cyberlights – week 32/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🚫 Videos: Van der Bellen & Assinger werben nicht für Investmentplattformen security news – The article discusses that videos featuring Van der Bellen and Assinger do not promote investment platforms, clarifying any misconceptions surrounding their appearances. https://www.watchlist-internet.at/news/fake-videos-van-der-bellen-assinger-werben-nicht-fuer-investmentplattformen/
💸 Should Organizations Pay Ransom Demands? cybercrime – Organizations are urged to avoid paying ransomware demands as it funds cybercriminals and doesn't guarantee data recovery. Proactive cybersecurity measures are emphasized as a better defense. https://securityaffairs.com/166650/uncategorized/ransomware-organizations-should-avoid-paying-ransoms.html
📧 Users: Microsoft must update Outlook's friendly name feature security news – Users are urging Microsoft to change how Outlook displays sender names to combat phishing, as friendly names can mislead users into clicking malicious links. Calls for disabling aliases have grown. https://www.theregister.com/2024/08/06/users_call_for_microsoft_to/
🛑 Consumer Reports study finds data removal services are often ineffective privacy – A Consumer Reports study found that data removal services are largely ineffective, with only 35% of personal data removed from people-search sites within four months, raising concerns about their reliability. https://therecord.media/data-removal-services-mostly-worthless-study
💻 Report: Myths about tech still plaguing the IT world security news – A Kaspersky survey reveals widespread misconceptions about digital security among tech-savvy Brits, including beliefs about webcam safety, incognito mode, and the effectiveness of encryption, highlighting a need for better cybersecurity education. https://www.theregister.com/2024/08/08/report_tech_misconceptions_plague_the/
🪖 Russia's Kursk region suffers 'massive' DDoS attack amid Ukraine offensive cyber defense – Kursk, Russia, experienced a significant DDoS attack targeting government and business websites, coinciding with Ukraine's military advances, though critical infrastructure remained protected from damage. https://therecord.media/kursk-military-offensive-ddos-russia-ukraine
🐄 Crooks took control of a cow milking robot causing the death of a cow cybercrime – Cybercriminals hacked a farmer's milking robot, demanding a $10,000 ransom. The farmer refused to pay, leading to the death of a cow due to lost data on insemination dates. https://securityaffairs.com/166839/cyber-crime/cow-milking-robot-hacked.html
🔊 Sonos smart speakers flaw allowed to eavesdrop on users vulnerability – NCC Group discovered vulnerabilities in Sonos smart speakers, including CVE-2023-50809, allowing remote code execution and potential eavesdropping. Sonos released a patch to address the issues. https://securityaffairs.com/166823/hacking/sonos-smart-speakers-flaw.html
🔑 How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards security research – Researchers reveal a method to extract HID encoder keys, allowing easy cloning of keycards. https://www.wired.com/story/hid-keycard-authentication-key-vulnerability/
🛡️ Security Tips for Modern Web Administrators security news – Website security is vital for user trust. Employ multi-layered defenses, keep software updated, and follow best practices to safeguard against attacks and protect sensitive data. https://blog.sucuri.net/2024/08/security-tips-for-modern-web-administrators.html
🆙 Mac and Windows users infected by software updates delivered over hacked ISP malware – Hackers compromised an ISP to deliver malware to users via tampered software updates. This attack exploited unencrypted connections, enabling malicious file downloads for Windows and macOS users. https://arstechnica.com/security/2024/08/hacked-isp-infects-users-receiving-unsecure-software-updates/
👁️ Illinois relaxes biometric privacy law, reduces penalties privacy – Illinois has amended its Biometric Information Privacy Act, reducing penalties for breaches by counting multiple data distributions as one violation, which critics say lowers potential damages. https://www.theregister.com/2024/08/06/illinois_bipa_amendment_reduces_penalties/
🔒 Google says Android zero-day was exploited in the wild vulnerability – Google has patched a high-severity Android vulnerability (CVE-2024-36971) allowing remote code execution, amid reports of targeted exploitation. This reflects a rising trend in zero-day attacks. https://therecord.media/android-zero-day-google-fix-august-patch
💻 Students scramble after security breach wipes 13,000 devices data breach – A security breach at Mobile Guardian led to the remote wiping of data from 13,000 school-issued devices in Singapore, prompting the Ministry of Education to halt its services and remove the app. https://arstechnica.com/security/2024/08/students-scramble-after-security-breach-wipes-13000-devices/
🐍 SharpRhino malware targets IT admins, Hunters Intl suspected malware – The SharpRhino malware, disguised as Angry IP Scanner, targets network admins and is linked to the Hunters International gang, known for ransomware-as-a-service tactics and double extortion. https://www.theregister.com/2024/08/07/sharprhino_malware_admins/
❎ Problems with Georgia’s Voter Registration Portal security news – Georgia's voter registration portal has security flaws allowing unauthorized cancellation of registrations and exposing sensitive voter data, highlighting challenges in balancing usability and security. https://www.schneier.com/blog/archives/2024/08/problems-with-georgias-voter-registration-portal.html
💰 US offers $10 million for info on Iranian leaders behind CyberAv3ngers water utility attacks cybercrime – The U.S. State Department has offered a $10 million reward for information on six Iranian hackers linked to cyberattacks on U.S. water utilities, attributed to the CyberAv3ngers group. https://therecord.media/us-offers-reward-for-info-on-iranian-hackers-water-utilities
🧓 Researchers find decades-old vulnerability in major web browsers vulnerability – A zero-day vulnerability discovered by Oligo Security affects major browsers, allowing attackers to exploit network requests to 0.0.0.0, potentially breaching local networks and accessing private data. https://cyberscoop.com/browser-zero-day-oligo-security-0-0-0-0-day/
🧑🌾 Nashville man arrested for running “laptop farm” to get jobs for North Koreans cybercrime – Matthew Isaac Knoot was arrested for hosting laptops to deceive US companies into hiring North Korean nationals, funneling their earnings to fund North Korea’s weapons program. https://arstechnica.com/security/2024/08/nashville-man-arrested-for-running-laptop-farm-to-get-jobs-for-north-koreans/
Some More, For the Curious
⚡ Hacking a Virtual Power Plant hacking write-up – A security researcher exploited a vulnerability in a virtual power plant's API using weak 512-bit RSA keys, revealing how easily sensitive data could be accessed. https://rya.nc/vpp-hack.html
📊 State of Exploitation – A Peek into 1H-2024 Vulnerability Exploitation security research – In the first half of 2024, 390 new vulnerabilities were added to the Known Exploited Vulnerabilities Catalog, highlighting ongoing threats and trends in exploitation and weaponization. https://vulncheck.com/blog/state-of-exploitation-1h-2024
💼 Florida firm sued over theft of 2.9B personal records data breach – A lawsuit claims Jerico Pictures negligently failed to secure 2.9 billion records, leading to a data breach where personal information was sold on the dark web, risking identity theft. https://www.theregister.com/2024/08/05/national_public_data_lawsuit/
💰 Drama ‘Dark Angels’ Reap Record Ransoms cybercrime – The Dark Angels ransomware group made headlines after receiving a record $75 million ransom from a Fortune 50 company, focusing on massive data theft while avoiding disruption and publicity. https://krebsonsecurity.com/2024/08/low-drama-dark-angels-reap-record-ransoms/
🗽 Intelligence bill would elevate ransomware to a terrorist threat security news – A Senate proposal aims to treat ransomware attacks as terrorism, enhancing legal authority to combat cybercriminals and sanction states harboring them, despite concerns over effectiveness. https://cyberscoop.com/ransomware-terrorism-ndaa-2025/
🌮 Turning the screws: The pressure tactics of ransomware gangs cybercrime – Ransomware gangs are escalating pressure tactics, using media, legislation, and personal threats to coerce victims into paying ransoms, including targeting secondary victims for leverage. https://news.sophos.com/en-us/2024/08/06/turning-the-screws-the-pressure-tactics-of-ransomware-gangs/
➖ Best security practices for ESXi environments cyber defense – Organizations using VMware ESXi should implement ten security practices to mitigate risks, as native EDR is unavailable, including ensuring patching, enforcing strong passwords, and enabling lockdown modes. https://news.sophos.com/en-us/2024/08/07/best-security-practices-for-esxi-environments/
🧠 Mental Health – An Infosec Challenge security news – Cybersecurity professionals face unique mental health challenges like burnout and anxiety due to constant stress. The article offers tips for prevention, emphasizing self-care, communication, and community support. https://www.blackhillsinfosec.com/mental-health-an-infosec-challenge/
🤑 Hackers return $12 million taken during Ronin network breach cybercrime – Hackers returned $12 million stolen from the Ronin gaming blockchain, claiming to act as white-hats after exploiting a vulnerability. The company plans to enhance security and awarded the hackers a $500,000 bounty. https://therecord.media/hackers-return-12-million-taken-from-ronin-network
🎩 The top stories coming out of the Black Hat cybersecurity conference security news – At the Black Hat conference, AI's role in cybersecurity takes center stage, alongside vulnerabilities in car infotainment systems and the impact of upcoming elections on cybersecurity policy. https://blog.talosintelligence.com/threat-source-newsletter-aug-8-2024/
CISA Corner
⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA has included CVE-2018-0824, a Microsoft vulnerability, in its catalog due to active exploitation, emphasizing the need for federal agencies to address such risks promptly. https://www.cisa.gov/news-events/alerts/2024/08/05/cisa-adds-one-known-exploited-vulnerability-catalog 🚨 CISA Adds Two Known Exploited Vulnerabilities to Catalog vulnerability – CISA has included CVE-2024-36971 and CVE-2024-32113 in its catalog due to active exploitation, highlighting risks to federal networks and the need for timely remediation. https://www.cisa.gov/news-events/alerts/2024/08/07/cisa-adds-two-known-exploited-vulnerabilities-catalog
🛠️ Delta Electronics DIAScreen vulnerability – A stack-based buffer overflow vulnerability in Delta Electronics DIAScreen could allow arbitrary code execution. Users are urged to update to version 1.4.2 to mitigate risks. https://www.cisa.gov/news-events/ics-advisories/icsa-24-219-01 🔍 Dorsett Controls InfoScan vulnerability – Dorsett Controls InfoScan has vulnerabilities allowing unauthorized access to sensitive information and path traversal. Users should update to version 1.38 or later to mitigate risks. https://www.cisa.gov/news-events/ics-advisories/icsa-24-221-01
🛒 Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem cyber defense – This guide empowers software customers to demand security in product design, offering questions to assess manufacturers' cybersecurity practices and ensuring resilience against cyber threats. https://www.cisa.gov/resources-tools/resources/secure-demand-guide
🔐 Best Practices for Cisco Device Configuration security news – CISA advises disabling the Cisco Smart Install feature and using type 8 password protection to secure configurations, reducing the risk of password cracking and unauthorized access. https://www.cisa.gov/news-events/alerts/2024/08/08/best-practices-cisco-device-configuration
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.