cyberlights – week 28/2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🍪 Linksys-Router senden wohl WLAN-Passwörter an US-Server security research – zwei getestete Routermodelle übermitteln wohl sensible Daten an einen Server in den USA. https://www.golem.de/news/im-klartext-linksys-router-senden-wohl-wlan-passwoerter-an-us-server-2407-186894.html

🍏 Apple warns iPhone users in 98 countries of spyware attacks warning – Apple warns iPhone users globally about targeted mercenary spyware attacks, emphasizing privacy and ongoing threat notifications. https://techcrunch.com/2024/07/10/apple-alerts-iphone-users-in-98-countries-to-mercenary-spyware-attacks/

🎓 ‘Serious hacker attack’ forces Frankfurt university to shut down IT systems cyberattack – Frankfurt University of Applied Sciences faces a hacker attack, leading to a total IT system shutdown, impacting services and communication. https://therecord.media/serious-hacker-attack-shutdown-frankfurt

‼️ Scammers double-dip by offering help to recover from scams warning – Scammers target victims of previous scams with fake offers to recover lost money, posing as trusted entities and requesting upfront fees or sensitive information, with the most vulnerable being victims over 65 years old. https://www.theregister.com/2024/07/09/australia_rescam_warning/

🏃‍♂️ Gadgetbridge: Smartwatches/Fitness-Tracker datenschutzfreundlich nutzen – Teil 1 privacy – Gadgetbridge ist eine datenschutzfreundliche Open-Source-App für Android, die es ermöglicht, Smartwatches und Fitness-Tracker unabhängig von den herstellereigenen Apps zu verwenden, um die volle Kontrolle über persönliche Daten zu behalten und lokale Speicherung zu gewährleisten. https://www.kuketz-blog.de/gadgetbridge-smartwatches-fitness-tracker-datenschutzfreundlich-nutzen-teil-1/

🔮 Avast released a decryptor for DoNex Ransomware and its predecessors security news – Avast developed a decryptor for the DoNex ransomware family due to a cryptographic flaw, allowing victims to recover files for free since March 2024. https://securityaffairs.com/165469/malware/donex-ransomware-decryptor.html

🐻 Apple removed 25 VPN apps from the App Store in Russia privacy – Apple removed 25 VPN apps from the Russian App Store due to government requests, part of Russia's control over internet access, leading to bypass difficulty for users. https://securityaffairs.com/165437/hacking/apple-removed-vpn-apps-from-app-store-in-russia.html

🎫 The Ticketmaster Hack Is Becoming a Logistical Nightmare for Fans and Brokers data breach – A hacking group released data allowing the creation of over 38,000 concert tickets, posing a potential logistical nightmare for Ticketmaster, venues, fans, brokers, and resale platforms. The hack can lead to issues such as duplicated tickets for sold seats and legitimate buyers being denied entry. https://www.404media.co/the-ticketmaster-hack-is-becoming-a-logistical-nightmare-for-fans-and-brokers/

🥓 More than 31M email addresses exposed following Neiman Marcus data breach data breach – Neiman Marcus data breach exposed over 31 million customer email addresses, affecting 64,472 individuals with leaked names, addresses, and more sold by threat actors. https://securityaffairs.com/165492/data-breach/neiman-marcus-data-breach-2.html

🤖 US, international authorities seize Russian AI bot farm cybercrime – U.S. authorities seized Russian AI bot farm domains linked to RT, accusing operatives of using Meliorator software to create social media personas and spread disinformation primarily aimed at U.S. politics. https://cyberscoop.com/us-international-authorities-seize-russian-ai-bot-farm/

🪛 Google’s dark web monitoring service will soon be free for all users security news – Google's dark web monitoring service, previously exclusive to Google One subscribers, will be free for all Google account holders starting soon, providing a combined solution to protect online presence. https://www.theverge.com/2024/7/9/24194970/google-one-free-dark-web-monitoring

🕵️ Hacktivists release two gigabytes of Heritage Foundation data data breach – The hacktivist group SiegedSec released two gigabytes of data from the Heritage Foundation in response to their Project 2025 initiative, claiming they wanted to expose supporters of the conservative think tank; however, Heritage denies being hacked, stating the data was from a publicly accessible archive. https://cyberscoop.com/hackvists-release-two-gigabytes-of-heritage-foundation-data/

📰 How disinformation from a Russian AI spam farm ended up on top of Google search results security research – A piece of Russian disinformation about Ukrainian president's wife buying a luxury car spread rapidly online, originating from a fake French website and promoted by pro-Kremlin accounts. https://arstechnica.com/ai/2024/07/how-disinformation-from-a-russian-ai-spam-farm-ended-up-on-top-of-google-search-results/

🦍 Scammers harness AI and deepfakes to sell bogus ‘miracle cures’ on Meta platforms security news – Artificial intelligence and deepfake videos fuel health-related scam campaigns on Meta platforms, promoting fake 'miracle cures' endorsed by celebrities and bogus medical experts, targeting millions of users worldwide, based on research by Bitdefender Labs. https://therecord.media/scammers-harness-ai-deepfakes-medical-bogus

🙊 Spear phishing techniques in mass phishing: a new trend security news – An increasing trend shows elements of spear phishing being incorporated into regular mass phishing campaigns, with sophisticated email design, personalized details, and imitation of HR notifications, showcasing a shift in attackers' techniques and an escalation in decentralized attacks. https://securelist.com/spear-phishing-meets-mass/113125/

🦹 RansomHub Ransomware – What You Need To Know cybercrime – RansomHub, a Ransomware-as-a-Service group, exploits a vulnerability in the email servers and has quickly risen as a significant threat. https://www.tripwire.com/state-of-security/ransomhub-ransomware-what-you-need-know

📱 You can now protect your high-risk Google account with just your phone privacy – Google's Advanced Protection Program now allows high-risk users to enroll using a single phone-based passkey. https://www.theverge.com/2024/7/10/24195306/google-accounts-advanced-protection-passkey-enrollment-support-security-key

📞 AT&T breach leaked call and text records from ‘nearly all’ wireless customers data breach – accessed through a third-party cloud platform. https://www.theverge.com/2024/7/12/24197052/att-data-breach-call-text-records-hack


Some More, For the Curious

🔦 Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough hacking writeup – Shelltorch exposes critical vulnerabilities in PyTorch TorchServe, allowing remote code execution and unauthorized server access. https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server

⚠️ CVE-2024-4577 Exploits in the Wild One Day After Disclosure security research – Exploitation of PHP vulnerability CVE-2024-4577 for remote code execution with malicious PHP code, emphasizing swift patching and monitoring. https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure

🧑‍🦯 CISA broke into a US federal agency, and no one noticed for a full 5 months security news – CISA red team exercise uncovers security flaws at US federal agency, lasting undetected for five months. https://www.theregister.com/2024/07/12/cisa_broke_into_fed_agency/

🌐 Emboldened and Evolving: A Snapshot of Cyber Threats Facing NATO security news – NATO faces cyber threats from state-sponsored actors, hacktivists, and cybercriminals, impacting espionage, disruptive attacks, and disinformation campaigns targeting critical infrastructure and political entities. https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-facing-nato/

🦷 Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK security research – Exploring the prioritization of MITRE ATT&CK techniques for detection in Security Operation Centers, Threat Intelligence, and Incident Response. Emphasizing source evaluation, technique relevance, and optimizing detection logic development. https://securelist.com/detection-engineering-backlog-prioritization/113099/

☢️ New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere security news – A new attack named Blast RADIUS exploits the 30-year-old RADIUS protocol due to its continued use of MD5, despite known vulnerabilities, allowing adversaries to gain admin access to various networks; the attack has led to a coordinated response from vendors. https://arstechnica.com/security/2024/07/new-blast-radius-attack-breaks-30-year-old-protocol-used-in-networks-everywhere/

🗞️ Chinese cyber agency accused of 'false and baseless' claims about US interfering in Volt Typhoon research security news – China's cybersecurity agency inaccurately claimed a U.S. threat intelligence company succumbed to U.S. influence, mischaracterizing the company's report on Dark Power ransomware, leading to pushback and accusations of false representation and manipulation from Western organizations. https://therecord.media/china-cyber-agency-claims-us-interference-volt-typhoon-research

📧 Exim vulnerability affecting 1.5M servers lets attackers attach malicious files vulnerability – 1.5 million servers with Exim mail agent are vulnerable to delivering malicious executable attachments due to a critical CVE-2024-39929, prompting urgent updates to address the security issue. https://arstechnica.com/security/2024/07/more-than-1-5-million-email-servers-running-exim-vulnerable-to-critical-attacks/

🪰 Palo Alto Networks fixed a critical bug in the Expedition tool vulnerability – Palo Alto Networks fixed an admin account takeover bug in its Expedition tool and addressed multiple other vulnerabilities impacting its products. https://securityaffairs.com/165641/security/palo-alto-networks-critical-bug-expedition.html

🔍 The president ordered a board to probe a massive Russian cyberattack. It never did. security news – Despite a directive to investigate the SolarWinds attack, the Cyber Safety Review Board did not conduct the investigation, raising concerns about government accountability and cybersecurity oversight. https://arstechnica.com/security/2024/07/the-president-ordered-a-board-to-probe-a-massive-russian-cyberattack-it-never-did/

💰 Wallets tied to CDK ransom group received $25 million two days after attack cybercrime – CDK Global paid over $25 million in ransom following a ransomware attack, with most of the funds going through a complex money laundering process involving multiple exchanges. https://cyberscoop.com/cdk-ransom-blacksuit-25-million/

📅 DDoSecrets Mirrors Wikileaks Data After Assange Plea Deal security news – DDoSecrets mirrored Wikileaks data to preserve transparency and ensure data availability, following Julian Assange's plea deal. https://www.404media.co/ddosecrets-mirrors-wikileaks-data-after-assange-plea-deal/

🏭 Critical infrastructure organizations want CISA to dial back cyber reporting security news – Critical infrastructure organizations request scaled-back cyber reporting to CISA, expressing concerns over definitions, reporting entities resource burden. https://cyberscoop.com/cisa-cyber-reporting-circia-2024/

🏁 Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine security research – JFrog Security Research prevented a potential severe supply chain attack by detecting and reporting a leaked access token compromising Python infrastructure. https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/

7️⃣ The Stark Truth Behind the Resurgence of Russia’s Fin7 cybercrime – The notorious Fin7 cybercrime group reemerges, setting up thousands of malicious sites targeting various brands for phishing attacks. https://krebsonsecurity.com/2024/07/the-stark-truth-behind-the-resurgence-of-russias-fin7/


CISA Corner

🦿 People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action security research – APT40 compromises organization networks via multiple access vectors with enumeration, web shells, and exfiltration of sensitive data, leading to targeted threat actor investigation. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a

🛡️ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability – CISA lists three actively exploited vulnerabilities: Rejetto HTTP File Server flaw, Windows Hyper-V privilege escalation issue, and Windows MSHTML platform spoofing flaw. https://www.cisa.gov/news-events/alerts/2024/07/09/cisa-adds-three-known-exploited-vulnerabilities-catalog

CISA Releases Seven Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2024/07/09/cisa-releases-seven-industrial-control-systems-advisories CISA Releases Twenty-one Industrial Control Systems Advisories https://www.cisa.gov/news-events/alerts/2024/07/11/cisa-releases-twenty-one-industrial-control-systems-advisories Adobe Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/07/09/adobe-releases-security-updates-multiple-products Microsoft Releases July 2024 Security Updates https://www.cisa.gov/news-events/alerts/2024/07/09/microsoft-releases-july-2024-security-updates Citrix Releases Security Updates for Multiple Products https://www.cisa.gov/news-events/alerts/2024/07/09/citrix-releases-security-updates-multiple-products


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub