cyberlights – week 40/2024
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🐖 The Pig Butchering Invasion Has Begun cybercrime – Global pig butchering scams, rooted in Southeast Asia, exploit vulnerable populations and net billions. Operations are expanding worldwide, raising serious human trafficking and financial crime concerns. https://www.wired.com/story/pig-butchering-scam-invasion/
🔍 Remote ID verification tech is often biased and wrong security news – A GSA study reveals remote identity verification technologies are biased, with significant error rates affecting marginalized groups. The tech’s reliability raises concerns for government and user equity. https://www.theregister.com/2024/09/30/remote_identity_verification_biased/
📚 Massive E-Learning Platform Udemy Gave Teachers a Gen AI 'Opt-Out Window'. It's Already Over. privacy – Udemy's brief opt-out period for teachers to exclude their content from generative AI training has passed, sparking backlash over perceived intellectual property theft and biased communication. https://www.404media.co/massive-e-learning-platform-udemy-gave-teachers-a-gen-ai-opt-out-window-its-already-over/
🎯 North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence security news – North Korea's APT Kimsuky targeted German defense contractor Diehl Defence through a phishing campaign involving fake job offers, raising significant concerns due to the company's military manufacturing role. https://securityaffairs.com/169162/apt/kimsuky-apt-hit-diehl-defence.html
🫴 Paypal Opted You Into Sharing Data Without Your Knowledge privacy – PayPal has been criticized for automatically opting users into data sharing with third parties for personalized shopping, raising privacy concerns as users were unaware of this change. https://www.404media.co/paypal-personalized-shopping-opt-out/
📰 News agency AFP hit by cyberattack, client services impacted cybercrime – AFP confirmed a cyberattack affecting its IT systems and client services, prompting investigations with France’s cybersecurity agency. Global news coverage remains unaffected, but partners were warned about potential FTP credential compromises. https://securityaffairs.com/169175/hacking/news-agency-afp-hit-by-cyberattack-client-services-impacted.html
🚔 Multinational police effort hits sections of Lockbit ransomware operation security news – An international police effort led to arrests and seizures targeting the LockBit ransomware group, including a suspected developer in France and sanctions against affiliates linked to Evil Corp, amid ongoing efforts to disrupt cybercrime. https://cyberscoop.com/lockbit-arrests-ransomware-fbi-uk-nca-evil-corp/
🏥 UMC Health System diverted patients following a ransomware attack cybercrime – UMC Health System in Texas diverted patients after a ransomware attack caused a network outage. The hospital is investigating the breach and working to restore services while ensuring patient care. https://securityaffairs.com/169198/cyber-crime/umc-health-system-cyberattack.html
🕵️♀️ ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions security news – ICE has contracted Israeli spyware vendor Paragon Solutions for $2 million amid ongoing scrutiny of commercial spyware. The contract raises questions about ethical surveillance practices and human rights implications. https://www.wired.com/story/ice-paragon-solutions-contract/
📊 Thunderbird für Android: Telemetrie-Daten werden bereits beim Start erfasst privacy – Die Beta-Version von Thunderbird für Android überträgt Telemetriedaten ohne Einwilligung an Mozilla. Dies verstößt gegen Datenschutzgesetze und enttäuscht Nutzer, die eine Opt-In-Lösung erwarten. https://www.kuketz-blog.de/thunderbird-fuer-android-telemetrie-daten-werden-bereits-beim-start-erfasst/
🪩 A Network of AI ‘Nudify’ Sites Are a Front for Notorious Russian Hackers cybercrime – Fake AI ‘nudify’ sites are revealed to be fronts for Fin7, a Russian hacking group, designed to steal credentials. The sites lure users with the promise of generating nonconsensual content. https://www.404media.co/a-network-of-ai-nudify-sites-are-a-front-for-notorious-russian-hackers-2/
🔍 Telegram has disclosed criminal data to authorities for years, Durov says security news – Telegram's founder, Pavel Durov, clarified that the platform has long disclosed user data to law enforcement upon legal request, emphasizing recent updates to privacy policies do not signify a major shift in practices. https://therecord.media/telegram-disclosing-criminal-data-law-enforcement-durov-statement
💰 Men Stole Over $1 Million From DoorDash Delivery Drivers By Impersonating Them to Customer Service cybercrime – Two men impersonated DoorDash drivers to steal over $1 million by hijacking accounts and redirecting payments. They used stolen personal information to bypass security and change account details. https://www.404media.co/men-stole-over-1-million-from-doordash-delivery-drivers-by-impersonating-them-to-customer-service/
🔐 The feds still can’t get into Eric Adams’ phone security news – NYC Mayor Eric Adams forgot the new passcode to his phone after changing it, complicating federal investigators' efforts to access it amid ongoing fraud and bribery charges against him. https://www.theverge.com/2024/10/2/24260626/fbi-eric-adams-locked-phone-forgotten-changed-password
📸 License Plate Readers Are Creating a US-Wide Database of More Than Just Cars privacy – License plate readers in the US are compiling extensive databases that capture political affiliations and personal beliefs, raising concerns about privacy and surveillance as they collect data beyond just vehicle information. https://www.wired.com/story/license-plate-readers-political-signs-bumper-stickers/
🔒 DOJ, Microsoft seize 107 domains used in Russian attacks security news – The DOJ and Microsoft seized 107 domains linked to Russia's Callisto Group, disrupting a phishing campaign targeting US government agencies and other organizations, aimed at stealing sensitive information. https://www.theregister.com/2024/10/03/russian_phishing_domains_seized/
👮♀️ Dutch police breached by a state actor data breach – A state actor has been blamed for hacking into the Dutch police system, exposing contact details of officers. The investigation is ongoing, with security measures implemented to protect affected personnel. https://securityaffairs.com/169328/hacking/dutch-police-breached-by-state-actor.html
👓 Harvard duo modifies Meta glasses to grab strangers' info security news – Harvard students developed 'I-XRAY,' a system using Meta smart glasses to identify individuals and compile personal information from publicly available sources, highlighting privacy concerns in the AI era. https://www.theregister.com/2024/10/04/harvard_engineer_meta_smart_glasses/
💼 Crook made millions by breaking into execs’ Office365 inboxes, feds say cybercrime – UK national Robert B. Westbrook has been charged with a hack-to-trade scheme, illegally accessing Office365 accounts of US executives to steal financial reports, earning approximately $3.75 million from insider trading. https://arstechnica.com/security/2024/10/crook-made-millions-by-breaking-into-execs-office365-inboxes-feds-say/
🎥 Meta’s new “Movie Gen” AI system can deepfake video from a single photo security news – Meta's Movie Gen AI can create realistic videos from a single photo, generating deepfakes and personalized content. While it offers innovative editing and sound synthesis features, it raises significant ethical concerns. https://arstechnica.com/ai/2024/10/metas-new-movie-gen-ai-system-can-deepfake-video-from-a-single-photo/
🔒 Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs security news – Apple's iOS 18.0.1 and iPadOS 18.0.1 updates address two vulnerabilities that could expose audio snippets and passwords. The flaws were fixed with improved validation checks, with no known active exploits reported. https://securityaffairs.com/169381/mobile-2/apple-ios-18-0-1.html
🛬 Ryanair faces GDPR turbulence over customer ID checks security news – Ireland's Data Protection Commission is investigating Ryanair's ID verification process for customers booking through third-party sites, focusing on compliance with GDPR regarding the use of biometric data. https://www.theregister.com/2024/10/05/irish_dpc_ryanair_probe/
Some More, For the Curious
🎒 Danger is Still Lurking in the NVD Backlog security news – The National Vulnerability Database still has a significant backlog of over 18,000 vulnerabilities, with 72.4% unanalyzed. Progress has been made, but many critical vulnerabilities remain unassessed. https://vulncheck.com/blog/nvd-backlog-exploitation-lurking
🔒 More frequent disruption operations needed to dent ransomware gangs, officials say security news – Officials urge for increased frequency of disruption operations against ransomware gangs, as current efforts have proven insufficient. New strategies and international cooperation are essential to combat the rising threat. https://cyberscoop.com/counter-ransomware-initiative-summit-white-house-odni/
🛠️ capa Explorer Web: A Web-Based Tool for Program Capability Analysis security research – Mandiant introduces capa Explorer Web, a browser-based tool for visualizing program capabilities identified by the capa reverse engineering tool, enhancing analysis with interactive features and integration with VirusTotal. https://cloud.google.com/blog/topics/threat-intelligence/capa-explorer-web-program-capability-analysis/
🕵️♂️ Notorious Evil Corp Hackers Targeted NATO Allies for Russian Intelligence cybercrime – Evil Corp has been linked to Russian intelligence agencies and tasked with espionage against NATO allies. The group, known for its Dridex malware and ransomware operations, has extorted over $300 million. https://www.wired.com/story/evil-corp-lockbit-russian-intelligence/
🛡️ Level Up Your Security Skills with the New Microsoft Sentinel Ninja Training! security news – Microsoft Sentinel Ninja Training has been revamped with interactive modules, hands-on labs, and real-world scenarios to enhance skills in threat detection and incident response, integrating with Defender XDR for streamlined operations. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/level-up-your-security-skills-with-the-new-microsoft-sentinel/ba-p/4260106
🚨 Russian authorities arrest nearly 100 in raids tied to cybercriminal money laundering cybercrime – Russian authorities arrested nearly 100 individuals linked to the UAPS payment system and Cryptex exchanges in a money laundering investigation, handling over $1.2 billion in illicit funds for cybercriminals. https://cyberscoop.com/russian-cybercrime-raids-cryptex-uaps/
🔒 14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries vulnerability – Forescout identified 14 vulnerabilities in DrayTek routers, affecting over 704,000 devices globally. Two critical flaws could enable severe attacks, prompting urgent updates from DrayTek. https://securityaffairs.com/169267/security/draytek-routers-flaws-impacts-700000-devices.html
💻 Threat actor believed to be spreading new MedusaLocker variant since 2022 malware – Cisco Talos reports a financially motivated threat actor distributing a new MedusaLocker ransomware variant, 'BabyLockerKZ,' targeting organizations globally since 2022, with a shift from Europe to South America. https://blog.talosintelligence.com/threat-actor-believed-to-be-spreading-new-medusalocker-variant-since-2022/
📧 Weird Zimbra Vulnerability vulnerability – A Zimbra vulnerability allows hackers to execute remote commands via malformed emails. While exploitation is easy, large-scale infections are unlikely. Defenders should monitor for suspicious email patterns. https://www.schneier.com/blog/archives/2024/10/weird-zimbra-vulnerability.html
⚠️ The Silent Epidemic: Uncovering the Dangers of Alert Fatigue and How to Overcome It security news – Alert fatigue poses a significant threat to cybersecurity, overwhelming security teams and causing critical alerts to be overlooked. Organizations must adopt automation tools and education to mitigate these risks. https://www.cybereason.com/blog/the-silent-epidemic-uncovering-the-dangers-of-alert-fatigue-and-how-to-overcome-it
🛰️ Black Hills Information Security hacking write-up – The article discusses the history and future of satellite technology, highlighting vulnerabilities and notable attacks, including spoofing and jamming. It emphasizes the risks of cyberattacks on satellites and the need for robust security measures. https://www.blackhillsinfosec.com/satellite-hacking/
🐍 Thousands of Linux systems infected by stealthy malware since 2021 malware – A stealthy malware strain named Perfctl has infected thousands of Linux systems since 2021, exploiting over 20,000 misconfigurations and a critical vulnerability, allowing for cryptocurrency mining and unauthorized access. https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/
📊 Introducing the Use Cases Mapper workbook cyber defense – The Use Case Mapper Workbook aids organizations in optimizing Microsoft Sentinel by mapping common security use cases to the MITRE ATT&CK framework, identifying gaps in security solutions, and facilitating updates. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/introducing-the-use-cases-mapper-workbook/ba-p/4202058
CISA Corner
⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog warning – CISA has added four actively exploited vulnerabilities to its catalog, including critical command injection issues in routers and a deserialization flaw in SAP, posing serious risks to federal networks. https://www.cisa.gov/news-events/alerts/2024/09/30/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added an Ivanti Endpoint Manager SQL Injection vulnerability to its Known Exploited Vulnerabilities Catalog, highlighting risks that malicious actors pose to federal networks. https://www.cisa.gov/news-events/alerts/2024/10/02/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has included a new vulnerability, CVE-2024-45519, affecting Synacor Zimbra, in its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, posing risks to federal networks. https://www.cisa.gov/news-events/alerts/2024/10/03/cisa-adds-one-known-exploited-vulnerability-catalog
⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA issued two advisories on October 1, 2024, highlighting vulnerabilities in Optigo Networks and Mitsubishi Electric ICS. Users are urged to review the advisories for mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/01/cisa-releases-two-industrial-control-systems-advisories ⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA issued three advisories on October 3, 2024, addressing vulnerabilities in TEM Opera Plus, Subnet Solutions, and Delta Electronics ICS. Users are urged to review for security details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2024/10/03/cisa-releases-three-industrial-control-systems-advisories
🔐 ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations security news – The ASD’s ACSC, alongside CISA and international partners, released a guide outlining six principles for enhancing cybersecurity in operational technology environments to mitigate risks associated with business decisions. https://www.cisa.gov/news-events/alerts/2024/10/01/asds-acsc-cisa-fbi-nsa-and-international-partners-release-guidance-principles-ot-cybersecurity
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.