cyberlights – week 47/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
Highlight
⚠️ PSA: You shouldn't upload your medical images to AI chatbots privacy – Users are cautioned against uploading private medical images to AI chatbots like Grok, as it risks exposing sensitive data, which may be used to train models and shared without clear protections. https://techcrunch.com/2024/11/19/psa-you-shouldnt-upload-your-medical-images-to-ai-chatbots/
News For All
🌟 These alternatives to popular apps can help reclaim your online life from billionaires and surveillance privacy – Explore privacy-focused alternatives to popular apps that empower you to control your data, avoiding surveillance and monetization by big tech companies. https://techcrunch.com/2024/11/24/these-alternatives-to-popular-apps-can-help-reclaim-your-online-life-from-billionaires-and-surveillance/
🕵️♀️ Women In Russian-Speaking Cybercrime: Mythical Creatures or Significant Members of Underground? cybercrime – This article explores the underrepresented roles of women in Russian-speaking cybercrime, revealing their contributions, challenges, and evolving dynamics amid geopolitical tensions, highlighting both historical and contemporary insights. https://www.sans.org/blog/women-in-russian-speaking-cybercrime-mythical-creatures-or-significant-members-of-underground
🎶 Spotify abused to promote pirated software and game cheats cybercrime – Threat actors are exploiting Spotify playlists and podcasts to promote pirated software and game cheats, leveraging Spotify's SEO benefits to drive traffic to malicious sites. https://www.bleepingcomputer.com/news/security/spotify-abused-to-promote-pirated-software-and-game-cheats/
🦠 Facebook Malvertising Campaign Spreads Malware via Fake Bitwarden malware – A malvertising campaign on Facebook disguised as Bitwarden updates spreads malware through fake ads, tricking users into installing malicious Chrome extensions that exploit business accounts. https://hackread.com/facebook-malvertising-malware-via-fake-bitwarden/
⚠️ Really Simple Security plugin flaw impacts 4M+ WordPress sites vulnerability – A critical vulnerability (CVE-2024-10924) in the Really Simple Security plugin affects over 4 million WordPress sites, allowing attackers to bypass authentication and gain full admin access. A fix has been released. https://securityaffairs.com/171100/hacking/really-simple-security-plugin-flaw-affects-4m-sites.html
💻 Ransomware gang Akira leaks unprecedented number of victims’ data in one day cybercrime – The Akira ransomware gang leaked a record 35 victims' data in one day, showcasing their aggressive tactics. This marks a significant surge in their operations since emerging in 2023. https://therecord.media/akira-ransomware-group-publishes-unprecedented-leak-data
🚨 Alleged Russian Phobos ransomware administrator extradited to U.S., in custody cybercrime – Evgenii Ptitsyn, a Russian alleged Phobos ransomware administrator, has been extradited to the U.S. after extorting over $16 million from more than 1,000 victims worldwide, facing multiple charges. https://cyberscoop.com/alleged-russian-phobos-ransomware-administrator-extradited-to-u-s-in-custody/
🛒 Scammer Black Friday offers: Online shopping threats and dark web sales security news – Kaspersky's report highlights the surge in online shopping-related cyber threats, including phishing attacks, fake mobile apps, and banking trojans, emphasizing the risks during Black Friday and the role of the dark web in selling stolen data. https://securelist.com/black-friday-report-2024/114589/
🔒 Microsoft beefs up Windows security with new recovery and patching features security news – In response to the CrowdStrike outage, Microsoft announced enhancements to Windows security, including Quick Machine Recovery, kernel mode changes for antivirus, and Administrator Protection for user permissions, aimed at improving system resilience and recovery. https://techcrunch.com/2024/11/19/microsoft-beefs-up-windows-security/
⚖️ German court says victims of massive Facebook data breach can be compensated data breach – A German court ruled that victims of the 2021 Facebook data breach can claim €100 ($105) in compensation, acknowledging non-material damage due to loss of control over personal data, despite no financial loss evidence. https://therecord.media/german-court-says-victims-facebook-breach-compensation
🌍 Niantic uses Pokémon Go player data to build AI navigation system security news – Niantic is developing a 'Large Geospatial Model' for AI navigation, using visual scans from Pokémon Go and Scaniverse players, leveraging over 10 million scanned locations worldwide to enhance augmented reality applications. https://arstechnica.com/ai/2024/11/niantic-uses-pokemon-go-player-data-to-build-ai-navigation-system/
📍 Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany security news – A report reveals that a data broker is selling detailed location data of US military and intelligence personnel in Germany, raising national security concerns as this information can be exploited for espionage and other malicious activities. https://www.wired.com/story/phone-data-us-soldiers-spies-nuclear-germany/
📺 Unsecured JupyterLab and Jupyter Notebooks servers abused for illegal streaming of Sports events security research – Threat actors exploit misconfigured JupyterLab and Jupyter Notebook servers to hijack environments for illegal sports streaming, using tools like ffmpeg to capture and redistribute broadcasts, posing significant risks to organizations. https://securityaffairs.com/171193/cyber-crime/misconfigured-jupyterlab-and-jupyter-notebooks-illegal-live-sports-streaming.html
📱 Malicious QR Codes: How big of a problem is it, really? security news – Malicious QR codes exploit weaknesses in anti-spam filters, with around 60% of emails containing QR codes being spam. Security experts recommend caution when scanning QR codes, as they can lead to phishing or malware sites. https://blog.talosintelligence.com/malicious_qr_codes/
🚸 UK says a new law banning social media for under-16s is 'on the table' security news – The UK government is considering a ban on social media for under-16s to protect children's wellbeing, with a new study announced to assess social media's impact. The proposal aligns with the upcoming Online Safety Act aimed at enhancing online safety for children. https://therecord.media/britain-social-media-ban-children-proposal
🏥 750,000 Patients' Medical Records Exposed After Data Breach at French data breach – A cyber attack on a French hospital exposed the medical records of over 750,000 patients, with the hacker claiming access to data from multiple healthcare facilities. The breach was linked to stolen login credentials for the Mediboard system. https://www.tripwire.com/state-of-security/750000-patients-medical-records-exposed-after-data-breach-french-hospital
💰 DeliveryHero subsidiary fined \$5.2 million for tracking drivers’ geolocation privacy – Italy's data privacy regulator fined Foodinho S.r.l. €5 million ($5.2 million) for illegally tracking drivers' geolocation, including outside working hours, and sharing data with third parties without consent. The company is also prohibited from using biometric data for identity verification. https://therecord.media/deliveryhero-subsidiary-fined-5-million-geolocation-data
🐖 Meta cracks down on millions of accounts it tied to pig-butchering scams security news – Meta has removed millions of accounts linked to pig-butchering scams, a fraudulent scheme costing victims billions. The crackdown aims to protect users from organized crime. https://cyberscoop.com/meta-cracks-down-on-millions-of-accounts-it-tied-to-pig-butchering-scams/
🎉 Hackers break into Andrew Tate’s online ‘university,’ steal user data and flood chats with emojis data breach – Hackers accessed data of nearly 800,000 users from Andrew Tate's online course, leaking emails and private chats while disrupting chats. https://techcrunch.com/2024/11/21/hackers-break-into-andrew-tates-online-university-steal-user-data-and-flood-chats-with-emojis/
Some More, For the Curious
🔓 BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA security research – BrazenBamboo exploits a zero-day vulnerability in FortiClient to extract user VPN credentials using their DEEPDATA malware, highlighting the ongoing threat of credential theft. https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/
🔒 What To Use Instead of PGP security research – The article argues against using PGP for secure communications, recommending better alternatives like Sigstore, SSH signatures, Magic Wormhole, and Signal for various use cases, emphasizing modern tools over outdated methods. https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/
🛡️ Inside the Threat: A Behind-the-Scenes Look at Stopping an Active Intrusion cyber defense – This article details a proactive investigation into an active intrusion, showcasing how early detection, vigilant employees, and layered security measures thwarted a potentially devastating ransomware attack. https://sec-consult.com/blog/detail/inside-the-threat-a-behind-the-scenes-look-at-stopping-an-active-intrusion/
📝 Azure Detection Engineering: Log idiosyncrasies you should know about cyber defense – This article discusses various inconsistencies and intricacies in Azure logs, including schema, IP addresses, user-agent fields, and UUID formatting, offering insights for better monitoring and detection in Azure environments. https://tracebit.com/blog/azure-detection-engineering-log-idiosyncrasies-you-should-know-about
🔍 CVE-2024-10524 Wget Zero Day Vulnerability vulnerability – A zero-day vulnerability (CVE-2024-10524) in Wget allows attackers to exploit shorthand HTTP URLs, potentially leading to phishing, SSRF, and MiTM attacks. A patch has been released in version 1.25.0. https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/
⚠️ Critical 9.8-rated VMware vCenter RCE bug under exploit security news – Two VMware vCenter vulnerabilities, CVE-2024-38812 and CVE-2024-38813, have been confirmed exploited in the wild, including a critical RCE flaw rated 9.8. Urgent fixes are required. https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/
🎈 Microsoft announces its own Black Hat-like hacking event with big rewards for AI security security news – Microsoft is launching Zero Day Quest, a major hacking event aimed at discovering cloud and AI security flaws, offering $4 million in rewards. The event emphasizes collaboration with security researchers and aims to enhance industry-wide security practices. https://www.theverge.com/2024/11/19/24299999/microsoft-zero-day-quest-hacking-event-ai-cloud-security
🩶 Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock privacy – Leaked documents reveal that Graykey, a law enforcement tool for unlocking phones, can only access partial data from modern iPhones running iOS 18 and iOS 18.0.1, highlighting the ongoing battle between forensics tools and phone security. https://www.404media.co/leaked-documents-show-what-phones-secretive-tech-graykey-can-unlock-2/
🛠️ Botnet serving as ‘backbone’ of malicious proxy network taken offline security research – The ngioweb botnet, a key player in malicious proxy services, has been dismantled by security experts. This botnet, primarily composed of compromised IoT devices and routers, facilitated various cybercrimes, including DDoS attacks and credential stuffing. https://cyberscoop.com/proxy-services-cybercrime-ngioweb-botnet-nsocks/
🔒 Fintech giant Finastra confirms it's investigating a data breach data breach – Finastra is investigating a data breach involving its internal Secure File Transfer Platform after a hacker claimed to sell 400GB of stolen data from the company’s banking clients. Initial evidence suggests compromised credentials. https://techcrunch.com/2024/11/20/fintech-giant-finastra-confirms-its-investigating-a-data-breach/
🖇️ D-Link says replace vulnerable routers or risk pwnage vulnerability – D-Link has advised users of older VPN router models to replace them due to a serious unauthenticated remote code execution vulnerability. The company will not issue patches for affected devices, which have reached end of life, and is offering a discount on a new model. https://www.theregister.com/2024/11/20/dlink_rip_replace_router/
🔒 A new ‘ultra-secure’ phone carrier says it can make you harder to track security news – Cape, a new privacy-focused phone carrier, aims to protect users' data by minimizing personal information collection and offering a pre-configured Android phone with enhanced security features, targeting high-risk individuals. https://www.theverge.com/2024/11/21/24302416/cape-ultra-secure-phone-data-collection-tracking
🎛️ Finding Access Control Vulnerabilities with Autorize cyber defense – This article discusses how to identify access control vulnerabilities using Autorize, focusing on vertical and horizontal access control issues in web applications, and highlights the importance of proper session management and user permissions. https://www.blackhillsinfosec.com/finding-access-control-vulnerabilities-with-autorize/
🏘️ Spies hack Wi-Fi networks in far-off land to launch attack on target next door security research – Russian hackers linked to Fancy Bear executed a 'Nearest Neighbor Attack' by compromising a nearby Wi-Fi-enabled device to access a high-value target's network, exploiting credential weaknesses without needing physical proximity. https://arstechnica.com/security/2024/11/spies-hack-wi-fi-networks-in-far-off-land-to-launch-attack-on-target-next-door/
😱 'Alarming' security bugs lay low in Linux's needrestart utility for 10 years vulnerability – Five critical vulnerabilities in the needrestart utility allow local attackers to gain root access, posing severe risks to system security. Immediate updates are urged. https://www.theregister.com/2024/11/21/qualys_needrestart_linux_vulnerabilities/
CISA Corner
🔍 Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization security research – CISA conducted a red team assessment revealing critical vulnerabilities in a US critical infrastructure organization, highlighting issues with insufficient technical controls, lack of staff training, and ineffective monitoring that allowed attackers to exploit systems. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a
⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, including command injection and authentication bypass flaws in Kemp LoadMaster and Palo Alto Networks PAN-OS, urging users to review related security bulletins. https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has added two vulnerabilities, CVE-2024-38812 and CVE-2024-38813, related to VMware vCenter Server, to its Known Exploited Vulnerabilities Catalog, highlighting significant risks for federal agencies and the need for prompt remediation. https://www.cisa.gov/news-events/alerts/2024/11/20/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog, including code execution and XSS vulnerabilities in Apple products and an incorrect authorization flaw in Oracle PLM, highlighting significant risks for federal agencies. https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-adds-three-known-exploited-vulnerabilities-catalog
⚙️ CISA Releases One Industrial Control Systems Advisory vulnerability – CISA issued an advisory (ICSA-24-324-01) on November 19, 2024, regarding vulnerabilities in Mitsubishi Electric's MELSEC iQ-F Series. Users are urged to review the advisory for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/11/19/cisa-releases-one-industrial-control-systems-advisory ⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA has released seven advisories on November 21, 2024, addressing security issues and vulnerabilities in various Industrial Control Systems, including products from Automated Logic and Schneider Electric. https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-releases-seven-industrial-control-systems-advisories
🔒 Apple Releases Security Updates for Multiple Products security news – Apple has released security updates to fix vulnerabilities in various products, warning that cyber threat actors could exploit these flaws to gain control of affected systems. Users are urged to apply the updates. https://www.cisa.gov/news-events/alerts/2024/11/20/apple-releases-security-updates-multiple-products
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.