Cyber News - 17/01/2024
Last updated
Last updated
Description:
A security alert has been issued for over 178,000 SonicWall firewalls. These devices are at risk due to two significant vulnerabilities that could lead to denial-of-service attacks and remote code execution. It's essential for users to update to the latest version and ensure their management interface is not exposed online. Notably, a large number of these devices remain vulnerable to a bug discovered nearly two years ago. The severity of the situation is underlined by the potential for attackers to cause repeated crashes and force the devices into maintenance mode.
Date: Tue, 16 Jan 2024
Source: https://thehackernews.com/2024/01/alert-over-178000-sonicwall-firewalls.html
Description:
The article discusses a case study about a major global retail client who faced a privacy issue due to misconfigured cookie management. The company, unbeknownst to them, was using cookies on their websites without obtaining proper user consent, which is a violation of data privacy laws like the GDPR. This situation was uncovered by Reflectiz, a website security company, whose exposure management solution identified the issue across 37 domains. The case study highlights the importance of proper cookie management and the need for continuous monitoring to comply with data privacy regulations, avoid fines, and maintain user trust.
Date: Tue, 16 Jan 2024
Source: https://thehackernews.com/2024/01/case-study-cookie-privacy-monster-in.html
Description:
A new cybersecurity concern has emerged involving the Remcos RAT (Remote Access Trojan), which is being spread through adult-themed games. This malicious software is particularly targeting users in South Korea through a popular online file storage system called WebHard. The attack strategy involves tricking users into downloading what appears to be adult games, but in reality, these files contain dangerous malware. Remcos RAT, known for its ability to remotely control and surveil compromised systems, is a significant threat as it can extract sensitive information and manipulate systems without the user's knowledge.
Date: Tue, 16 Jan 2024
Source: https://thehackernews.com/2024/01/remcos-rat-spreading-through-adult.html
Description:
A cybersecurity report has revealed the extensive damage caused by the Inferno Drainer malware, which impersonated the cryptocurrency platform Coinbase. This sophisticated scam operation drained approximately $87 million from over 137,000 victims. The malware operators created a vast network of over 16,000 unique malicious domains to execute their scheme. They used high-quality phishing pages, mimicking legitimate cryptocurrency services, to deceive users into connecting their wallets to the attackers' infrastructure. This allowed the attackers to authorize transactions without the users' knowledge, leading to significant financial losses.
Date: Tue, 16 Jan 2024
Source: https://thehackernews.com/2024/01/inferno-malware-masqueraded-as-coinbase.html
Description:
Cybersecurity researchers have identified a new threat where hackers are exploiting a vulnerability in Windows to deploy the Phemedrone Stealer, a crypto-siphoning malware. This vulnerability, previously patched by Microsoft, allows the malware to bypass Windows Defender SmartScreen protections. The malware targets data from web browsers, cryptocurrency wallets, and messaging apps, and can even gather system information and screenshots. This case emphasizes the continued risk of even patched vulnerabilities and the sophistication of current cyber threats.
Date: Tue, 16 Jan 2024
Source: https://thehackernews.com/2024/01/hackers-weaponize-windows-flaw-to.html
Description:
Google has released an urgent update for the Chrome browser to address three high-severity security flaws, including a zero-day vulnerability being actively exploited. The zero-day, identified as CVE-2024-0519, involves an out-of-bounds memory access issue in Chrome's V8 JavaScript engine. Although details about the attacks are not disclosed, this update underlines the importance of keeping browsers up to date to protect against such vulnerabilities.
Date: Tue, 16 Jan 2024
Source: https://www.securityweek.com/google-warns-of-chrome-browser-zero-day-being-exploited/
Description:
The article emphasizes the need for caution when embracing Internet of Things (IoT) devices. It warns that although IoT devices offer convenience and innovative features, they often come with significant security and privacy risks. These risks include questionable data handling, lack of robust security measures, and potential exposure of personal information. The piece highlights the importance of thorough research and scrutiny of IoT devices, their manufacturers, and privacy policies to ensure that these "gifts" do not turn into ongoing liabilities in terms of security and privacy.
Date: Tue, 16 Jan 2024
Description:
A series of vulnerabilities have been identified in PAX's Android-based point-of-sale (PoS) terminals, posing significant security risks. These vulnerabilities could allow attackers to execute arbitrary code or commands, impacting payment processing integrity. While direct access to decrypted payment information remains secure, transaction amounts and related data could be altered. PAX has addressed these vulnerabilities with patches, following their discovery and reporting by STM Cyber, a penetration testing firm.
Date: Tue, 16 Jan 2024
Source: https://www.securityweek.com/vulnerabilities-expose-pax-payment-terminals-to-hacking/
Description:
VMware is advising customers to urgently patch a critical vulnerability in its Aria Automation platform, identified as CVE-2023-34063 with a CVSS score of 9.9. This flaw, a missing access control issue, could allow an authenticated attacker unauthorized access to remote organizations and workflows. Patches have been released for affected versions, although there's no evidence of the vulnerability being exploited in the wild yet. This situation highlights the importance of prompt updates in IT security.
Date: Tue, 16 Jan 2024
Source: https://www.securityweek.com/vmware-urges-customers-to-patch-critical-aria-automation-vulnerability/
Description:
The article features a conversation with HD Moore, known for developing Metasploit. It delves into the nuanced definitions of hacking, categorizing hackers as moral (researchers or pentesters), amoral (curious individuals), and immoral (malicious hackers). Moore shares insights from his past, reflecting on the gray areas of hacking legality and his journey in the cybersecurity field. The discussion also touches on the challenges ethical hackers face with laws like the CFAA, and how Moore’s creation of Metasploit played a pivotal role in the evolution of vulnerability disclosure and cybersecurity practices.
Date: Tue, 16 Jan 2024
Source: https://www.securityweek.com/hacker-conversations-hd-moore-and-the-line-between-black-and-white/
Description:
The article discusses the rapid evolution of macOS info-stealers to bypass Apple's built-in anti-malware system, XProtect. SentinelOne's report highlights three notable malware variants - KeySteal, Atomic Stealer, and CherryPie - that demonstrate this evasion. Despite Apple's regular updates to XProtect, these malware types adapt quickly, employing various tactics like obfuscation, anti-VM checks, and disabling security features. The situation underscores the limitations of relying solely on static detection methods in cybersecurity.
Date: Tue, 16 Jan 2024
Description:
Citrix has alerted customers about two actively exploited zero-day vulnerabilities in Netscaler ADC and Gateway appliances. These vulnerabilities, identified as CVE-2023-6548 and CVE-2023-6549, pose risks of remote code execution and denial-of-service attacks. The exploitation requires the attacker to have low-privilege account access and specific network configurations. Citrix emphasizes the urgency of patching these vulnerabilities to prevent potential attacks.
Date: Tue, 16 Jan 2024
Description:
Calvià, a city in Majorca, was hit by a ransomware attack, demanding a ransom of approximately $11 million. This cyberattack disrupted municipal services and led to the formation of a crisis committee. The city is working on restoring services and has suspended certain administrative deadlines until the end of January. Forensic analysis is underway to assess the extent of the breach. The city has reported the incident to the police's cybercrime department and has stated that they will not pay the ransom.
Date: Tue, 16 Jan 2024
Description:
The FBI has issued a warning about the AndroXgh0st malware, which targets Android devices and is part of a botnet. This malware can steal Amazon Web Services and Microsoft credentials, posing a significant risk to users. It's spread through SMS phishing attacks, misleading victims into downloading a malicious app. Once installed, the malware gains extensive permissions, allowing it to access and transmit sensitive data. The FBI advises users to be vigilant against SMS phishing and to secure their devices.
Date: Tue, 16 Jan 2024 12:34:28 -0500
Description:
The article explores the dual role of AI in cybersecurity, highlighting both its benefits and potential misuse. AI offers significant advantages in enhancing cybersecurity measures but is also exploited by hackers to intensify cyberattacks. The piece discusses how AI is used in social engineering, spreading malware, and enhancing malware stealth. It emphasizes the need for robust cybersecurity strategies, including regular web application security testing, to stay ahead of AI-assisted cyber threats.
Date: Tue, 16 Jan 2024 10:02:01 -0500
Description:
Ivanti's Connect Secure VPN products are facing mass exploitation due to two zero-day vulnerabilities. These flaws, which allow for remote code execution and unauthorized access, are being targeted by attackers. Ivanti has urged customers to apply available patches to mitigate these vulnerabilities. The widespread exploitation of these security gaps highlights the critical nature of maintaining up-to-date security measures in VPN products.
Date: Mon, 15 Jan 2024
Description:
Atlassian has released an urgent patch for its Confluence software, addressing a critical vulnerability. This update is crucial for ensuring the security of Confluence instances against potential exploits. Users and administrators of Atlassian Confluence are highly recommended to apply this patch promptly to protect their systems.
Date: Wed, 17 Jan 2024