Cyber News - 24/01/2024
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Description:
A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user.
Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10.
Date: Wed, 24 Jan 2024
Source: https://thehackernews.com/2024/01/patch-your-goanywhere-mft-immediately.html
Description:
The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio as part of a massive "criminal affiliate program," new findings from Infoblox reveal.
Date: Tue, 23 Jan 2024
Source: https://thehackernews.com/2024/01/vextrio-uber-of-cybercrime-brokering.html
Description:
Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems on which they were installed.
The modules named warbeast2000 and kodiak2k were published at the start of the month, attracting 412 and 1,281 downloads before they were taken down by the npm maintainers. The most recent downloads occurred on January 21, 2024.
Date: Tue, 23 Jan 2024
Source: https://thehackernews.com/2024/01/malicious-npm-packages-exfiltrate-1600.html
Description:
Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data.
Kaspersky, which identified the artifacts in the wild, said they are designed to target machines running macOS Ventura 13.6 and later, indicating the malware's ability to infect Macs on both Intel and Apple silicon processor architectures.
Date: Tue, 23 Jan 2024
Source: https://thehackernews.com/2024/01/activator-alert-macos-malware-hides-in.html
Description:
As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases internal analytics to track DDoS attacks. Gcore's broad, internationally distributed network of scrubbing centers allows them to follow attack trends over time. Read on to learn about DDoS attack trends for Q3โQ4 of 2023, and what they mean for developing a robust protection strategy in 2024.
Date: Tue, 23 Jan 2024
Source: https://thehackernews.com/2024/01/from-megabits-to-terabits-gcore-radar.html
Description:
Hackers could exploit Lamassu Douro ATM vulnerabilities to take over devices, steal bitcoin from users.
Date: Tue, 23 Jan 2024
Source: https://www.securityweek.com/vulnerabilities-in-lamassu-bitcoin-atms-could-lead-to-wallet-draining/
Description:
The latest Splunk Enterprise releases patch multiple vulnerabilities, including a high-severity flaw in the Windows version.
Date: Tue, 23 Jan 2024
Source: https://www.securityweek.com/high-severity-vulnerability-patched-in-splunk-enterprise/
Description:
AerCap, the largest aviation leasing company in the world, was hit by a ransomware attack on January 17th.
Date: Tue, 23 Jan 2024 13:04:59 +0000
Source: https://www.securityweek.com/aircraft-lessor-aercap-confirms-ransomware-attack/
Description:
The US Securities and Exchange Commission on Monday revealed that hackers used SIM swapping to take over its X (formerly Twitter) account.
The hack occurred on January 9, when a post sent from the agencyโs @SECGov account on the social platform announced that a long-awaited bitcoin exchange-traded fund (ETF) was approved. The post caused the price of bitcoin to spike more than $1,000.
Date: Tue, 23 Jan 2024
Source: https://www.securityweek.com/sec-says-x-account-hacked-via-sim-swapping/
Description:
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems.
After detecting the attack, Veolia has implemented defensive measures, temporarily taking some systems offline to contain the breach.
Date: Tue, 23 Jan 2024
Description:
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.
Trello is an online project management tool owned by Atlassian that is commonly used by businesses to organize data and tasks into boards, cards, and lists.
Date: Tue, 23 Jan 2024
Description:
A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files.
Kasseika abuses the Martini driver (Martini.sys/viragt64.sys), part of TG Soft's VirtIT Agent System, to disable antivirus products protecting the targeted system.
Date: Tue, 23 Jan 2024
Description:
Microsoft has quietly disclosed that it played a "key role" in feeding information to the Australian Signals Directorate that helped identify who was behind the 2022 Medibank cyber attack.
Date: Wed, 24 Jan 2024