cyberlights – week 39/2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

🎮 Be Internet Awesome World: A fun new game to learn about online safety security news – Google's new game, Be Internet Awesome World, teaches kids online safety through interactive lessons on scams, passwords, and personal information sharing. https://blog.google/technology/safety-security/be-internet-awesome-roblox/

🚨 Staying a Step Ahead: Mitigating the DPRK IT Worker Threat security research – Mandiant reports on DPRK IT workers posing as non-North Koreans to infiltrate global companies, generating revenue for the regime and posing cybersecurity risks; awareness and vigilance are crucial. https://cloud.google.com/blog/topics/threat-intelligence/mitigating-dprk-it-worker-threat/

🚴‍♂️ Hacking the “Bike Angels” System for Moving Bikeshares security news – New York City's bikeshare system, Bike Angels, is being exploited by users creating artificial shortages to maximize rewards, prompting a need for system modifications to prevent such hacks. https://www.schneier.com/blog/archives/2024/09/hacking-the-bike-angels-system-for-moving-bikeshares.html

🚗 White House proposes rule to ban Chinese, Russian parts for networked vehicles security news – The White House proposes banning Chinese and Russian components in connected vehicles to address national security threats, targeting parts for connectivity systems amid rising surveillance and hacking concerns. https://cyberscoop.com/us-government-ban-china-russia-connected-cars/

☑️ Privacy Service Optery Faces Backlash After Plan to Send OpenAI User Data privacy – Optery faced criticism for defaulting to transferring user data to OpenAI, leading to a backlash from privacy advocates and a subsequent shift to an opt-in model for data sharing. https://www.404media.co/privacy-service-optery-faces-backlash-after-plan-to-send-openai-user-data/

🧻 Telegram will now hand over your phone number and IP if you’re a criminal suspect security news – Telegram will disclose users' phone numbers and IP addresses to authorities upon valid requests for criminal suspects, reflecting a shift in its privacy policy amid concerns over illegal activities on the platform. https://www.theverge.com/2024/9/23/24252276/telegram-disclose-user-data-legal-requests-criminal-activity

⛰️ Pro-Russia hackers aim DDoS campaign at Austrian websites ahead of elections security news – Pro-Russia hacker groups, including NoName057(16) and OverFlame, have launched DDoS attacks on over 40 Austrian websites ahead of the upcoming elections, causing temporary outages but no lasting damage. https://therecord.media/austria-websites-ddos-incidents-pro-russia-hacktivists

📸 New twist on sextortion scam includes pictures of people's homes cybercrime – A new sextortion scam involves emails with photos of victims' homes, threatening to reveal their online activity unless they pay a ransom, leveraging personal data for intimidation. https://therecord.media/new-twist-on-sextortion-scam-pictures-of-peoples-homes

🍰 Iranian-linked election interference operation shows signs of recent access security news – An alleged Iranian hacking effort targeting Trump’s campaign continues, sharing materials with journalists, suggesting ongoing access to campaign documents, with U.S. officials linking the activity to the Iranian government. https://cyberscoop.com/trump-campaign-hack-new-material-ongoing-access/

🛤️ Who is tracking web behavior the most? Google, obviously privacy – Kaspersky's report reveals Google as the top tracker of online behavior, with its systems like Google Analytics and YouTube Analytics leading the way in data collection across various regions. https://www.theregister.com/2024/09/24/google_online_tracker/

🚙 Study finds many European car resellers fail to delete driver data privacy – A study reveals that 80% of resold cars in Europe contain previous owners' personal data, violating data privacy laws; dealerships are urged to implement structured data deletion processes to avoid legal consequences. https://therecord.media/study-finds-european-car-resellers-fail-to-delete-data

💳 New Android banking trojan Octo2 targets European banks malware – The Octo2 banking trojan has emerged, enhancing remote takeover capabilities and targeting European banks. Its advanced features and leaked source code could expand its use among cybercriminals. https://securityaffairs.com/168857/malware/octo2-android-banking-trojan.html

🪤 New Windows Malware Locks Computer in Kiosk Mode malware – A new malware campaign locks users in their browser's kiosk mode on Google's login page, coercing them to enter their credentials, which are then stolen by information-stealing malware. https://www.schneier.com/blog/archives/2024/09/new-windows-malware-locks-computer-in-kiosk-mode.html

🦊 Data privacy watchdog files complaint against Mozilla for new ad tracking feature privacy – The advocacy group noyb has filed a complaint against Mozilla for implementing a new ad tracking feature in Firefox without user consent, claiming it undermines data privacy rights. https://therecord.media/noyb-europe-complaint-mozilla-firefox-privacy-preserving-attribution

🏎️ Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug vulnerability – Researchers discovered a flaw in Kia's web portal that allowed them to track and control millions of vehicles, highlighting serious security vulnerabilities in the automotive industry’s web-based systems. https://www.wired.com/story/kia-web-vulnerability-vehicle-hack-track/

📰 When UK rail stations Wi-Fi was defaced by hackers the only casualty was the truth security news – Hackers defaced public Wi-Fi at 19 UK rail stations with a hate-filled message, but the incident was downplayed as a minor cybersecurity breach rather than a major attack, contradicting sensational media coverage. https://www.bitdefender.com/blog/hotforsecurity/when-uk-rail-stations-wi-fi-was-defaced-by-hackers-the-only-casualty-was-the-truth/

💷 UK data watchdog confirms it's investigating MoneyGram data breach data breach – The UK's ICO is investigating MoneyGram following a reported data breach that caused significant operational downtime, affecting customer transactions and partnerships; details on the breach remain unclear. https://techcrunch.com/2024/09/27/uk-data-watchdog-confirms-investigating-moneygram-data-breach/

🖨️ CUPS flaws allow remote code execution on Linux systems under certain conditions vulnerability – A critical vulnerability in the CUPS printing system allows unauthenticated remote code execution on Linux systems. Researchers disclosed multiple flaws, urging users to disable the affected service as a temporary mitigation. https://securityaffairs.com/169001/hacking/cups-flaws-allow-rce-on-linux-systems.html

🤑 Irish Data Protection Commission fines Meta €91 million for passwords stored in plaintext privacy – The Irish Data Protection Commission fined Meta €91 million for violating GDPR by storing users' passwords in plaintext, following a 2019 investigation where Meta disclosed the issue to regulators. https://cyberscoop.com/meta-fined-passwords-plaintext-ireland-millions-users/

📷 Microsoft details security/privacy overhaul for Windows Recall ahead of relaunch security news – Microsoft is revamping its Recall feature for Windows after security concerns, making it opt-in, enhancing encryption, and requiring user re-authentication to access stored data. https://arstechnica.com/?p=2052960


Some More, For the Curious

🤔 The Cyber Resilience Act, an Accidental European Alien Torts Statute? security news – The Cyber Resilience Act may allow the EU to restrict tech sales based on fundamental rights violations, blending cybersecurity with accountability for international actions. https://www.lawfaremedia.org/article/the-cyber-resilience-act--an-accidental-european-alien-torts-statute

🚒 Insecurity through Censorship: Vulnerabilities Caused by The Great Firewall security research – China's Great Firewall manipulates DNS responses, creating vulnerabilities for domains routed through Chinese infrastructure, risking attacks like subdomain takeovers and XSS. https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall

🐀 Move over, Cobalt Strike, there's a new post-exploit tool security research – Attackers are now using Splinter, a new post-exploitation tool capable of executing commands and stealing data, raising concerns for organizations despite being less advanced than Cobalt Strike. https://www.theregister.com/2024/09/23/splinter_red_team_tool/

💀 Necro Trojan infiltrates Google Play and Spotify and WhatsApp mods malware – The Necro Trojan has re-emerged, infecting popular apps on Google Play and modified versions of Spotify and WhatsApp, using techniques like steganography to evade detection and execute malicious activities. https://securelist.com/necro-trojan-is-back-on-google-play/113881/

🔂 Microsoft’s largest ever security transformation detailed in new report security news – Microsoft reveals its largest security overhaul, emphasizing a cultural shift towards security, with 34,000 engineers involved and new governance structures, following criticism of its previous security practices. https://www.theverge.com/2024/9/23/24251945/microsoft-security-report-secure-future-initiative

🤖 A generative artificial intelligence malware used in phishing attacks malware – HP researchers found malware generated by AI in a phishing attack that delivered AsyncRAT, highlighting how generative AI is making it easier for cybercriminals to create sophisticated threats. https://securityaffairs.com/168840/malware/generative-artificial-intelligence-malware.html

🤡 CrowdStrike exec apologizes in front of Congress over huge global IT outage security news – A CrowdStrike executive apologized to Congress for a faulty update that caused a massive IT outage affecting 8.5 million systems, outlining new measures to prevent future incidents. https://cyberscoop.com/crowdstrike-exec-apologizes-congressional-hearing-it-outage/

🎯 China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs) security news – The China-linked APT group Salt Typhoon has compromised several U.S. ISPs, aiming for intelligence gathering and potential cyberattacks, raising concerns about security in critical infrastructure. https://securityaffairs.com/168941/apt/salt-typhoon-china-linked-threat-actors-breached-us-isp.html

🏥 Senate bill eyes minimum cybersecurity standards for health care industry security news – Senators Wyden and Warner introduced the Health Infrastructure Security and Accountability Act to enforce mandatory cybersecurity standards in the health care sector following a ransomware attack on Change Healthcare. https://cyberscoop.com/minimum-cybersecurity-standards-health-care-wyden-warner-bill/

🔒 HPE patches three critical security holes in Aruba PAPI vulnerability – HPE has released urgent patches for three critical vulnerabilities in Aruba access points that allow unauthenticated attackers to execute code remotely, urging upgrades to affected systems. https://www.theregister.com/2024/09/26/hpe_aruba_patch_papi/

📏 NIST Recommends Some Common-Sense Password Rules security news – NIST's draft guidelines propose sensible password rules, including a minimum length of 8-15 characters, no mandatory complexity requirements, and no periodic changes unless compromised. https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-sense-password-rules.html

⚠️ Critical Nvidia bug allows container escape, host takeover vulnerability – A critical vulnerability in Nvidia's Container Toolkit (CVE-2024-0132) allows attackers to escape containers and gain control of the host system, affecting 33% of cloud environments; fixes have been issued. https://www.theregister.com/2024/09/26/critical_nvidia_bug_container_escape/

⚖️ The Data Breach Disclosure Conundrum security news – The article discusses the complexities of data breach disclosure, emphasizing the legal and ethical obligations organizations have to notify affected individuals and the potential backlash from non-disclosure, highlighting examples like Deezer and Uber. https://www.troyhunt.com/the-data-breach-disclosure-conundrum/


CISA Corner

🛡️ Threat Actors Continue to Exploit OT/ICS through Unsophisticated Means securnty news – CISA warns that cyber threat actors exploit vulnerable OT/ICS devices using basic methods like default credentials and brute force attacks, urging operators to enhance their security measures. https://www.cisa.gov/news-events/alerts/2024/09/25/threat-actors-continue-exploit-otics-through-unsophisticated-means

📜 ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises security news – A joint guide by ASD ACSC and CISA offers strategies for organizations to detect and mitigate Active Directory compromises, crucial for securing enterprise IT networks against malicious actors. https://www.cisa.gov/news-events/alerts/2024/09/26/asds-acsc-cisa-and-us-and-international-partners-release-guidance-detecting-and-mitigating-active

🛠️ CISA Releases Eight Industrial Control Systems Advisories vulnerability – CISA has issued eight advisories highlighting vulnerabilities in various Industrial Control Systems, urging users to review them for important security updates and mitigations. https://www.cisa.gov/news-events/alerts/2024/09/24/cisa-releases-eight-industrial-control-systems-advisories 🛠️ CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA has published five advisories addressing vulnerabilities in various Industrial Control Systems, urging users to review them for essential security updates and mitigations. https://www.cisa.gov/news-events/alerts/2024/09/26/cisa-releases-five-industrial-control-systems-advisories

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA has included CVE-2024-7593, an authentication bypass vulnerability in Ivanti Virtual Traffic Manager, in its Known Exploited Vulnerabilities Catalog due to active exploitation. https://www.cisa.gov/news-events/alerts/2024/09/24/cisa-adds-one-known-exploited-vulnerability-catalog

🔧 Citrix Releases Security Updates for XenServer and Citrix Hypervisor vulnerability – Citrix has issued security updates for XenServer and Citrix Hypervisor to fix vulnerabilities that could lead to denial of service attacks; users are urged to apply these updates. https://www.cisa.gov/news-events/alerts/2024/09/25/citrix-releases-security-updates-xenserver-and-citrix-hypervisor 🔒 Cisco Releases Security Updates for IOS and IOS XE Software vulnerability – Cisco's September 2024 advisory addresses vulnerabilities in IOS and IOS XE software that could allow cyber actors to take control of affected systems; users are advised to apply updates. https://www.cisa.gov/news-events/alerts/2024/09/26/cisco-releases-security-updates-ios-and-ios-xe-software


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.


(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub