 vulnerability – RAD Data Communications' SecFlow-2 device is vulnerable to path traversal, allowing attackers to retrieve files from the operating system remotely. https://www.cisa.gov/news-events/ics-advisories/icsa-24-170-01

🔒 CISA Releases Three Industrial Control Systems Advisories security news – security issues affecting Yokogawa CENTUM, CAREL Boss-Mini, and Westermo L210-F2G. https://www.cisa.gov/news-events/alerts/2024/06/20/cisa-releases-three-industrial-control-systems-advisories


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub