Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in Singapore

Description:

Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to read one-time passwords and gather sensitive data.

Date: Thu, 08 Feb 2024

Source: https://thehackernews.com/2024/02/google-starts-blocking-sideloading-of.html

Kimsuky's New Golang Stealer 'Troll' and 'GoBear' Backdoor Target South Korea

Description:

The North Korea-linked nation-state actor known as Kimsuky is suspected of using a previously undocumented Golang-based information stealer called Troll Stealer.

The malware steals "SSH, FileZilla, C drive files/directories, browsers, system information, [and] screen captures" from infected systems, South Korean cybersecurity company S2W said in a new technical report.

Date: Thu, 08 Feb 2024

Source: https://thehackernews.com/2024/02/kimsukys-new-golang-stealer-troll-and.html

Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products

Description:

Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices.

The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) – impacting Cisco Expressway Series that could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks.

Date: Thu, 08 Feb 2024

Source: https://thehackernews.com/2024/02/critical-patches-released-for-new-flaws.html

After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back

Description:

The threat actors behind the KV-botnet made "behavioral changes" to the malicious network as U.S. law enforcement began issuing commands to neutralize the activity.

KV-botnet is the name given to a network of compromised small office and home office (SOHO) routers and firewall devices across the world, with one specific cluster acting as a covert data transfer system for other Chinese state-sponsored actors, including Volt Typhoon (aka Bronze Silhouette, Insidious Taurus, or Vanguard Panda).

Date: Wed, 07 Feb 2024

Source: https://thehackernews.com/2024/02/after-fbi-takedown-kv-botnet-operators.html

Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

Description:

The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances.

Tracked as CVE-2023-40547 (CVSS score: 9.8), the vulnerability could be exploited to achieve a Secure Boot bypass. Bill Demirkapi of the Microsoft Security Response Center (MSRC) has been credited with discovering and reporting the bug.

Date: Wed, 07 Feb 2024

Source: https://thehackernews.com/2024/02/critical-bootloader-vulnerability-in.html

Patch Now: Critical TeamCity Bug Allows for Server Takeovers

Description:

Cyberattackers can exploit a vulnerability in JetBrain's continuous integration and delivery (CI/CD) server (a popular APT target) to gain administrative control.

Date: Wed, 07 Feb 2024

Source: https://www.darkreading.com/vulnerabilities-threats/patch-critical-teamcity-bug-server-takeover

UAE Banks Conduct Cyber War Games Exercise

Description:

The exercises are aimed at finding security gaps in the nation's banking infrastructure.

Date: Wed, 07 Feb 2024

Source: https://www.darkreading.com/cybersecurity-operations/uae-banks-conduct-cyber-war-games-exercise

How to Prepare for Elevated Cybersecurity Risk at the Super Bowl

Description:

Super Bowl 2024 in Las Vegas is a magnet for cybercrime. Here are a few things businesses should consider to minimize their risk.

Date: Wed, 07 Feb 2024

Source: https://www.darkreading.com/threat-intelligence/how-to-prepare-elevated-cybersecurity-risk-super-bowl

Tooth be told: Toothbrush DDoS attack claim was lost in translation, says Fortinet

Description:

After hundreds of media outlets worldwide repeated the false claim that a botnet of three million toothbrushes attacked a Swiss company, the cybersecurity firm at the centre of the story has now issued a statement.

Date: Thu, 08 Feb 2024

Source: https://grahamcluley.com/tooth-be-told-toothbrush-ddos-attack-claim-was-lost-in-translation-says-fortinet/

Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Description:

Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.

Fortinet added the two new vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 to the original advisory for the CVE-2023-34992 flaw in a very confusing update.

Date: Thu, 08 Feb 2024

Source: https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-fortisiem-rce-bugs-in-confusing-disclosure/

Facebook ads push new Ov3r_Stealer password-stealing malware

Description:

A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency.

The fake job ads are for management positions and lead users to a Discord URL where a PowerShell script downloads the malware payload from a GitHub repository.

Date: Wed, 07 Feb 2024

Source: https://www.bleepingcomputer.com/news/security/facebook-ads-push-new-ov3r-stealer-password-stealing-malware/

Denmark orders schools to stop sending student data to Google

Description:

The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools.

The matter was brought to the agency's attention roughly four years ago by a concerned parent and activist, Jesper Graugaard, who protested how student data is sent to Google without any consideration about the potential for misuse or the impact it could have on those persons in the future.

Date: Wed, 07 Feb 2024

Source: https://www.bleepingcomputer.com/news/google/denmark-orders-schools-to-stop-sending-student-data-to-google/

Critical Cisco bug exposes Expressway gateways to CSRF attacks

Description:

Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks.

Unauthenticated attackers can exploit the two critical CSRF vulnerabilities patched today (CVE-2024-20252 and CVE-2024-20254) to target unpatched Expressway gateways remotely.

Date: Wed, 07 Feb 2024

Source: https://www.bleepingcomputer.com/news/security/critical-cisco-bug-exposes-expressway-gateways-to-csrf-attacks

Ransomware payments reached record $1.1 billion in 2023

Description:

Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs.

The previous record-high figure was set in 2021, with ransomware payments amounting to $983 million, surpassing the preceding record of $905 million in 2020 by approximately 10%.

Date: Wed, 07 Feb 2024

Source: https://www.bleepingcomputer.com/news/security/ransomware-payments-reached-record-11-billion-in-2023/