Cyber News - 19/02/2024
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Your Cyber News of the day ! "Be Cyber Smart, Be Cyber Secure."
Description:
Threat actors operating with interests aligned to Belarus and Russia have been linked to a new cyber espionage campaign that likely exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers to target over 80 organizations.
Date: Mon, 19 Feb 2024
Source: https://thehackernews.com/2024/02/russian-linked-hackers-breach-80.html
Description:
The Iranian-origin threat actor known as Charming Kitten has been linked to a new set of attacks aimed at Middle East policy experts with a new backdoor called BASICSTAR by creating a fake webinar portal.
Charming Kitten, also called APT35, CharmingCypress, Mint Sandstorm, TA453, and Yellow Garuda, has a history of orchestrating a wide range of social engineering campaigns that cast a wide net in their targeting, often singling out think tanks, NGOs, and journalists.
Date: Mon, 19 Feb 2024
Source: https://thehackernews.com/2024/02/iranian-hackers-target-middle-east.html
Description:
A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021. Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S. last year. He was added to the FBI's most-wanted list in 2012.
Date: Sun, 18 Feb 2024
Source: https://thehackernews.com/2024/02/fbis-most-wanted-zeus-and-icedid.html
Description:
Google has announced that it's open-sourcing Magika, an artificial intelligence (AI)-powered tool to identify file types, to help defenders accurately detect binary and textual file types. "Magika outperforms conventional file identification methods providing an overall 30% accuracy boost and up to 95% higher precision on traditionally hard to identify, but potentially problematic content
Date: Sat, 17 Feb 2024
Source: https://thehackernews.com/2024/02/google-open-sources-magika-ai-powered.html
Description:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched security flaw impacting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software to its Known Exploited Vulnerabilities (KEV) catalog, following reports that it's being likely exploited in Akira ransomware attacks.
Date: Fri, 16 Feb 2024
Source: https://thehackernews.com/2024/02/cisa-warning-akira-ransomware.html
Description:
Multiple companies operating in the cryptocurrency sector are the target of an ongoing malware campaign that involves a newly discovered Apple macOS backdoor codenamed RustDoor. RustDoor was first documented by Bitdefender last week, describing it as a Rust-based malware capable of harvesting and uploading files, as well as gathering information about the infected machines.
Date: Fri, 16 Feb 2024
Source: https://thehackernews.com/2024/02/rustdoor-macos-backdoor-targets.html
Description:
A malicious Python script known as SNS Sender is being advertised as a way for threat actors to send bulk smishing messages by abusing Amazon Web Services (AWS) Simple Notification Service (SNS).
The SMS phishing messages are designed to propagate malicious links that are designed to capture victims' personally identifiable information (PII) and payment card details, SentinelOne said in a new report, attributing it to a threat actor named ARDUINO_DAS.
Date: Fri, 16 Feb 2024
Source: https://thehackernews.com/2024/02/malicious-sns-sender-script-abuses-aws.html
Description:
TAG-70's sophisticated espionage campaign targeted a range of geopolitical targets, suggesting a highly capable and well-funded state-backed threat actor.
Date: Sat, 17 Feb 2024
Description:
The accord covers initiatives to create more transparency regarding what tech firms like Meta, Microsoft, Google, TikTok, and OpenAI are doing to combat malicious AI, especially around elections.
Date: Fri, 16 Feb 2024
Source: https://www.darkreading.com/cyber-risk/major-tech-firms-develop-tech-accords-to-combat-ai-deepfakes
Description:
Respondents in Dark Reading's Strategic Security Survey believe that the primary cause of their organization's next major data breach would involve social engineering, negligent users, and insecure remote workers.
Date: Fri, 16 Feb 2024
Description:
One of the worst hacks in history demonstrated that any online service must force its users to adopt at least two-factor authentication. This must be applied everywhere ASAP as a public safety measure.
Date: Fri, 16 Feb 2024
Source: https://www.darkreading.com/vulnerabilities-threats/2fa-must-be-mandatory-asap
Description: SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration
Date: Mon, 19 Feb 2024
Source: https://www.exploit-db.com/exploits/51804
Description: Employee Management System v1 - 'email' SQL Injection
Date: Mon, 19 Feb 2024
Source: https://www.exploit-db.com/exploits/51803
Description: Microsoft Windows Defender - VBScript Detection Bypass
Date: Mon, 19 Feb 2024
Source: https://www.exploit-db.com/exploits/51802
Description: Microsoft Windows Defender Bypass - Detection Mitigation Bypass
Date: Mon, 19 Feb 2024
Source: https://www.exploit-db.com/exploits/51801
Description: XAMPP - Buffer Overflow POC
Date: Mon, 19 Feb 2024
Source: https://www.exploit-db.com/exploits/51800
Description: phpFox < 4.8.13 - (redirect) PHP Object Injection Exploit
Date: Mon, 19 Feb 2024
Source: https://www.exploit-db.com/exploits/51799
Description:
Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks.
More simply, Google plans to prevent bad websites on the internet from attacking a visitor's devices (like printers or routers) in your home or on your computer. People usually consider these devices safe as they're not directly connected to the internet and are protected by a router.
Date: Sat, 17 Feb 2024
Description:
The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot.
The two companies were added to ALPHV's dark web leak site today, with the threat actors still having to publish proof of their claims. ALPHV plans to sell the stolen data from loanDepot's network and release Prudential's data for free after failed negotiations.
Date: Fri, 16 Feb 2024
Description:
SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.
Access Rights Manager allows companies to manage and audit access rights across their IT infrastructure to minimize insider threat impact and more.
Date: Fri, 16 Feb 2024