📰wrzlbrmpft's cyberlights💥

cyberlights – week 23/2024

June 9, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

Highlight

🔒 Sichere und datenschutzfreundliche Browser: Meine Empfehlungen – Teil 1 privacy – Detailed analysis of browser security and privacy features, recommendations for multiple browsers, focusing on anti-tracking and anti-fingerprinting measures. https://www.kuketz-blog.de/sichere-und-datenschutzfreundliche-browser-meine-empfehlungen-teil-1/

News For All

🐱‍💻 Germany's Christian Democratic party hit by 'serious' cyberattack cybercrime – Germany's CDU faces 'serious' cyberattack; takes IT systems offline. https://www.reuters.com/technology/cybersecurity/germanys-christian-democratic-party-hit-by-serious-cyberattack-2024-06-01/

📺 Fake Tom Cruise warns of violence at Paris Olympics in pro-Russian info op cybercrime – Pro-Russian groups spread fake violence threats for Paris Olympics. https://cyberscoop.com/russia-tom-cruise-ai-paris-olympics/

ℹ️ Experts found information of European politicians on dark web privacy https://securityaffairs.com/164036/deep-web/info-european-politicians-dark-web.html

💼 5 Reasons Why You Should Use a Password Manager security news – using a password manager is a wise move to secure data. https://www.techrepublic.com/article/5-reasons-why-you-should-use-a-password-manager/

⚕️ Rural hospitals are particularly vulnerable to ransomware, report finds security news – highly susceptible due to limited resources and critical access roles. https://cyberscoop.com/rural-hospital-ransomware-cyber/

👶 Microsoft accused of tracking kids with education software privacy – Noyb requests Austrian data protection authority to investigate Microsoft 365 Education for potential GDPR violations regarding transparency. https://www.theregister.com/2024/06/04/noyb_microsoft_complaint/

⚡ TikTok warns of exploit aimed at 'high-profile accounts' cybercrime – TikTok addresses account takeover campaign targeting high-profile users; malware spreads via direct messages. https://therecord.media/tiktok-exploit-high-profile-accounts

🤖 Zoom CEO envisions AI deepfakes attending meetings in your place security news – Zoom CEO envisions AI-powered digital twins to attend meetings on behalf of individuals. https://arstechnica.com/?p=2028754

🦦 Warning Against Phishing Emails Prompting Execution of Commands via Paste (CTRL+V) malware – Phishing emails distribute HTML files prompting users to run malicious PowerShell commands via pasting (CTRL+V), leading to the execution of the DarkGate malware. https://asec.ahnlab.com/en/66300/

🐡 Phishing for Gold: Cyber Threats Facing the 2024 Paris Olympics warning – Mandiant warns of elevated cyber threat risks facing the 2024 Paris Olympics, including cyber espionage, disruptive operations, and financially motivated activity. https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics/

📽️ Cisco addressed Webex flaws used to compromise German government meetings security news – vulnerabilities allowed unauthorized access to meeting information, including topics and participants. https://securityaffairs.com/164173/breaking-news/cisco-webex-flaws-german-government-meetings.html

🏳️‍🌈 Language app Duolingo removes LGBTQ+ content from Russian platforms security news – in compliance with Roskomnadzor's request, which labels LGBTQ+ advocates as 'extremists' in Russia. https://therecord.media/language-app-duolingo-lgbtq-removes

🎯 Hit by LockBit? The FBI is waiting to help you with over 7,000 decryption keys cybercrime – Victims are encouraged to contact the FBI for help in decrypting their data and to assist in ongoing cybercrime investigations. https://www.tripwire.com/state-of-security/hit-lockbit-fbi-waiting-help-you-over-7000-decryption-keys

🦆 DuckDuckGo offers “anonymous” access to AI chatbots through new service security news – enabling interaction with various language models from OpenAI, Anthropic, Meta, and Mistral, ensuring chats are anonymized and promptly deleted to uphold privacy. https://arstechnica.com/information-technology/2024/06/duckduckgo-offers-anonymous-access-to-ai-chatbots-through-new-service/

😤 AI jailbreaks: What they are and how they can be mitigated security research – AI jailbreaks are techniques that bypass guardrails in AI systems, leading to undesired outcomes; Microsoft outlines the risks, characteristics, and mitigation strategies for AI jailbreaks, emphasizing defense in depth and detection mechanisms to prevent unauthorized data access, content misuse, and system subversion. https://www.microsoft.com/en-us/security/blog/2024/06/04/ai-jailbreaks-what-they-are-and-how-they-can-be-mitigated/

Recall Corner 🥷 Malware can steal data collected by the Windows Recall tool security research – Researchers demonstrated accessing and extracting Recall-captured snapshots stored in an unencrypted database. https://securityaffairs.com/164181/digital-id/malware-steal-data-windows-recall-tool.html

🤷 Microsoft Research chief scientist has no issue with Recall security news – Jaime Teevan, chief scientist at Microsoft Research, dismissed concerns about Microsoft's Recall feature despite privacy and security risks raised by critics; Recall builds an archive of user screenshots and logs activities, stored locally. https://www.theregister.com/2024/06/06/microsoft_research_recall/

🙃 Update on the Recall preview feature for Copilot+ PCs security news – Microsoft provides an update on the Recall feature for Copilot+ PCs. https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/

🧻 Microsoft rolls back ‘dumbest cybersecurity move in a decade’ security news – Microsoft revises Recall feature after severe criticism over privacy concerns; changes include opt-in, biometric enrollment, and enhanced encryption amid backlash from security researchers over potential data exposure in screenshots of users' screens. https://cyberscoop.com/microsoft-rolls-back-dumbest-cybersecurity-move-in-a-decade/

Some More, For the Curious

🦠 PikaBot: a Guide to its Deep Secrets and Operations malware – Detailed analysis of PikaBot malware, including anti-analysis techniques and C2 infrastructure. https://blog.sekoia.io/pikabot-a-guide-to-its-deep-secrets-and-operations/

👆 Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools security research – Increase in ransomware activity observed in 2023, reliance on legitimate tools for attacks, escalation of extortion tactics, rise of new ransomware families, and common tactics observed. https://cloud.google.com/blog/topics/threat-intelligence/ransomware-attacks-surge-rely-on-public-legitimate-tools/

🙅 Snowflake says there’s no evidence attackers breached its platform to hack Ticketmaster security news – Snowflake denies responsibility for Ticketmaster and Santander breaches; joint statement with CrowdStrike and Mandiant supports claim. https://www.theverge.com/2024/6/3/24170876/snowflake-ticketmaster-santander-data-breach-details

🛋️ Most of the security teams’ work has nothing to do with chasing advanced adversaries security news – Security teams' day-to-day reality involves mundane tasks like communication, cross-functional collaboration, security evangelism, tooling management, and resource planning, contrary to the glamorous portrayal in movies and marketing. https://ventureinsecurity.net/p/most-of-the-security-teams-work-has

💐 Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab security news – sophisticated attack named Operation Triangulation targeted iPhones of Kaspersky employees and Russian diplomats. https://therecord.media/kaspersky-apple-bug-bounty-declined

💭 Shostack + Friends Blog > The Universal Cloud TM security research – Rich Mogull and Chris Farris released 'The Universal Cloud Threat Model' (UCTM), designed to update traditional threat modeling for public cloud operations. https://shostack.org/blog/universal-cloud-threat-model-threat-model-thurs/

👾 New York Times source code compromised via exposed GitHub token data breach – The New York Times' source code and data were leaked on 4chan by an anonymous user who targeted the company's GitHub repositories in January 2024 using an exposed GitHub token, with confirmation from The New York Times that the leaked data is legitimate. https://securityaffairs.com/164280/data-breach/new-york-times-source-code-leaked.html

🧑‍🌾 What is RansomHub? Looks like a Knight ransomware reboot malware – RansomHub likely Knight ransomware rebrand; exploits ZeroLogon vulnerability. https://www.theregister.com/2024/06/05/ransomhub_knight_reboot/

🚪 Microsoft shows venerable and vulnerable NTLM security protocol the door security news – Microsoft deprecates NTLM protocol, advises switch to Kerberos for security. https://www.theregister.com/2024/06/06/microsoft_deprecates_ntlm/

⚔️ Leveraging Escalation Attacks in Penetration Testing Environments – Part 1 security research – Exploring AD CS vulnerabilities and attacks in penetration testing. https://www.guidepointsecurity.com/blog/leveraging-escalation-attacks-in-penetration-testing-environments-part-1/

💸 Pandabuy was extorted twice by the same threat actor cybercrime – Pandabuy extorted twice by same threat actor after paying ransom. https://securityaffairs.com/164263/cyber-crime/pandabuy-extorted-again.html

🪲 Nasty bug with very simple exploit hits PHP just in time for the weekend vulnerability – Critical PHP vulnerability allows code execution on Windows; urgent action required. https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/

CISA Corner

📢 Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access security news – Snowflake warns of cyber threats targeting accounts, urges vigilance. https://www.cisa.gov/news-events/alerts/2024/06/03/snowflake-recommends-customers-take-steps-prevent-unauthorized-access

💣 CISA Adds One Known Exploited Vulnerability to Catalog vulnerability – CISA adds Oracle WebLogic Server vulnerability to exploited list. https://www.cisa.gov/news-events/alerts/2024/06/03/cisa-adds-one-known-exploited-vulnerability-catalog

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 22/2024

June 2, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

Highlight

⛳ CERT.at Sicherheitslücke in Check Point Network Security Gateways (Mobile Access) vulnerability – Security vulnerability in Check Point Network Security Gateways. https://www.cert.at/de/warnungen/2024/5/sicherheitslucke-in-check-point-network-security-gateways-mobile-access-fix-verfugbar

Operation Endgame ⚔️ Operation Endgame, the largest law enforcement operation ever against botnets security news – Operation Endgame, led by Europol and involving multiple countries, targeted various botnets like IcedID, SystemBC, and Pikabot used to facilitate malicious activities including ransomware deployment. https://securityaffairs.com/163876/cyber-crime/operation-endgame.html 🎯 ‘Operation Endgame’ Hits Malware Delivery Platforms – Krebs on Security security news – Operation Endgame targets malware droppers, disrupts infrastructure and arrests suspects in a coordinated international law enforcement effort. Europol seizes servers and domains, adding criminals to Most Wanted list. https://krebsonsecurity.com/2024/05/operation-endgame-hits-malware-delivery-platforms/ 🔚 Troy Hunt: Operation Endgame security news – Law enforcement agencies provide 16.5M email addresses and 13.5M unique passwords to Have I Been Pwned (HIBP) as part of Operation Endgame. The data, gathered from a botnet takedown, helps identify compromised credentials and inform impacted individuals to strengthen their online security practices. https://www.troyhunt.com/operation-endgame/

News For All

📰 Risky Biz News: Google distrusts GlobalTrust certs Austrian business!! security news – Google plans to stop trusting GlobalTrust TLS certificates, recent cyberattacks and threat intel highlights. https://news.risky.biz/risky-biz-news-google-throws-out-globaltrust-certs/

🛹 How scammers trick message board users cybercrime – Scammers target message board users in buyer and seller scams, using phishing links for financial theft. https://securelist.com/message-board-scam/112691/

🫦 WordPress Plugin abused to install e-skimmers in e-commerce sites malware – Threat actors abuse WordPress plugin to insert e-skimmers in e-commerce sites, stealing credit card data. https://securityaffairs.com/163777/malware/wordpress-plugin-insert-e-skimmer.html

🍘 Researchers crack 11-year-old password, recover $3 million in bitcoin security research – after failed attempts by others, Grand and a friend successfully recover the password. https://arstechnica.com/information-technology/2024/05/researchers-crack-11-year-old-password-recover-3-million-in-bitcoin/

🥅 Is Your Computer Part of ‘The Largest Botnet Ever?’ – Krebs on Security cybercrime – Alleged operator of 911 S5, a large botnet used to facilitate cybercrime, arrested. Service turned computers into proxies for traffic relay. Billions lost in online fraud. https://krebsonsecurity.com/2024/05/is-your-computer-part-of-the-largest-botnet-ever/

🧑‍💼 Three-day DDoS attack batters the Internet Archive security news – The Internet Archive has been targeted by a sustained DDoS attack affecting services like the online library and the Wayback Machine. However, the bigger threat comes from ongoing lawsuits by major US book publishing companies and record labels alleging copyright infringement and seeking significant damages, potentially endangering the non-profit archive's future. https://www.theregister.com/2024/05/29/ddos_internet_archive/

🐠 From Phish to Phish Phishing: How Email Scams Got Smart security news – Evolution of phishing scams from simple to AI-driven complex attacks. https://blog.checkpoint.com/security/from-phish-to-phish-phishing-how-email-scams-got-smart/

🤝 A list of cybersecurity-focused charities and nonprofits security news – A list of cybersecurity-focused charities and nonprofits aimed at helping individuals and organizations within the cybersecurity industry, advancing the field, and contributing to a better world. https://ventureinsecurity.net/p/a-list-of-cybersecurity-focused-charities

🥙 Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature warning – Observed suspicious activity starting on April 15. The attacks exploited the cross-origin authentication feature in Customer Identity Cloud (CIC), posing a risk of unauthorized access to user accounts. https://securityaffairs.com/163867/cyber-crime/okta-credential-stuffing-cross-origin-authentication.html

🦄 Phones of journalists and activists in Europe targeted with Pegasus security news – European journalists and activists targeted with Pegasus spyware, highlighting continued threat to press freedom. Recommendations for moratorium on spyware. EU faces criticism for lack of action on spyware issues. https://cyberscoop.com/spyware-europe-nso-pegasus/

🏛️ EU Parliament member suspected of being paid to promote Russian propaganda security news – Belgian and French police search properties of European Parliament employee suspected of receiving money from Russia to promote propaganda. Investigation involves promotion of Kremlin propaganda via Voice of Europe news website. https://therecord.media/eu-parliament-member-paid-propaganda

🧟 Stalkerware app pcTattletale announces it is 'out of business' after suffering data breach and website defacement security news – Leaked data included customer details and spyware victims' data. Lessons on cybersecurity importance and ethical usage of stalkerware highlighted. https://www.bitdefender.com/blog/hotforsecurity/stalkerware-app-pctattletale-announces-it-is-out-of-business-after-suffering-data-breach-and-website-defacement/

🎫 Massive Ticketmaster, Santander data breaches linked to Snowflake cloud storage data breach – Ticketmaster and Santander Bank data breaches, potentially affecting millions of users, traced back to attacks on Snowflake cloud storage. https://www.theverge.com/2024/5/31/24168984/ticketmaster-santander-data-breach-snowflake-cloud-storage

📺 Twitch ditches expert safety advisors for 'ambassador' team security news – Twitch reportedly disbands its Safety Advisory Council and plans to replace it with Twitch ambassadors. Twitch ambassadors are active users contributing positively to the community, but it is unclear if they are experts on online safety. https://www.theregister.com/2024/05/31/twitch_safety_advisory_council/

Some More, For the Curious

🎃 The Pumpkin Eclipse malware – 600,000 routers rendered inoperable by Chalubo RAT. https://blog.lumen.com/the-pumpkin-eclipse/

💣 DDoS-as-a-Service: The Rebirth Botnet cybercrime – RebirthLtd offers DDoS-as-a-Service targeting gamers for profit. https://sysdig.com/blog/ddos-as-a-service-the-rebirth-botnet/

👅 CVE-2024-22058 Ivanti Landesk LPE vulnerability – Exploit for Ivanti Landesk Local Privilege Escalation. https://mantodeasecurity.de/en/2024/05/cve-2024-22058-ivanti-landesk-lpe/

🔍 Check Point – Wrong Check Point (CVE-2024-24919) vulnerability – Check Point CloudGuard Network Security vulnerability exploited in the wild for arbitrary file read. https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

⛹️‍♂️ Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges vulnerability – Cisco Talos' team discovers vulnerabilities in Adobe Acrobat Reader, Foxit PDF Reader, PLC CPU modules, and an image-processing library; patches released for all vulnerabilities. https://blog.talosintelligence.com/vulnerability-roundup-may-29-2024/

🔙 NIST expects to clear backlog in vulnerabilities database by end of fiscal year security news – NIST has awarded a contract to address the backlogged vulnerabilities in the National Vulnerability Database; the backlog is due to increased submissions and changes in interagency support.. https://therecord.media/nist-nvd-backlog-clear-end-fiscal-2024

🦠 Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.) security research – A threat actor is distributing malware disguised as cracked versions of legitimate software like Hangul Word Processor, infecting many systems in South Korea. The attacker adds layers to the infection by registering to the Task Scheduler, enabling persistence. https://asec.ahnlab.com/en/66017/

🌐 Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices security news – The attacks, by nation-backed actors like 'CyberAv3ngers' and pro-Russian hacktivists, underscore the urgent need to enhance OT device security to prevent critical infrastructure from becoming vulnerable. https://www.microsoft.com/en-us/security/blog/2024/05/30/exposed-and-vulnerable-recent-attacks-highlight-critical-need-to-protect-internet-exposed-ot-devices/

🦑 LilacSquid APT targeted orgs in the U.S., Europe, and Asia security research – Uncovered APT group LilacSquid launches data theft campaigns since 2021. Their TTPs overlap with North Korea-linked APT groups. https://securityaffairs.com/163927/apt/lilacsquid-targeted-orgs-in-us-europe-asia.html

🪒 Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud vulnerability – A detailed account of an XML External Entity (XXE) injection vulnerability found in SharePoint that affects both on-prem and cloud instances. https://www.thezdi.com/blog/2024/5/29/cve-2024-30043-abusing-url-parsing-confusion-to-exploit-xxe-on-sharepoint-server-and-cloud

CISA Corner KEV – Checkpoint, Linux Kernel, JAVS, Google Chromium https://www.cisa.gov/news-events/alerts/2024/05/30/cisa-adds-two-known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/alerts/2024/05/29/cisa-adds-one-known-exploited-vulnerability-catalog https://www.cisa.gov/news-events/alerts/2024/05/28/cisa-adds-one-known-exploited-vulnerability-catalog Industrial Advisories https://www.cisa.gov/news-events/alerts/2024/05/30/cisa-releases-seven-industrial-control-systems-advisories https://www.cisa.gov/news-events/alerts/2024/05/28/cisa-releases-one-industrial-control-systems-advisory

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 21/2024

May 26, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, missing or in any other way off, please let me know!

Highlight

🧑‍✈️ Recall feature in Microsoft Copilot+ PCs raises privacy concerns privacy – Microsoft's Recall feature in Copilot+ PCs, raises privacy concerns and undergoes investigation by the UK data watchdog. Users may be able manage and delete snapshots, but potential risks to privacy and security remain. https://securityaffairs.com/163609/security/microsoft-recall-feature-copilot-pcs.html

🔍 New Windows AI feature records everything you’ve done on your PC privacy – Microsoft's Recall feature records user activities, raising privacy concerns. https://arstechnica.com/gadgets/2024/05/microsofts-new-recall-feature-will-record-everything-you-do-on-your-pc/

🐕‍🦺 Personal AI Assistants and Privacy – Schneier on Security privacy – Bruce Schneier explores the privacy concerns surrounding Microsoft's AI-powered digital assistant, Recall, highlighting the need for trustworthy AI to protect users' data and emphasizing transparency in the development of such systems. https://www.schneier.com/blog/archives/2024/05/personal-ai-assistants-and-privacy.html

News For All

🌪️ Privacy, human rights, and Tornado Cash privacy – Developer of Tornado Cash service sentenced in laundering case, igniting concerns over financial privacy, law enforcement intervention, and crypto misuse. Privacy rights clash with anti-money laundering laws, sparking debates over encryption and financial surveillance. https://www.citationneeded.news/tornado-cash/

🚔 Police caught circumventing city bans on face recognition privacy – Police bypassing facial recognition bans through neighboring agencies. https://www.theregister.com/2024/05/20/cops_circumvent_facial_recognition/

💰 HHS offering $50 million for proposals to improve hospital cybersecurity security news – HHS funds hospital cybersecurity tools to combat cyberattacks. https://therecord.media/hhs-offering-funding-cybersecurity-hospital

💧 EPA will step up inspections of water sector cybersecurity security news – EPA increasing water sector cybersecurity inspections due to rising threats. https://cyberscoop.com/epa-water-inspections-cyber-alert/

🌐 Fi Router Doubles as an Apple AirTag – Krebs on Security security research – Research finds Apple's Wi-Fi geolocation API used to track devices globally. https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/

🧬 Homeland Security has collected DNA data from 1.5 million immigrants in four years, researchers find privacy – DHS collected DNA from 1.5M immigrants for database, raising privacy concerns. https://therecord.media/homeland-security-collected-dna-millions-immigrants

🙅‍♂️ From trust to trickery: Brand impersonation over the email attack vector security research – Talos researchers uncover techniques used by threat actors to embed brand logos in emails for brand impersonation, with insights into detected cases. https://blog.talosintelligence.com/from-trust-to-trickery-brand-impersonation/

👀 A consumer-grade spyware app found in check-in systems of 3 US hotels security news – spyware app pcTattletale discovered on check-in systems of three Wyndham hotels, enabling unauthorized access to guest details and vulnerabilities, highlighting concerns over privacy and security. https://securityaffairs.com/163550/uncategorized/spyware-app-check-in-systems-3-wyndham-hotels.html

️🧑‍⚖️ Crooks plant backdoor in software used by courtrooms around the world security news https://arstechnica.com/security/2024/05/crooks-plant-backdoor-in-software-used-by-courtrooms-around-the-world/

👨‍👩‍👧‍👦 You can now share passwords within your Google family group security news – Google's newest Google Play services update allows family group members to securely share passwords saved in Google Password Manager. https://www.theverge.com/2024/5/23/24163560/google-password-manager-share-passwords-family-group

💳 Cyber Signals: Inside the growing risk of gift card fraud cybercrime – Microsoft observes rise in gift card fraud by group Storm-0539 targeting cloud environments for fraudulent gift card creation. https://www.microsoft.com/en-us/security/blog/2024/05/23/cyber-signals-inside-the-growing-risk-of-gift-card-fraud/

🤖 Google’s “AI Overview” can give false, misleading, and dangerous answers security news – sometimes humorous or misleading answers, especially when treating jokes as facts and relying on questionable sourcing like troll forums or fan fiction sites. https://arstechnica.com/information-technology/2024/05/googles-ai-overview-can-give-false-misleading-and-dangerous-answers/

Some More, For the Curious

🎒 KB4581: Veeam Backup Enterprise Manager Vulnerabilities (CVE vulnerability https://www.veeam.com/kb4581

📧 New 'Siren' mailing list aims to share threat intelligence for open source projects security news – Siren mailing list for open source threat intelligence sharing. https://therecord.media/openssf-siren-open-source-threat-intelligence-mailing-list

😮‍💨 Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign security research – pro-Russian influence campaign targets Western democracies. https://blog.sekoia.io/master-of-puppets-uncovering-the-doppelganger-pro-russian-influence-campaign/

🪀 Critical Fluent Bit bug affects all major cloud providers vulnerability – Critical vulnerability in Fluent Bit affects major cloud providers. https://www.theregister.com/2024/05/21/fluent_bit_flaw/

⏩ Beyond the Basics: Exploring Uncommon NTLM Relay Attack Techniques hacking write-up https://www.guidepointsecurity.com/blog/beyond-the-basics-exploring-uncommon-ntlm-relay-attack-techniques/

👨‍💻 GitHub Enterprise Server patches critical vulnerability vulnerability https://www.theregister.com/2024/05/22/github_enterprise_server_patch/

🏮 Crimeware report: Acrid, ScarletStealer and Sys01 stealers security research https://securelist.com/crimeware-report-stealers/112633/

🌀 5 Reasons Why Every Developer Should Incorporate Common Weakness Enumeration (CWE) into Their Software Development Life Cycle (SDLC) security research https://infosec-mashup.santolaria.net/p/5-reasons-why-every-developer-should

🔚 Critical SQL Injection flaws impact Ivanti Endpoint Manager (EPM) vulnerability – Ivanti addressed multiple critical SQL injection vulnerabilities in Endpoint Manager (EPM) 2022 SU5 and prior versions, allowing attackers within the network to execute code. https://securityaffairs.com/163587/security/ivanti-endpoint-manager-critical-sql-injection.html

⚔️ How ransomware abuses BitLocker security news – BitLocker repurposed for ransomware in incident response effort, using VBS script for unauthorized file encryption. https://securelist.com/ransomware-abuses-bitlocker/112643/

🕵️ Stark Industries Solutions: An Iron Hammer in the Cloud – Krebs on Security cybercrime – Stark Industries Solutions emerged before the Russian invasion of Ukraine and is behind massive DDoS attacks, used to conceal cyberattacks and disinformation campaigns. https://krebsonsecurity.com/2024/05/stark-industries-solutions-an-iron-hammer-in-the-cloud/

🥡 An XSS flaw in GitLab allows attackers to take over accounts vulnerability https://securityaffairs.com/163649/hacking/gitlab-xss-flaw.html

🛖 MITRE December 2023 attack: threat actors created rogue VMs to evade detection security news – MITRE Corporation reported a breach in their NERVE network caused by China-linked nation-state actors, who chained two Ivanti Connect Secure zero-day flaws. https://securityaffairs.com/163658/apt/mitre-december-2023-attack-rogue-vms.html more info https://mastodon.social/@campuscodi/112503791372484604

CISA Corner 👀 [...]remove connectivity on all [...] devices connected to the [...] internet https://www.cisa.gov/news-events/alerts/2024/05/21/rockwell-automation-encourages-customers-assess-and-secure-public-internet-exposed-assets Chromium again, NextGen Healthcare Mirth Connect https://www.cisa.gov/news-events/alerts/2024/05/20/cisa-adds-two-known-exploited-vulnerabilities-catalog Apache Flink https://www.cisa.gov/news-events/alerts/2024/05/23/cisa-adds-one-known-exploited-vulnerability-catalog

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 20/2024

May 19, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

⚠️ Not all scams are easy to spot warning – Scammers utilize coincidental timing and correct details to trick even smart individuals. https://www.emsisoft.com/en/blog/45650/not-all-scams-are-easy-to-spot/

🦮 Guidance for organisations considering payment in ransomware incidents cyber defense – Guidance for organizations on ransomware incidents, emphasizing alternatives to paying. https://www.ncsc.gov.uk/guidance/organisations-considering-payment-in-ransomware-incidents

🛡️ CISA and Partners Release Guidance for Civil Society Organizations on Mitigating Cyber Threats with Limited Resources security news – CISA, DHS, FBI, and international partners release cyber threat mitigation guidance for civil society organizations to combat state-sponsored threats. https://www.cisa.gov/news-events/alerts/2024/05/14/cisa-and-partners-release-guidance-civil-society-organizations-mitigating-cyber-threats-limited

🛤️ Google and Apple deliver support for unwanted tracking alerts in Android and iOS security news – Google and Apple collaborate on alerting users of unwanted tracking. https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html

🔒 Encrypted mail service still okay with giving PII to cops security news – ProtonMail under scrutiny for disclosing user data to police; US Patent and Trademark Office exposes private addresses online again; LockBit ransomware hits Wichita, Kansas, disrupting city services. https://www.theregister.com/2024/05/13/infosec_in_brief/

🔓 Europol confirms incident after data break-in claims security news – Europol investigates claims of stolen data from Europol Platform for Experts by cybercriminal IntelBroker. No compromise of core systems, but confidential data samples leaked. Incident raises concerns over security of sensitive EU and law enforcement data. https://www.theregister.com/2024/05/13/europol_data_breach/

💻 How Did Authorities Identify the Alleged Lockbit Boss? – Krebs on Security cybercrime – The U.S. DoJ charges Russian Dmitry Yuryevich Khoroshev as LockBit leader involved in extensive ransomware-related crimes, traced through forum usernames and domain registrations. Khoroshev's cyber activity predates notorious cybercrime forums, suggesting prior involvement in ransomware schemes. Indictment details financial strategy and offers insight into underground activities. https://krebsonsecurity.com/2024/05/how-did-authorities-identify-the-alleged-lockbit-boss/

🤖 Android is getting an AI-powered scam call detection feature security news – Google is developing an AI-powered scam call detection feature for Android, utilizing Gemini Nano to spot fraudulent language and warn users in real-time, aiming to prevent falling victim to phone scams. It will be an opt-in feature, ensuring privacy by running locally and offline. https://www.theverge.com/2024/5/14/24156212/google-android-ai-gemini-scam-call-detection-feature-io

🏙️ City of Helsinki suffered a data breach data breach – The City of Helsinki experienced a significant data breach that impacted students, guardians, and personnel, with threat actors gaining access to various personal and sensitive information. https://securityaffairs.com/163088/data-breach/city-of-helsinki-data-breach.html

🔨 Christie's takes website offline after cyberattack, delays live auction security news – Christie's auction house website taken offline due to a cyberattack, delaying a live auction; clients can still participate in auctions via different methods while the issue is resolved. Limited information was provided about the cyberattack. https://therecord.media/christies-website-down-auction-delayed-cyberattack

🔒 Threat actors may have exploited a zero security news – Apple releases urgent security updates addressing code execution vulnerabilities in iPhones, iPads, and macOS, including a memory corruption flaw in the Real-Time Kernel (RTKit) which may have been exploited as a zero-day. https://securityaffairs.com/163096/hacking/apple-iphones-zero-day-exploited.html

📱 Android will be able to detect if your phone has been snatched security news – Google introduces security features in Android 15 beta, including Theft Detection Lock to prevent unauthorized access if the phone is stolen, private spaces for hidden apps with unique PIN, and Play Protect updates for threat detection and app permissions monitoring. https://www.theverge.com/2024/5/15/24157068/android-15-ai-theft-detection-lock-privacy-security

🔍 EU probes Meta over its provisions for protecting children security news – European Commission probes Meta over potential breaches of Digital Services Act (DSA) related to protecting minors on Facebook and Instagram, examining issues such as addictive behavior, access to inappropriate content, and privacy measures. https://www.theregister.com/2024/05/16/eu_investigates_meta_over_its/

Some More, For the Curious

🕵️ In den Datenstrom eintauchen: Ein Werkzeugkasten für Analysten von Android-Apps security research https://www.kuketz-blog.de/in-den-datenstrom-eintauchen-ein-werkzeugkasten-fuer-analysten-von-android-apps/

🚫 Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule vulnerability – Injecting specific strings can shut down websites protected by WAF, causing Denial of Service. https://blog.sicuranext.com/response-filter-denial-of-service-a-new-way-to-shutdown-a-website/

🐟 Using MITM to bypass FIDO2 phishing security research – Research reveals potential vulnerabilities in FIDO2 authentication, highlighting the importance of implementing Token Binding for enhanced security. https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/

🌜 To the Moon and back(doors): Lunar landing in diplomatic missions security research – ESET Lunar toolset infiltrated European MFA using backdoors LunarWeb and LunarMail, attributed to Turla APT group. https://www.welivesecurity.com/en/eset-research/moon-backdoors-lunar-landing-diplomatic-missions/

🪵 Log4Shell shows no sign of fading, spotted in 30% of CVE exploits security news – survey reveals organizations still have insecure protocols on WAN, aiding lateral movement; Log4Shell exploit identified in 30% of outbound CVE exploits despite being three years old. https://www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols/

🔒 The xz apocalypse that almost was security news – A recap of the backdoor incident in the xz library, detailing the timeline of events, community contributions, potential scale of impact, and industry insights on OpenSSH servers. Despite the wide adoption of OpenSSH and xz, the incident, while significant, was not as catastrophic as feared due to the vigilance of the large community. https://www.bitsight.com/blog/xz-apocalypse-almost-was

🔣 Diagrams and Symbols in Threat Models security research https://shostack.org/blog/diagrams-and-symbols-in-threat-models/

👮 FBI Seizes BreachForums Website security news https://www.schneier.com/blog/archives/2024/05/fbi-seizes-breachforums-website.html

♨️ CISA spreads Black Basta advice amid Ascension infection security news – CISA and Health-ISAC issue bulletins on Black Basta ransomware gang after the attack on US healthcare provider Ascension, advising on defense strategies and outlining the group's tactics. https://www.theregister.com/2024/05/13/cisa_ascension_ransomware/

🦆 QakBot attacks with Windows zero-day (CVE-2024-30051) vulnerability – A zero-day vulnerability in the Windows Desktop Window Manager was discovered and exploited in the wild, leading to privilege escalation. The vulnerability, CVE-2024-30051, was reported to Microsoft and a patch was released on May 14, 2024. https://securelist.com/cve-2024-30051/112618/

🛹 MITRE released EMB3D Threat Model for embedded devices cyber defense – MITRE released the EMB3D threat model for critical infrastructure embedded devices, aiming to improve security by providing insights on cyber threats and device features for vendors, operators, and researchers across various industries. https://securityaffairs.com/163144/security/mitre-released-emb3d-framework.html

🦊 Foxit PDF Reader “Flawed Design” : Hidden Dangers Lurking in Common Tools security research https://blog.checkpoint.com/research/foxit-pdf-reader-flawed-design-hidden-dangers-lurking-in-common-tools/

🛞 Rounding up some of the major headlines from RSA security news – Recap of top stories and trends from RSA Conference, focusing on AI, build security initiative, technologies countering deepfakes, and Microsoft disclosing a zero-day vulnerability. Major headlines include healthcare network disruption, Google and Apple alert for unwanted device tracking, and Christie's cyber attack. https://blog.talosintelligence.com/threat-source-newsletter-may-16-2024/

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 19/2024

May 12, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

Highlights

💰 Krypto-Betrüger: Sechs Österreicher festgenommen cybercrime – Six Austrians were arrested for running an online scam involving a supposed new cryptocurrency, defrauding investors of millions. Europol coordinated the operation, seizing over 500,000 euros in cryptocurrencies, 250,000 euros in fiat, and other assets. The suspects falsely claimed to open an online trading company with a new cryptocurrency, carrying out an Initial Coin Offering (ICO) without transparency, leading investors to realize they were deceived in February 2018. https://www.heise.de/news/Krypto-Betrueger-Sechs-Oesterreicher-festgenommen-9714300.html

Lockbit Corner 🛑 Law enforcement seized Lockbit group's website again cybercrime – Law enforcement seizes Lockbit group's website, threatens to reveal identities. https://securityaffairs.com/162778/cyber-crime/law-enforcement-seized-lockbit-site-again.html

⛓️ U.S. Charges Russian Man as Boss of LockBit Ransomware Group – Krebs on Security cybercrime – U.S. charges Russian man as boss of LockBit ransomware group, part of elaborate criminal network. https://krebsonsecurity.com/2024/05/u-s-charges-russian-man-as-boss-of-lockbit-ransomware-group/

🎙️ In interview, LockbitSupp says authorities outed the wrong guy cybercrime – LockBit leader denies being correctly identified. https://therecord.media/lockbitsupp-interview-ransomware-cybercrime-lockbit

🍧 LockBit gang claimed responsibility for the attack on City of Wichita cybercrime – The City of Wichita was hit by a LockBit ransomware attack, leading to network shutdown. The LockBit gang threatened to leak stolen data, prompting an investigation by third-party experts and law enforcement. Systems remain offline, with no definitive timeline for restoration. https://securityaffairs.com/162910/cyber-crime/city-of-wichita-lockbit-ransomware.html

News For All

🥠 Stealing cookies: Researchers describe how to bypass modern authentication security research – Researchers detail bypassing modern authentication via MITM attack. https://cyberscoop.com/stealing-cookies-researchers-describe-how-to-bypass-modern-authentication/

🔐 Why Your VPN May Not Be As Secure As It Claims – Krebs on Security security research – Researchers reveal VPN vulnerability via rogue DHCP server attacks. https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/

💸 Online Scams: Are These All Scams? Distinguishing the Legit from the Scam cybercrime – Sophisticated scammers create fake websites and emails, deceiving users. https://asec.ahnlab.com/en/65091/

🔑 Yubico bolsters authentication security with updated YubiKey 5 series devices security news – Yubico releases updated security keys with enhanced features. https://www.theverge.com/2024/5/7/24150918/yubico-5-7-firmware-update-security-key-yubikey-5

🔗 April 2024’s Most Wanted Malware: Surge in Androxgh0st Attacks and the Decline of LockBit3 security research – significant increase in AndroXgh0st malware attacks during April 2024, alongside a noticeable decrease in LockBit3.0 attacks, highlighting the shifting landscape of cybersecurity threats. https://blog.checkpoint.com/security/april-2024s-most-wanted-malware-surge-in-androxgh0st-attacks-and-the-decline-of-lockbit3/

🔍 New Case Study: The Malicious Comment security news – Malicious code hidden in 'Thank you' image compromised online shoppers. https://thehackernews.com/2024/05/new-case-study-malicious-comment.html

⛔ Stolen children’s health records posted online in extortion bid data breach – Children's health records from NHS Dumfries and Galloway published by cybercriminals for extortion. https://therecord.media/scotland-nhs-children-records-posted-extortion-ransomware

🧠 Back to the Hype: An Update on How Cybercriminals Are Using GenAI cybercrime – Cybercriminals continue to use generative AI, focusing on jailbreaking capabilities and emerging deepfake services for criminal activities. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai

✈️ Boeing confirms attempted $200 million ransomware extortion attempt cybercrime – Boeing faced a $200 million ransomware demand from LockBit, part of a larger cyberattack. Boeing did not pay the ransom and the incident impacted its parts and distribution business. https://cyberscoop.com/boeing-confirms-attempted-200-million-ransomware-extortion-attempt/

🚔 FBI Warns US Retailers That Cybercriminals Are Targeting Their Gift Card Systems warning – FBI warns US retailers of a cybercriminal group targeting staff with phishing attacks to create fraudulent gift cards, highlighting the financial losses and sophisticated tactics used. https://www.tripwire.com/state-of-security/fbi-warns-us-retailers-cybercriminals-are-targeting-their-gift-card-systems

❤️‍🩹 Major health care system hobbled by ‘cyber incident’ cybercrime – Ascension health care system suffers a cyber incident causing disruptions to clinical operations, affecting medical services, patient records access, and necessitating manual documentation. Incident follows recent high-profile attacks in the healthcare industry, highlighting the need for cybersecurity standards. https://cyberscoop.com/major-health-care-system-hobbled-by-cyber-incident/

📢 Dell discloses data breach impacting millions of customers data breach – Dell revealed a data breach affecting millions of customers, exposing names, physical addresses, and hardware purchase data. Financial details and sensitive information were not compromised. https://securityaffairs.com/162942/cyber-crime/dell-data-breach-2.html

📱 Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials malware – Malicious Android apps impersonate popular services to trick users into installing them, then request extensive permissions to steal credentials and perform malicious activities, such as accessing contact lists, SMS messages, and launching phishing pages mimicking social media and financial services. https://thehackernews.com/2024/05/malicious-android-apps-pose-as-google.html

🪲 Google fixes fifth actively exploited Chrome zero vulnerability – Google patched the fifth zero-day vulnerability in Chrome this year, a use-after-free issue in the Visuals component, actively exploited in the wild, without disclosing details about the attacks. https://securityaffairs.com/162976/hacking/5th-chrome-zero-day-2024.html

😨 You've Been Breached: What Now? cyber defense – Breaches are inevitable in cybersecurity; after a breach, focus shifts to identifying the blast radius, providing temporary work credentials for affected employees, accountability at the executive level, and implementing incident response planning and a comprehensive cybersecurity strategy for recovery. https://www.darkreading.com/cyberattacks-data-breaches/you-have-been-breached-what-now

Some More, For the Curious

⚔️ MITRE attributes the recent attack to China security news – MITRE discloses security breach attributed to China-linked UNC5221. https://securityaffairs.com/162811/hacking/mitre-security-breach-china.html

🫢 RemcosRAT Distributed Using Steganography security research – RemcosRAT distributed using steganography technique, warns of malware infection risks. https://asec.ahnlab.com/en/65111/

🗣️ Talos discloses multiple zero-day vulnerabilities, two of which could lead to code execution vulnerability – Cisco Talos discloses three zero-day vulnerabilities, two allowing code execution. https://blog.talosintelligence.com/vulnerability-roundup-zero-days-may-8-2024/

🤌 Breaking down Microsoft’s pivot to placing cybersecurity as a top priority security news – Microsoft faced criticism over their security practices, prompting a new focus on cybersecurity as a top priority with six pillars. The announcement includes re-prioritizing efforts to enhance internal systems and respond to threats promptly. The new governance structure is designed to centralize security efforts and hold leadership accountable for progress. Despite past issues, this shift demonstrates a commitment to improving security practices and ensuring Microsoft products are a safe choice for users. https://doublepulsar.com/breaking-down-microsofts-pivot-to-placing-cybersecurity-as-a-top-priority-734467a8db01

⚙️ 21115: An Oracle VirtualBox LPE Used to Win Pwn2Own vulnerability – The exploit involved a bug in the VGA device heap memory, which could be triggered by setting specific values. Through a series of steps, the exploit gained increased VRAM access, disabled critical sections, achieved buffer overread and overflow, and executed arbitrary code, ultimately demonstrating control over the host system. https://www.thezdi.com/blog/2024/5/9/cve-2024-21115-an-oracle-virtualbox-lpe-used-to-win-pwn2own

🚗 GhostStripe attack haunts self-driving cars by making them ignore road signs security news – novel hack called “GhostStripe” that targets autonomous vehicles by manipulating road sign visibility to the vehicles' cameras, making the signs unrecognizable to the self-driving system and thus potentially leading to dangerous driving errors. https://www.theregister.com/2024/05/10/baidu_apollo_hack/

🥅 Protecting Networks from Opportunistic Ivanti Pulse Secure Vulnerability Exploitation cyber defense – Juniper Threat Labs is monitoring the Ivanti Pulse Secure authentication bypass and remote code execution vulnerabilities being exploited by Mirai botnet. https://blogs.juniper.net/en-us/security/protecting-your-network-from-opportunistic-ivanti-pulse-secure-vulnerability-exploitation

🐡 Unmasking Tycoon 2FA: A Stealthy Phishing Kit Used to Bypass Microsoft 365 and Google MFA security research – the Tycoon 2FA phishing kit, which exploits session cookies to bypass multifactor authentication for Microsoft 365 and Gmail, employing a business model via Telegram to sell phishing services and significantly impacting cybersecurity efforts. https://www.proofpoint.com/us/blog/email-and-cloud-threats/tycoon-2fa-phishing-kit-mfa-bypass

CISA Corner 🪫 CISA Advisory – alpitronic Hypercharger EV Charger vulnerability – Vulnerability in alpitronic Hypercharger EV charger allows attackers to disable the device, bypass payment, and access payment data due to the use of default credentials. Mitigations include changing default passwords, limiting network exposure, and implementing secure access methods. https://www.cisa.gov/news-events/ics-advisories/icsa-24-130-02

⚠️ #StopRansomware: Black Basta security news – The joint advisory from FBI, CISA, HHS, and MS-ISAC reveals details on Black Basta, a ransomware variant impacting critical infrastructure sectors, including Healthcare and Public Health, outlining TTPs and IOCs to assist organizations in protecting against Black Basta and other ransomware threats. https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a

🤹 ASD’s ACSC, CISA, and Partners Release Secure by Design Guidance on Choosing Secure and Verifiable Technologies https://www.cisa.gov/news-events/alerts/2024/05/09/asds-acsc-cisa-and-partners-release-secure-design-guidance-choosing-secure-and-verifiable

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 18/2024

May 5, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

News For All

🤖 CISA unveils guidelines for AI and critical infrastructure security news https://fedscoop.com/cisa-unveils-guidelines-for-ai-and-critical-infrastructure/

🔍 Watchdog reveals lingering Google Privacy Sandbox worries privacy https://go.theregister.com/feed/www.theregister.com/2024/04/29/uk_cma_google/

⚠️ Bewertungen entfernen lassen? Vorsicht vor entferno.at warning https://www.watchlist-internet.at/news/google-bewertungen-entfernen-lassen-vorsicht-vor-entfernoat/

🔒 UK becomes first country to ban default bad passwords on IoT devices security news https://therecord.media/united-kingdom-bans-defalt-passwords-iot-devices

🔓 FBCS data breach impacted 2M individuals data breach https://securityaffairs.com/162514/cyber-crime/fbcs-data-breach.html

😶‍ Russia Clones Wikipedia, Censors It, Bans Original security news – Russia clones Wikipedia to censor and ban original content. https://www.404media.co/russia-clones-wikipedia-censors-it-bans-original/

🐄 The UK beefs up smart home security by going after bad default passwords security news https://www.theverge.com/2024/4/29/24144325/uk-psti-password-requirements-network-connected-devices-iot-smart-home

📍 FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data – Krebs on Security privacy https://krebsonsecurity.com/2024/04/fcc-fines-major-u-s-wireless-carriers-for-selling-customer-location-data/

🔐 Apple's 'incredibly private' Safari not so private in Europe privacy – Apple's Safari browser in Europe exposed to privacy flaws due to third-party app store feature, leaking user activity and identifiers to approved marketplaces. Implementation lacks security measures, raising concerns about tracking. https://go.theregister.com/feed/www.theregister.com/2024/04/30/apple_safari_europe_tracking/

🚗 Carmakers lying about requiring warrants before sharing location data, Senate probe finds privacy – Senate probe finds automakers deceive customers by sharing driver location data without warrants, contradicting pledges, and misleading for years. Requested FTC investigation. Automakers store location data for years. Alliance for Automotive Innovation statement conflicts with findings. https://therecord.media/carmakers-lying-about-warrants-location-data

💸 UnitedHealth CEO confirms company paid $22 million ransom in heated Senate hearing security news – UnitedHealth Group paid ransom to BlackCat/AlphV gang post-ransomware attack. CEO admits multifactor authentication lapse. Senators criticize data restoration issues and impact on medical organizations. https://therecord.media/unitedhealth-ceo-testifies-senate-hearing

🌐 We can have a different web Blogpost – Reflections on the evolution of the web from an open space to commercialized walled gardens. Call for reclaiming the web's original spirit of innovation, authenticity, connection, and less surveillance. https://www.citationneeded.news/we-can-have-a-different-web/

🗝️ Microsoft launches passkey support for all consumer accounts security news – allowing face, fingerprint, PIN, or security key authentication across devices to streamline signing in without traditional passwords. https://www.theverge.com/2024/5/2/24147124/microsoft-passkeys-support-consumer-msa

🛡️ Organizations patch CISA KEV list bugs 3.5 times faster than others, researchers find security news https://therecord.media/kev-list-vulnerabilities-patched-significantly-faster

🕵️ Indonesia sneakily buys spyware, says Amnesty International security news – Amnesty International reveals Indonesia's purchase of spyware from various suppliers through intermediary companies, citing the lack of transparency and regulation in dual-use technology exports. https://go.theregister.com/feed/www.theregister.com/2024/05/03/amnesty_indonesia_surveillance/

👔 Microsoft ties executive pay to security following multiple failures and breaches security news – Microsoft faces severe criticism for security failures and breaches, including breaches by China and Russia-based hacking groups; response under scrutiny by lawmakers and regulators. Introduces 'Secure Future Initiative' and ties executive pay to security milestones, emphasizing robust security practices. https://arstechnica.com/information-technology/2024/05/microsoft-ties-executive-pay-to-security-following-multiple-failures-and-breaches/

💑 Dating apps kiss'n'tell all sorts of sensitive user info privacy – Most dating apps collect excessive user data, poor privacy practices revealed by Mozilla research. Grindr singled out for historically weak data protection. Concerns raised over user data sharing, AI integration, and privacy violations. https://www.theregister.com/2024/05/04/dating_apps_privacy_mozilla/

Some More, For the Curious

🛡️ Brokewell: do not go broke from new banking malware! malware – Brokewell, a dangerous mobile banking malware with device takeover capabilities. https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware

🔒 How we fought bad apps and bad actors in 2023 security news – Google Play's security measures in 2023. https://security.googleblog.com/2024/04/how-we-fought-bad-apps-and-bad-actors-in-2023.html

🔓 Multiple Brocade SANnav SAN Management SW flaws allow device compromise vulnerability https://securityaffairs.com/162473/uncategorized/brocade-sannav-flaws.html

🦠 Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams security research – JFrog's security research team discovered nearly 20% of Docker Hub repositories hosting malicious content, ranging from spam to harmful entities like malware and phishing sites, driven by fake imageless repositories. Identified massive malicious campaigns targeting Docker Hub, leading to removal of 3.2 million suspicious repositories. https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/

💻 AWS S3 storage bucket with unlucky name nearly cost developer $1,300 security news – Developer's AWS S3 bucket with common name faces massive unauthorized requests due to an open-source tool, accumulating over $1,300 bill in one day. https://arstechnica.com/information-technology/2024/04/aws-s3-storage-bucket-with-unlucky-name-nearly-cost-developer-1300/

⚔️ Uncharmed: Untangling Iran's APT42 Operations security research – APT42 operations by Iranian state-sponsored threat actor with focus on enhanced social engineering, credential harvesting, cloud operations, and custom backdoors NICECURL and TAMECAT. Mandiant links APT42 to IRGC-IO and outlines their methods of stealing Microsoft, Yahoo, Google credentials. https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/

🍯 Examining the Deception infrastructure in place behind code.microsoft.com security research – Microsoft repurposes the dangling subdomain code.microsoft.com into a honeypot to gather threat intelligence, simulating attacker interactions for research and protection. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/examining-the-deception-infrastructure-in-place-behind-code/ba-p/4124464

🛡️ “Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps security research – Microsoft identifies a path traversal vulnerability pattern in popular Android apps, facilitating arbitrary code execution and token theft, with potential disastrous consequences. https://www.microsoft.com/en-us/security/blog/2024/05/01/dirty-stream-attack-discovering-and-mitigating-a-common-vulnerability-pattern-in-android-apps/

🗽 State of Exploitation – A Peek into the Last Decade of Vulnerability Exploitation security research – Explores vulnerability trends from 2014 to 2023. Increase in known exploitation and POC exploits. https://vulncheck.com/blog/state-of-exploitation-a-decade

CISA Corner Microsoft SmartScreen Prompt https://www.cisa.gov/news-events/alerts/2024/04/30/cisa-adds-one-known-exploited-vulnerability-catalog GitLab Community and Enterprise Editions https://www.cisa.gov/news-events/alerts/2024/05/01/cisa-adds-one-known-exploited-vulnerability-catalog CERT/CC Reports R Programming Language Vulnerability https://www.cisa.gov/news-events/alerts/2024/05/01/certcc-reports-r-programming-language-vulnerability

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 17/2024

April 29, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.

A little late this week and a little shorter, but with some work put into the summary-thingy. Enjoy.

News For All

🔐 Firstyear's blog – Passkeys – A shattered dream privacy – Author expresses frustration with the direction of Passkeys and issues with Webauthn standards, emphasizing the importance of password managers. https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/

🚗 How G.M. Tricked Millions of Drivers Into Being Spied On (Including Me) privacy – G.M. collected driving data from OnStar users, shared with insurers. https://www.nytimes.com/2024/04/23/technology/general-motors-spying-driver-data-consent.html?unlocked_article_code=1.m00.gIzH.YdQ-yszzdzq6

⚠️ A flaw in the Forminator plugin impacts hundreds of thousands of WordPress sites vulnerability – Forminator plugin allows unrestricted file uploads, other vulnerabilities. https://securityaffairs.com/162113/security/forminator-wordpress-plugin-flaws.html

🔒 Europol asks tech firms, governments to get rid of E2EE privacy – Europol calls for end to E2EE to combat crimes, sparking debate on privacy versus law enforcement access. https://www.theregister.com/2024/04/22/europol_becomes_latest_cop_shop/

🛡️ Hackers infect users of antivirus service that delivered updates over HTTP cybercrime – Hackers exploit eScan antivirus service for five years via MitM attack to deliver malware to end users. https://arstechnica.com/security/2024/04/hackers-infect-users-of-antivirus-service-that-delivered-updates-over-http/

⚕️ Nurses Protest 'Deeply Troubling' Use of AI in Hospitals security news – Nurses protest AI implementation in healthcare for potential negative impact on patient care and job roles. https://www.404media.co/nurses-protest-ai-automation/

🔒 Ring to pay $5.6M to settle claims of poor privacy practices privacy – The FTC fines Ring for poor privacy practices, leading to unauthorized access to customer cameras by cybercriminals and rogue employees. https://www.theregister.com/2024/04/25/ring_ftc_settlement/

📱 Flaws in Chinese keyboard apps expose smartphones to snoops privacy – Chinese keyboard apps, including major manufacturers' offerings, leak keystrokes due to weak encryption potentially exposing over 780 million smartphone users to surveillance. https://www.theregister.com/2024/04/26/pinyin_keyboard_security_risks/

🍷 Sweden’s liquor supply severely impacted by ransomware attack cybercrime – A ransomware attack on Swedish logistics company Skanlog severely impacts Sweden's liquor supply. https://securityaffairs.com/162333/cyber-crime/swedens-liquor-supply-ransomware-attack.html

🔒 Discord Shuts Down ‘Spy Pet’ Bots That Scraped, Sold User Messages privacy https://www.404media.co/discord-shuts-down-spy-pet-bots-that-scraped-sold-user-messages/

⚠️ Experts warn of malware campaign targeting WP vulnerability – A critical SQL injection vulnerability in the WordPress Automatic plugin allows attackers to inject backdoors and compromise websites. Admins are urged to update immediately. https://securityaffairs.com/162364/hacking/wordpress-automatic-critical-flaw.html

🔒 Okta warns of unprecedented scale in credential stuffing attacks on online services https://securityaffairs.com/162464/hacking/okta-warned-spike-credential-stuffing-attacks.html

🔒 How to Remove Personal Information From Data Broker Sites privacy – Data brokers, like Acxiom and Epsilon, collect personal information for marketing purposes. Advises visiting each broker's site, create an account, locate your information, and request removal to safeguard privacy. Opting out may vary require annual repetition. https://www.mcafee.com/blogs/tips-tricks/how-to-remove-personal-information-from-data-broker-sites/

🔒 (The) Postman Carries Lots of Secrets ◆ Truffle Security Co. security news – Postman, known for hosting a vast collection of public APIs, has become a major source of leaked secrets with over 4,000 live credentials exposed. https://trufflesecurity.com/blog/postman-carries-lots-of-secretsf

Some More, For the Curious

🐍 CERT.at Double Agents and User Agents: Navigating the Realm of Malicious Python Packages malware – Malicious Python packages act as double agents, tricking users to build grabbers that collect data for nefarious purposes. https://cert.at/en/blog/2024/4/double-agents-and-user-agents-navigating-the-realm-of-malicious-python-packages

⚔️ M-Trends 2024: Our View from the Frontlines security research – Mandiant Consulting's M-Trends report highlights increased attacker evasion tactics and improved defender detection, emphasizing the need for ongoing vigilance in cybersecurity. https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2024/

🔍 Distribution of Infostealer Made With Electron malware – Infostealer malware strain created with Electron framework; evades detection with NSIS installer format. https://asec.ahnlab.com/en/64445/

🪝 Unplugging PlugX: Sinkholing the PlugX USB worm botnet security research – Sophos and Sekoia sinkhole PlugX worm botnet to control its activities and explore remote system disinfection methods. https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/

📵 A Briefing on SIM Hijacking cybercrime – SIM hijacking: stealing phone numbers for cryptocurrency theft and account takeovers. https://intel471.com/blog/a-briefing-on-sim-hijacking

🦮 Microsoft Security – Guidance for Incident Responders cyber defense https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/IR-Guidebook-Final.pdf

🔐 The private sector probably isn’t coming to save the NVD security news – Major backlogs in U.S. National Vulnerability Database prompt potential solutions from government and private sector https://blog.talosintelligence.com/threat-source-newsletter-april-25-2024/

🧠 Microsoft Deleted Its LLM Because It Didn’t Get a Safety Test, But Now It’s Everywhere security news – Microsoft releases powerful language model, WizardLM 2, without safety testing, leading to unintended spread on the internet. https://www.404media.co/microsoft-deleted-its-llm-because-it-didnt-get-a-safety-test-but-now-its-everywhere/

CISA Corner Cicso ASA & CrushFTP added to KEV https://www.cisa.gov/news-events/alerts/2024/04/24/cisa-adds-three-known-exploited-vulnerabilities-catalog Microsoft Print Spooler PEV added to KEV https://www.cisa.gov/news-events/alerts/2024/04/23/cisa-adds-one-known-exploited-vulnerability-catalog

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 16/2024

April 21, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know.

Highlight 🚨 Erneut Phishing-Mails im Namen der ÖGK im Umlauf! https://www.watchlist-internet.at/news/erneut-phishing-mails-im-namen-der-oegk-im-umlauf/

News For All

🐢 PuTTY vulnerability vuln-p521-bias vulnerability https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

🦦 Fake cheat lures gamers into spreading infostealer malware security news https://www.bleepingcomputer.com/news/security/fake-cheat-lures-gamers-into-spreading-infostealer-malware/

🤖 Liberals accuse Conservatives of using AI for amendments to jobs bill as votes loom security news – using AI for unconstructive bill amendments https://www.cbc.ca/news/politics/sustainable-jobs-bill-amendments-1.7171414

💻 UPDATED: Ready or Not Developer Has 4TB Of Data Stolen Including Full Source Code data breach https://insider-gaming.com/ready-or-not-developer-has-4tb-of-data-stolen-including-full-source-code/

🌐 UNDP Investigates Cyber-Security Incident data breach – HR and procurement data stolen https://www.undp.org/speeches/undp-investigates-cyber-security-incident

🔑 Advanced Phishing Kit Adds LastPass Branding for Use in Phishing Campaigns warning – phishing campaign with Voice Phishing (Vishing) https://blog.lastpass.com/posts/2024/04/advanced-phishing-kit-adds-lastpass-branding-for-use-in-phishing-campaigns

🔐 Delinea releases Secret Server patches for critical vuln vulnerability – critical https://www.theregister.com/2024/04/15/delinea_secret_server_patch/

🔒 Roku switches on 2FA for all following latest security snafu *security news – after two incidents led to unauthorized access * https://www.theregister.com/2024/04/15/roku_2fa_for_everyone/

🛂 MGM sues to block FTC investigation of its data security security news – questioning the constitutionality of the agency's requests. https://therecord.media/mgm-sues-ftc-block-investigtion-data-security

🕵️ A Spy Site Is Scraping Discord and Selling Users’ Messages privacy – Spy Pet, an online service, selling access to users' messages, voice channel activity, and more for $5. https://www.404media.co/a-spy-site-is-scraping-discord-and-selling-users-messages/

🧢 House passes bill to limit personal data purchases by law enforcement, intelligence agencies mycat: security news privacy – “Fourth Amendment Is Not For Sale Act” to limit government purchases of personal data without a court order. https://cyberscoop.com/house-passes-4th-amendment-is-not-for-sale-act/

🤌 EU tells Meta it can't paywall privacy privacy – Meta maintains its subscription model complies with EU laws, while privacy groups argue against 'fake choice' practices, citing GDPR violations. https://www.theregister.com/2024/04/18/eu_meta_subscription_privacy/

🏫 Kaspersky Study: Devices Infected With Data-Stealing Malware Increased by 7 Times Since 2020 security research https://www.techrepublic.com/article/data-stealing-malware-study/

👥 Microsoft’s VASA-1 can deepfake a person with one photo and one audio track security news https://arstechnica.com/information-technology/2024/04/microsofts-vasa-1-can-deepfake-a-person-with-one-photo-and-one-audio-track/

Some More, For the Curious

🛡️ “Totally Unexpected” Package Malware Using Modified Notepad++ Plugin malware https://asec.ahnlab.com/en/64106/

⚔️ Leaked LockBit builder in a real-life incident response case security research – Analysis of LockBit builder in ransomware incident response https://securelist.com/lockbit-3-0-based-custom-targeted-ransomware/112375/

👁️ Entra IDs “Banned Password Lists”: password spraying optimizations and defenses security research https://www.synacktiv.com/en/publications/entra-id-banned-password-lists-password-spraying-optimizations-and-defenses

⚙️ Creating Payloads with ScareCrow to Mimic Reputable Sources and Bypass Anti-Virus hacking write-up https://infosecwriteups.com/creating-payloads-with-scarecrow-to-mimic-reputable-sources-and-bypass-anti-virus-01196cac741e

🍵 Shostack + Friends Blog > CSRB Report on Microsoft security news – An in-depth analysis of the CSRB report on Microsoft's intrusion. https://shostack.org/blog/csrb-report-on-microsoft/

⚖️ Warrantless spying powers extended to 2026 with Biden’s signature security news https://therecord.media/fisa-section-702-bill-biden-signature

🚄 Russia is trying to sabotage European railways, Czech minister said security news https://securityaffairs.com/161899/cyber-warfare-2/russia-sabotage-european-railways-czech.html

⏳ What’s the deal with the massive backlog of vulnerabilities at the NVD? security news – unanalyzed vulnerabilities, impacting patch management efforts and leading to delays in severity score assignments. https://blog.talosintelligence.com/nvd-vulnerability-backlog-the-need-to-know/

🪱 Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm security research https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm/

🥀 Critical CrushFTP zero-day exploited in attacks in the wild vulnerability https://securityaffairs.com/162067/hacking/crushftp-zero-day-exploited.html

CISA Corner Oracle Releases Critical Patch Update Advisory for April 2024 https://www.cisa.gov/news-events/alerts/2024/04/18/oracle-releases-critical-patch-update-advisory-april-2024 Cisco Releases Security Advisories for Cisco Integrated Management Controller https://www.cisa.gov/news-events/alerts/2024/04/19/cisco-releases-security-advisories-cisco-integrated-management-controller

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 15/2024

April 14, 2024

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

Highlights

🚫 Help us to take down the parasite website security news – Malicious site impersonates Notepad++ for profit, containing deceptive ads. https://notepad-plus-plus.org/news/help-to-take-down-parasite-site/

⚠️ Vorsicht vor kostenlosen Diensten zur Anpassung und Veränderung von Dateien warning – Vorsicht vor kostenlosen Dateikonvertierungsdiensten, die in Abofallen locken. https://www.watchlist-internet.at/news/vorsicht-vor-kostenlosen-diensten-zur-anpassung-und-veraenderung-von-dateien/

📑 Messenger-Matrix: Großes Update, zwei neue Messenger (Line, Viber) und neue Kategorien privacy https://www.kuketz-blog.de/messenger-matrix-grosses-update-zwei-neue-messenger-line-viber-und-neue-kategorien/

News For All

🦇 BatBadBut flaw allowed an attacker to perform command injection on Windows vulnerability – RyotaK discovered the 'BatBadBut' vulnerability affecting multiple programming languages, permitting command injection in Windows. https://securityaffairs.com/161785/security/batbadbut-flaw-programming-languages.html https://kb.cert.org/vuls/id/123335

🤖 Chinese hackers are using AI to inflame social tensions in US, Microsoft says cybercrime – China uses AI to spread disinformation, specifically targeting elections. https://therecord.media/china-ai-influence-operations

📞 How to Protect Yourself (and Your Loved Ones) From AI Scam Calls security news – avoid falling for AI scam calls impersonating loved ones. https://www.wired.com/story/how-to-protect-yourself-ai-scam-calls-detect/

❤️‍🩹 U.S. Department of Health warns of attacks against IT help desks security news – Sophisticated attacks target healthcare IT help desks using social engineering. https://securityaffairs.com/161566/hacking/healthcare-it-help-desks-attacks.html

💰 Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits security news https://www.securityweek.com/company-offering-30-million-for-android-ios-browser-zero-day-exploits/

🔍 It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise security research – Increasing trends in malware-initiated scanning attacks against networks. https://unit42.paloaltonetworks.com/malware-initiated-scanning-attacks/

🏥 Hospital websites share visitors' data with Google, Meta privacy – Research reveals that 96% of non-federal acute care hospitals' websites transmit user data to third parties without privacy policies, posing risks to visitors and hospitals. Tracking technologies expose data to tech giants like Google, Meta, Adobe, and data brokers. https://www.theregister.com/2024/04/11/hospital_website_data_sharing/

🍏 Apple swaps 'state-sponsored' lingo for 'mercenary spyware' security news – Apple shifts attributing attacks to broadly categorizing them, highlighting the difficulty in identifying perpetrators of sophisticated digital threats. https://www.theregister.com/2024/04/12/apple_mercenary_spyware/

💸 Change Healthcare faces another ransomware threat—and it looks credible cybercrime – Change Healthcare faces a complex ransomware situation, with ransomware groups AlphV and RansomHub involved. https://arstechnica.com/security/2024/04/change-healthcare-faces-another-ransomware-threat-and-it-looks-credible/

⚠️ Crooks manipulate GitHub's search results to distribute malware malware – techniques like automatic updates and fake stars to boost visibility. https://securityaffairs.com/161792/cyber-crime/githubs-search-results-distribute-malware.htmlf

Some More, For the Curious

🦫 Why CISA is Warning CISOs About a Breach at Sisense security news https://krebsonsecurity.com/2024/04/why-cisa-is-warning-cisos-about-a-breach-at-sisense/

🫦 Vulnerabilities Identified in LG WebOS vulnerability – Bitdefender discovers vulnerabilities in LG WebOS exposing devices to remote attacks. https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/

⚔️ Confidential VMs Hacked via New Ahoi Attacks security research – New Ahoi attacks target confidential VMs using malicious interrupts. https://www.securityweek.com/confidential-vms-hacked-via-new-ahoi-attacks/

🛡️ Microsoft fixes two Windows zero-days exploited in malware attacks vulnerability – Microsoft patches actively exploited zero-days in April 2024 Patch Tuesday. https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks/

🔍 Zero Day Initiative — The April 2024 Security Updates Review security news – Zero Day Initiative review of April 2024 security updates by Adobe and Microsoft. https://www.zerodayinitiative.com/blog/2024/4/9/the-april-2024-security-updates-review

💳 VISA PUBLIC Biannual Threats Report – A Payment Ecosystem Report by Visa Payment Fraud Disruption security news – Visa report highlights evolving, advanced fraud tactics and ransomware threats. https://usa.visa.com/content/dam/VCOM/regional/na/us/run-your-business/documents/pfd-biannual-threats-report-december-2023.pdf

🔑 Microsoft left internal passwords exposed in latest security blunder security news – Microsoft exposed internal passwords on open server to the internet. https://www.theverge.com/2024/4/10/24126057/microsoft-azure-server-internal-passwords-exposed-cybersecurity

🛡️ Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker security research – Attackers embed credit card skimmer in fake Facebook Pixel script to steal sensitive information from checkout pages. https://blog.sucuri.net/2024/04/credit-card-skimmer-hidden-in-fake-facebook-pixel-tracker.html

🛡️ CISA emergency directive tells agencies to fix credentials after Microsoft breach security news – CISA issues emergency directive for federal agencies to reset passwords by April 30 and identify affected email correspondence due to security risks. https://cyberscoop.com/cisa-emergency-directive-tells-agencies-to-fix-credentials-after-microsoft-breach/

🔪 Awkward Adolescence: Increased Risks Among Immature Ransomware Operators security research – Contrasting mature ransomware groups with less sophisticated, riskier ones. https://www.guidepointsecurity.com/blog/awkward-adolescence-increased-risks-among-immature-ransomware-operators/

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub

cyberlights – week 14/2024

April 7, 2024

A weekly shortlist of cyber security highlights.

The short summaries are AI generated and I only skim them! If something is wrong, please let me know!

Highlight 🔐 Microsoft could have prevented Chinese cloud email hack, US cyber report says security news – US report blames Microsoft, highlighting security culture issues and gaps in prevention. https://www.theverge.com/2024/4/3/24119787/microsoft-cloud-email-hack-china-us-cyber-report 🔐 Cyber review board blames cascading Microsoft failures for Chinese hack https://cyberscoop.com/microsoft-csrb-china-hacking/ 🛹 Cyber Safety Review Board – Review of the Summer 2023 Microsoft Exchange Online Intrusion The report! https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf

News For All

🔒 Google to delete billions of web browsing data records to resolve lawsuit privacy – Google settles landmark lawsuit by committing to delete or de-identify vast web browsing data records collected from users in Incognito mode. https://therecord.media/google-to-delete-web-browsing-records-to-resolve-lawsuit

📱 Google Patches Pixel Phone Zero-days After Exploitation by “Forensic Companies” security news https://www.tripwire.com/state-of-security/google-patches-pixel-phone-zero-days-after-exploitation-forensic-companies

⚠️ The Human Element in Cybersecurity: Understanding Trust and Social Engineering social engineering – Cybersecurity hinges on human trust vulnerabilities with social engineering tactics exploiting such trust for malicious ends. https://www.blackhillsinfosec.com/understanding-trust-and-social-engineering/

🛡️ PandaBuy data breach allegedly impacted +1.3M customers data breach – PandaBuy breached, threat actors announcing the breach and selling stolen data on a cybercrime forum. https://securityaffairs.com/161355/data-breach/pandabuy-data-breach.html

🔒YUBICO Security Advisory YSA-2024-01 vulnerability – YubiKey Manager GUI < 1.2.6 on Windows may lead to privilege escalation if run as Administrator opening browser windows as Administrator, affecting FIDO features. https://www.yubico.com/support/security-advisories/ysa-2024-01/

🦠 Bing ad posing as NordVPN aims to spread SecTopRAT malware malware – involving typosquatting and a malicious Dropbox link, leading to a RAT with advanced capabilities. https://www.scmagazine.com/news/bing-ad-posing-as-nordvpn-aims-to-spread-sectoprat-malware

🔍 KI und Datenschutz: Eine kritische Betrachtung privacy – KI in Bezug auf Datenschutz, Diskriminierung und gesellschaftliche Auswirkungen. https://www.kuketz-blog.de/ki-und-datenschutz-eine-kritische-betrachtung/

🔐 Have I Been Pwned: SurveyLama got breached. data breach – including passwords https://haveibeenpwned.com/PwnedWebsites#SurveyLama

📱 Essential iPhone security tips to protect your private data. security news – Tips include staying updated, avoiding suspicious apps, managing email security, and handling threats like phishing and Pegasus spyware. https://tuta.com/blog/iphone-security-essentials

🕹️ Threat Actors Deliver Malware via YouTube Video Game Cracks malware https://www.proofpoint.com/us/blog/threat-insight/threat-actors-deliver-malware-youtube-video-game-cracks

Some More, For the Curious

🔐 OWASP discloses a data breach data breach – OWASP discloses a data breach involving old member resumes due to misconfiguration of an old Wiki web server. https://securityaffairs.com/161371/data-breach/owasp-data-breach.html

🛡️ HTTP/2 CONTINUATION frames can be utilized for DoS attacks vulnerability – multiple HTTP/2 implementations enable attackers to cause out-of-memory crashes, DoS attacks, and CPU resource exhaustion. https://kb.cert.org/vuls/id/421644

🔒 Schneier on Security – Ross Anderson security news – Tribute to influential cryptographer and security engineer, Ross Anderson. https://www.schneier.com/blog/archives/2024/03/ross-anderson.html

🔧 Persistence – DLL Proxy Loading security research https://pentestlab.blog/2024/04/03/persistence-dll-proxy-loading/

🕵️ 5 ChatGPT Jailbreak Prompts Being Used By Cybercriminals security research – Cybercriminals using jailbreak prompts to bypass ChatGPT safety measures. https://abnormalsecurity.com/blog/chatgpt-jailbreak-prompts

🥷 Adversaries are leveraging remote access tools now more than ever – here’s how to stop them cyber defense – policy, technical controls, DNS security, and EDR blocks. https://blog.talosintelligence.com/adversaries-are-leveraging-remote-access-tools/

🔓 From OneNote to RansomNote: An Ice Cold Intrusion security research – Threat actors exploited OneNote files, deploying IcedID, using Cobalt Strike, AnyDesk, and FileZilla for data exfiltration and ransomware deployment. https://thedfirreport.com/2024/04/01/from-onenote-to-ransomnote-an-ice-cold-intrusion/

🔒 NVD Program Announcement security news – Growing backlog of vulnerabilities at NVD prompts prioritization, collaboration. https://nvd.nist.gov/general/news/nvd-program-transition-announcement

🪳 Earth Freybug Uses UNAPIMON for Unhooking Critical APIs malware – Earth Freybug (APT41) uses DLL hijacking and API unhooking to deploy malware UNAPIMON for defense evasion. https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html

(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.

theme: https://write.as/themes/fosstodon-hub