Cyber News - 16/01/2024
Last updated
Last updated
Description:
The recent discovery of a security problem, known as MyFlaw, has raised concerns for users of the popular Opera web browser on both Windows and macOS. This flaw has the potential to become a gateway for hackers to run unauthorized files on users' operating systems. The vulnerability exploits a feature called My Flow, designed to sync messages and files between desktop devices, in the Opera browser. The diligent team at Guardio Labs was responsible for uncovering this issue, prompting Opera to quickly release an update to fix it. This incident serves as a crucial reminder of the persistent challenges and potential hazards surrounding browser security. It also highlights the critical need for constant vigilance and advancements in cybersecurity measures.
Date: Mon, 15 Jan 2024
Source: https://thehackernews.com/2024/01/opera-myflaw-bug-could-let-hackers-run.html
Description:
The article from The Hacker News discusses three emerging ransomware groups that are gaining attention in the cybersecurity field. These groups, known for their distinctive tactics and growing influence, represent a shift in the landscape of cyber threats. The analysis in the article delves into the methodologies and potential impacts of these groups, underscoring the evolving nature of cyber threats and the importance of staying informed about new adversaries in the digital domain.
Date: Mon, 15 Jan 2024
Source: https://thehackernews.com/2024/01/3-ransomware-group-newcomers-to-watch.html
Description:
The article from The Hacker News discusses significant security vulnerabilities discovered in Bosch's BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners. These flaws could allow attackers to execute arbitrary code on the affected systems. The thermostat vulnerability, identified by Bitdefender, could enable attackers to alter the device firmware. Bosch addressed this issue in a firmware update. Additionally, over two dozen flaws in Rexroth nutrunners were found that could disrupt operations and potentially install ransomware. Bosch is expected to release patches for these vulnerabilities by the end of January 2024.
Date: Mon, 15 Jan 2024
Source: https://thehackernews.com/2024/01/high-severity-flaws-uncovered-in-bosch.html
Description:
The Hacker News article details a malware campaign involving over 7,100 WordPress sites compromised through a vulnerability in the Popup Builder plugin. The malware, known as Balada Injector, redirects visitors to fraudulent sites and has been active since 2017, affecting nearly a million sites. It exploits a high-severity flaw in the plugin, allowing attackers to gain control and carry out malicious activities, including installing backdoors and creating rogue administrators. The article underscores the importance of web security and the need for regular updates and vigilance against such threats.
Date: Mon, 15 Jan 2024
Source: https://thehackernews.com/2024/01/balada-injector-infects-over-7100.html
Description:
Bitdefender blog post reports on a scam involving individuals who falsely claim to have found lost pets, targeting the pets' distraught owners. These scammers manipulate the owners' emotional vulnerability by demanding ransoms for the supposed return of their pets. This scheme highlights the callous methods used by scammers to exploit individuals in distressing situations, particularly those desperate to reunite with their missing animals.
Date: Mon, 15 Jan 2024
Description:
The Tripwire article reports on critical vulnerabilities found in the POST SMTP Mailer plugin, used on over 300,000 WordPress websites. These flaws, discovered by Wordfence, could allow attackers to reset the plugin's API key and view sensitive logs, leading to unauthorized site access, content modification, and potential installation of backdoors. Another flaw enables script injection into webpages. The plugin's developers fixed these issues in an update released on January 1, 2024. However, only about half of the installations have updated, leaving many sites still vulnerable.
Date: Mon, 15 Jan 2024
Description:
In a recent event in Ukraine, authorities apprehended a 29-year-old individual for allegedly operating a $2 million cryptocurrency mining scheme. This operation, which started in 2021, involved hacking over 1,500 user accounts in a major e-commerce company using automated brute-forcing attacks. The attacker gained management access and deployed cryptocurrency mining malware, reportedly creating over a million virtual computers for this purpose. The Ukrainian police seized various items during searches at three locations, and investigations are ongoing to uncover any potential accomplices and links to pro-Russian hacking groups.
Date: Mon, 15 Jan 2024
Description:
Cybersecurity firm Trend Micro has reported a significant vulnerability in Windows SmartScreen being exploited in a recent malware campaign. The vulnerability, identified as CVE-2023-36025, allows attackers to deploy Phemedrone Stealer, a new malware strain, by sending crafted internet shortcut files that bypass SmartScreen checks. This malware can extract a wide range of information from infected systems, including data from browsers, cryptocurrency wallets, and messaging applications. Despite the vulnerability being patched, it continues to be exploited, highlighting ongoing challenges in cybersecurity defenses.
Date: Mon, 15 Jan 2024
Source: https://www.securityweek.com/information-stealer-exploits-windows-smartscreen-bypass/
Description:
GitLab recently patched a critical vulnerability (CVE-2023-7028) that affected their email verification process. This flaw, present in versions from 16.1 to 16.7.1, could be exploited to redirect password reset emails to unverified addresses, potentially leading to account takeovers. While two-factor authentication (2FA) accounts were less vulnerable, they were not immune to password reset attacks. The issue was fixed in multiple GitLab versions, and users are advised to update their installations and enable 2FA for added security.
Date: Mon, 15 Jan 2024
Source: https://www.securityweek.com/gitlab-patches-critical-password-reset-vulnerability/
Description:
There's been a notable surge in botnet scanning activity, primarily due to malicious actors exploiting cheap or free cloud services. Netscout observed a significant increase in the number of IP addresses involved in these scans, indicating a growing trend in the use of cloud servers for initiating botnet attacks. This activity is largely focused on reconnaissance, searching for vulnerabilities to exploit in various systems.
Date: Mon, 15 Jan 202
Source: https://www.securityweek.com/cloud-server-abuse-leads-to-huge-spike-in-botnet-scanning/
Description:
A recent report highlights a phishing scam involving fake antivirus renewal emails. These emails deceive recipients into thinking they're being charged for antivirus subscription renewals. When victims call the provided number to cancel, scammers trick them into installing remote access software, leading to malware infection and credential theft. In one case, a victim was duped into transferring $34,000 to the scammer. The U.S. Secret Service is actively investigating, and a court document reveals the funds were traced to a suspect's bank account.
Date: Mon, 15 Jan 2024
Description:
Microsoft is addressing an issue in Windows 10, where installing the KB5034441 security update results in error 0x80070643. This error occurs on systems with insufficient disk space in the Windows Recovery Environment (WinRE) partition. Microsoft has provided detailed instructions for resizing the WinRE partition and released a PowerShell script to help automate this update, especially addressing the BitLocker encryption bypass vulnerability.
Date: Mon, 15 Jan 2024
Description:
Over 178,000 SonicWall firewalls are vulnerable to potential denial-of-service (DoS) and remote code execution (RCE) attacks due to a security flaw. This vulnerability, identified as CVE-2023-20076, affects various SonicWall firewall models. SonicWall has released patches to address the issue and urges users to update their devices promptly to prevent exploitation.
Date: Mon, 15 Jan 2024
Description:
The latest update to a popular ad-blocking extension has caused a significant performance issue on YouTube, impacting numerous users. This problem, stemming from the extension's recent update, has led to slower loading times and reduced functionality on the video platform.
Date: Mon, 15 Jan 2024
Description:
Several Australian brands, including Network 10 and Bunnings, have removed TikTok's tracking pixel from their websites amid privacy concerns. This decision follows a report revealing the pixel's potential for excessive data collection. The tracking pixel, known for gathering extensive user data, has raised questions about privacy and data security, prompting these brands to act to protect user privacy.
Date: Tue, 16 Jan 2024