cyberlights – week 43/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
⏳ Sicherheit: Worauf du beim Kauf eines neuen Android-Smartphones achten solltest security news – Many Android manufacturers fail to provide timely security updates, often delaying patches for years, leaving users vulnerable to threats and privacy issues. https://www.kuketz-blog.de/sicherheit-worauf-du-beim-kauf-eines-neuen-android-smartphones-achten-solltest/
🔎 Watch: Inside the FBI’s Secret Phone Company security research – The FBI secretly operated Anom, a secure app used by criminals, revealing how law enforcement exploited its popularity to monitor organized crime without users' knowledge. https://www.404media.co/watch-inside-the-fbis-secret-phone-company/
🧨 Internet Archive was breached twice in a month security news – The Internet Archive faced two breaches within a month, exposing 31 million user records due to mishandled authentication tokens, raising serious concerns about their security practices. https://securityaffairs.com/170068/data-breach/internet-archive-second-data-breach.html
🔒 HM Surf macOS vuln potentially exploited by Adloader malware vulnerability – A macOS vulnerability (CVE-2024-44133) may allow malware like Adloader to exploit user privacy by accessing cameras and microphones. Apple users are urged to update their systems immediately. https://www.theregister.com/2024/10/21/microsoft_macos_hm_surf/
🚧 ICE's $2 Million Contract With a Spyware Vendor Is Under White House Review privacy – ICE's $2 million contract with Paragon Solutions for spyware is under review for compliance with Biden's executive order on spyware, raising concerns about privacy and civil liberties. https://www.wired.com/story/ice-paragon-contract-white-house-review/
👤 Meta brings back face scanning to combat scams and account hacking privacy – Meta reintroduces facial recognition on Facebook and Instagram to help users recover hacked accounts and fight scam ads impersonating celebrities, following privacy concerns that led to its earlier removal. https://www.theverge.com/2024/10/22/24276593/meta-facebook-instagram-facial-recognition-tools-test-celeb-bait
🚨 Samsung zero-day flaw actively exploited in the wild vulnerability – A Samsung zero-day vulnerability (CVE-2024-44068) is being actively exploited, allowing privilege escalation on vulnerable Android devices. Security updates were released in October 2024 to address the issue. https://securityaffairs.com/170119/security/samsung-zero-day-activey-exploited.html
😉 Google Online Security Blog: 5 new protections on Google Messages to help keep you safe security news – Google introduces five new security features in Google Messages aimed at enhancing user safety, including spam protection and improved verification for messages, to combat scams and protect privacy. https://security.googleblog.com/2024/10/5-new-protections-on-google-messages.html
📱 WhatsApp is making a massive change to the way it saves your contacts security news – WhatsApp introduces a built-in contact manager that allows users to save contacts within the app, independent of their smartphone’s address book, enhancing privacy and ease of use. https://www.theverge.com/2024/10/22/24276714/whatsapp-built-in-contacts-address-book
🚫 Googles Manifest V3: Ein Schlag für Werbeblocker und Nutzerrechte privacy – Google's Manifest V3 introduces changes that undermine ad blockers and user rights, raising concerns about online privacy and control over web experiences. https://www.kuketz-blog.de/googles-manifest-v3-ein-schlag-fuer-werbeblocker-und-nutzerrechte/
📍 The Global Surveillance Free-for-All in Mobile Ad Data privacy – A lawsuit highlights how mobile ad data enables tracking of individuals, including law enforcement officers, through services like Babel Street, raising significant privacy concerns amidst a growing data broker industry. https://krebsonsecurity.com/2024/10/the-global-surveillance-free-for-all-in-mobile-ad-data/
🦺 Ransomware gang stoops to new low, targets prominent nonprofit for disabled people cybercrime – The Rhysida ransomware group has targeted Easterseals, a nonprofit for disabled individuals, demanding $1.3 million after accessing personal data of nearly 15,000 people in a cyberattack. https://therecord.media/easterseals-central-illinois-data-breach
💣 The EU Throws a Hand Grenade on Software Liability security news – The EU is introducing strict software liability laws to hold software makers accountable for defects, contrasting with the US approach, which is lagging due to lobbying and lack of political will. https://news.risky.biz/the-eu-throws-a-hand-grenade-on-software-liability/
💸 LinkedIn hit with $335 million fine for using member data for ad targeting without consent privacy – Ireland's Data Protection Commission fined LinkedIn €310 million for violating GDPR by using member data for ads without consent, marking one of the largest fines against a tech company for data misuse. https://therecord.media/linkedin-hit-with-335-million-fine-gdpr-ireland
🕵️♂️ HYPR is latest firm to reveal hiring of fraudulent IT worker overseas cybercrime – HYPR exposed an incident involving a fraudulent IT worker from a contracting agency, highlighting the need for enhanced vetting processes to prevent hiring scams amid rising concerns of fake remote employees. https://cyberscoop.com/hypr-hired-fraudulent-tech-worker-overseas/
🥽 How the ransomware attack at Change Healthcare went down: A timeline cybercrime – A ransomware attack on Change Healthcare in February 2024 led to a massive data breach affecting over 100 million people, revealing vulnerabilities in cybersecurity and prompting extensive investigations. https://techcrunch.com/2024/10/24/how-the-ransomware-attack-at-change-healthcare-went-down-a-timeline/
🔧 It Is Now Legal to Hack McFlurry Machines (and Medical Devices) to Fix Them security news – A new federal rule allows the circumvention of digital locks on McFlurry machines and medical devices for repair purposes, highlighting ongoing issues with manufacturer control over equipment and the need for further repair legislation. https://www.404media.co/it-is-now-legal-to-hack-mcflurry-machines-and-medical-devices-to-fix-them/
🤔 Prominent crypto critic says someone offered bribes to take down a blog post security news – Molly White, a crypto critic, reported being offered bribes to remove a post about a fraud case involving Roman Ziemian. After declining the bribe, she received a dubious DMCA takedown request from someone claiming to be a lawyer. https://techcrunch.com/2024/10/25/prominent-crypto-critic-says-someone-offered-bribes-to-take-down-a-blog-post/
Some More, For the Curious
🛡️ Update #1 Kritische Zero-Day Schwachstelle in FortiManager wird aktiv ausgenutzt – Update verfügbar warning – The article discusses CERT.at, Austria's Computer Emergency Response Team, focusing on its role in cybersecurity, incident response, and providing guidance to organizations on protecting against cyber threats. https://www.cert.at/de/warnungen/2024/10/kritische-zero-day-schwachstelle-in-fortimanager-wird-aktiv-ausgenutzt-update-verfugbar
💸 Stealers on the rise: Kral, AMOS, Vidar and ACR security research – Information stealers are proliferating, targeting credentials and cryptocurrency data, with methods ranging from malicious downloads to deceptive phishing tactics. Cybercriminals profit from these attacks, threatening privacy. https://securelist.com/kral-amos-vidar-acr-stealers/114237/
👻 Sneaky Ghostpulse malware loader hides inside PNG pixels security research – The Ghostpulse malware now extracts its payload from PNG image pixels, making detection harder. This evolution showcases increasing sophistication in cybercriminal tactics to evade security measures. https://www.theregister.com/2024/10/22/ghostpulse_malware_loader_png/
🛡️ Justice Department rule aims to curb the sale of Americans’ personal data overseas privacy – The Justice Department proposed regulations to restrict the sale of Americans' personal data to adversarial countries, enhancing privacy protections while imposing compliance requirements on companies. https://cyberscoop.com/justice-department-data-broker-regulation-china-russia-iran/
🙂↔️ No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer security research – Recent claims that China's quantum computer has cracked military-grade encryption are exaggerated. Experts affirm that modern cryptography remains secure for the foreseeable future. https://www.schneier.com/blog/archives/2024/10/no-the-chinese-have-not-broken-modern-encryption-systems-with-a-quantum-computer.html
🛠️ VMware fixes critical RCE, make-me-root bugs in vCenter – for the second time vulnerability – VMware has issued a second patch for critical vulnerabilities in vCenter Server that could allow remote code execution and privilege escalation, urging all users to update immediately. https://www.theregister.com/2024/10/22/vmware_rce_vcenter_bugs/
🍪 Threat Spotlight: WarmCookie/BadSpace malware – WarmCookie, a malware family active since April 2024, is used for initial access and persistence, enabling further malware deployment like CSharp-Streamer-RAT. Its distribution involves malspam and malvertising tactics. https://blog.talosintelligence.com/warmcookie-analysis/
😈 Lazarus APT steals cryptocurrency and user data via a decoy MOBA game security news – Lazarus APT uses a fake MOBA game to exploit a Google Chrome zero-day vulnerability, gaining access to victims' PCs. The group targets cryptocurrency and evolves its tactics with sophisticated social engineering. https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/
👋 Meet ZachXBT, the Masked Vigilante Tracking Down Billions in Crypto Scams and Thefts security news – ZachXBT, an anonymous crypto investigator, has traced billions in stolen funds, including a recent $243 million Bitcoin theft, leading to arrests of the alleged hackers and advocating for justice for victims. https://www.wired.com/story/meet-zachxbt-243-million-crypto-theft/
🌍 Removal of Russian coders spurs debate about Linux kernel’s politics security news – The Linux kernel's maintainer removed Russian developers from the MAINTAINERS file due to compliance with US sanctions, sparking debate over the intersection of open source and international politics. https://arstechnica.com/information-technology/2024/10/russian-coders-removed-from-linux-maintainers-list-due-to-sanction-concerns/
CISA Corner
⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-9537, a ScienceLogic SL1 vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting the need for federal agencies to address active threats promptly. https://www.cisa.gov/news-events/alerts/2024/10/21/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-38094, a Microsoft SharePoint deserialization vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting its risks to federal networks and the need for remediation. https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-47575, a missing authentication vulnerability in Fortinet FortiManager, to its Known Exploited Vulnerabilities Catalog, urging users to apply patches to mitigate risks. https://www.cisa.gov/news-events/alerts/2024/10/23/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has included CVE-2024-20481 (Cisco ASA and FTD DoS vulnerability) and CVE-2024-37383 (RoundCube Webmail XSS vulnerability) in its Known Exploited Vulnerabilities Catalog due to active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-adds-two-known-exploited-vulnerabilities-catalog
⚙️ ICONICS and Mitsubishi Electric Products vulnerability – A vulnerability (CVE-2024-7587) in ICONICS and Mitsubishi Electric products allows for potential data disclosure and tampering due to incorrect default permissions. Users are urged to update to mitigate risks. https://www.cisa.gov/news-events/ics-advisories/icsa-24-296-01 ⚙️ CISA Releases Four Industrial Control Systems Advisories vulnerability – CISA issued four ICS advisories addressing security vulnerabilities in various systems, VIMESA VHF/FM, iniNet Spider Control, Deep Sea Electronics, OMNET Proteus https://www.cisa.gov/news-events/alerts/2024/10/24/cisa-releases-four-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.