cyberlights – week 50/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🛡️ Microsoft Recall screenshots credit cards and Social Security numbers, even with the “sensitive information” filter enabled privacy – Microsoft's Recall feature, designed to capture screenshots, fails to adequately filter sensitive information like credit card numbers and Social Security numbers, raising privacy concerns despite encryption efforts. https://www.tomshardware.com/software/windows/microsoft-recall-screenshots-credit-cards-and-social-security-numbers-even-with-the-sensitive-information-filter-enabled
🏡 OpenWrt supply chain attack scare prompts urgent upgrades vulnerability – OpenWrt users are urged to upgrade their firmware to mitigate a potential supply chain attack involving command injection and weak hash vulnerabilities that could allow attackers to serve malicious images. https://www.theregister.com/2024/12/09/openwrt_firmware_vulnerabilities/
🔒 WhatsApp patches View Once flaw exposing vanishing media security news – WhatsApp has fixed a vulnerability in its View Once feature, which allowed disappearing media to be accessed through web clients and rogue browser extensions, undermining user privacy. https://www.theregister.com/2024/12/10/whatsapp_view_once/
🛡️ EU cybersecurity rules for smart devices enter into force security news – The EU's Cyber Resilience Act has come into effect, imposing security obligations on manufacturers of connected devices, requiring them to provide updates and ensure compliance by December 2027. https://techcrunch.com/2024/12/10/eu-cybersecurity-rules-for-smart-devices-enter-into-force/
💰 3AM Ransomware: What You Need To Know malware – 3AM is a ransomware group that exfiltrates and encrypts data, using Rust for speed. Notably linked to LockBit, it threatens victims with data leaks unless a ransom is paid. https://www.tripwire.com/state-of-security/3am-ransomware-what-you-need-know
🚨 Location Data Firm Offers to Help Cops Track Targets via Doctor Visits privacy – Fog Data Science is proposing to assist police in tracking individuals by using location data linked to their doctors' offices, raising privacy concerns amidst increasing surveillance of healthcare visits. https://www.404media.co/location-data-firm-offers-to-help-cops-track-targets-via-doctor-visits/
💸 French internet operator fined $53 million for unsolicited ads and tracking users without consent privacy – France's CNIL fined Orange S.A. $53 million for sending unsolicited ads and tracking users without consent, violating data protection laws, despite the company claiming the practices were standard. https://therecord.media/french-internet-operator-fined-53-million-unsolicited-ads-tracking
🎄 Network security best practices for the holidays security news – As cyber threats rise during the holidays, ensure your network is secure by updating infrastructure, shutting down non-essential systems, and implementing multi-factor authentication to protect against attacks. https://news.sophos.com/en-us/2024/12/10/network-security-best-practices-for-the-holidays/
🔑 How easily access cards can be cloned and why your PACS might be vulnerable hacking write-up – Access cards can be easily cloned due to vulnerabilities in Physical Access Control Systems (PACS). Proper configuration and secure tokens are essential to protect against cloning threats. https://www.pentestpartners.com/security-blog/how-easily-access-cards-can-be-cloned-and-why-your-pacs-might-be-vulnerable/
👍 Patch Tuesday, December 2024 Edition security news – Microsoft patched at least 70 security vulnerabilities, including a zero-day exploit (CVE-2024-49138) in the Windows CLFS driver that allows attackers to gain system privileges. Users are urged to update systems. https://krebsonsecurity.com/2024/12/patch-tuesday-december-2024-edition/
💵 How Cryptocurrency Turns to Cash in Russian Banks – Krebs on Security cybercrime – Research reveals that a Canadian firm, Cryptomus, acts as a payment processor for Russian cryptocurrency exchanges, enabling cash conversion for cybercrime services and evasion of sanctions against Russia. https://krebsonsecurity.com/2024/12/how-cryptocurrency-turns-to-cash-in-russian-banks/
🚫 Mozilla removing Do Not Track option from Firefox 135 privacy – Mozilla will remove the Do Not Track feature from Firefox 135 due to its ineffectiveness, directing users to utilize the Global Privacy Control instead, which aims to enhance online privacy. https://www.theregister.com/2024/12/12/firefox_do_not_track/
🛑 27 DDoS-For-Hire Services Disrupted In Run-Up To Holiday Season cybercrime – Operation PowerOFF, involving law enforcement from 15 countries, has disrupted 27 DDoS-for-hire services ahead of the holiday season, arresting several individuals and aiming to deter cybercriminal activity. https://www.tripwire.com/state-of-security/27-ddos-hire-services-disrupted-run-holiday-season
🚙 Researchers find security flaws in Skoda cars that may let hackers remotely track them vulnerability – Security researchers identified 12 vulnerabilities in Skoda Superb III's infotainment system that could allow hackers to track vehicles and execute malicious code via Bluetooth without authentication. https://techcrunch.com/2024/12/12/researchers-find-security-flaws-in-skoda-cars-that-may-let-hackers-remotely-track-them/
🔝 The Top Ten List of Why You Got Hacked This Year (2023/2024) security news – An analysis of penetration testing findings reveals the top reasons for security breaches, including lack of firewall restrictions, weak protocols, outdated web applications, social engineering, and poor password policies. https://www.blackhillsinfosec.com/top-ten-list-of-why-you-got-hacked-this-year-2023-2024/
📦 Critical WordPress plugin vulnerability under active exploit threatens thousands vulnerability – A critical vulnerability (CVE-2024-11972) in the Hunk Companion WordPress plugin, affecting over 10,000 sites, is actively exploited for unauthenticated code execution, with only 12% of users having applied the patch. https://arstechnica.com/security/2024/12/thousands-of-sites-remain-unpatched-against-actively-exploited-wordpress-plugin-bug/
🪙 Cleo urges customers to ‘immediately’ apply new patch as researchers discover new malware vulnerability – Cleo has urged users to apply a new patch for a critical vulnerability in its file sharing products, following reports of ongoing exploitation and the discovery of a new malware family, Malichus. https://therecord.media/cleo-urges-customers-to-immediately-patch-systems-after-exploitation
💰 Game-like ‘task scams’ stole more than $220 million in six months cybercrime – The FTC warns about game-like online job scams that have stolen over $220 million in six months, accounting for 40% of scam reports this year. Victims are often tricked into paying scammers under false promises of income. https://www.theverge.com/2024/12/13/24320391/ftc-task-scams-spotlight-warning
🔑 The Simple Math Behind Public Key Cryptography security news – Public key cryptography uses a pair of keys—one public and one private—to secure communications, relying on mathematical trapdoor functions that are easy to compute one way but difficult to reverse, ensuring data security against unauthorized access. https://www.wired.com/story/how-public-key-cryptography-really-works-using-only-simple-math/
Some More, For the Curious
🔒 Mitigating NTLM Relay Attacks by Default cyber defense – Microsoft has enhanced security by enabling Extended Protection for Authentication (EPA) by default in Exchange Server and other services to combat NTLM relay attacks, protecting users' identities. https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/
⚠️ Cleo Harmony, VLTrader, and LexiCom – RCE via Arbitrary File Write (CVE-2024-50623) vulnerability – A zero-day exploit in Cleo's file transfer software allows attackers to execute remote code via arbitrary file write. Patched versions still vulnerable; urgent updates are needed. https://labs.watchtowr.com/cleo-cve-2024-50623/
💻 Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows malware – A new cross-platform malware named Meeten targets crypto users via AI-generated scams, stealing sensitive information from macOS and Windows systems through deceptive downloads. https://www.cadosecurity.com/blog/meeten-malware-threat
🎭 Malicious Maven Package Impersonating 'XZ for Java' Library ... security research – A malicious Maven package impersonating the legitimate XZ for Java library introduces a backdoor for remote command execution, posing significant risks to Java applications and supply chains. https://socket.dev/blog/malicious-maven-package-impersonating-xz-for-java-library
🚨 Stark gestiegenes Aufkommen an Microsoft Remote Desktop Protokoll (RDP) Scanning warning – A significant surge in Microsoft Remote Desktop Protocol (RDP) scanning has been observed, particularly targeting port 1098. It's advised to restrict RDP access to enhance security. https://www.cert.at/de/aktuelles/2024/12/stark-gestiegenes-aufkommen-an-microsoft-remote-desktop-protokoll-rdp-scanning
💥 AMD’s trusted execution environment blown wide open by new BadRAM attack vulnerability – Researchers revealed the BadRAM attack, which exploits vulnerabilities in AMD's Secure Encrypted Virtualization, allowing physical access to bypass protections and compromise sensitive data in virtual machines. https://arstechnica.com/information-technology/2024/12/new-badram-attack-neuters-security-assurances-in-amd-epyc-processors/
🔧 Ivanti fixed a maximum severity vulnerability in its CSA solution vulnerability – Ivanti addressed a critical authentication bypass vulnerability (CVE-2024-11639) in its Cloud Services Appliance, allowing remote attackers to gain administrative access. Additional SQL injection vulnerabilities were also fixed in version 5.0.3. https://securityaffairs.com/171850/breaking-news/ivanti-maximum-severity-flaw-csa-solution.html
📊 Latest round of MITRE ATT&CK evaluations put cybersecurity products through rigors of ransomware security news – MITRE's latest ATT&CK evaluations assessed 19 vendors against ransomware tactics, revealing disparities in detection rates and false positives. The inclusion of macOS threats highlighted evolving security challenges. https://cyberscoop.com/mitre-attack-evaluations-ransomware-macos/
👁️ Researchers uncover Chinese spyware used to target Android devices security research – Researchers at Lookout revealed EagleMsgSpy, a Chinese spyware tool used by law enforcement to collect extensive data from Android devices, including messages and location information, potentially posing risks to travelers. https://techcrunch.com/2024/12/11/researchers-uncover-chinese-spyware-used-to-target-android-devices/
🤞 The evolution and abuse of proxy networks cybercrime – Proxy networks have evolved from privacy tools like VPNs and TOR to being exploited by cybercriminals and state-sponsored actors for malicious activities, including DDoS attacks and espionage, posing challenges for defenders. https://blog.talosintelligence.com/the-evolution-and-abuse-of-proxy-networks/
🔍 Zero Day Initiative — SolarWinds Access Rights Manager: One Vulnerability to LPE Them All vulnerability – Research revealed multiple vulnerabilities in SolarWinds Access Rights Manager, including pre-auth arbitrary file deletion that could allow attackers to escalate privileges remotely on Windows machines, particularly if using a Domain Admin account. https://www.thezdi.com/blog/2024/12/11/solarwinds-access-rights-manager-one-vulnerability-to-lpe-them-all
🔒 Google says its breakthrough quantum chip can’t break modern cryptography security news – Google's Willow quantum chip, while powerful, is not capable of breaking modern cryptography. Experts estimate it will take millions of qubits and at least a decade to potentially crack RSA encryption. https://www.theverge.com/2024/12/12/24319879/google-willow-cant-break-rsa-cryptography
📊 Common Vulnerability Scoring System (CVSS) security news – The Common Vulnerability Scoring System (CVSS) is a standardized framework used to assess the severity of software vulnerabilities, providing a numerical score to help organizations prioritize their responses. https://vulncheck.com/blog/common-vulnerability-scoring-system
⛓️💥 Ultralytics Supply-Chain Attack security research – A supply-chain attack on the Ultralytics AI library led to a malicious version being published on PyPI, which downloaded a coinminer. Experts recommend improving security configurations for package publishers. https://www.schneier.com/blog/archives/2024/12/ultralytics-supply-chain-attack.html
🔍 XRefer: The Gemini-Assisted Binary Navigator security research – Mandiant introduces XRefer, a tool designed to assist malware analysts by providing cluster-based navigation and context-aware views for understanding complex binaries, enhancing efficiency in reverse engineering. https://cloud.google.com/blog/topics/threat-intelligence/xrefer-gemini-assisted-binary-navigator/
⛳ German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox malware – BSI has disrupted a botnet of 30,000 infected devices running BadBox malware, blocking communication and preventing further exploitation. Outdated Android versions are at risk. https://securityaffairs.com/171968/malware/bsi-sinkholed-badbox-botnet.html
CISA Corner
⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-49138, a heap-based buffer overflow vulnerability in Microsoft Windows CLFS Driver, to its Known Exploited Vulnerabilities Catalog due to active exploitation risks. https://www.cisa.gov/news-events/alerts/2024/12/10/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-50623, an unrestricted file upload vulnerability affecting Cleo products, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, highlighting significant risks for federal agencies. https://www.cisa.gov/news-events/alerts/2024/12/13/cisa-adds-one-known-exploited-vulnerability-catalog
🔒 Microsoft Releases December 2024 Security Updates security news – Microsoft has issued security updates for various products to fix vulnerabilities that could allow cyber attackers to take control of affected systems. Users are urged to apply the updates promptly. https://www.cisa.gov/news-events/alerts/2024/12/10/microsoft-releases-december-2024-security-updates 🔒 Ivanti Releases Security Updates for Multiple Products security news – Ivanti has issued security updates for several products, including Ivanti Cloud Service Application and Ivanti Connect Secure, urging users to review advisories and apply necessary updates. https://www.cisa.gov/news-events/alerts/2024/12/10/ivanti-releases-security-updates-multiple-products 🔒 Adobe Releases Security Updates for Multiple Products security news – Adobe has issued security updates for several products, including Acrobat and Illustrator, to fix vulnerabilities that could allow cyber attackers to take control of affected systems. https://www.cisa.gov/news-events/alerts/2024/12/10/adobe-releases-security-updates-multiple-products 🔒 Apple Releases Security Updates for Multiple Products security news – Apple has issued security updates for various products to fix vulnerabilities that could allow cyber attackers to take control of affected systems. Users are urged to review advisories and apply updates promptly. https://www.cisa.gov/news-events/alerts/2024/12/12/apple-releases-security-updates-multiple-products
⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA has issued seven advisories on ICS vulnerabilities, including products from MOBATIME, Schneider Electric, National Instruments, and Rockwell Automation, urging users to review for mitigations. https://www.cisa.gov/news-events/alerts/2024/12/10/cisa-releases-seven-industrial-control-systems-advisories ⚙️ CISA Releases Ten Industrial Control Systems Advisories vulnerability – CISA has published ten advisories addressing vulnerabilities in various Siemens Industrial Control Systems, urging users to review the advisories for technical details and necessary mitigations. https://www.cisa.gov/news-events/alerts/2024/12/12/cisa-releases-ten-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.