cyberlights – week 41/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
Highlight
💳 So stehlen Kriminelle mit gefälschten FinanzOnline-Benachrichtigungen Ihre Bankomatkarte cybercrime – Kriminelle nutzen gefälschte Onlinebanking-Seiten, um Bankdaten zu stehlen. Nutzer erhalten betrügerische Benachrichtigungen über Kartensperrungen und sollen ihre alte Karte zurücksenden. https://www.watchlist-internet.at/news/so-stehlen-kriminelle-kartenwechsel-scam/
News For All
🤖 Your robot vacuum cleaner might be spying on you privacy – A security flaw in Ecovacs robot vacuums allows remote access to cameras and microphones, exposing users to privacy risks. Updates are coming, but not soon enough for some customers. https://www.bitdefender.com/en-us/blog/hotforsecurity/your-robot-vacuum-cleaner-might-be-spying-on-you/
🤔 Cops often hush up use of facial recognition tools privacy – U.S. police frequently use facial recognition technology without disclosing it to suspects, leading to wrongful arrests. This raises concerns about privacy and accountability in law enforcement practices. https://www.theregister.com/2024/10/07/cops_love_facial_recognition_and/
🔒 Google brings better bricking to Androids, to curtail crims security news – Google is rolling out features to enhance Android security, making it harder for thieves to profit from stolen phones by requiring credentials for factory resets and biometric verification for sensitive actions. https://www.theregister.com/2024/10/08/google_android_security/
⚖️ Twitter Acts Fast on Nonconsensual Nudity If It Thinks It’s a Copyright Violation privacy – A study reveals Twitter removes nonconsensual nude images quickly if reported for copyright violations but delays action on similar reports for nonconsensual content, highlighting legal gaps. https://www.404media.co/twitter-acts-fast-on-nonconsensual-nudity-if-it-thinks-its-a-copyright-violation/
🔄 What Google’s U-Turn on Third-Party Cookies Means for Chrome Privacy privacy – Google paused its plans to eliminate third-party cookies in Chrome, citing backlash from various stakeholders. Critics argue this compromises user privacy while Google emphasizes user choice in tracking. https://www.wired.com/story/google-chrome-third-party-cookies-privacy-rollback/
🔍 Credit monitoring and supply chain risk company hacked data breach – CreditRiskMonitor reported a data breach where sensitive employee information was stolen, though customer data remained unaffected. The company is offering impacted individuals 24 months of free credit monitoring. https://cyberscoop.com/credit-risk-monitor-cyber-crmz-ransomware/
📱 Don’t use iPhone Mirroring at work, experts warn privacy – Experts warn against using iPhone Mirroring at work due to privacy risks, as it can expose personal app data to employers. Apple is aware and working on a fix. https://www.theregister.com/2024/10/08/iphone_mirroring_at_work/
📚 The Editors Protecting Wikipedia from AI Hoaxes security news – Wikipedia editors have launched WikiProject AI Cleanup to address the rise of unsourced, poorly-written AI-generated content on the platform, aiming to preserve the quality of information. https://www.404media.co/the-editors-protecting-wikipedia-from-ai-hoaxes/
💉 Trinity ransomware targets healthcare orgs cybercrime – Trinity ransomware has infected at least one U.S. healthcare provider, employing double extortion tactics. Experts warn healthcare organizations to enhance security measures against such attacks. https://www.theregister.com/2024/10/09/trinity_ransomware_targets_healthcare_orgs/
🔑 How to use Apple’s new Passwords app on iOS and macOS security news – Apple's new Passwords app replaces previous password management methods, allowing users to store and manage passwords, passkeys, and Wi-Fi credentials across devices. It offers autofill, sharing, and security alerts. https://www.theverge.com/24264400/passwords-apple-ios-macos-how-to
📉 National Public Data files for bankruptcy after info leak security news – National Public Data filed for bankruptcy after a massive data breach affecting potentially hundreds of millions. The company faces multiple lawsuits and regulatory challenges following the incident. https://www.theregister.com/2024/10/09/national_public_data_bankrupt/
🔒 The Internet Archive is under attack, with a breach revealing info for 31 million accounts data breach – The Internet Archive confirmed a breach exposing data for 31 million accounts, including email addresses and hashed passwords. The site also faced a DDoS attack following the incident. https://www.theverge.com/2024/10/9/24266419/internet-archive-ddos-attack-pop-up-message
📱 How Telegram Turbocharges Organised Crime cybercrime – A UN report highlights Telegram's role in facilitating organized crime, including cyber fraud, money laundering, and criminal marketplaces, emphasizing the need for stricter regulations to combat these activities. https://news.risky.biz/how-telegram-turbocharges-organised-crime/
⚠️ Mozilla issued an urgent Firefox update to fix actively exploited flaw vulnerability – Mozilla released an urgent update for Firefox to fix a critical use-after-free vulnerability (CVE-2024-9680) actively exploited in attacks, urging users to upgrade immediately. https://securityaffairs.com/169590/security/mozilla-firefox-actively-exploited-flaw.html
🛡️ Blue Team, Red Team, and Purple Team: An Overview security news – This article discusses the roles of Blue, Red, and Purple Teams in cybersecurity, highlighting defensive operations, adversarial simulations, and collaborative efforts to enhance security measures. https://www.blackhillsinfosec.com/red-blue-and-purple-teams/
😷 14,000 medical devices are online, unsecured and vulnerable security research – A report reveals over 14,000 exposed medical devices globally, with nearly half in the U.S. Many lack basic security measures, making them prime targets for cybercriminals amid increasing healthcare attacks. https://cyberscoop.com/medical-devices-online-health-censys/
🐖 Pig Butchering Scams Are Going High Tech cybercrime – The UNODC reports a surge in high-tech 'pig butchering' scams in Southeast Asia, utilizing generative AI and deepfakes to enhance fraud. These scams, alongside cryptocurrency drainers, are increasingly sophisticated and pose significant challenges for law enforcement. https://www.wired.com/story/pig-butchering-scams-go-high-tech/
⛓️💥 'Chat control': The EU's controversial CSAM-scanning legal proposal explained privacy – The EU's proposed legislation to combat child sexual abuse material (CSAM) threatens user privacy by mandating scanning of private communications on messaging apps, raising concerns about encryption and mass surveillance. https://techcrunch.com/2024/10/12/chat-control-the-eus-controversial-csam-scanning-legal-proposal-explained/
🔒 How to Stop Your Data From Being Used to Train AI privacy – As generative AI increasingly utilizes online data, users can take steps to opt out of having their content used for training. The article outlines various platforms and methods to help protect personal data from being scraped. https://www.wired.com/story/how-to-stop-your-data-from-being-used-to-train-ai/
⚠️ Magenta ID wurde deaktiviert: Vorsicht vor täuschend echter Phishing-Mail warning – Eine täuschend echte Phishing-Mail mit dem Betreff „Aktion erforderlich: Reaktivierung Ihrer Magenta ID“ fordert zur Aktivierung einer nicht existierenden ID auf. Drei Hinweise entlarven die Betrugsmasche. https://futurezone.at/digital-life/magenta-id-wurde-deaktiviert-mail-phishing-rechnung-hinweise-betrug-warnung/402960708
Some More, For the Curious
🎉 Kyiv's hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin's birthday security news – Ukrainian hackers reportedly disrupted VGTRK operations, wiping servers and backups on Putin's birthday, amid ongoing cyber conflict between Russia and Ukraine. https://securityaffairs.com/169486/cyber-warfare-2/kyivs-hackers-hit-russian-state-media.html
🧓 The 30-year-old internet backdoor law that came back to bite security news – Chinese hackers compromised U.S. telecom wiretap systems, highlighting risks of backdoor laws like CALEA, which mandate access to customer data but create vulnerabilities for abuse. https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite/
💰 MoneyGram says hackers stole customers' personal information and transaction data data breach – MoneyGram confirmed a cyberattack resulted in the theft of customers' personal and transaction data, affecting names, addresses, and some Social Security numbers. Investigation is ongoing. https://techcrunch.com/2024/10/07/moneygram-says-hackers-stole-customers-personal-information-and-transaction-data/
🗃️ ADT says hacker stole encrypted internal employee data after compromising business partner security news – ADT reported a breach where a hacker accessed its network through a compromised third-party partner, stealing encrypted employee data. No customer information was believed to be affected. https://therecord.media/adt-hacker-stole-encrypted-data-after-breaching-third-party
🛡️ Following the Trail of Flax Typhoon to Uncover Newly Discovered Vulnerabilities in Linear Emerge Access Control Devices security research – A vulnerability, CVE-2024-9441, affects Linear Emerge E3 series devices and is unpatched, raising concerns of imminent exploitation. Organizations are urged to isolate affected devices. https://vulncheck.com/blog/flax-typhoon-linear-merge
🔧 Zero Day Initiative — The October 2024 Security Update Review security news – Adobe and Microsoft released significant security updates in October 2024, addressing numerous vulnerabilities including critical code execution bugs. Users are urged to promptly apply patches to mitigate risks. https://www.thezdi.com/blog/2024/10/8/the-october-2024-security-update-review
🚫 Russia and Turkey ban Discord messaging app security news – Russia and Turkey have blocked Discord, citing non-compliance with local laws and misuse for illegal activities. The bans have sparked backlash, highlighting the platform's importance for communication. https://therecord.media/discord-messaging-app-banned-russia-turkey
🔍 Two never-before-seen tools, from same group, infect air-gapped devices security research – Researchers discovered two sophisticated toolsets used by a suspected Russian hacking group to compromise air-gapped devices for data theft, highlighting their evolving capabilities and modular design. https://arstechnica.com/security/2024/10/two-never-before-seen-tools-from-same-group-infect-air-gapped-devices/
⌨️ Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips vulnerability – Qualcomm confirmed hackers exploited a zero-day vulnerability (CVE-2024-43047) in its chipsets used in Android devices, with indications of targeted exploitation. Fixes have been made available to device manufacturers. https://techcrunch.com/2024/10/09/hackers-were-targeting-android-users-with-qualcomm-zero-day/
🌐 OpenAI says it has disrupted 20-plus foreign influence networks in past year security news – OpenAI disrupted over 20 foreign influence operations using its AI tools to manipulate political sentiments and elections. The report highlights ongoing threats from nations like Russia and Iran. https://cyberscoop.com/openai-threat-report-foreign-influence-generative-ai/
🚔 Dutch cops reveal takedown of 'largest dark web market' cybercrime – Dutch police arrested the alleged administrators of Bohemia and Cannabia, the largest dark web marketplaces, which processed €12 million monthly. The operators attempted an exit scam after becoming aware of the investigation. https://www.theregister.com/2024/10/10/cannabia_bohemia_darkweb_market_investigation/
🪙 FBI created a crypto token so it could watch it being abused security news – The FBI developed its own cryptocurrency, NexFundAI, to monitor fraudulent activities in the crypto market, leading to arrests in three countries for alleged wash trading and manipulation schemes. https://www.theregister.com/2024/10/11/fbi_nexfundai_crypto_fraud_sting/
🔧 GitLab fixed a critical flaw that could allow arbitrary CI vulnerability – GitLab patched a critical vulnerability (CVE-2024-9164) that allowed unauthorized CI/CD pipeline execution. The update also addressed several high and medium severity issues in both Community and Enterprise Editions. https://securityaffairs.com/169671/security/gitlab-fixed-critical-flaw-cve-2024-9164.html
📦 Malicious packages in open-source repositories are surging security research – A report by Sonatype reveals a 150% increase in malicious packages in open-source repositories over the past year, highlighting security vulnerabilities and the slow response to patching them. https://cyberscoop.com/open-source-security-supply-chain-sonatype/
💻 Ransomware operators exploited Veeam Backup & Replication flaw CVE vulnerability – Ransomware operators are exploiting the critical CVE-2024-40711 vulnerability in Veeam Backup & Replication to deploy malware and create rogue accounts. Sophos warns of attacks leveraging compromised credentials and outdated VPNs. https://securityaffairs.com/169679/cyber-crime/ransomware-groups-exploit-veeam-backup-replication-bug.html
📁 File hosting services misused for identity phishing security research – Microsoft reports that ransomware operators are exploiting legitimate file hosting services to conduct phishing attacks, using tactics to evade detection and compromise user identities, leading to business email compromise (BEC) attacks. https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/
CISA Corner
🚨 Avoid Scams After Disaster Strikes warning – CISA warns of increased cyber scams following natural disasters, urging caution with emails and social media related to hurricanes. Verify information from trusted sources before responding. https://www.cisa.gov/news-events/alerts/2024/10/08/avoid-scams-after-disaster-strikes
⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has included three vulnerabilities in its Known Exploited Vulnerabilities Catalog, highlighting risks from active exploitation. Agencies are required to remediate these vulnerabilities to protect federal networks. https://www.cisa.gov/news-events/alerts/2024/10/08/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting risks from active exploitation in Fortinet and Ivanti products. Federal agencies must remediate these vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/10/09/cisa-adds-three-known-exploited-vulnerabilities-catalog
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.