Cyber News - 22/01/2024
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks
Description:
Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts.
CVE-2023-46604 (CVSS score: 10.0) refers to a severe vulnerability in Apache ActiveMQ that enables remote code execution. Since its public disclosure in late October 2023, it has come under active exploitation by multiple adversaries to deploy ransomware, rootkits, cryptocurrency miners, and DDoS botnets.
Date: Mon, 22 Jan 2024
Source: https://thehackernews.com/2024/01/apache-activemq-flaw-exploited-in-new.html
Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years
Description:
An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been attributed to the abuse of a critical vulnerability in VMware vCenter Server as a zero-day since late 2021.
"UNC3886 has a track record of utilizing zero-day vulnerabilities to complete their mission without being detected, and this latest example further demonstrates their capabilities," Google-owned Mandiant said in a Friday report.
Date: Sat, 20 Jan 2024
Source: https://thehackernews.com/2024/01/chinese-hackers-silently-weaponized.html
CISA Issues Emergency Directive to Federal Agencies on Ivanti Zero-Day Exploits
Desciption:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products.
The development arrives as the vulnerabilities – an authentication bypass (CVE-2023-46805) and a code injection bug (CVE-2024-21887) – have come under widespread exploitation by multiple threat actors. The flaws allow a malicious actor to craft malicious requests and execute arbitrary commands on the system.
Date: Sat, 20 Jan 2024
Source: https://thehackernews.com/2024/01/cisa-issues-emergency-directive-to.html
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
Description:
Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. The Windows maker attributed the attack to a Russian advanced persistent threat (APT) group it tracks as Midnight Blizzard (formerly
Date: Sat, 20 Jan 2024
Source: https://thehackernews.com/2024/01/microsofts-top-execs-emails-breached-in.html
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware
Description:
The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files.
Date: Sat, 20 Jan 2024
Source: https://thehackernews.com/2024/01/invoice-phishing-alert-ta866-deploys.html
Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software
Description:
Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines.
The backdoored disk image (DMG) files, which have been modified to establish communications with actor-controlled infrastructure, include legitimate software like Navicat Premium, UltraEdit, FinalShell, SecureCRT, and Microsoft Remote Desktop.
Date: Fri, 19 Jan 2024
Source: https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html
35.5 million customers of major apparel brands have their data breached after ransomware attack
Description:
Bought some Timberland shoes? Wear a North Face jacket? You, and millions of purchasers of other popular high-street brands, could have had their data stolen by the ALPHV ransomware group.
Date: Fri, 19 Jan 2024
In Other News: WhatsApp Privacy Issue, Spying via Ambient Light Sensor, Bigpanzi Botnet
Description:
Noteworthy stories that might have slipped under the radar: WhatsApp privacy issue remains unpatched, spying via tablet ambient light sensors, and the Bigpanzi botnet.
Date: Sat, 20 Jan 2024
Microsoft Says Russian Gov Hackers Stole Email Data From Senior Execs
Description:
A Russian government-backed hacking team broke into Microsoft�s corporate network and stole emails and attachments from senior executives.
Date: Fri, 19 Jan 2024
Source: https://www.securityweek.com/microsoft-says-russian-gov-hackers-stole-email-data-from-senior-execs/
Critical Vulnerabilities Found in Open Source AI/ML Platforms
Description:
Security researchers flag multiple severe vulnerabilities in open source AI/ML solutions MLflow, ClearML, Hugging Face.
Date: Fri, 19 Jan 2024
Source: https://www.securityweek.com/critical-vulnerabilities-found-in-ai-ml-open-source-platforms/
US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities
Description:
The US government on Thursday published new guidance aimed at helping organizations in the water and wastewater (WWS) sector improve their cyber resilience and incident response capabilities.
Date: Fri, 19 Jan 2024
Canadian Man Stuck in Triangle of E-Commerce Fraud
Description:
A Canadian man who says he's been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name. His case appears to involve "triangulation fraud," which occurs when a consumer purchases something online -- from a seller on Amazon or eBay, for example -- but the seller doesn't actually own the item for sale. Instead, the seller purchases the item from an online retailer using stolen payment card data. In this scam, the unwitting buyer pays the scammer and receives what they ordered, and very often the only party left to dispute the transaction is the owner of the stolen payment card.
Date: Fri, 19 Jan 2024
Source: https://krebsonsecurity.com/2024/01/canadian-man-stuck-in-triangle-of-e-commerce-fraud/
Tietoevry ransomware attack causes outages for Swedish firms, cities
Description:
Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang.
Tietoevry is a Finnish IT services company offering managed services and cloud hosting for the enterprise. The company employs approximately 24,000 people worldwide and had a 2023 revenue of $3.1 billion.
Tietoevry confirmed today that the ransomware attack occurred Friday night into Saturday morning and has impacted only one of their data centers in Sweden.
Date: Sun, 21 Jan 2024
Watch out for "I can't believe he is gone" Facebook phishing posts
Description:
A widespread Facebook phishing campaign stating, "I can't believe he is gone. I'm gonna miss him so much," leads unsuspecting users to a website that steals your Facebook credentials.
This phishing attack is ongoing and widely spread on Facebook through friend's hacked accounts, as the threat actors build a massive army of stolen accounts for use in further scams on the social media platform.
Date: Sun, 21 Jan 2024
Brave to end 'Strict' fingerprinting protection as it breaks websites
Description:
Brave Software has announced plans to deprecate the 'Strict' fingerprinting protection mode in its privacy-focused Brave Browser because it causes many sites to function incorrectly.
Fingerprinting protection in Brave Browser is a feature designed to enhance user privacy by preventing websites from tracking users through a technique called fingerprinting.
Date: Sun, 21 Jan 2024
Court charges dev with hacking after cybersecurity issue disclosure
Description:
A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorized access to external computer systems and spying on data.
According to the original report by Heise, the programmer, operating as a freelance IT service provider, was initially tasked by a client to resolve excessive log generation issues with the merchandise management software they were using.
Date: Sat, 20 Jan 2024
Researchers link 3AM ransomware to Conti, Royal cybercrime gangs
Description:
Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang.
3AM, also spelled ThreeAM, has also been trying out a new extortion tactic: sharing news of a data leak with the victim’s social media followers and using bots to reply to high-ranking accounts on X (formerly Twitter) with messages pointing to data leaks.
Date: Sat, 20 Jan 2024
Meta won't remove fake Instagram profiles that are clearly catfishing
Description:
Imposters and romance scammers abusing social media to con people is hardly a novel occurrence.
The problem seems to have gotten much worse on Instagram over the past year, however, with its parent company Meta falling short of effectively tackling fake profiles even when there are sufficient signs to indicate that a profile is misusing someone else's photos and identity.
Date: Sat, 20 Jan 2024
BreachForums hacking forum admin sentenced to 20 years supervised release
Description:
Conor Brian Fitzpatrick was sentenced to 20 years of supervised release today in the Eastern District of Virginia for operating the notorious BreachForums hacking forum, known for the sale and leaking of personal data for hundreds of millions of people worldwide.
Date: Fri, 19 Jan 2024
Payoneer accounts in Argentina hacked in 2FA bypass attacks
Description:
Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping.
Payoneer is a financial services platform providing online money transfer and digital payment services. It is popular in Argentina because it allows people to earn in foreign currencies while bypassing local banking regulations.
Date: Fri, 19 Jan 2024
Melbourne man pleads guilty to buying stolen data on Genesis Market
Description:
Sentenced to 150 hours of community work.
Date: Mon, 22 Jan 2024
Progress Software patches critical OpenEdge vulnerability
Description:
According to an advisory, CVE-2023-40051 affects OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0.
“An attacker can formulate a request for a web transport that allows unintended file uploads to a server directory path on the system running PASOE," the advisory states.
Date: Mon, 22 Jan 2024
Last updated
