Cyber News - 13/02/2024
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Description:
Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a backdoor codenamed DSLog on susceptible devices. That's according to findings from Orange Cyberdefense, which said it observed the exploitation of CVE-2024-21893 within hours of the public release of the proof-the-concept (PoC) code.
Date: Tue, 13 Feb 2024
Source: https://thehackernews.com/2024/02/ivanti-vulnerability-exploited-to.html
Description:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The issue, tracked as CVE-2023-43770 (CVSS score: 6.1), relates to a cross-site scripting (XSS) flaw that stems from the handling of linkrefs in plain text messages.
Date: Tue, 13 Feb 2024
Source: https://thehackernews.com/2024/02/alert-cisa-warns-of-active-roundcube.html
Description:
Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware.
The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA).
Date: Mon, 12 Feb 2024
Source: https://thehackernews.com/2024/02/rhysida-ransomware-cracked-free.html
Description:
When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it's important to remember that MFA isn't foolproof. It can be bypassed, and it often is.
Date: Mon, 12 Feb 2024
Source: https://thehackernews.com/2024/02/4-ways-hackers-use-social-engineering.html
Description:
Microsoft said it's introducing Sudo for Windows 11 as part of an early preview version to help users execute commands with administrator privileges.
"Sudo for Windows is a new way for users to run elevated commands directly from an unelevated console session," Microsoft Product Manager Jordi Adoumie said.
Date: Mon, 12 Feb 2024
Source: https://thehackernews.com/2024/02/microsoft-introduces-linux-like-sudo.html
Description:
The move by the State Department complements a Hive infrastructure takedown by international law enforcement.
Date: Mon, 12 Feb 2024
Description:
The French data protection agency, the CNIL, has opened an investigation into a pair of data breaches at payment processors that together affect nearly half of the country's population.
At the end of January, cyberattackers compromised data for 33 million French citizens held by the two companies, Viamedis and Almerys, which manage third-party payments for health insurance companies. The combined exposure is the largest-ever data breach for French citizens.
Date: Mon, 12 Feb 2024
Source: https://www.darkreading.com/cloud-security/33m-french-citizens-countrys-largest-ever-breach
Description:
Continuously evaluating and updating your third-party risk assessment can improve your security posture and ensure your company doesn't have the next headline-making incident.
Date: Mon, 12 Feb 2024
Source: https://www.darkreading.com/cyber-risk/it-s-time-to-rethink-third-party-risk-assessment-
Description:
Brand-new vulnerabilities from both vendors this week — one exploited in the wild — add to a steady stream of critical security issues in the security platforms.
Date: Mon, 12 Feb 2024
Description: Attackers are breaching cloud environments and playing games with corporate Microsoft 365 apps, and further victims are likely to come.
Date: Mon, 12 Feb 2024
Source: https://www.darkreading.com/cloud-security/senior-executives-targeted-ongoing-azure-account-takeover
Description:
Over 20 hospitals in Bucharest have reportedly been impacted by a ransomware attack after cybercriminals targeted an IT service provider. As a consequence medical staff have been forced to use pen-and-paper rather than computer systems.
Date: Mon, 12 Feb 2024
Description:
A simple-to-avoid security flaw allowed unauthorised parties to track the location of anyone wearing Livall ski and biking helmets, and listen to group conversations. Read more in my article on the Hot for Security blog.
Date: Mon, 12 Feb 2024
Description:
Bank of America is warning customers of a data breach exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last year.
Customer personally identifiable information (PII) exposed in the security breach includes the affected individuals' names, addresses, social security numbers, dates of birth, and financial information, including account and credit card numbers, according to details shared with the Attorney General of Texas.
Date: Mon, 12 Feb 2024
Description:
Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements.
FCC's final rule follows several proposals published in January 2024, one year earlier in January 2023, and first circulated in January 2022, focused on modernizing the commission's breach notification rules so that telecom carriers have to notify customers of security breaches as fast as possible.
Date: Mon, 12 Feb 2024
Description:
Microsoft is testing a new "Automatic Super Resolution" AI-assisted upscaling feature that increases the video and image quality of supported games while also making them run more smoothly.
Upscaling is the process of converting a lower-quality or low-resolution image to one that is higher resolution without sacrificing quality.
Date: Mon, 12 Feb 2024
Description:
A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives.
Hackers target executives' accounts because they can access confidential corporate information, self-approve fraudulent financial transactions, and access critical systems to use them as a foothold for launching more extensive attacks against the breached organization or its partners.
Date: Mon, 12 Feb 2024
Description:
ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers.
The bug was introduced in ExpressVPN Windows versions 12.23.1 – 12.72.0, published between May 19, 2022, and Feb. 7, 2024, and only affected those using the split tunneling feature.
Date: Sun, 11 Feb 2024