cyberlights – week 45/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🦹 Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies cybercrime – A complex hacking ecosystem fueled by infostealer malware is behind major breaches, as hackers exploit stolen credentials from pirated software. https://www.wired.com/story/inside-the-massive-crime-industry-thats-hacking-billion-dollar-companies/
🏆 Valorant is winning the war against PC gaming cheaters security news – Riot Games' Vanguard anti-cheat system has significantly reduced cheating in Valorant by employing advanced detection methods. https://www.theverge.com/2024/11/4/24283482/valorant-is-winning-the-war-against-pc-gaming-cheaters
🎫 Hacker suspected in massive Ticketmaster, AT&T breaches arrested in Canada cybercrime – Canadian authorities arrested a man suspected of breaching around 165 companies, including Ticketmaster and AT&T, by exploiting Snowflake's cloud storage with stolen credentials. https://www.theverge.com/2024/11/5/24288654/alleged-snowflake-hacker-arrested-ticketmaster-att-data-breaches
📉 Mozilla Foundation lays off 30% staff, drops advocacy division security news – The Mozilla Foundation has laid off 30% of its staff, eliminating its advocacy and global programs divisions to streamline operations and focus on its mission amidst significant changes in the tech landscape. https://techcrunch.com/2024/11/05/mozilla-foundation-lays-off-30-staff-drops-advocacy-division/
💸 South Korean authorities fine Meta $15.6 million for sharing user data with advertisers privacy – South Korea fined Meta $15.6 million for sharing sensitive data of 980,000 Facebook users with advertisers without consent, violating the Personal Information Protection Act. https://therecord.media/facebook-south-korea-privacy-regulator-fine
🐍 ToxicPanda Android banking trojan targets Europe and LATAM malware – The ToxicPanda Android banking trojan has infected over 1,500 devices, targeting banks in Europe and Latin America. It employs On-Device Fraud techniques to bypass security measures, indicating a potential shift in attack strategies by Chinese-speaking threat actors. https://securityaffairs.com/170605/malware/toxicpanda-android-malware-targets-italy.html
👮♂️ Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs cybercrime – Interpol's Operation Synergia resulted in 41 arrests and the takedown of over 22,000 malicious IP addresses linked to cybercrime, preventing numerous phishing and ransomware attacks worldwide. https://therecord.media/interpol-operation-arrests-takedowns
🕺 Canada ordered ByteDance to shut down TikTok operations in the country over security concerns privacy – Canada has ordered ByteDance to dissolve TikTok Technology Canada due to security concerns, though Canadians can still access the app. The decision follows a national security review amid ongoing scrutiny of TikTok's data practices. https://securityaffairs.com/170653/security/canada-ordered-bytedance-to-shut-down-tiktok-operations.html
💽 Synology fixed critical flaw impacting millions of DiskStation and BeePhotos NAS devices vulnerability – Synology patched a critical vulnerability (CVE-2024-10443) in DiskStation and BeePhotos NAS devices that allowed remote code execution without user interaction, affecting millions. Users are urged to apply updates immediately. https://securityaffairs.com/170602/hacking/synology-fixed-critical-bug-in-diskstation-and-beephotos-nas.html
🦠 SteelFox Trojan imitates popular products to drop stealer and miner malware security research – The SteelFox Trojan, disguised as software activators, spreads via torrent and forum posts, stealing sensitive data and mining cryptocurrency. It targets popular applications like AutoCAD and Foxit PDF Editor, employing sophisticated techniques to evade detection. https://securelist.com/steelfox-trojan-drops-stealer-and-miner/114414/
🚫 Major Ukrainian university bans Telegram to reduce cyberthreats security news – Taras Shevchenko National University of Kyiv has banned Telegram for official communications, citing security concerns over Russian access to user data. The ban follows similar restrictions for state officials, prompting discussions about alternative communication platforms. https://therecord.media/ukraine-university-bans-telegram
🧢 How early-stage companies can go beyond cybersecurity basics cyber defense – To combat evolving cyber threats, early-stage companies should adopt a proactive cybersecurity strategy that transcends basic compliance, focusing on risk management, layered security, employee training, and incident response planning. https://cyberscoop.com/cybersecurity-for-startups-early-stage-companies/
🧪 What Is Penetration Testing? security news – Penetration testing simulates attacks to identify vulnerabilities within an organization's security systems. By employing various techniques, it helps organizations strengthen defenses, comply with regulations, and improve incident response capabilities. https://www.blackhillsinfosec.com/what-is-penetration-testing/
🎮 Hacker says they banned ‘thousands’ of Call of Duty gamers by abusing anti-cheat flaw security news – A hacker named Vizor exploited a flaw in Activision's Ricochet anti-cheat system to falsely ban thousands of Call of Duty players by sending messages containing specific strings. https://techcrunch.com/2024/11/07/hacker-says-they-banned-thousands-of-call-of-duty-gamers-by-abusing-anti-cheat-flaw/
🚗 Zero Day Initiative — Multiple Vulnerabilities in the Mazda In vulnerability – Multiple vulnerabilities in the Mazda Connect CMU system allow physical attackers to exploit insufficient input sanitization via USB devices, enabling arbitrary code execution with root privileges, posing significant security risks. https://www.thezdi.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system
🔒 A new iOS 18 security feature makes it harder for police to unlock iPhones privacy – iOS 18 introduces an inactivity timer that reboots iPhones after four days of inactivity, entering a more secure state that complicates police access to locked devices and limits data extraction capabilities. https://www.theverge.com/2024/11/9/24292092/ios-18-security-inactivity-reboot-police-complain-unlocking-iphone-difficult
Some More, For the Curious
🐰 Fortinet FortiGate CVE-2024-23113 – A Super Complex Vulnerability In A Super Secure Appliance In 2024 vulnerability – A Format String vulnerability in Fortinet's FortiGate SSLVPN devices allows remote code execution. https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/
🔀 A look at the latest post-quantum signature standardization candidates security research – NIST advances 14 post-quantum signature schemes for cybersecurity, highlighting their need to resist quantum attacks. The migration to these standards poses challenges, particularly regarding performance and data overhead in TLS connections. https://blog.cloudflare.com/another-look-at-pq-signatures
🎟️ Strengthening Local Admin Security in Windows 11 with Local Administrator Protection security news – Windows 11's new Local Administrator Protection feature enhances security by providing just-in-time admin privileges, reducing exposure to malware and minimizing risks associated with local admin rights. https://call4cloud.nl/local-administrator-protection-privilege-protection/
🦘 Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems security research – The SANS report highlights rising attacks on ICS/OT systems, primarily through IT network vulnerabilities, with non-ransomware incidents outnumbering ransomware. https://www.darkreading.com/ics-ot-security/attackers-breach-network-provider-ot-ics-network
💼 Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale security research – Cybercriminals are exploiting DocuSign's APIs to send realistic fake invoices using genuine accounts, bypassing traditional phishing defenses. https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/
🤖 AIs Discovering Vulnerabilities security research – Research into AI capabilities for discovering software vulnerabilities is advancing, with tools like ZeroPath uncovering critical flaws missed by traditional methods. https://www.schneier.com/blog/archives/2024/11/ais-discovering-vulnerabilities.html
🔍 Typosquat campaign impersonates 287+ popular npm packages cybercrime – A new typosquatting campaign targets developers by publishing malicious npm packages that mimic legitimate ones, utilizing Ethereum smart contracts for command-and-control. https://www.theregister.com/2024/11/05/typosquatting_npm_campaign/
💰 Schneider Electric reports cyberattack, its third incident in 18 months *security news – Schneider Electric confirmed a cyberattack involving unauthorized access to its project tracking platform, with the HellCat ransomware group demanding a $150,000 ransom in baguettes after claiming to steal over 40GB of data.* https://cyberscoop.com/schneider-electric-energy-ransomware-hellcat/
🔐 Abusing Intune Permissions for Lateral Movement and Privilege Escalation in Entra ID Native Environments security research – Mandiant's Red Team demonstrated how attackers can exploit Intune permissions to achieve lateral movement and privilege escalation within Microsoft Entra ID. https://cloud.google.com/blog/topics/threat-intelligence/abusing-intune-permissions-entra-id-environments/
💯 Cisco scores an (im)perfect CVSS 10 with critical Wi-Fi flaw vulnerability – Cisco has issued a critical alert for CVE-2024-20418, a vulnerability in its Ultra-Reliable Wireless Backhaul systems that allows remote attackers to gain admin access via crafted HTTP requests, necessitating immediate patching. https://www.theregister.com/2024/11/07/cisco_uiws_flaw/
🤖 AI Industry is Trying to Subvert the Definition of “Open Source AI” security news – The Open Source Initiative's new definition of 'open source AI' has sparked controversy for permitting secretive practices in training data, raising concerns about true transparency in AI development. Critics argue for a clear distinction between 'open source' and 'open weights' models. https://www.schneier.com/blog/archives/2024/11/ai-industry-is-trying-to-subvert-the-definition-of-open-source-ai.html
🚔 FBI says hackers are sending fraudulent police data requests to tech giants to steal people's private information security news – The FBI warns that hackers are exploiting compromised government email addresses to submit fraudulent emergency data requests, enabling them to steal private user information from tech companies like Apple and Meta. https://techcrunch.com/2024/11/08/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information/
🏜️ Palo Alto Networks warns of potential RCE in PAN vulnerability – Palo Alto Networks alerts customers to a potential remote code execution vulnerability in PAN-OS management interface, urging them to restrict access and follow security best practices to mitigate risks. https://securityaffairs.com/170697/security/palo-alto-networks-warns-potential-pan-os-rce.html
📇 Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks security research – This guide emphasizes the importance of limiting high-privilege accounts and monitoring for unusual replication requests to defend against DCSync attacks on Active Directory. https://www.nccgroup.com/us/research-blog/defending-your-directory-an-expert-guide-to-securing-active-directory-against-dcsync-attacks/
🤖 With 2FA Enabled: NPM Package lottie-player Taken Over by Attackers security research – Attackers exploited a leaked automation token to inject malicious code into popular NPM package versions, highlighting vulnerabilities in software supply chains and 2FA limitations. https://checkmarx.com/blog/with-2fa-enabled-npm-package-lottie-player-taken-over-by-attackers/
CISA Corner
⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has added two vulnerabilities affecting PTZOptics cameras to its Known Exploited Vulnerabilities Catalog, highlighting the risks of OS command injection and authentication bypass to federal networks. https://www.cisa.gov/news-events/alerts/2024/11/04/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog warning – CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, including privilege escalation and authentication flaws, highlighting significant risks for federal agencies that must address these vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2024/11/07/cisa-adds-four-known-exploited-vulnerabilities-catalog
⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA issued three advisories on November 7, 2024, addressing security vulnerabilities in Beckhoff Automation, Delta Electronics, and Bosch Rexroth ICS products, urging users to review for technical details and mitigations. https://www.cisa.gov/news-events/alerts/2024/11/07/cisa-releases-three-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.