cyberlights – week 36/2024
Back after vacation – My weekly shortlist of cyber security highlights. (maybe I'll even redo the skipped weeks 😏) The short summaries are AI generated! If something is wrong, please let me know.
News For All
🕵️♂️ Ausweiskopie und persönliche Daten an Kriminelle weitergegeben? Das können Sie tun security news – Criminals exploit job offers and ads to steal personal data and ID copies, leading to identity theft, fraudulent accounts, and potential legal consequences for victims. https://www.watchlist-internet.at/news/umgang-mit-datendiebstahl/
✈️ SQL Injection Attack on Airport Security vulnerability – A serious SQL injection vulnerability allows unauthorized users to bypass airport security checks, risking safety by granting access to restricted areas like cockpits. https://www.schneier.com/blog/archives/2024/09/sql-injection-attack-on-airport-security.html
🛫 German air traffic control agency confirms cyberattack, says operations unaffected security news – Germany's air traffic control agency confirmed a cyberattack affecting administrative systems but assured that flight safety remains intact and operations were not disrupted. https://therecord.media/german-air-traffic-control-company-deutsche-flugsicherung-cyberattack
🚍 Transport for London (TfL) is dealing with an ongoing cyberattack security news – TfL is investigating a cyberattack affecting internal systems but reports no evidence of customer data compromise, assuring that services remain unaffected. https://securityaffairs.com/167946/hacking/transport-for-london-tfl-ongoing-cyberattack.html
🔑 Owners of 1-Time Passcode Theft Service Plead Guilty cybercrime – Three men pleaded guilty for operating OTP Agency, a service that intercepted one-time passcodes for account takeovers, affecting over 12,500 victims before its shutdown. https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/
🦠 Disinfo group Spamouflage more aggressively targeting U.S. elections, candidates cybercrime – The disinformation group Spamouflage has intensified efforts to impersonate U.S. voters, undermining political candidates and institutions, though its impact on engagement remains limited. https://cyberscoop.com/spamouflage-targeting-us-election-candidates/
📸 Sextortion Scams Now Include Photos of Your Home – Krebs on Security cybercrime – Sextortion scams are evolving, now featuring personalized threats with photos of victims' homes, increasing fear and urgency to pay ransoms, often near $2,000 in Bitcoin. https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/
💰 Data watchdog fines Clearview AI $33M privacy – The Dutch Data Protection Authority fined Clearview AI €30.5 million for illegally collecting images without consent, stating the company's practices violate GDPR and threaten individual privacy. https://www.theregister.com/2024/09/03/clearview_ai_dutch_fine/
🔒 Google releases Pixel update to get rid of surveillance vulnerability vulnerability – Google's latest Pixel update removes the insecure Showcase.apk, originally intended for Verizon demos, which posed risks of man-in-the-middle attacks and spyware, ensuring enhanced device security. https://www.theverge.com/2024/9/3/24235127/google-pixel-showcase-vulnerability-patch
🔑 YubiKeys have an unfixable security flaw — but it’s difficult to exploit vulnerability – A vulnerability in older YubiKey devices allows cloning but is hard to exploit, requiring physical access and additional knowledge. Devices prior to firmware version 5.7 remain permanently affected. https://www.theverge.com/2024/9/4/24235635/yubikey-unfixable-security-vulnerability-side-channel-explot
🚨 846 routers are affected by code execution flaws. Replace them! vulnerability – D-Link's discontinued DIR-846 routers are vulnerable to multiple critical remote code execution flaws (CVSS scores up to 9.8). Users are advised to replace these devices as they are no longer supported. https://securityaffairs.com/168041/security/d-link-dir-846-routers-code-execution-flaws.html
☢️ Zyxel warns of vulnerabilities in a wide range of its products vulnerability – Zyxel has disclosed nearly a dozen vulnerabilities across its products, with the most critical (CVE-2024-7261) allowing unauthenticated OS command execution, rated 9.8. Users are urged to patch immediately. https://arstechnica.com/?p=2047312
🗳️ Biden cracks down on Putin's election meddling cybercrime – The Biden administration seized 32 websites linked to Russian propaganda efforts and charged two RT employees in a $10 million scheme to influence the upcoming U.S. presidential election. https://www.theregister.com/2024/09/05/biden_cracks_down_on_putins/
🎣 Warning Against Phishing Emails Impersonating Netflix warning – AhnLab warns of phishing emails posing as Netflix, claiming payment failures and urging users to update payment methods via malicious links. Users are advised to verify URLs before clicking. https://asec.ahnlab.com/en/82969/
⚡ Quishing, an insidious threat to electric car owners security news – Quishing is a phishing attack using counterfeit QR codes at electric car charging stations to steal sensitive information. Users are urged to use recharge cards and verify URLs to protect against scams. https://securityaffairs.com/168059/hacking/quishing-electric-car-owners.html
♀️ New report shows ongoing gender pay gap in cybersecurity security news – The ISC2 Cybersecurity Workforce Study reveals a persistent gender pay gap in cybersecurity, with men earning more than women, and highlights the underrepresentation of women in the field, emphasizing the need for targeted DEI hiring initiatives. https://securityintelligence.com/articles/new-report-shows-gender-pay-gap-in-cybersecurity/
🦠 Predator spyware resurfaces with signs of activity, Recorded Future says security news – Recorded Future reports renewed activity from Predator spyware, linked to Intellexa, with new infrastructure identified and potential customers in Angola, Saudi Arabia, and the Democratic Republic of the Congo. https://cyberscoop.com/predator-spyware-resurfaces-with-signs-of-activity-recorded-future-says/
🔎 Colombian president suggests prior administration illegally sent $11 million in cash to Israel for spyware security news – Colombian President Gustavo Petro announced an investigation into $11 million allegedly used by the previous administration to purchase Pegasus spyware, questioning the legality of the transactions. https://therecord.media/colombian-president-pegasus-spyware-israel-missing-money
📎 Telegram changes its tone on moderating private chats after CEO’s arrest security news – Following CEO Pavel Durov's arrest, Telegram revised its FAQ to allow reporting of illegal content in private chats, shifting from a previous stance of non-cooperation with moderation requests. https://www.theverge.com/2024/9/5/24237254/telegram-pavel-durov-arrest-private-chats-moderation-policy-change
🛋️ Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database data breach – Confidant Health inadvertently exposed sensitive patient data, including therapy session recordings, due to an unsecured database. The incident highlights the urgent need for improved data security in healthcare organizations. https://www.wired.com/story/confidant-health-therapy-records-database-exposure/
🔓 Hackers Threaten to Leak Planned Parenthood Data cybercrime – RansomHub ransomware group claims to have hacked Planned Parenthood's Montana branch, threatening to leak 93 GB of sensitive data after a cybersecurity incident was reported on August 28. https://www.wired.com/story/hackers-threaten-to-leak-planned-parenthood-data/
Some More, For the Curious
🔍 Most interesting IR cases in 2023: insider threats and more security research – Kaspersky's Global Emergency Response Team highlights 2023's notable incident response cases, including insider fraud and advanced persistent threats, emphasizing the need for enhanced monitoring and threat intelligence. https://securelist.com/incident-response-interesting-cases-2023/113611/
🔒 Vulnerabilities in Microsoft apps for macOS allow stealing permissions vulnerability – Eight vulnerabilities in Microsoft apps for macOS could enable attackers to steal permissions, allowing unauthorized access to sensitive resources like cameras and microphones without user knowledge. https://securityaffairs.com/167973/hacking/microsoft-apps-for-macos-flaws.html
🛑 VMWare releases Fusion vulnerability with 8.8 rating vulnerability – A critical vulnerability in VMWare Fusion (CVE-2024-38811) allows code execution with standard user privileges, rated 8.8 on the CVSS scale, prompting a software patch. https://cyberscoop.com/vmware-vulnerability-fushion-cve-2024-38811/
💻 Rust in Linux lead retires rather than deal with more “nontechnical nonsense” security news – Wedson Almeida Filho, leader of the Rust for Linux project, retires citing frustration with nontechnical disputes, expressing concern that the Linux kernel must embrace memory-safe languages like Rust to remain relevant. https://arstechnica.com/?p=2046763
🧬 Evolution of Mallox: from private ransomware to RaaS security research – Mallox ransomware has evolved from targeted attacks to a Ransomware-as-a-Service model, with over 700 samples identified. Its affiliate program seeks experienced partners for cybercrime, indicating a shift in operational strategy. https://securelist.com/mallox-ransomware/113529/
🐍 Revival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk security research – The 'Revival Hijack' technique allows attackers to reclaim deleted PyPI packages, risking 22,000 packages and potentially leading to malicious downloads. JFrog has taken action to protect the community. https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/
📃 Validate your Windows Audit Policy Configuration with KQL cyber defense – Ensuring proper configuration of Windows audit policies is essential for security. This article discusses using Kusto Query Language (KQL) to validate and troubleshoot audit policy application across environments. https://blog.nviso.eu/2024/09/05/validate-your-windows-audit-policy-configuration-with-kql/
🦗 Cicada Ransomware – What You Need To Know security news – Cicada ransomware, discovered in June 2024, has targeted over 20 organizations primarily in North America and the UK. Written in Rust, it threatens to publish stolen data unless a ransom is paid. https://www.tripwire.com/state-of-security/cicada-ransomware-what-you-need-know
🪅 Veeam fixed a critical flaw in Veeam Backup & Replication software vulnerability – Veeam patched 18 high and critical vulnerabilities in its Backup & Replication software, including a critical RCE flaw (CVE-2024-40711) with a CVSS score of 9.8, requiring immediate attention. https://securityaffairs.com/168088/security/veeam-backup-replication-cve-2024-40711.html
🧱 SonicWall warns that SonicOS bug exploited in attacks vulnerability – SonicWall alerts users of a critical access control vulnerability (CVE-2024-40766) in SonicOS that may be actively exploited, urging immediate patching to prevent unauthorized access and potential firewall crashes. https://securityaffairs.com/168112/hacking/sonicwall-sonicos-bug-exploited.html
🔧 Building a Hardware Hacking Arsenal: The Right Bits for Every Byte security research – This article outlines essential tools for hardware hacking, emphasizing cost-effective options that support learning and experimentation in security assessments. Safety and accessibility are also highlighted. https://www.guidepointsecurity.com/blog/building-a-hardware-hacking-arsenal-the-right-bits-for-every-byte/
CISA Corner
⚠️ LOYTEC Electronics LINX Series vulnerability – Multiple vulnerabilities in LOYTEC's LINX series devices could allow attackers to exploit sensitive information and gain unauthorized access, with high CVSS scores indicating significant risks. https://www.cisa.gov/news-events/ics-advisories/icsa-24-247-01
⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog vulnerability – CISA has added three vulnerabilities, including two in Draytek VigorConnect and one in Kingsoft WPS Office, to its catalog due to active exploitation risks for federal networks. https://www.cisa.gov/news-events/alerts/2024/09/03/cisa-adds-three-known-exploited-vulnerabilities-catalog
⚙️ CISA Releases Four Industrial Control Systems Advisories vulnerability – On September 5, 2024, CISA released four advisories addressing security vulnerabilities in various Industrial Control Systems, urging users to review for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/09/05/cisa-releases-four-industrial-control-systems-advisories
⚔️ Russian Military Cyber Actors Target US and Global Critical Infrastructure security news – The FBI, CISA, and NSA report that Russian GRU Unit 29155 is behind ongoing cyber operations targeting critical infrastructure, utilizing tools like WhisperGate malware and exploiting various vulnerabilities since at least 2020. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.