cyberlights – week 31/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
❌ Here’s How To Stop X From Using Your Data To Train Its AI privacy – X.ai, affiliated with Elon Musk's X network, utilizes Twitter data for AI training; users can opt out in settings. https://www.forbes.com/sites/johnkoetsier/2024/07/26/x-just-gave-itself-permission-to-use-all-your-data-to-train-grok/
®️ Massenüberwachung als Dienstleistung: Der Handel mit Standortdaten privacy – Data brokers sell billions of location data, threatening privacy and national security, leading to concerns about espionage. Commercial surveillance infrastructure poses systemic problems. https://www.kuketz-blog.de/massenueberwachung-als-dienstleistung-der-handel-mit-standortdaten/
🫥 New Mandrake Android spyware version discovered on Google Play malware – Mandrake spyware resurfaces on Google Play with new evasion techniques, targeting users globally. Sophisticated malware embedded in file sharing app, using complex infection chain and anti-analysis methods. https://securelist.com/mandrake-apps-return-to-google-play/113147/
🖖 IBM, Nike, Disney, others caught in Proofpoint phish palaver security news – Phishing campaign exploited Proofpoint security gap, sending 3 million daily spoofed emails; blamed on insecure Proofpoint Microsoft 365 integration. https://www.theregister.com/2024/07/30/scammers_spoofed_emails/
🎣 A crafty phishing campaign targets Microsoft OneDrive users security news – A phishing campaign targets Microsoft OneDrive users with a PowerShell script through a deceptive email instructing users to fix a fake “Error 0x8004de86.” The attack tricks victims into running malicious commands for system compromise. https://securityaffairs.com/166312/hacking/microsoft-onedrive-phishing.html
🦈 'LockBit of phishing' EvilProxy used in 1M+ attacks monthly security news – EvilProxy, a phishing-as-a-service kit, leverages Cloudflare services to disguise traffic in phishing attacks targeting C-Suite executives. Attacks use redirection through legitimate sites, culminating in phishing Microsoft login pages. https://www.theregister.com/2024/07/30/evilproxy_phishing_kit_analysis/
🤑 Meta to pay Texas $1.4 billion to settle lawsuit alleging it illegally captured users’ faces privacy – Meta agrees to pay Texas $1.4 billion to settle a lawsuit over unauthorized use of facial recognition software on users, violating Texas law and consumer protection regulations. https://therecord.media/meta-texas-facial-recognition-settlement
🦆 Don’t Let Your Domain Name Become a “Sitting Duck” security news – Over a million vulnerable domains are at risk of takeover due to authentication weaknesses at hosting providers and registrars, allowing possible cybercriminal exploitation. https://krebsonsecurity.com/2024/07/dont-let-your-domain-name-become-a-sitting-duck/
💸 Scammer Allegedly Makes $600,000 a Month Holding Instagram Accounts Hostage cybercrime – Idriss Qibaa, aka 'Dani' and 'Unlocked,' allegedly extorted victims through locking their Instagram accounts, threatening them, demanding money to regain access, and using personal information for extortion. https://www.404media.co/unlocked4life-instagram-scam-no-jumper/
🧑💼 Germany summons Chinese ambassador over cyberattack on cartography agency security news – German authorities link a Beijing-backed threat actor to a 2021 cyberattack on the Federal Agency for Cartography and Geodesy, summoning the Chinese ambassador. https://therecord.media/germany-summons-chinese-ambassador-over-hack
🌐 Nearly 7% of Internet Traffic Is Malicious security news – Cloudflare reports 6.8% of Internet traffic is malicious, with CVEs exploited as quickly as 22 minutes after proof-of-concepts are published. https://www.schneier.com/blog/archives/2024/07/nearly-7-of-internet-traffic-is-malicious.html
🪝 Microsoft seizes domain used by Vietnamese group to sell fake accounts, services cybercrime – Microsoft seizes domain used by Vietnamese group selling fake accounts and services after previous seizures for creating fraudulent Microsoft accounts and CAPTCHA bypass services. https://cyberscoop.com/microsoft-seizes-domain-used-by-vietnamese-group-to-sell-fake-accounts-services/
💐 Begging for Bounties and More Info Stealer Logs cybercrime – Fraudsters try to extort bug bounties using stolen credentials from info stealer logs, which originated from victims' malware-infected devices, creating a malicious chain propagated on platforms like Telegram. https://www.troyhunt.com/begging-for-bounties-and-more-info-stealer-logs/ Personal comment: HIBP added a lot of new breaches this week – go check your accounts at https://haveibeenpwned.com/
💸 $75 Million Record-Breaking Ransom Paid To Cybercriminals, Say Researchers cybercrime – A record-breaking $75 million ransom was paid to Dark Angels ransomware group by an undisclosed Fortune 50 company. https://www.tripwire.com/state-of-security/75-million-record-breaking-ransom-paid-cybercriminals-say-researchers
💊 Pharma Giant Cencora confirmed the theft of personal and health information data breach – Pharmaceutical giant Cencora confirms theft of personal and health information in a data breach, affecting individuals' data, including personally identifiable information and protected health information. https://securityaffairs.com/166422/data-breach/cencora-confirmed-theft-pii-heath-data.html
📱 Keeping your Android device safe from text message fraud privacy – SMS Blaster fraud, threats from SMS phishing via cell-site simulators, and Android security features against fraud. https://security.googleblog.com/2024/08/keeping-your-android-device-safe-from.html
🚗 Ford wants patent for tech allowing cars to surveil and report speeding drivers privacy – Ford seeks patent for cars to surveil speeding drivers, sparking privacy concerns from advocates and experts. https://therecord.media/ford-seeks-patent-cars-surveil-speeders-report-to-police
🏈 NFL to roll out facial authentication software league-wide privacy – The NFL will implement facial authentication software at all 32 stadiums this season to enhance event security. The technology aims to streamline authentication processes for media, officials, and staff. Privacy concerns, noting potential inaccuracies and discriminatory impacts of facial recognition technology. https://therecord.media/nfl-to-roll-out-facial-authentication-league-wide
📇 Hackers attempt to sell the personal data of 3 billion people resulting from an April data breach data breach – National Public Data, reportedly exposed the personal data of close to 3 billion people, disclosed by a threat actor named USDoD, who tried to sell the database for $3.5 million on the dark web. https://securityaffairs.com/166539/data-breach/personal-data-3-billion-people-data-breach.html
Some More, For the Curious
🌀 StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms security research – StormBamboo leverages ISP compromise to manipulate DNS updates, installing malware through insecure software updates on macOS and Windows. https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
🚀🖨️ Reverse engineering the 59-pound printer onboard the Space Shuttle geeky news – The Space Shuttle's Interim Teleprinter, a stop-gap measure, remained in use for over 50 flights, printing thousands of lines; cost $1.5 million per flight. https://www.righto.com/2024/08/space-shuttle-interim-teleprinter.html
😞 Too big to care? – Our disappointment with Cloudflare’s anti-abuse posture cyber defense – Spamhaus criticizes Cloudflare for facilitating cybercriminal activity by providing services to abusive actors, despite having tools to prevent abuse. Calls for Cloudflare to suspend services to abusers. https://www.spamhaus.org/resource-hub/service-providers/too-big-to-care-our-disappointment-with-cloudflares-anti-abuse-posture/
🤖 Websites are Blocking the Wrong AI Scrapers (Because AI Companies Keep Making New Ones) security news – Website owners struggling to block AI scrapers due to constantly changing crawler names and outdated robots.txt files. https://www.404media.co/websites-are-blocking-the-wrong-ai-scrapers-because-ai-companies-keep-making-new-ones/
⚙️ Zero Day Initiative — Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 1 security research – “Link following” vulnerabilities on Windows involve applications improperly resolving filenames, allowing malicious users to redirect to unintended resources. Techniques to exploit these vulnerabilities using file operations are discussed with defensive strategies from developers. https://www.thezdi.com/blog/2024/7/29/breaking-barriers-and-assumptions-techniques-for-privilege-escalation-on-windows-part-1
✈️ Delta Air Lines may sue CrowdStrike, Microsoft over outage security news – Delta Air Lines considers legal action against CrowdStrike and Microsoft following operational losses of up to $500 million due to a recent outage that led millions of Windows machines offline. https://www.theregister.com/2024/07/30/crowdstrike_delta_microsoft_lawsuit/
🌋 'Error' in Microsoft's DDoS defenses amplified Azure outage security news – Microsoft's DDoS defenses amplified an Azure outage caused by a DDoS attack, triggering global service disruptions, despite the company's unique defense and threat intelligence capabilities. https://www.theregister.com/2024/07/31/microsoft_ddos_azure/
🌽 Driving lessons: The kernel drivers in Sophos Intercept X Advanced security research – Sophos Intercept X Advanced uses five kernel drivers for cybersecurity, explaining their functionality, security measures, customer options, gradual rollouts for software updates, and vulnerabilities working in kernel-space. https://news.sophos.com/en-us/2024/08/01/driving-lessons-the-kernel-drivers-in-sophos-intercept-x-advanced/
💵 Leaked ransomware variants give rise to new cybercrime groups cybercrime – Cybercriminals exploit leaked ransomware variants, forming groups utilizing multiple ransomware families for attacks and demanding bug bounties, leading to a rise in cybercrime and affiliate programs. https://securelist.com/sexi-key-group-mallox-ransomware/113183/
🛋️ Education in Secure Software Development security news – Survey by Linux Foundation and OpenSSF shows developers lack essential secure software development skills, raising concerns about software security. https://www.schneier.com/blog/archives/2024/08/education-in-secure-software-development.html
👿 Millions of Websites Susceptible to XSS Attack via OAuth Implementation Flaw vulnerability – Millions of websites vulnerable to XSS attack via OAuth due to flawed implementation, potentially leading to full account takeovers. https://www.securityweek.com/millions-of-websites-susceptible-xss-attack-via-oauth-implementation-flaw/
🛜 WifiForge – WiFi Exploitation for the Classroom hacking write-up – WifiForge, a program allowing safe WiFi hacking lessons through an interactive virtual network platform called Mininet-Wifi. WifiForge facilitates teaching various exploits with pre-built labs, such as WEP key-cracking, eliminating the need for physical network gear. https://www.blackhillsinfosec.com/wififorge/
🧐 One Does Not Simply … Get a Cybersecurity Job security news – Getting a cybersecurity job requires upskilling, certifications, networking, staying informed on trends, and focusing on job opportunities from within your network. https://www.guidepointsecurity.com/blog/one-does-not-simply-get-a-cybersecurity-job/
CISA Corner
⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability – CISA adds three actively exploited vulnerabilities to catalog: ServiceNow input validation issues and Acronis default password flaw. https://www.cisa.gov/news-events/alerts/2024/07/29/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CVE-2024-37085 VMware ESXi Authentication Bypass. https://www.cisa.gov/news-events/alerts/2024/07/30/cisa-adds-one-known-exploited-vulnerability-catalog
🍏 Apple Releases Security Updates for Multiple Products vulnerability – Apple issued security updates for Safari, iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. https://www.cisa.gov/news-events/alerts/2024/07/30/apple-releases-security-updates-multiple-products
⏰ DigiCert Certificate Revocations security news – DigiCert is revoking TLS certificates due to a domain control verification issue, potentially causing temporary disruptions, with updated information available on their status page. https://www.cisa.gov/news-events/alerts/2024/07/30/digicert-certificate-revocations
🧑🏭 CISA Releases Nine Industrial Control Systems Advisories vulnerability – vulnerabilities in various systems like Johnson Controls, AVTECH IP Camera, Vonets WiFi Bridges, and Rockwell Automation Logix Controllers. https://www.cisa.gov/news-events/alerts/2024/08/01/cisa-releases-nine-industrial-control-systems-advisories
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.