Cyber News - 24/01/2024
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin
Description:
A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user.
Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10.
Date: Wed, 24 Jan 2024
Source: https://thehackernews.com/2024/01/patch-your-goanywhere-mft-immediately.html
VexTrio: The Uber of Cybercrime - Brokering Malware for 60+ Affiliates
Description:
The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of a massive "criminal affiliate program," new findings from Infoblox reveal.
Date: Tue, 23 Jan 2024
Source: https://thehackernews.com/2024/01/vextrio-uber-of-cybercrime-brokering.html
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Description:
Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems on which they were installed.
The modules named warbeast2000 and kodiak2k were published at the start of the month, attracting 412 and 1,281 downloads before they were taken down by the npm maintainers. The most recent downloads occurred on January 21, 2024.
Date: Tue, 23 Jan 2024
Source: https://thehackernews.com/2024/01/malicious-npm-packages-exfiltrate-1600.html
"Activator" Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets
Description:
Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data.
Kaspersky, which identified the artifacts in the wild, said they are designed to target machines running macOS Ventura 13.6 and later, indicating the malware's ability to infect Macs on both Intel and Apple silicon processor architectures.
Date: Tue, 23 Jan 2024
Source: https://thehackernews.com/2024/01/activator-alert-macos-malware-hides-in.html
From Megabits to Terabits: Gcore Radar Warns of a New Era of DDoS Attacks
Description:
As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track DDoS attacks. Gcore's broad, internationally distributed network of scrubbing centers allows them to follow attack trends over time. Read on to learn about DDoS attack trends for Q3–Q4 of 2023, and what they mean for developing a robust protection strategy in 2024.
Date: Tue, 23 Jan 2024
Source: https://thehackernews.com/2024/01/from-megabits-to-terabits-gcore-radar.html
Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets
Description:
Hackers could exploit Lamassu Douro ATM vulnerabilities to take over devices, steal bitcoin from users.
Date: Tue, 23 Jan 2024
Source: https://www.securityweek.com/vulnerabilities-in-lamassu-bitcoin-atms-could-lead-to-wallet-draining/
High-Severity Vulnerability Patched in Splunk Enterprise
Description:
The latest Splunk Enterprise releases patch multiple vulnerabilities, including a high-severity flaw in the Windows version.
Date: Tue, 23 Jan 2024
Source: https://www.securityweek.com/high-severity-vulnerability-patched-in-splunk-enterprise/
Aviation Leasing Giant AerCap Hit by Ransomware Attack
Description:
AerCap, the largest aviation leasing company in the world, was hit by a ransomware attack on January 17th.
Date: Tue, 23 Jan 2024 13:04:59 +0000
Source: https://www.securityweek.com/aircraft-lessor-aercap-confirms-ransomware-attack/
SEC Says X Account Hacked via SIM Swapping
Description:
The US Securities and Exchange Commission on Monday revealed that hackers used SIM swapping to take over its X (formerly Twitter) account.
The hack occurred on January 9, when a post sent from the agency’s @SECGov account on the social platform announced that a long-awaited bitcoin exchange-traded fund (ETF) was approved. The post caused the price of bitcoin to spike more than $1,000.
Date: Tue, 23 Jan 2024
Source: https://www.securityweek.com/sec-says-x-account-hacked-via-sim-swapping/
Water services giant Veolia North America hit by ransomware attack
Description:
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems.
After detecting the attack, Veolia has implemented defensive measures, temporarily taking some systems offline to contain the breach.
Date: Tue, 23 Jan 2024
Trello API abused to link email addresses to 15 million accounts
Description:
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.
Trello is an online project management tool owned by Atlassian that is commonly used by businesses to organize data and tasks into boards, cards, and lists.
Date: Tue, 23 Jan 2024
Kasseika ransomware uses antivirus driver to kill other antiviruses
Description:
A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files.
Kasseika abuses the Martini driver (Martini.sys/viragt64.sys), part of TG Soft's VirtIT Agent System, to disable antivirus products protecting the targeted system.
Date: Tue, 23 Jan 2024
Microsoft identifies role in tracking Medibank attacker
Description:
Microsoft has quietly disclosed that it played a "key role" in feeding information to the Australian Signals Directorate that helped identify who was behind the 2022 Medibank cyber attack.
Date: Wed, 24 Jan 2024
Last updated
