Cyber News - 25/01/2024
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits
Description:
A new Go-based malware loader called CherryLoader has been discovered by threat hunters in the wild to deliver additional payloads onto compromised hosts for follow-on exploitation.
Arctic Wolf Labs, which discovered the new attack tool in two recent intrusions, said the loader's icon and name masquerades as the legitimate CherryTree note-taking application to dupe potential victims into installing it.
Date: Thu, 25 Jan 2024
Source: https://thehackernews.com/2024/01/new-cherryloader-malware-mimics.html
Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach
Description:
Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud email environment to exfiltrate mailbox data.
Date: Thu, 25 Jan 2024
Source: https://thehackernews.com/2024/01/tech-giant-hp-enterprise-hacked-by.html
Google Kubernetes Misconfig Lets Any Gmail Account Control Your Clusters
Description:
Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine (GKE) that could be potentially exploited by threat actors with a Google account to take control of a Kubernetes cluster.
The critical shortcoming has been codenamed Sys:All by cloud security firm Orca. As many as 250,000 active GKE clusters in the wild are estimated to be susceptible to the attack vector.
Date: Wed, 24 Jan 2024
Source: https://thehackernews.com/2024/01/google-kubernetes-misconfig-lets-any.html
Kasseika Ransomware Using BYOVD Trick to Disarm Security Pre-Encryption
Description:
The ransomware group known as Kasseika has become the latest to leverage the Bring Your Own Vulnerable Driver (BYOVD) attack to disarm security-related processes on compromised Windows hosts, joining the likes of other groups like Akira, AvosLocker, BlackByte, and RobbinHood.
Date: Wed, 24 Jan 2024
Source: https://thehackernews.com/2024/01/kasseika-ransomware-using-byovd-trick.html
Smashing Security podcast #356: Big dumpers, AI defamation, and the slug that slurped
Description:
This week the podcast is more lavatorial than usual, as we explore how privacy may have gone to sh*t on Google Maps, our guest drives hands-free on Britain's motorways (and is defamed by AI), and ransomware attacks an airplane-leasing firm. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by BBC Technology Editor Zoe Kleinman.
Date: Thu, 25 Jan 2024
Source: https://grahamcluley.com/smashing-security-podcast-356/
SEC Twitter hack blamed on SIM swap attack
Description:
The US Securities & Exchange Comission (SEC) has confirmed that hackers managed to seize control of a phone number associated with its Twitter account, and used it to post an unauthorised message. Read more in my article on the Hot for Security blog.
Date: Wed, 24 Jan 2024
Source: https://www.bitdefender.com/blog/hotforsecurity/sec-twitter-hack-blamed-on-sim-swap-attack/
Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits
Description:
On the first day of Pwn2Own Automotive participants earned over $700,000 for hacking Tesla, EV chargers and infotainment systems.
The post Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits appeared first on SecurityWeek.
Date: Wed, 24 Jan 2024
PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability
Description:
PoC code exploiting a critical Fortra GoAnywhere MFT vulnerability gets published one day after public disclosure.
Date: Wed, 24 Jan 2024
Source: https://www.securityweek.com/poc-code-published-for-just-disclosed-fortra-goanywhere-vulnerability/
Amazon's French Warehouses Fined Over Employee Surveillance
Description:
France’s data protection agency said Tuesday that it had fined Amazon’s French warehouses unit 32 million euros ($34.9 million) for an “excessively intrusive” surveillance system to keep track of staff performance.
Amazon France Logistique monitored the work of employees in particular through data from scanners used by the staff to process packages, according to the agency, known by its initials CNIL.
Date: Wed, 24 Jan 2024
Source: https://www.securityweek.com/amazons-french-warehouses-fined-over-employee-surveillance/
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
Description:
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
The critical (CVSS score: 10.0) flaw allows attackers to send password reset emails for a targeted account to an attacker-controlled email address, allowing the threat actor to change the password and take over the account.
Date: Wed, 24 Jan 2024
UK says AI will empower ransomware over the next two years
Description:
The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware.
The agency says cybercriminals already use AI for various purposes, and the phenomenon is expected to worsen over the next two years, helping increase the volume and severity of cyberattacks.
Date: Wed, 24 Jan 2024
Windows 11 KB5034204 update fixes Bluetooth audio issues, 24 bugs
Description:
Microsoft released the January 2024 preview update for Windows 11 versions 22H2 and 23H2, which comes with Bluetooth audio bug fixes and addresses 24 known issues.
Tracked as KB5034204, this monthly non-security optional cumulative update will enable Windows admins to test improvements and fixes that will be pushed to all customers with the forthcoming February 2024 Patch Tuesday release.
Date: Wed, 24 Jan 2024
Cisco unified comms systems patched against RCE
Description:
CVE-2024-20253 is a remote code execution (RCE) vulnerability present in the default configuration of the company’s Packaged Contact Center Enterprise, Unified Communications Manager, Unified Communications Manager IM and Presence Service, Unified Communications Manager Session Management Edition, Unified Contact Center Enterprise, Unified Contact Center Express, Unity Connection, and Virtualized Voice Browser.
Date: Thu, 25 Jan 2024
Last updated
