Cyber News - 14/02/2024
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability
Description:
A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders.
Trend Micro, which began tracking the campaign in late December 2023, said it entails the exploitation of CVE-2024-21412, a security bypass vulnerability related to Internet Shortcut Files (.URL).
Date: Wed, 14 Feb 2024
Source: https://thehackernews.com/2024/02/darkme-malware-targets-traders-using.html
Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
Description:
Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation.
Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to 24 flaws that have been fixed in the Chromium-based Edge browser since the release of the January 24 Patch Tuesday updates.
The two flaws that are listed as under active attack at the time of release are below -
CVE-2024-21351 (CVSS score: 7.6) - Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2024-21412 (CVSS score: 8.1) - Internet Shortcut Files Security Feature Bypass Vulnerability
Date: Wed, 14 Feb 2024
Source: https://thehackernews.com/2024/02/microsoft-rolls-out-patches-for-73.html
Glupteba Botnet Evades Detection with Undocumented UEFI Bootkit
Description:
The Glupteba botnet has been found to incorporate a previously undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature, adding another layer of sophistication and stealth to the malware.
"This bootkit can intervene and control the [operating system] boot process, enabling Glupteba to hide itself and create a stealthy persistence that can be extremely difficult to detect and remove," Palo Alto Networks Unit 42 researchers Lior Rochberger and Dan Yashnik said in a Monday analysis.
Date: Tue, 13 Feb 2024
Source: https://thehackernews.com/2024/02/glupteba-botnet-evades-detection-with.html
PikaBot Resurfaces with Streamlined Code and Deceptive Tactics
Description:
The threat actors behind the PikaBot malware have made significant changes to the malware in what has been described as a case of "devolution."
"Although it appears to be in a new development cycle and testing phase, the developers have reduced the complexity of the code by removing advanced obfuscation techniques and changing the network communications," Zscaler ThreatLabz researcher Nikolaos Pantazopoulos said.
Date: Tue, 13 Feb 2024
Source: https://thehackernews.com/2024/02/pikabot-resurfaces-with-streamlined.html
Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs
Description: The Water Hydra cyberattacker group is one adversary using the zero-days to get past built-in Windows protections.
Date: Tue, 13 Feb 2024
FCC Requires Telecom & VoIP Providers to Report PII Breaches
Description:
The Commission's breach rules for voice and wireless providers, untouched since 2017, have finally been updated for the modern age.
Date: Tue, 13 Feb 2024
Ivanti VPN Flaw Exploited to Inject Novel Backdoor; Hundreds Pwned
Description:
A SAML vulnerability in Ivanti appliances has led to persistent remote access and full control for opportunistic cyberattackers.
Date: Tue, 13 Feb 2024
Source: https://www.darkreading.com/cloud-security/ivanti-flaw-exploited-inject-novel-backdoor
Aircraft Leasing Company Acknowledges Cyberattack in SEC Filing
Description:
Black Basta ransomware claimed responsibility, but the company says its investigation is ongoing.
Date: Tue, 13 Feb 2024
Middle East & Africa CISOs Plan to Increase 2024 Budgets by 10%
Description:
New data shows higher-than-expected cybersecurity growth in the Middle East, Turkey, and Africa region, thanks to AI and other factors.
Date: Tue, 13 Feb 2024
Ivanti Gets Poor Marks for Cyber Incident Response
Description:
Cascading critical CVEs, cyberattacks, and delayed patching are plaguing Ivanti VPNs, and forcing cybersecurity teams to scramble for solutions. Researchers are unimpressed.
Date: Tue, 13 Feb 2024
Source: https://www.darkreading.com/cloud-security/ivanti-poor-marks-cyber-incident-response
BofA Warns Customers of Data Leak in Third-Party Breach
Description:
An attack on a technology partner claimed by LockBit ransomware exposed sensitive information, including Social Security numbers, of more than 57,000 banking customers.
Date: Tue, 13 Feb 2024
CISO and CIO Convergence: Ready or Not, Here It Comes
Description: Recent shifts underscore the importance of collaboration and alignment between these two IT leaders for successful digital transformation.
Date: Tue, 13 Feb 2024
Source: https://www.darkreading.com/cybersecurity-operations/ciso-cio-convergence-ready-or-not-here-it-comes
Prudential Financial breached in data theft cyberattack
Description:
Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later.
This leading global financial services Fortune 500 company manages roughly $1.4 trillion in assets, and it provides insurance, retirement planning, as well as wealth and investment management services to over 50 million customers across the United States, Asia, Europe, and Latin America.
Date: Tue, 13 Feb 2024
Hackers used new Windows Defender zero-day to drop DarkMe malware
Description:
Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT).
The hacking group (tracked as Water Hydra and DarkCasino) was spotted using the zero-day (CVE-2024-21412) in attacks on New Year's Eve day by Trend Micro security researchers.
"An unauthenticated attacker could send the targeted user a specially crafted file that is designed to bypass displayed security checks," Microsoft said in a security advisory issued today.
Date: Tue, 13 Feb 2024
Windows 10 KB5034763 update released with new fixes, changes
Description:
Microsoft has released the KB5034763 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes a small number of changes, including the continued rollout of changes to comply with Europe's Digital Markets Act (DMA).
KB5034763 is a mandatory Windows 10 cumulative update containing the February 2024 Patch Tuesday security updates.
Windows users can install this update by going into Settings, clicking on Windows Update, and manually performing a 'Check for Updates.'
Date: Tue, 13 Feb 2024
200,000 Facebook Marketplace user records leaked on hacking forum
Description:
A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users.
BleepingComputer verified some of the leaked data by matching the email addresses and phone numbers on random records within the sample data shared by IntelBroker, the threat actor who leaked the data online.
Date: Tue, 13 Feb 2024
Integris Health says data breach impacts 2.4 million patients
Description:
Integris Health has reported to U.S. authorities that the data breach it suffered last November exposed personal information belonging to almost 2.4 million people.
The organization is Oklahoma's largest not-for-profit healthcare network, operating hospitals, clinics, and emergency care units across the state.
Date: Tue, 13 Feb 2024
Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws
Description:
Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days.
This Patch Tuesday fixes five critical vulnerabilities, including denial of service, Remote code execution, information disclosure, and elevation of privileges vulnerabilities.
Date: Tue, 13 Feb 2024
Hackers steal $290 million in crypto from PlayDapp gaming platform
Description:
Hackers are believed to have used a stolen private key to mint and steal over $290 million in PLA tokens, a cryptocurrency used within the PlayDapp ecosystem.
PlayDapp is a blockchain-based platform that uses and trades non-fungible tokens (NFTs) within games, allowing users to buy, sell, and trade digital assets across various games without intermediaries.
Date: Tue, 13 Feb 2024
Bumblebee malware attacks are back after 4-month break
Description:
The Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns.
Bumblebee is a malware loader discovered in April 2022 and is believed to have been developed by the Conti and Trickbot cybercrime syndicate as a replacement for the BazarLoader backdoor.
Date: Tue, 13 Feb 2024
5 Steps to Improve Your Security Posture in Microsoft Teams
Description:
This article will shed light on the sources of this attack, draw parallels with previously identified vulnerabilities, and provide actionable remediation steps to fortify your organization against threats of this nature.
Review External Access
Block Invitations of External Users to Shared Channels
Limit Conversation Starters
Use Defender for Teams
Educate Staff
Date: Tue, 13 Feb 2024
Last updated
