Cyber News - 05/02/2024
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan
Description:
The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab.
Date: Mon, 05 Feb 2024
Source: https://thehackernews.com/2024/02/pegasus-spyware-targeted-iphones-of.html
New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw
Description:
The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a report published last week.
Date: Mon, 05 Feb 2024
Source: https://thehackernews.com/2024/02/new-mispadu-banking-trojan-exploiting.html
Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account
Description:
The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. "Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account," the maintainers said in a terse advisory.
The vulnerability, tracked as CVE-2024-23832, has a severity rating of 9.4 out of a maximum of 10. Security researcher arcanicanis has been credited with discovering and reporting it.
It has been described as an "origin validation error" (CWE-346), which can typically allow an attacker to "access any functionality that is inadvertently accessible to the source."
Date: Sat, 03 Feb 2024
Source: https://thehackernews.com/2024/02/mastodon-vulnerability-allows-hackers.html
AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset
Description:
Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems.
The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities.
"We have revoked all security-related certificates and systems have been remediated or replaced where necessary," the company said in a statement. "We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one."
Date: Sat, 03 Feb 2024
Source: https://thehackernews.com/2024/02/anydesk-hacked-popular-remote-desktop.html
Russian APT28 Hackers Targeting High-Value Orgs with NTLM Relay Attacks
Description:
Russian state-sponsored actors have staged NT LAN Manager (NTLM) v2 hash relay attacks through various methods from April 2022 to November 2023, targeting high-value targets worldwide.
The attacks, attributed to an "aggressive" hacking crew called APT28, have set their eyes on organizations dealing with foreign affairs, energy, defense, and transportation, as well as those involved with labor, social welfare, finance, parenthood, and local city councils.
Date: Fri, 02 Feb 2024
Source: https://thehackernews.com/2024/02/russian-apt28-hackers-targeting-high.html
DirtyMoe Malware Infects 2,000+ Ukrainian Computers for DDoS and Cryptojacking
Description:
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned that more than 2,000 computers in the country have been infected by a strain of malware called DirtyMoe. The agency attributed the campaign to a threat actor it calls UAC-0027.
DirtyMoe, active since at least 2016, is capable of carrying out cryptojacking and distributed denial-of-service (DDoS) attacks. In March 2022, cybersecurity firm Avast revealed the malware's ability to propagate in a worm-like fashion by taking advantage of known security flaws.
Date: Fri, 02 Feb 2024
Source: https://thehackernews.com/2024/02/dirtymoe-malware-infects-2000-ukrainian.html
Forget Deepfakes or Phishing: Prompt Injection is GenAI's Biggest Problem
Description: With prompt injection, AI puts new spin on an old security problem
Date: Fri, 02 Feb 2024
macOS Malware Campaign Showcases Novel Delivery Technique
Description:
Threat actor behind the Activator macOS backdoor is using pirated apps to distribute the malware in what could be a botnet-building operation.
Date: Fri, 02 Feb 2024
South African Railways Lost Over $1M in Phishing Scam
Description:
South Africa's railway agency lost some 30.6 million rand (US$1.6 million) after the transport network fell victim to a phishing scam.
Just over half of the stolen funds have been recovered.
Date: Fri, 02 Feb 2024
Source: https://www.darkreading.com/endpoint-security/south-african-railways-reports-1m-phishing
Google Play Used to Spread 'Patchwork' APT's Espionage Apps
Description:
The Indian state-sponsored cyberattackers lurked in Google's official app store, distributing a new RAT and spying on Pakistanis.
Date: Fri, 02 Feb 2024
Source: https://www.darkreading.com/endpoint-security/google-play-spread-patchwork-apt-espionage-apps
Cloudflare Falls Victim to Okta Breach, Atlassian Systems Cracked
Description:
The cyberattackers, believed to be state sponsored, didn't get far into Cloudflare's global network, but not for lack of trying.
Date: Fri, 02 Feb 2024
[remote] Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption
Description:
Milesight Routers UR5X, UR32L, UR32, UR35, UR41 - Credential Leakage Through Unprotected System Logs and Weak Password Encryption
Date: Mon, 05 Feb 2024
Source: https://www.exploit-db.com/exploits/51784
[webapps] Wordpress 'simple urls' Plugin < 115 - XSS
Description: Wordpress 'simple urls' Plugin < 115 - XSS
Date: Mon, 05 Feb 2024
Source: https://www.exploit-db.com/exploits/51783
[webapps] TASKHUB-2.8.8 - XSS-Reflected
Description: TASKHUB-2.8.8 - XSS-Reflected
Date: Mon, 05 Feb 2024
Source: https://www.exploit-db.com/exploits/51782
[webapps] WhatsUp Gold 2022 (22.1.0 Build 39) - XSS
Description: WhatsUp Gold 2022 (22.1.0 Build 39) - XSS
Date: Mon, 05 Feb 2024
Source: https://www.exploit-db.com/exploits/51781
[webapps] MISP 2.4.171 - Stored XSS
Description: MISP 2.4.171 - Stored XSS
Date: Mon, 05 Feb 2024
Source: https://www.exploit-db.com/exploits/51780
[webapps] Clinic's Patient Management System 1.0 - Unauthenticated RCE
Description: Clinic's Patient Management System 1.0 - Unauthenticated RCE
Date: Mon, 05 Feb 2024
Source: https://www.exploit-db.com/exploits/51779
[webapps] Curfew e-Pass Management System 1.0 - FromDate SQL Injection
Description: Curfew e-Pass Management System 1.0 - FromDate SQL Injection
Date: Mon, 05 Feb 2024
Source: https://www.exploit-db.com/exploits/51778
Microsoft is bringing the Linux sudo command to Windows Server
Description:
Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications.
Superuser do, or sudo, is a Linux console program that allows low-privileged users to execute a command with elevated privileges, usually as root.
Date: Sun, 04 Feb 2024
Leaky Vessels flaws allow hackers to escape Docker, runc containers
Description:
Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.
The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing.
Date: Sun, 04 Feb 2024
Clorox says cyberattack caused $49 million in expenses
Description:
Clorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident.
Clorox is an American manufacturer of consumer and professional cleaning products with 8,700 employees and almost $7.5 billion in revenue for 2023.
Date: Sat, 03 Feb 2024
Check if you're in Google Chrome's third-party cookie phaseout test
Description:
Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test.
Third-party cookies, which track users' browsing habits across different websites for targeted advertising, are slowly being replaced by Google's Privacy Sandbox APIs. This new method aims to allow personalized ads based on users' interests without compromising their privacy.
Date: Sat, 03 Feb 2024
The Week in Ransomware - February 2nd 2024 - No honor among thieves
Description:
Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks.
While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to see affiliates targeting healthcare with complete disregard to the disruption they are causing patients in trying to receive care.
Date: Fri, 02 Feb 2024
Interpol operation Synergia takes down 1,300 servers used for cybercrime
Description:
An international law enforcement operation code-named 'Synergia' has taken down over 1,300 command and control servers used in ransomware, phishing, and malware campaigns.
Command and control servers (C2) are devices operated by threat actors to control malware used in their attacks and to collect information sent from infected devices.
Date: Fri, 02 Feb 2024
Last updated
