Cyber News - 22/01/2024
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Last updated
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Last updated
Description:
Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts.
CVE-2023-46604 (CVSS score: 10.0) refers to a severe vulnerability in Apache ActiveMQ that enables remote code execution. Since its public disclosure in late October 2023, it has come under active exploitation by multiple adversaries to deploy ransomware, rootkits, cryptocurrency miners, and DDoS botnets.
Date: Mon, 22 Jan 2024
Source: https://thehackernews.com/2024/01/apache-activemq-flaw-exploited-in-new.html
Description:
An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021.
"UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, and this latest example further demonstrates their capabilities," Google-owned Mandiant said in a Friday report.
Date: Sat, 20 Jan 2024
Source: https://thehackernews.com/2024/01/chinese-hackers-silently-weaponized.html
Desciption:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.
The development arrives as the vulnerabilities – an authentication bypass (CVE-2023-46805) and a code injection bug (CVE-2024-21887) – have come under widespread exploitation by multiple threat actors. The flaws allow a malicious actor to craft malicious requests and execute arbitrary commands on the system.
Date: Sat, 20 Jan 2024
Source: https://thehackernews.com/2024/01/cisa-issues-emergency-directive-to.html
Description:
Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly
Date: Sat, 20 Jan 2024
Source: https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html
Description:
The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files.
Date: Sat, 20 Jan 2024
Source: https://thehackernews.com/2024/01/invoice-phishing-alert-ta866-deploys.html
Description:
Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines.
The backdoored disk image (DMG) files, which have been modified to establish communications with actor-controlled infrastructure, include legitimate software like Navicat Premium, UltraEdit, FinalShell, SecureCRT, and Microsoft Remote Desktop.
Date: Fri, 19 Jan 2024
Source: https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html
Description:
Bought some Timberland shoes? Wear a North Face jacket? You, and millions of purchasers of other popular high-street brands, could have had their data stolen by the ALPHV ransomware group.
Date: Fri, 19 Jan 2024
Description:
Noteworthy stories that might have slipped under the radar: WhatsApp privacy issue remains unpatched, spying via tablet ambient light sensors, and the Bigpanzi botnet.
Date: Sat, 20 Jan 2024
Description:
A Russian government-backed hacking team broke into Microsoft�s corporate network and stole emails and attachments from senior executives.
Date: Fri, 19 Jan 2024
Source: https://www.securityweek.com/microsoft-says-russian-gov-hackers-stole-email-data-from-senior-execs/
Description:
Security researchers flag multiple severe vulnerabilities in open source AI/ML solutions MLflow, ClearML, Hugging Face.
Date: Fri, 19 Jan 2024
Source: https://www.securityweek.com/critical-vulnerabilities-found-in-ai-ml-open-source-platforms/
Description:
The US government on Thursday published new guidance aimed at helping organizations in the water and wastewater (WWS) sector improve their cyber resilience and incident response capabilities.
Date: Fri, 19 Jan 2024
Description:
A Canadian man who says he's been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name. His case appears to involve "triangulation fraud," which occurs when a consumer purchases something online -- from a seller on Amazon or eBay, for example -- but the seller doesn't actually own the item for sale. Instead, the seller purchases the item from an online retailer using stolen payment card data. In this scam, the unwitting buyer pays the scammer and receives what they ordered, and very often the only party left to dispute the transaction is the owner of the stolen payment card.
Date: Fri, 19 Jan 2024
Source: https://krebsonsecurity.com/2024/01/canadian-man-stuck-in-triangle-of-e-commerce-fraud/
Description:
Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang.
Tietoevry is a Finnish IT services company offering managed services and cloud hosting for the enterprise. The company employs approximately 24,000 people worldwide and had a 2023 revenue of $3.1 billion.
Tietoevry confirmed today that the ransomware attack occurred Friday night into Saturday morning and has impacted only one of their data centers in Sweden.
Date: Sun, 21 Jan 2024
Description:
A widespread Facebook phishing campaign stating, "I can't believe he is gone. I'm gonna miss him so much," leads unsuspecting users to a website that steals your Facebook credentials.
This phishing attack is ongoing and widely spread on Facebook through friend's hacked accounts, as the threat actors build a massive army of stolen accounts for use in further scams on the social media platform.
Date: Sun, 21 Jan 2024
Description:
Brave Software has announced plans to deprecate the 'Strict' fingerprinting protection mode in its privacy-focused Brave Browser because it causes many sites to function incorrectly.
Fingerprinting protection in Brave Browser is a feature designed to enhance user privacy by preventing websites from tracking users through a technique called fingerprinting.
Date: Sun, 21 Jan 2024
Description:
A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorized access to external computer systems and spying on data.
According to the original report by Heise, the programmer, operating as a freelance IT service provider, was initially tasked by a client to resolve excessive log generation issues with the merchandise management software they were using.
Date: Sat, 20 Jan 2024
Description:
Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang.
3AM, also spelled ThreeAM, has also been trying out a new extortion tactic: sharing news of a data leak with the victim’s social media followers and using bots to reply to high-ranking accounts on X (formerly Twitter) with messages pointing to data leaks.
Date: Sat, 20 Jan 2024
Description:
Imposters and romance scammers abusing social media to con people is hardly a novel occurrence.
The problem seems to have gotten much worse on Instagram over the past year, however, with its parent company Meta falling short of effectively tackling fake profiles even when there are sufficient signs to indicate that a profile is misusing someone else's photos and identity.
Date: Sat, 20 Jan 2024
Description:
Conor Brian Fitzpatrick was sentenced to 20 years of supervised release today in the Eastern District of Virginia for operating the notorious BreachForums hacking forum, known for the sale and leaking of personal data for hundreds of millions of people worldwide.
Date: Fri, 19 Jan 2024
Description:
Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping.
Payoneer is a financial services platform providing online money transfer and digital payment services. It is popular in Argentina because it allows people to earn in foreign currencies while bypassing local banking regulations.
Date: Fri, 19 Jan 2024
Description:
Sentenced to 150 hours of community work.
Date: Mon, 22 Jan 2024
Description:
According to an advisory, CVE-2023-40051 affects OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0.
“An attacker can formulate a request for a web transport that allows unintended file uploads to a server directory path on the system running PASOE," the advisory states.
Date: Mon, 22 Jan 2024
