Cyber News - 31/01/2024
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Chinese Hackers Exploiting VPN Flaws to Deploy KrustyLoader Malware
Description:
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited to deliver a Rust-based payload called KrustyLoader that's used to drop the open-source Sliver adversary simulation tool.
The security vulnerabilities, tracked as CVE-2023-46805 (CVSS score: 8.2) and CVE-2024-21887 (CVSS score: 9.1), could be abused in tandem to achieve unauthenticated remote code execution on susceptible appliances.
Date: Wed, 31 Jan 2024
Source: https://thehackernews.com/2024/01/chinese-hackers-exploiting-critical-vpn.html
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros
Description:
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc).
Tracked as CVE-2023-6246, the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have been accidentally introduced in August 2022 with the release of glibc 2.37.
Date: Wed, 31 Jan 2024
Source: https://thehackernews.com/2024/01/new-glibc-flaw-grants-attackers-root.html
URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite
Description:
GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a workspace.
Tracked as CVE-2024-0402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10.
Date: Tue, 30 Jan 2024
Source: https://thehackernews.com/2024/01/urgent-upgrade-gitlab-critical.html
Top Security Posture Vulnerabilities Revealed
Description:
Each New Year introduces a new set of challenges and opportunities for strengthening our cybersecurity posture. It's the nature of the field – the speed at which malicious actors carry out advanced persistent threats brings a constant, evolving battle for cyber resilience. The excitement in cybersecurity lies in this continuous adaptation and learning, always staying one step ahead of potential threats.
Date: Tue, 30 Jan 2024
Source: https://thehackernews.com/2024/01/top-security-posture-vulnerabilities.html
Italian Data Protection Watchdog Accuses ChatGPT of Privacy Violations
Description:
Italy's data protection authority (DPA) has notified ChatGPT-maker OpenAI of supposedly violating privacy laws in the region.
"The available evidence pointed to the existence of breaches of the provisions contained in the E.U. GDPR [General Data Protection Regulation]," the Garante per la protezione dei dati personali (aka the Garante) said in a statement on Monday.
Date: Tue, 30 Jan 2024
Source: https://thehackernews.com/2024/01/italian-data-protection-watchdog.html
Ivanti Zero-Day Patches Delayed as 'KrustyLoader' Attacks Mount
Description:
The RCE/auth bypass bugs in Connect Secure VPNs have gone unpatched for 20 days as state-sponsored groups continue to backdoor Ivanti gear.
Date: Tue, 30 Jan 2024
'Cactus' Ransomware Strikes Schneider Electric
Description:
Schneider's Sustainability division, which provides software and consulting services to enterprises, was felled by cybercriminals in mid-January.
Date: Tue, 30 Jan 2024
Apple Warns iPhone Sideloading Changes Will Increase Cyber Threats
Description:
The tech giant says that being more open to comply with EU regulations brings risks such as malware, fraud, and scams.
Date: Tue, 30 Jan 2024
Source: https://www.darkreading.com/endpoint-security/apple-warns-iphone-sideloading-increase-cyber-threats
UAE Government Cyber Chief: We Face 50K Cyberattacks Daily
Description:
The Emirates see phishing emails, DDoS attacks, and ransomware, as well as port scans, regularly.
Date: Tue, 30 Jan 2024
Source: https://www.darkreading.com/cyber-risk/uae-government-cyber-chief-50k-cyberattacks-daily
Canada’s ‘most prolific hacker’ jailed for two years
Description:
A 33-year-old man has been sentenced to two years in prison after admitting his part in a series of ransomware and malware attacks that hit more than one thousand individuals, businesses, and organisations — including three police departments. Read more in my article on the Hot for Security blog.
Date: Wed, 31 Jan 2024
Source: https://www.bitdefender.com/blog/hotforsecurity/canadas-most-prolific-hacker-jailed-for-two-years/
The Ransomware Threat in 2024 is Growing: Report
Description:
Anyone who believes ransomware will go away doesn’t understand the nature of criminality. Extortion has and always will be a primary criminal business plan.
Date: Tue, 30 Jan 2024
Source: https://www.securityweek.com/the-ransomware-threat-in-2024-is-growing-report/
Data of 750 Million Indian Mobile Subscribers Sold on Hacker Forums
Description:
A massive database containing the information of 85% of the Indian population has emerged on the dark web.
Date: Tue, 30 Jan 2024
Source: https://www.securityweek.com/data-of-750-million-indian-mobile-subscribers-sold-on-hacker-forums/
Juniper Networks Patches Vulnerabilities in Switches, Firewalls
Description:
A high-severity flaw in the J-Web interface of Juniper’s Junos OS could lead to arbitrary command execution, remotely.
Date: Tue, 30 Jan 2024
Source: https://www.securityweek.com/juniper-networks-patches-vulnerabilities-in-switches-firewalls/
New Linux glibc flaw lets attackers get root on major distros
Description:
Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).
Tracked as CVE-2023-6246, this security flaw was found in glibc's __vsyslog_internal() function, called by the widely-used syslog and vsyslog functions for writing messages to the system message logger.
Date: Tue, 30 Jan 2024
Online ransomware decryptor helps recover partially encrypted files
Description:
CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption.
The company announced today that although the tool was already freely available through GitHub as a Python project, they felt an online version was needed for the less tech-savvy ransomware victims who don't know how to work with the code.
Date: Tue, 30 Jan 2024
A mishandled GitHub token exposed Mercedes-Benz source code
Description:
A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public.
Mercedes-Benz is a prestigious German car, bus, and truck maker recognized for its rich history of innovation, luxurious designs, and top build quality.
Date: Tue, 30 Jan 2024
Microsoft Teams phishing pushes DarkGate malware via group chats
Description:
New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems.
The attackers used what looks like a compromised Teams user (or domain) to send over 1,000 malicious Teams group chat invites, according to AT&T Cybersecurity research.
Date: Tue, 30 Jan 2024
Last updated
