Cyber News - 26/01/2024

Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."

Microsoft Warns of Widening APT29 Espionage Attacks Targeting Global Orgs

Description:

Microsoft on Thursday said the Russian state-sponsored threat actors responsible for a cyber attack on its systems in late November 2023 have been targeting other organizations and that it's currently beginning to notify them.

The development comes a day after Hewlett Packard Enterprise (HPE) revealed that it had been the victim of an attack perpetrated by a hacking crew tracked as APT29, which is also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes.

Date: Fri, 26 Jan 2024

Source: https://thehackernews.com/2024/01/microsoft-warns-of-widening-apt29.html


Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree

Description:

40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said. The development comes nearly two months after Dunaev pleaded guilty to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud. "

Date: Fri, 26 Jan 2024

Source: https://thehackernews.com/2024/01/russian-trickbot-mastermind-gets-5-year.html


Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems

Description:

Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device.

Tracked as CVE-2024-20253 (CVSS score: 9.9), the issue stems from improper processing of user-provided data that a threat actor could abuse to send a specially crafted message to a listening port of a susceptible appliance.

Date: Fri, 26 Jan 2024

Source: https://thehackernews.com/2024/01/critical-cisco-flaw-lets-hackers.html


SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks

Description:

Cybersecurity researchers have shed light on the command-and-control (C2) server workings of a known malware family called SystemBC.

"SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP," Kroll said in an analysis published last week.

Date: Thu, 25 Jan 2024

Source: https://thehackernews.com/2024/01/systembc-malwares-c2-server-analysis.html


Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

Description:

The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE).

The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the built-in command line interface (CLI)

Date: Thu, 25 Jan 2024

Source: https://thehackernews.com/2024/01/critical-jenkins-vulnerability-exposes.html


LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks

Description:

Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks.

The findings come from Japanese company ITOCHU Cyber & Intelligence, which said the malware "has been updated with new features, as well as changes to the anti-analysis (analysis avoidance) techniques."

Date: Thu, 25 Jan 2024

Source: https://thehackernews.com/2024/01/lodeinfo-fileless-malware-evolves-with.html


China-backed Hackers Hijack Software Updates to Implant "NSPX30" Spyware

Description:

A previously undocumented China-aligned threat actor has been linked to a set of adversary-in-the-middle (AitM) attacks that hijack update requests from legitimate software to deliver a sophisticated implant named NSPX30.

Slovak cybersecurity firm ESET is tracking the advanced persistent threat (APT) group under the name Blackwood. It's said to be active since at least 2018.

Date: Thu, 25 Jan 2024

Source: https://thehackernews.com/2024/01/china-backed-hackers-hijack-software.ht


Help Wanted From Convicted Cybercriminals

Description:

Rather than languishing in jail for their crimes, could former fraudsters turn to legitimate cybersecurity work? African cyber expert's recommendation resurrects that debate.

Date: Thu, 25 Jan 2024

Source: https://www.darkreading.com/cybersecurity-careers/help-wanted-from-convicted-cybercriminals


Pwn2Own 2024: Tesla Hacks, Dozens of Zero-Days in Electrical Vehicles

Description:

Hacking teams pick apart electrical vehicles (EVs), exposing them for what they are: safety-critical computers without commensurate security.

Date: Thu, 25 Jan 2024

Source: https://www.darkreading.com/ics-ot-security/pwn2own-2024-teslas-hacked-dozens-new-zero-days-evs


Protecting Children's Data Needs to Be a Priority for All

Description:

Organizations are facing a challenging cybersecurity environment and a chaotic threat landscape. With an increasingly broad range of sophisticated, easy-to-use tools in the hands of cybercriminals, even the most well-equipped enterprises are struggling to keep up.

Now more than ever, big thinking is required from leaders across industries to better understand and address cross-institutional challenges, like protecting children's data.

Date: Thu, 25 Jan 2024

Source: https://www.darkreading.com/cyberattacks-data-breaches/protecting-childrens-data-needs-priority-for-all


'CherryLoader' Malware Allows Serious Privilege Execution

Description:

It's the pits for admins: Researchers have discovered a threat actor achieving admin-level access on targeted systems by deploying a new, sophisticated downloader and a couple of privilege escalation tools from the "potato" family.

"CherryLoader" is a multistage, modular loader written in Golang, which with its name and logo attempts to masquerade as the legitimate "Cherrytree" note-taking software.

Date: Thu, 25 Jan 2024

Source: https://www.darkreading.com/endpoint-security/cherryloader-downloader-serious-privilege-execution


Abu Dhabi Investment Firm Warns About Scam Efforts

Description:

A top financial entity warned that its brand is being used to spread cyber scams, as fraud efforts persist throughout the country.

Date: Thu, 25 Jan 2024

Source: https://www.darkreading.com/cyberattacks-data-breaches/abu-dhabi-investment-firm-warns-scam-efforts


Google Kubernetes Clusters Suffer Widespread Exposure to External Attackers

Description: Misunderstanding the permissions of an authentication group in Google Kubernetes Engine (GKE) opens millions of containers to anyone with a Google account.

Date: Thu, 25 Jan 2024

Source: https://www.darkreading.com/cloud-security/anyone-with-google-account-can-hack-misconfigured-kubernetes-clusters


The CISO Role Undergoes a Major Evolution

Description:

Post-SolarWinds, it's no longer enough for chief information security officers to remain compliant and call it a day.

Date: Thu, 25 Jan 2024

Source: https://www.darkreading.com/cybersecurity-operations/ciso-role-undergoes-major-evolution


$1.7 Billion Stolen in Cryptocurrency Hacks in 2023: Analysis

Description:

$1.7 billion were stolen last year as a result of 231 cryptocurrency platform hacks, according to a report from Chainalysis.

Date: Thu, 25 Jan 2024

Source: https://www.securityweek.com/1-7-billion-stolen-in-cryptocurrency-hacks-in-2023-report/


Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug

Description:

Over 5,000 GitLab servers have yet to be patched against CVE-2023-7028, a critical password reset vulnerability.

Date: Thu, 25 Jan 2024

Source: https://www.securityweek.com/thousands-of-gitlab-instances-unpatched-against-critical-password-reset-bug/


Ring Will No Longer Allow Police to Request Doorbell Camera Footage From Users

Description:

Amazon-owned Ring will stop allowing police to request doorbell camera footage from users following criticism from privacy advocates.

Date: Thu, 25 Jan 2024

Source: https://www.securityweek.com/ring-will-no-longer-allow-police-to-request-doorbell-camera-footage-from-users/


23andMe data breach: Hackers stole raw genotype data, health reports

Description:

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27.

The credentials used by the attackers to breach the customers' accounts were stolen in other data breaches or used on previously compromised online platforms.

Date: Thu, 25 Jan 2024

Source: https://www.bleepingcomputer.com/news/security/23andme-data-breach-hackers-stole-raw-genotype-data-health-reports/


Blackwood hackers hijack WPS Office update to install malware

Description:

A previously unknown advanced threat actor tracked as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals.

The adversary has been active since at least 2018 utilizing the NSPX30 malware, an implant with a codebase rooted in a simple backdoor from 2005, following adversary-in-the-middle (AitM) attacks.

Date: Thu, 25 Jan 2024

Source: https://www.bleepingcomputer.com/news/security/blackwood-hackers-hijack-wps-office-update-to-install-malware/


iPhone apps abuse iOS push notifications to collect user data

Description:

Numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking.

According to mobile researcher Mysk, who discovered this practice, these apps bypass Apple's background app activity restrictions and constitute a privacy risk for iPhone users.

Date: Thu, 25 Jan 2024

Source: https://www.bleepingcomputer.com/news/security/iphone-apps-abuse-ios-push-notifications-to-collect-user-data/


Hackers target WordPress database plugin active on 1 million sites

Description:

Malicious activity targeting a critical severity flaw in the ‘Better Search Replace’ WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours.

Better Search Replace is a WordPress plugin with more than one million installations that helps with search and replace operations in databases when moving websites to new domains or servers.

Date: Thu, 25 Jan 2024

Source: https://www.bleepingcomputer.com/news/security/hackers-target-wordpress-database-plugin-active-on-1-million-sites/


Last updated