Cyber News - 02/02/2024
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs
Description:
Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code.
Date: Fri, 02 Feb 2024
Source: https://thehackernews.com/2024/02/cloudflare-breach-nation-state-hackers.html
FritzFrog Returns with Log4Shell and PwnKit, Spreading Malware Inside Your Network
Description:
The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network.
Date: Thu, 01 Feb 2024
Source: https://thehackernews.com/2024/02/fritzfrog-returns-with-log4shell-and.html
Exposed Docker APIs Under Attack in 'Commando Cat' Cryptojacking Campaign
Description:
Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat.
"The campaign deploys a benign container generated using the Commando project," Cado security researchers Nate Bill and Matt Muir said in a new report published today. "The attacker escapes this container and runs multiple payloads on the Docker host."
Date: Thu, 01 Feb 2024
Source: https://thehackernews.com/2024/02/exposed-docker-apis-under-attack-in.html
Why the Right Metrics Matter When it Comes to Vulnerability Management
Description:
How's your vulnerability management program doing? Is it effective? A success? Let's be honest, without the right metrics or analytics, how can you tell how well you're doing, progressing, or if you're getting ROI? If you're not measuring, how do you know it's working?
And even if you are measuring, faulty reporting or focusing on the wrong metrics can create blind spots and make it harder to communicate any risks to the rest of the business.
Date: Thu, 01 Feb 2024
Source: https://thehackernews.com/2024/02/why-right-metrics-matter-when-it-comes.html
HeadCrab 2.0 Goes Fileless, Targeting Redis Servers for Crypto Mining
Description:
Cybersecurity researchers have detailed an updated version of the malware HeadCrab that's known to target Redis database servers across the world since early September 2021.
Date: Thu, 01 Feb 2024
Source: https://thehackernews.com/2024/02/headcrab-20-goes-fileless-targeting.html
'Commando Cat' Is Second Campaign of the Year Targeting Docker
Description:
The threat actor behind the campaign is still unknown, but it shares some similarities with other cyptojacking groups.
Date: Thu, 01 Feb 2024
Feds Confirm Remote Killing of Volt Typhoon's SOHO Botnet
Description:
The China-backed APT was using the botnet, made up of mostly end-of-life, patchless routers from Cisco and Netgear, to set up shop inside US critical infrastructure.
Date: Thu, 01 Feb 2024
Source: https://www.darkreading.com/endpoint-security/feds-confirm-remote-killing-volt-typhoon-soho-botnet
China Infiltrates US Critical Infrastructure in Ramp-up to Conflict
Description:
Threat actors linked to the People's Republic of China, such as Volt Typhoon, continue to "pre-position" themselves in the critical infrastructure of the United States, according to military and law enforcement officials.
Date: Thu, 01 Feb 2024
The Imperative for Robust Security Design in the Health Industry
Description: It is imperative that healthcare and health-tech companies move beyond reactive measures and adopt a proactive stance in safeguarding sensitive patient information.
Date: Thu, 01 Feb 2024
Saudi Arabia Debuts 'Generative AI for All' Program
Description:
The initiative is aimed at promoting policy, ethics, and expansion of AI in the country.
Date: Thu, 01 Feb 2024
Source: https://www.darkreading.com/application-security/saudi-arabia-debuts-generative-ai-for-all-program
Albania’s Institute of Statistics Suffers Cyberattack, Some Systems Affected
Description:
Albania’s Institute of Statistics (INSTAT) suffered a cyberattack which affected some of its systems.
Date: Fri, 02 Feb 2024
CISA Sets 48-Hour Deadline for Removal of Insecure Ivanti Products
Description:
In an unprecedented move, CISA is demanding that federal agencies disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours.
Date: Thu, 01 Feb 2024
Source: https://www.securityweek.com/cisa-sets-48-hour-deadline-for-removal-of-insecure-ivanti-products/
Man Sentenced to Prison for Stealing Millions in Cryptocurrency via SIM Swapping
Description:
Daniel James Junk sentenced to six years in prison for stealing millions in cryptocurrency through SIM swapping.
Date: Thu, 01 Feb 2024
New York Sues Citibank Over Poor Data Security
Description:
New York attorney general is suing Citibank for failing to protect customers against hackers and fraudsters who have stolen millions.
Date: Thu, 01 Feb 2024
Source: https://www.securityweek.com/new-york-sues-citibank-over-poor-data-security-anti-breach-practices/
At Least 30 Journalists, Lawyers and Activists Hacked With Pegasus in Jordan, Forensic Probe Finds
Description:
Pegasus spyware from NSO Group was used in Jordan to hack the cellphones of journalists, lawyers, human rights and political activists.
Date: Thu, 01 Feb 2024
Apple Patches Vision Pro Vulnerability as CISA Warns of iOS Flaw Exploitation
Description:
Apple releases first security update for Vision Pro VR headset as CISA issues warning about exploitation of iOS vulnerability.
Date: Thu, 01 Feb 2024
FTC orders Blackbaud to boost security after massive data breach
Description:
Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people.
Blackbaud is a U.S.-based company listed on NASDAQ with operations in multiple countries and a provider of cloud-based donor data management software catering to nonprofit organizations, like charities, education organizations, and healthcare agencies.
Date: Thu, 01 Feb 2024
Cloudflare hacked using auth tokens stolen in Okta attack
Description:
Cloudflare disclosed today that its internal Atlassian server was breached by a suspected 'nation state attacker' who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system.
The threat actor first gained access to Cloudflare's self-hosted Atlassian server on November 14 and then accessed the company's Confluence and Jira systems following a reconnaissance stage.
Date: Thu, 01 Feb 2024
Microsoft fixes connection issue affecting Outlook email apps
Description:
Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts.
"The Outlook.com Team implemented service changes on January 31, 2024 to address the connection issues with unexpected authentication prompts," Microsoft said.
Date: Thu, 01 Feb 2024
More Android apps riddled with malware spotted on Google Play
Description:
An Android remote access trojan (RAT) known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023.
The malicious apps, which have now been removed from Google Play but remain available on third-party app stores, are disguised as messaging or news apps.
Date: Thu, 01 Feb 2024
New Windows Event Log zero-day flaw gets unofficial patches
Description:
Free unofficial patches are available for a new Windows zero-day flaw dubbed EventLogCrasher that lets attackers remotely crash the Event Log service on devices within the same Windows domain.
This zero-day vulnerability affects all versions of Windows, from Windows 7 up to the latest Windows 11 and from Server 2008 R2 to Server 2022.
Date: Thu, 01 Feb 2024
CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday
Description:
CISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday.
This required action is part of a supplemental direction to this year's first emergency directive (ED 24-01) issued last week that mandates Federal Civilian Executive Branch (FCEB) agencies to urgently secure all ICS and IPS devices on their network against two zero-day flaws in response to extensive exploitation in the wild by multiple threat actors.
Ivanti appliances are currently targeted in attacks chaining the CVE-2023-46805 authentication bypass and the CVE-2024-21887 command injection security flaws since December as zero-days.
Date: Thu, 01 Feb 2024
Last updated
