Security News

Financially motivated by salaries now, but what’s next?

Security researchers have discovered an arbitrary account takeover flaw in Subaru's Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate.

The CloudSEK researchers disrupted the botnet by utilizing hard-coded API tokens and a built-in kill switch to uninstall the malware from infected devices.

A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions.

"Mac Homebrew Project Leader here. This seems taken down now," tweeted McQuaid.

To safeguard against such attacks, it's advised to monitor suspicious processes, events, and network traffic spawned by the execution of any untrusted binary/scripts. It's also recommended to apply firmware updates and change the default username and password.

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system.

CISA: Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products

Emergent macOS vulnerability lets adversaries circumvent Apple's System Integrity Protection (SIP) by loading third-party kernels.

New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.

The ambitious final executive order requires 52 agency actions to bolster cyber protections and counter adversaries, including a new plan to address spiraling digital identity theft.

Archive Today mirror: https://archive.ph/JTLIU

The threat actors use a variety of distribution channels, including malvertising, spearphishing, and brand impersonation in online gaming, cryptocurrency, and software, to spread 50 malware payloads, including AMOS, Stealc, and Rhadamanthys.

Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries.

“After an initial chat conversation, the attacker sent a ZIP file that contained COVERTCATCH malware disguised as a Python coding challenge,” researchers Robert Wallace, Blas Kojusner, and Joseph Dobson said.

Transport for London, the city’s public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack.

Tracked as CVE-2024-45195 and discovered by Rapid7 security researchers, this remote code execution flaw is caused by a forced browsing weakness that exposes restricted paths to unauthenticated direct request attacks.

The malvertising activity, observed in June 2024, is a departure from previously observed tactics wherein the malware has been propagated via traditional phishing emails, Unit 42 researchers Mark Lim and Tom Marsden said.

The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023.

Written in Rust and capable of targeting both Windows and Linux/ESXi hosts, Cicada3301 first emerged in June 2024, inviting potential affiliates to join their ransomware-as-a-service (RaaS) platform via an advertisement on the RAMP underground forum.

Though D-Link acknowledged the security problems and their severity, it noted that they fall under its standard end-of-life/end-of-support policies, meaning there will be no security updates to address them.

The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright.

Researchers Ian Carroll and Sam Curry discovered the vulnerability in FlyCASS, a third-party web-based service that some airlines use to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS). KCM is a Transportation Security Administration (TSA) initiative that allows pilots and flight attendants to skip security screening, and CASS enables authorized pilots to use jumpseats in cockpits when traveling.

North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit.

In the watering-hole attacks, threat actors infected two websites, cabinet.gov[.]mn and mfa.gov[.]mn, which belong to Mongolia’s Cabinet and Ministry of Foreign Affairs. They then injected code to exploit known flaws in iOS and Chrome on Android, with the ultimate goal of hijacking website visitors’ devices.

This relatively new ransomware-as-a-service (RaaS) operation extorts victims in exchange for not leaking stolen files and sells the documents to the highest bidder if negotiations fail. The ransomware group focuses on data-theft-based extortion rather than encrypting victims’ files, although they were also identified as potential buyers of Knight ransomware source code.

Today, the Cybersecurity and Infrastructure Security Agency (CISA) announces its cyber incident reporting form moved to the new CISA Services Portal as part of its ongoing effort to improve cyber incident reporting.

🤖 I'm a bot that provides automatic summaries for articles: Click here to see the summaryThis is the best summary I could come up with: Wyden lambasted UHG in a letter sent to Lina Khan and Gary Gensler, chairs of the FTC and SEC respectively, imploring the regulators to investigate the healthcare company's many failures leading up to the ransomware attack that downed services across the US. Martin was hired by UHG in 2020 originally as its exec veep of enterprise tech after previously holding the role of acting CEO at GE Digital. One such critic is Tom Kellermann, SVP of cyber strategy at Contrast Security, who previously told The Register: "I'm blown away by the fact that they weren't using multi-factor authentication. Wyden went on to say that even with MFA not being deployed across the entirety of UHG's IT estate, it probably isn't the only cybersecurity failing that turned it from an organization that was merely targeted by cybercriminals, to one that was floored by ransomware. In calling for a full regulatory investigation, Wyden pointed to two historical cases that led to sanctions against companies that were found to have taken a lax approach to data security. "Accordingly, I urge the FTC and SEC to investigate UHG's numerous cybersecurity and technology failures, to determine if any federal laws under your jurisdiction were broken, and, as appropriate, hold these senior officials accountable." The original article contains 809 words, the summary contains 208 words. Saved 74%. I'm a bot and I'm open source!

🤖 I'm a bot that provides automatic summaries for articles: Click here to see the summaryThis is the best summary I could come up with: Additionally, the souk, where ransomware operators and other miscreants trade pilfered information, showed profile pics of admins Baphomet and ShinyHunters behind bars, which several infosec spectators took to mean that both had been cuffed. Meanwhile, there has been no official statement from the US Department of Justice or the FBI about the takedown — which is unusual, compared to other high-profile cybercrime busts over the past couple of years. This particular dark-web souk has been an ongoing thorn in the side for police over the past couple of years, with BreachForums taking over after a similar operation shut down RaidForums in 2022. "The reconstitution of Breach Forums is not surprising," said Austin Berglas, also a former FBI agent who now works as global head of professional services at BlueVoyant. Ensuring that all personnel with access are in custody and offline, identifying and seizing critical infrastructure to include the removal of the entire financial, technical, and communication network is necessary to dismantle and severely limit the ability to reconstitute," he told The Register. Berglas is a former assistant special agent in charge of the FBI's New York Office Cyber Branch, and during his tenure the bureau dismantled LulzSec, a group linked to Anonymous, and arrested its leader Sabu in June 2011. The original article contains 566 words, the summary contains 209 words. Saved 63%. I'm a bot and I'm open source!

Exploited in the wild, Chrome vulnerability CVE-2024-5274 is a high-severity flaw described as a type confusion in the V8 JavaScript and WebAssembly engine.

🤖 I'm a bot that provides automatic summaries for articles: Click here to see the summaryThis is the best summary I could come up with: An improper access control bug in Apache Flink that was fixed in January 2021 has been added to the US government's Known Exploited Vulnerabilities Catalog, meaning criminals are right now abusing the flaw in the wild to compromise targets. Plus, its inclusion in the catalog means federal agencies need to either close the hole in their deployments of the software or stop using the tool altogether by June 13. Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA), which added CVE-2020-17519 to the government's Known Exploited Vulnerabilities catalog on Thursday, doesn't provide much detail. As with all bugs added to the catalog, the Homeland Security agency warns: "These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise." This brings us to where we are today, with government agencies and bug hunters screaming into the wind about writing secure code and applying patches in a timely manner. That crooks are exploiting known holes isn't surprising; it would be worthwhile instead at this stage to focus on what's holding back patching, and what can be done to automate or ease it. The original article contains 476 words, the summary contains 188 words. Saved 61%. I'm a bot and I'm open source!

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell.

Amidst the physical violence, Kyrgyzstan's digital infrastructure is under severe attack from various hacktivist groups.

Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.

The FBI, in combination with police around the world, have taken control of the website and Telegram channel of ransomware brokerage site BreachForums.

MITRE has shared more details on the recently disclosed hack, including the new malware involved in the attack, attribution information, and a timeline of the attacker’s activities.

A survey of cybercrime experts assessing the top cybercrime-producing nations results in some expected leaders — Russia, Ukraine, and China — but also some surprises.

Curious how none of the coverage of this purchase mention that the app isn't open-source, which makes all of their claims of "end-to-end encryption" worthless