cyberlights – week 49/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🤖 How threat actors can use generative artificial intelligence? cybercrime – Generative AI is increasingly exploited by cybercriminals for phishing, deepfakes, and disinformation campaigns, posing significant risks in cybersecurity. https://securityaffairs.com/171582/uncategorized/how-threat-actors-can-use-generative-artificial-intelligence.html
🔍 Are You Being Tracked by an AirTag? Here’s How to Check privacy – To check for unwanted AirTag tracking, iPhone users should enable notifications and scan for unknown devices, while Android users can use the Tracker Detect app. If found, remove the battery and contact authorities if necessary. https://www.wired.com/story/how-to-find-airtags/
🪧 Indian online ID verification firm Signzy confirms security incident data breach – Signzy, a major online ID verification provider, confirmed a cyberattack impacting its services for financial institutions. Although some client data was briefly visible online, many customers report no data compromise. https://techcrunch.com/2024/12/02/indian-online-id-verification-firm-signzy-confirms-security-incident/
📳 Small number of vulnerabilities patched in last Android security update of 2024 security news – Google's December 2024 Android Security Bulletin addresses several vulnerabilities, including a high-severity flaw (CVE-2024-43767) allowing remote code execution. Patches are provided to partners for various Android components. https://cyberscoop.com/android-security-update-december-2024/
🚫 Certain names make ChatGPT grind to a halt, and we know why security research – ChatGPT encounters issues when certain names are mentioned due to hard-coded filters, likely stemming from past defamation lawsuits. This can hinder user experience and raise concerns about adversarial attacks. https://arstechnica.com/information-technology/2024/12/certain-names-make-chatgpt-grind-to-a-halt-and-we-know-why/
👯 Apple patents system for identifying people when facial scans aren’t enough privacy – Apple's newly approved patent describes a system that enhances facial recognition with body characteristics like gait and clothing to identify individuals even in unclear video feeds. https://therecord.media/apple-patent-body-recognition-biometrics
💼 Xerox, Nokia, BofA, Morgan Stanley's employees data dumped data breach – A massive data breach linked to the MOVEit vulnerability has exposed personal data of hundreds of thousands of employees from companies like Xerox, Nokia, Bank of America, and Morgan Stanley, posing risks for social engineering attacks. https://www.theregister.com/2024/12/03/760k_xerox_nokia_bofa_morgan/
🛑 Data brokers may be banned from selling your social security number privacy – The CFPB proposes a rule to limit data brokers from selling sensitive personal information, including Social Security numbers, requiring compliance with the Fair Credit Reporting Act and explicit consumer consent for data sharing. https://www.theverge.com/2024/12/3/24311498/cfpb-rule-data-brokers-social-security-number-fico-score
⬆️ North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets cybercrime – North Korean hackers are using false identities to pose as remote IT workers and venture capitalists to steal cryptocurrency and sensitive information, employing sophisticated tactics to infiltrate unsuspecting companies. https://www.bitdefender.com/en-us/blog/hotforsecurity/north-korean-hackers-masquerade-as-remote-it-workers-and-venture-capitalists-to-steal-crypto-and-secrets
🔗 Why Phishers Love New TLDs Like .shop, .top and .xyz cybercrime – Phishing attacks surged nearly 40% due to new generic top-level domains (gTLDs) like .shop and .xyz, which offer cheap registration and minimal verification, making them attractive to scammers. New research highlights the need for stricter regulations. https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/
📊 Your Bluesky Posts Are Probably In A Bunch of Datasets Now privacy – Bluesky posts are being scraped into large datasets for machine learning, sparking controversy over consent and privacy. Multiple datasets, including one with 298 million posts, have emerged, raising ethical and legal concerns. https://www.404media.co/bluesky-posts-machine-learning-ai-datasets-hugging-face/
🚗 ‘A Total Meltdown’: Black Friday Zipcar Outage Strands Customers in Random Places security news – A Zipcar outage on Black Friday stranded customers nationwide, locking them out of rented cars and leading to surprise charges. The company attributed the issue to increased site traffic and SMS service problems. https://www.404media.co/a-total-meltdown-black-friday-zipcar-outage-strands-customers-in-random-places/
🌐 Finland says latest fiber-optic cable break was an accident, not sabotage security news – Finland's police confirmed that the recent damage to two fiber-optic cables was accidental, caused by excavation work, not sabotage. The incident led to a major internet outage affecting 6,000 customers and 100 businesses. https://therecord.media/finland-sweden-cable-accident-not-malicious
🚫 Two data brokers banned from selling ‘sensitive’ location data by the FTC privacy – The FTC has banned Gravy Analytics and Mobilewalla from selling sensitive location data, citing violations that put millions of Americans at risk by enabling tracking to sensitive sites. The companies must comply with strict data handling regulations. https://www.theverge.com/2024/12/3/24312313/ftc-bans-sensitive-location-data-brokers-gravy-analytics-venntel-mobilewalla
💬 Eurocops red pill the Matrix 'secure' criminal chat systems cybercrime – French and Dutch police have dismantled the Matrix chat app, a secure messaging tool for criminals, after infiltrating its servers. The operation yielded 2.3 million messages related to criminal activities and resulted in multiple arrests. https://www.theregister.com/2024/12/04/eurocop_crack_matrix/
💻 Tech Support Scams Exploit Google Ads to Target Users cybercrime – Cybercriminals are using Google Ads for tech support scams, manipulating search results to display malicious ads impersonating legitimate companies like PayPal and Netflix. https://www.tripwire.com/state-of-security/tech-support-scams-exploit-google-ads-target-users
🗳️ AI and the 2024 Elections security news – In the unprecedented 2024 elections, AI played a significant role, with both beneficial and harmful applications observed. While AI-assisted campaigns helped connect with voters, misinformation and deepfakes raised concerns about electoral integrity. https://www.schneier.com/blog/archives/2024/12/ai-and-the-2024-elections.html
🔒 U.S. Offered $10M for Hacker Just Arrested by Russia cybercrime – Mikhail Matveev, known as 'Wazawaka,' was arrested by Russian authorities after being indicted by the U.S. for ransomware activities. The arrest raises questions about motivations behind the move, with experts suggesting it could be linked to local corruption and financial pressures. https://krebsonsecurity.com/2024/12/u-s-offered-10m-for-hacker-just-arrested-by-russia/
🎭 Deepfake YouTube Ads of Celebrities Promise to Get You ‘Rock Hard’ security news – YouTube ran ads featuring deepfaked celebrities like Schwarzenegger and Stallone promoting erectile dysfunction supplements. These misleading ads, using AI-generated voices, have been removed after being flagged for false endorsements. https://www.404media.co/deepfake-youtube-ads-of-celebrities-promise-to-get-you-rock-hard/
🚔 Authorities shut down Crimenetwork, the Germany's largest crime marketplace cybercrime – German authorities have dismantled Crimenetwork, the largest German-speaking underground marketplace for illegal goods, arresting an administrator and seizing €1 million in assets. The platform facilitated extensive criminal activities since 2012. https://securityaffairs.com/171658/cyber-crime/german-authorities-shut-down-crimenetwork.html
🫥 US officials recommend encrypted messaging to evade hackers in telecom networks security news – FBI and CISA officials advise Americans to use encrypted messaging apps to protect communications from hackers linked to the Chinese group Salt Typhoon, who may still access U.S. telecom networks. https://www.theverge.com/2024/12/4/24313187/encrypted-apps-salt-typhoon-hack-telecom-fbi-cisa
🔍 $1 phone scanner finds seven Pegasus spyware infections privacy – iVerify's $1 diagnostic tool detected seven instances of Pegasus spyware among 2,500 scans, indicating a broader scope of spyware use beyond just targeting activists. The findings challenge the narrative that commercial spyware is only used against a select few. https://arstechnica.com/security/2024/12/1-phone-scanner-finds-seven-pegasus-spyware-infections/
🔑 Your AI clone could target your family, but there’s a simple defense security news – The FBI advises families to establish a secret word or phrase to verify identity and protect against AI voice-cloning scams, as criminals increasingly use AI to impersonate loved ones for fraud. https://arstechnica.com/ai/2024/12/your-ai-clone-could-target-your-family-but-theres-a-simple-defense/
Some More, For the Curious
🤦♂️ New era of slop security reports for open source security news – An increase in low-quality security reports from AI tools burdens open source maintainers, leading to burnout and confusion. Better reporting practices are needed to protect valuable contributors. https://sethmlarson.dev/slop-security-reports
💰 Supply Chain Attack Detected in Solana's web3.js Library security research – Versions 1.95.6 and 1.95.7 of the @solana/web3.js library were compromised to steal private keys, risking users' cryptocurrency wallets. Developers are urged to audit and secure their projects immediately. https://socket.dev/blog/supply-chain-attack-solana-web3-js-library
🥚 The Curious Case of an Egg-Cellent Resume security research – A campaign by TA4557/FIN6 exploited resumes to install malware and access servers. The attack involved multiple tactics, including credential theft and lateral movement, using various malicious tools. https://thedfirreport.com/2024/12/02/the-curious-case-of-an-egg-cellent-resume/
🥴 Exploit Intelligence this is part of a post series. take a look at the others! 😉 cyber defense – The article discusses the significance of exploit intelligence in cybersecurity, highlighting the need for organizations to stay informed about vulnerabilities and emerging threats to enhance their defense strategies. https://vulncheck.com/blog/exploit-intelligence
🃏 ICS Hard Knocks: Mitigations to Scenarios Found in ICS/OT Backdoors & Breaches cyber defense – This article outlines essential strategies for securing Industrial Control Systems against cyber threats found in their card game, emphasizing isolation and comprehensive security practices to mitigate risks. https://www.blackhillsinfosec.com/mitigations-to-scenarios-found-in-ics-ot-backdoors-and-breaches/
🌉 Tor Project needs 200 WebTunnel bridges more to bypass Russia' censorship privacy – The Tor Project aims to deploy 200 new WebTunnel bridges by year-end to combat increasing censorship in Russia, where government actions have made existing bridges less accessible. https://securityaffairs.com/171601/digital-id/tor-project-needs-200-webtunnel-bridges.html
🛡️ Building Cyber Resilience Against Ransomware Attacks cyber defense – Ransomware attacks are on the rise, costing organizations an average of $5.24 million. This article outlines a framework for building resilience against ransomware, emphasizing the need for effective response, sustainability, and recovery strategies. https://blog.nviso.eu/2024/12/03/building-cyber-resilience-against-ransomware-attacks/
🔌 Zero Day Initiative — Detailing the Attack Surfaces of the WolfBox E40 EV Charger hacking write-up – The WolfBox E40 EV charger has been analyzed for potential vulnerabilities, revealing attack surfaces via its mobile app and hardware components. The firmware extraction process highlights risks associated with its communications module and embedded OS. https://www.thezdi.com/blog/2024/12/2/detailing-the-attack-surfaces-of-the-wolfbox-e40-ev-charger
📊 Linux Foundation report highlights the true state of open source libraries in production apps security news – The Linux Foundation's Census III report reveals insights on open source libraries in production, emphasizing the rise of Rust for memory safety and ongoing reliance on Python 2, which raises security risks. https://techcrunch.com/2024/12/04/linux-foundation-report-highlights-the-true-state-of-open-source-libraries-in-production-apps/
🔧 Veeam addressed critical Service Provider Console (VSPC) bug vulnerability – Veeam fixed a critical vulnerability (CVE-2024-42448) in its Service Provider Console that could allow remote code execution. Organizations are urged to upgrade to version 8.1.0.21999 to mitigate this and another related vulnerability. https://securityaffairs.com/171651/security/veeam-addressed-critical-service-provider-console-vspc-flaw.html
🏝️ (QR) Coding My Way Out of Here: C2 in Browser Isolation Environments cyber defense – Mandiant reveals a technique to bypass browser isolation using QR codes for command-and-control (C2) communication, highlighting vulnerabilities in browser isolation technologies while recommending continued use as a defense measure against web threats. https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/
🌶️ White House: Chinese telecom hacks have been in motion for years security news – A White House official revealed that the Salt Typhoon hack, linked to Chinese state-sponsored actors, has impacted eight U.S. telecom companies and has been ongoing for two years, posing risks to communications and requiring urgent cybersecurity measures. https://cyberscoop.com/salt-typhoon-national-security-council-chinese-spying/
🏁 RACE Conditions in Modern Web Applications security research – RACE conditions, where simultaneous processes lead to unpredictable outcomes, remain a security concern in web applications. Recent research highlights new methods to exploit these vulnerabilities, emphasizing the need for proactive mitigation strategies in application development. https://www.guidepointsecurity.com/blog/race-conditions-in-modern-web-applications/
🧫 Analyzing the vulnerability landscape in Q3 2024 security news – Q3 2024 saw an increase in vulnerabilities in Windows and Linux, with notable exploits affecting systems like WinRAR and Microsoft Office. Experts emphasize the importance of timely patching and monitoring to mitigate risks. https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/
CISA Corner
🔒 CISA and Partners Release Joint Guidance on PRC-Affiliated Threat Actor Compromising Networks of Global Telecommunications Providers security news – CISA, alongside the NSA, FBI, and international partners, issued guidance to enhance security following a cyber espionage campaign by a PRC-affiliated threat actor targeting global telecommunications networks. https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-and-partners-release-joint-guidance-prc-affiliated-threat-actor-compromising-networks-global
🔒 Cisco Releases Security Updates for NX-OS Software vulnerability – Cisco has issued security updates for NX-OS software to fix a vulnerability that could allow cybercriminals to gain control of affected systems. Users are advised to review the advisory and apply updates promptly. https://www.cisa.gov/news-events/alerts/2024/12/05/cisco-releases-security-updates-nx-os-software
⚙️ CISA Releases Eight Industrial Control Systems Advisories vulnerability – On December 3, 2024, CISA issued eight advisories addressing vulnerabilities in various Industrial Control Systems, urging users and administrators to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-releases-eight-industrial-control-systems-advisories ⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – On December 5, 2024, CISA issued two advisories addressing security vulnerabilities in Industrial Control Systems: AutomationDirect C-More EA9 Programming Software and Planet Technology Planet WGS-804HPT, urging users to review them for mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/12/05/cisa-releases-two-industrial-control-systems-advisories
⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, urging users to address these risks to federal networks. The vulnerabilities include CVE-2023-45727, CVE-2024-11680, and CVE-2024-11667. https://www.cisa.gov/news-events/alerts/2024/12/03/cisa-adds-three-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-51378, a vulnerability in CyberPanel related to incorrect default permissions, to its Known Exploited Vulnerabilities Catalog, highlighting the need for Federal agencies to remediate this risk promptly. https://www.cisa.gov/news-events/alerts/2024/12/04/cisa-adds-one-known-exploited-vulnerability-catalog
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.