cyberlights – week 38/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.
Highlight
🚨 Akute Welle an DDoS-Angriffen gegen österreichische Unternehmen und Organisationen security news – Austrian organizations face DDoS attacks, likely linked to hacktivism. Companies should review their defenses and maintain offline contact info for emergencies. https://www.cert.at/de/aktuelles/2024/9/ddos-angriffe-september-2024
News For All
🗳️ Germany’s CDU still struggling with cyberattack fallout security news – Germany's CDU party is facing challenges restoring member data after a June cyberattack, risking its election processes. The restoration deadline has been pushed to November. https://www.theregister.com/2024/09/16/nein_luck_for_germanys_cdu/
🚫 Meta blocks RT and other Russian state media; Kremlin says it's 'unacceptable' security news – Meta bans Russian state media accounts, including RT, citing deceptive influence operations. The Kremlin calls this decision 'unacceptable' and complicates relations with the company. https://therecord.media/meta-bans-russian-state-owned-media-facebook-instagram
🔑 Google’s passkey syncing makes it easier to move on from passwords security news – Google enhances passkey support in Chrome, allowing users to sync passkeys across devices using a Password Manager PIN instead of QR codes, ensuring secure access with end-to-end encryption. https://www.theverge.com/2024/9/19/24248820/google-chrome-passkey-logins-device-sync-password-manager-pin
🐦🔥 No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom privacy – The FTC's report reveals that major tech firms inadequately handle vast amounts of user data, particularly concerning children's privacy, and calls for comprehensive federal privacy regulations to address ongoing data extraction issues. https://www.theregister.com/2024/09/19/social_media_data_harvesting_handling_ftc/
🤔 Ever wonder how crooks get the credentials to unlock stolen phones? cybercrime – Law enforcement shut down iServer, a phishing-as-a-service platform that helped unlock over 1.2 million stolen phones by obtaining user credentials through phishing attacks, leading to multiple arrests. https://arstechnica.com/?p=2051165
🤳 Snapchat Reserves the Right to Use AI-Generated Images of Your Face in Ads privacy – Snapchat's 'My Selfie' feature can use users' likenesses in ads by default, unless opted out. The 'See My Selfie in Ads' option is enabled automatically. https://www.404media.co/snapchat-reserves-the-right-to-use-ai-generated-images-of-your-face-in-ads/
🔒 Discord launches end-to-end encrypted voice and video chats privacy – Discord introduces end-to-end encryption for voice and video calls, enhancing user privacy while maintaining content moderation for messages, which remain unencrypted. https://techcrunch.com/2024/09/17/discord-launches-end-to-end-encrypted-voice-and-video-chats/
🖼️ Instagram to bolster privacy and safety features for millions of teen users privacy – Instagram plans to enhance privacy for teen users by making accounts private, limiting content exposure, and implementing features to reduce social media addiction, amid growing regulatory pressure. https://therecord.media/instagram-bolster-privacy-security-teens-children-social-media
⚰️ Scam ‘Funeral Streaming’ Groups Thrive on Facebook cybercrime – Scammers exploit Facebook by creating fake funeral streaming groups, tricking users into providing credit card info. The scheme has expanded to various events, with ties to a group in Bangladesh. https://krebsonsecurity.com/2024/09/scam-funeral-streaming-groups-thrive-on-facebook/
💥 The Mystery of Hezbollah’s Deadly Exploding Pagers security news – Exploding pagers used by Hezbollah have killed 11 and injured nearly 2,800 in Lebanon. Experts suggest a supply chain compromise, not a cyberattack, may be responsible for the blasts. https://www.wired.com/story/pager-explosion-hezbollah/
💣 Walkie-Talkies Explode in New Attack on Hezbollah security news – Exploding two-way radios targeted Hezbollah members in Lebanon, causing multiple deaths and injuries, following a previous attack involving detonating pagers. Experts suspect deep supply chain infiltration by attackers. https://www.wired.com/story/walkie-talkie-explosions-hezbollah/
📱 Your Phone Won’t Be the Next Exploding Pager security news – Recent attacks using booby-trapped pagers and walkie-talkies against Hezbollah have raised concerns about supply chain security. However, modern smartphones are unlikely to be weaponized similarly due to manufacturing complexities. https://www.wired.com/story/exploding-pagers-hezbollah-phones/
📩 U.S. agencies say Iranian hackers tried to pass ‘non-public’ Trump campaign docs to Biden’s campaign security news – U.S. authorities revealed that Iranian hackers sent emails containing stolen Trump campaign information to Biden campaign associates, aiming to influence the 2024 election and stoke political discord. https://cyberscoop.com/iran-hackers-trump-campaign-emails-biden/
🛑 Project Analyzing Human Language Usage Shuts Down Because ‘Generative AI Has Polluted the Data’ security news – The Wordfreq project, which tracked language usage across various media, has been discontinued due to generative AI spam corrupting data quality, rendering the tool ineffective. https://www.404media.co/project-analyzing-human-language-usage-shuts-down-because-generative-ai-has-polluted-the-data/
🔐 D-Link addressed three critical RCE in wireless router models vulnerability – D-Link fixed three critical remote code execution vulnerabilities in WiFi 6 routers, allowing unauthorized access and control. Users are urged to update their firmware to mitigate risks. https://securityaffairs.com/168471/security/d-link-rce-wireless-router-models.html
👨💻 Ticketmaster boss who repeatedly hacked rival firm sentenced cybercrime – Stephen Mead, former Ticketmaster boss, was sentenced for hacking rival CrowdSurge, stealing sensitive data, and sharing credentials with colleagues. He faces a year of supervised release and fines. https://www.bitdefender.com/blog/hotforsecurity/ticketmaster-boss-who-repeatedly-hacked-rival-firm-sentenced/
🕵️♂️ US government expands sanctions against spyware maker Intellexa cybercrime – The U.S. imposes new sanctions on Intellexa executives linked to the spyware Predator, used to surveil targets including U.S. officials. This action continues efforts against the spyware industry. https://techcrunch.com/2024/09/16/us-government-expands-sanctions-against-spyware-maker-intellexa/
💼 Python Developers Targeted with Malware During Fake Job Interviews malware – The Lazarus Group targets Python developers with fake job interviews to install malware disguised as coding tests. This new tactic complements an ongoing campaign against the Python community. https://www.schneier.com/blog/archives/2024/09/python-developers-targeted-with-malware-during-fake-job-interviews.html
Some More, For the Curious
🩹 Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024 security news – CVE-2024-43461, a recently patched Windows flaw, was exploited as a zero-day, allowing attackers to execute arbitrary code via malicious files. Users are urged to apply the latest updates. https://securityaffairs.com/168467/hacking/windows-cve-2024-43461-actively-exploited-before-july-2024.html
🔑 Secure Boot-neutering PKfail debacle is more prevalent than anyone knew security research – A supply chain failure involving non-production keys compromises Secure Boot protections across various devices, including ATMs and voting machines. The issue affects nearly 1,000 models and highlights significant security risks. https://arstechnica.com/?p=2050182
⚓ Rhysida ships off Port of Seattle data for $6M cybercrime – The Rhysida ransomware group claims to have stolen over 3 TB of data from the Port of Seattle, offering it for 100 Bitcoin. The Port confirmed the attack but refused to pay the ransom. https://www.theregister.com/2024/09/17/rhysida_port_of_seattle/
💸 AT&T agrees to $13 million fine for third-party cloud breach data breach – AT&T settles with the FCC for $13 million over a January 2023 breach affecting 8.9 million customers due to lapses by a third-party vendor, leading to enhanced data protection measures. https://cyberscoop.com/att-agrees-to-13-million-dollar-fcc-fine/
⛓️💥 US government 'took control' of a botnet run by Chinese government hackers, says FBI director security news – The FBI seized a botnet of 260,000 devices operated by the Chinese hacking group Flax Typhoon, targeting critical infrastructure in the U.S. and abroad. Malware was removed from compromised devices. https://techcrunch.com/2024/09/18/u-s-government-took-control-of-a-botnet-run-by-chinese-government-hackers-says-fbi-director/
🧅 Tor insists its safe after cops convict CSAM site admin privacy – The Tor Project defends its anonymity after reports of German police using timing analysis to identify users, asserting that vulnerabilities in outdated software, not flaws in Tor, were exploited. https://www.theregister.com/2024/09/19/tor_police_germany/
🧘 SIEM for Small and Medium-Sized Enterprises: What you need to know cyber defense – SMEs are frequent cybercrime targets, with 73% experiencing attacks in 2023. SIEM solutions can enhance their security posture affordably, providing threat detection, compliance, and automated incident response. https://securityaffairs.com/168584/security/siem-sbms-enterprises.html
👻 International law enforcement operation dismantled criminal communication platform Ghost cybercrime – A global law enforcement operation infiltrated the encrypted messaging app Ghost, leading to numerous arrests, including its alleged administrator, and disrupting serious organized crime activities. https://securityaffairs.com/168575/cyber-crime/police-dismantled-criminal-communication-platform-ghost.html
🐡 This Windows PowerShell Phish Has Scary Potential – Krebs on Security security news – A new phishing email targeting GitHub users tricks victims into executing malware via PowerShell by posing as a security alert. The scam poses a significant risk to less tech-savvy Windows users. https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/
🔄 UnitedHealth Group CISO: We had to ‘start over’ after Change Healthcare attack security news – Following a ransomware attack on Change Healthcare, UnitedHealth Group's CISO revealed they had to completely overhaul their IT systems. The recovery involved long hours and focused communication with stakeholders. https://cyberscoop.com/unitedhealth-group-steven-martin-ciso-ransomware-attack-recovery/
🔘 Germany shuts down 47 cryptocurrency exchange services used by cybercriminals cybercrime – German law enforcement has shut down 47 unregistered cryptocurrency exchange services used for money laundering by cybercriminals, seizing extensive user and transaction data to aid investigations. https://therecord.media/germany-cryptocurrency-exchanges-shut-down-money-laundering
🧮 Secret calculator hack brings ChatGPT to the TI-84, enabling easy cheating hacking write-up – A YouTuber modified a TI-84 calculator to access ChatGPT via the internet, allowing students to cheat by receiving answers during tests. The hack includes a custom circuit and software for various cheating tools. https://arstechnica.com/?p=2051342
💻 Hacker behind Snowflake customer data breaches remains active cybercrime – The hacker known as 'Judische' remains active, targeting SaaS providers following the April Snowflake data breach affecting 165 customers. He has reportedly extorted up to $2.7 million. https://cyberscoop.com/snowflake-hacker-judische-labscon-2024/
CISA Corner
⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog vulnerability – CISA identifies two actively exploited vulnerabilities in Microsoft Windows and Progress WhatsUp Gold, urging federal agencies to address these risks promptly to enhance security. https://www.cisa.gov/news-events/alerts/2024/09/16/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog vulnerability – CISA includes four Adobe Flash Player vulnerabilities in its catalog, highlighting their active exploitation and urging federal agencies to remediate them to mitigate risks. https://www.cisa.gov/news-events/alerts/2024/09/17/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Five Known Exploited Vulnerabilities to Catalog vulnerability – CISA adds five vulnerabilities, including issues in Apache, Microsoft, and Oracle products, to its catalog, warning of their exploitation and urging federal agencies to act swiftly. https://www.cisa.gov/news-events/alerts/2024/09/18/cisa-adds-five-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA adds Ivanti's path traversal vulnerability to its catalog, highlighting its active exploitation and urging federal agencies to address this significant security risk promptly. https://www.cisa.gov/news-events/alerts/2024/09/19/cisa-adds-one-known-exploited-vulnerability-catalog
🛠️ CISA Releases Three Industrial Control Systems Advisories warning – CISA issues advisories for Siemens, Millbeck, and Yokogawa ICS, highlighting vulnerabilities and urging users to review for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/09/17/cisa-releases-three-industrial-control-systems-advisories 🛠️ CISA Releases Six Industrial Control Systems Advisories warning – CISA issues six advisories on vulnerabilities in various ICS products, urging users to review the details and implement necessary mitigations to enhance security. https://www.cisa.gov/news-events/alerts/2024/09/19/cisa-releases-six-industrial-control-systems-advisories
🍏 Apple Releases Security Updates for Multiple Products security news – Apple's latest security updates fix vulnerabilities that could allow cyber attackers to take control of devices. Users are urged to review and apply these updates promptly. https://www.cisa.gov/news-events/alerts/2024/09/18/apple-releases-security-updates-multiple-products ☁️ VMware Releases Security Advisory for VMware Cloud Foundation and vCenter Server security news – VMware's advisory highlights vulnerabilities in Cloud Foundation and vCenter Server that could allow attackers to gain control. Users are advised to review and apply updates immediately. https://www.cisa.gov/news-events/alerts/2024/09/19/vmware-releases-security-advisory-vmware-cloud-foundation-and-vcenter-server 🔒 Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance security news – Ivanti addresses an admin bypass vulnerability in its Cloud Services Appliance, urging users to upgrade to the latest version due to confirmed limited exploitation risks. https://www.cisa.gov/news-events/alerts/2024/09/19/ivanti-releases-admin-bypass-security-update-cloud-services-appliance 🔍 Versa Networks Releases Advisory for a Vulnerability in Versa Director, CVE-2024-45229 security news – Versa Networks warns of a vulnerability in Versa Director that allows unauthorized access to REST APIs. Organizations are urged to update systems and monitor for malicious activity. https://www.cisa.gov/news-events/alerts/2024/09/20/versa-networks-releases-advisory-vulnerability-versa-director-cve-2024-45229
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.