Summary:
A critical Glibc bug has been discovered by security researchers, putting Linux distributions at risk. The bug affects the processing of the GLIBC_TUNABLES environment variable and can allow attackers to gain root privileges. The vulnerability was found on default installations of popular Linux distributions and poses a significant threat to IoT devices. The Qualys Threat Research Unit disclosed the issue to Linux package maintainers and advised patching to mitigate the risk. There is concern that this vulnerability could be exploited in the future.
Hashtags: #GlibcBug #LinuxDistributions #RootPrivileges #IoTDevices #Vulnerability #Patch #Security
https://www.infosecurity-magazine.com/news/critical-glibc-bug-puts-linux-risk/
CISA and NSA have published a report on IAM security challenges. The report provides recommendations for vendors. MFA and SSO technologies need further work. Public-private partnership can enhance security. #IAM #cybersecurity #MFA #SSO #vendors
https://www.infosecurity-magazine.com/news/cisa-nsa-tackle-iam-security/
Apple has discovered a Zero-day vulnerability affecting iOS and iPadOS versions earlier than 17.0.3, which could allow threat actors to elevate their privileges. #Apple #cybersecurity #vulnerability #ZeroDay
Threat actors are actively targeting iOS 16.6 versions with this vulnerability for exploitation. #hacking #cyberattack #Apple
Apple has addressed this Zero-day vulnerability along with CVE-2023-5217 that affected libvpx. Several Chromium-based browsers are affected by this vulnerability. #vulnerability #libvpx #Apple
Users are recommended to upgrade to iOS 17.0.3 to prevent the exploitation of this vulnerability. #iOS #securityupgrade #Apple
Apple has recommended upgrading to specific versions of Google Chrome, Mozilla Firefox, and Microsoft Edge to fix CVE-2023-5217 vulnerability. #GoogleChrome #MozillaFirefox #MicrosoftEdge
Upgrade to these versions to fix the vulnerabilities: - Google Chrome 117.0.5938.132 - Mozilla Firefox 118.0.1 - Microsoft Edge 116.0.1938.98 #vulnerabilityfix #upgrade
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. #vulnerabilityprotection #PatchManagerPlus
https://cybersecuritynews.com/apple-emergency-zero-day-update/
Threat actors deployed Python packages to steal system data. Malicious packages infiltrated systems through silent installations and subprocessing. The malware targeted browser breach, application data extraction, file theft, Discord, gaming platforms, and screen capturing. The attacker manipulated a cryptocurrency wallet app and conducted extensive data mining. Investigations revealed significant transactions and the impact of cyber attacks. Protect yourself from vulnerabilities using Patch Manager Plus. #cybersecurity #Python #threatactors
Supershell is an open-source botnet that obtains SSH shell access. It offers rapid deployment and interactive control. Researchers found 85 Supershell botnets in the past month. They gained login credentials and accessed the infected systems page. The botnet panels were found in various countries. Analysis revealed cryptocurrency mining exploitation. There are 85 active Supershell botnet panels spread across 12 countries. Cybersecurity and cyber intelligence are crucial. #cybersecurity #supershell #botnet #SSHshellaccess #cryptocurrencyminingexploitation
https://cybersecuritynews.com/supershell-open-source-botnet/
GoldDigger Android Trojan drains victim bank accounts. The Trojan targets users of Vietnamese banking apps, e-wallets, and crypto-wallets. It is disguised as an Android app impersonating a Vietnamese government portal or energy company. GoldDigger steals sensitive information including banking app passwords and intercepts SMS messages. The malware developers use an obfuscation tool to make it harder to reverse engineer the Trojan. #GoldDigger #AndroidTrojan #BankingTheft
https://www.infosecurity-magazine.com/news/golddigger-android-trojan-drains/
US Government Proposes SBOM Rules for Contractors
- US government proposes new rules for federal contractors to develop and maintain a software bill of materials (SBOM) for software used in contracts.
- The proposals are a response to President Biden's executive order to enhance incident response.
- SBOMs are critical in incident response as they allow for prompt identification of vulnerabilities.
- Contractors face challenges in developing SBOMs and meeting the criteria laid out by the National Telecommunications and Information Administration.
- The rule could have a wide and impactful effect on transparency.
- An industry coalition urges Congress to hold off on SBOM requirements for defense contractors.
Hashtags: #SBOM #governmentproposals #softwaresecurity #incidentresponse #supplychainrisk #transparency
https://www.infosecurity-magazine.com/news/us-government-proposes-sbom-rules/
Phishing campaign "EvilProxy" targets executives in multiple industries, using open redirection vulnerability on indeed.com to impersonate Microsoft. #EvilProxy #Microsoft365 #phishing
https://cybersecuritynews.com/evilproxy-attacking-microsoft-365/
Malicious npm package delivers r77 rootkit via typosquatting attack. Malware disguised as legitimate package "node-hide-console-window." Over 700 downloads before detection. DiscordRAT 2.0 used for control of infected hosts. r77 rootkit conceals files and processes on infected machine. Growing trend of using open-source projects for malware distribution. Developers must be cautious when integrating open-source packages. #maliciousnpm #r77Rootkit #typosquatting #DiscordRAT #open-source #malwaredistribution
https://cybersecuritynews.com/malicious-npm-package-deliver-r77-rootkit/
Sony Interactive Entertainment (SIE) discloses a cybersecurity breach caused by the exploitation of a zero-day vulnerability in Progress Software’s MOVEit Transfer platform. #Sony #cybersecurity #breach #vulnerability
The Cl0p ransomware group, with ties to Russia, claimed responsibility for the attack and took data from Sony in June. #Cl0p #ransomware #data breach
Nearly 6791 current and former workers or members of their families in the US were impacted, with personal information exposed. #data breach #personalinformation #privacy
Progress Software disclosed the vulnerability on May 31, 2023, and unauthorized actors accessed SIE files on its MOVEit platform. #ProgressSoftware #securityflaw #unauthorizedaccess
SIE promptly took the platform offline, fixed the issue, and started an inquiry with support from cybersecurity professionals and law enforcement. #cybersecurity #incidentresponse #lawenforcement
SIE has improved system monitoring and is taking additional precautions to prevent future cyber incidents. Equifax credit monitoring is offered to victims. #systemmonitoring #prevention #Equifax
Other organizations, including TD Ameritrade and over 900 schools, have also been victims of the MOVEit vulnerability. #TD Ameritrade #schools #data breaches
It is recommended to monitor account statements and credit history for signs of unauthorized activity and consider using Patch Manager Plus for vulnerability protection. #identitytheft #fraud #patching
https://cybersecuritynews.com/sony-breached-moveit-zero-day/
Atlassian issues urgent patch for exploited Confluence zero-day vulnerability. Hashtags: #Atlassian #Confluence #cybersecurity #patch #vulnerability
https://www.securityweek.com/atlassian-ships-urgent-patch-for-exploited-confluence-zero-day/
Apple has issued a patch for a zero-day exploit in its iOS 17 kernel. The vulnerability allows attackers to elevate privileges. This is the 16th zero-day exploit documented against Apple's iOS. The company has urged users to enable Lockdown Mode to reduce vulnerability to spyware. The latest update also addresses a buffer overflow vulnerability in WebRTC. #Apple #iOS #ZeroDay #CybersecurityWeek
https://www.securityweek.com/apple-warns-of-newly-exploited-ios-17-kernel-zero-day/
Malware-infected devices sold through major retailers expose a significant monetization method employed by cyber-criminals. The scheme, known as BADBOX, involves the sale of backdoored off-brand mobile and CTV Android devices originating from China. These infected devices can steal personal information and carry out fraudulent activities. The operation is deceptive and dangerous, as it is difficult for users to detect the compromise. #Malware #Cybercrime #Retailers #BADBOX
A collaboration between Human Security, Google, and Apple disrupted the ad fraud operation called PEACHPIT, which was hidden within BADBOX. This operation defrauded the advertising industry using methods such as hidden ads and malvertising. The collaboration aimed to protect the advertising industry and raise the cost for cyber-criminals. #AdFraud #PEACHPIT #Cybersecurity #Collaboration
Human Security's research team observed more than 74,000 infected Android-based devices, including mobile phones, tablets, and CTV boxes. Even after a factory reset, the BADBOX-infected devices remain compromised. The ability of BADBOX to infiltrate trusted e-commerce platforms and retailers makes it particularly dangerous. #AndroidDevices #SecurityCompromise #FactoryReset
The Triada malware is used as a backdoor on these devices, connecting them to a command-and-control server on first boot. This ensures persistent access and control by the cyber-criminals. #TriadaMalware #BackdoorAccess
The sale of malware-infected devices poses a significant threat to users' privacy and security. Users are advised to be cautious when purchasing off-brand devices, especially from untrusted sources. Regularly updating device software and using reliable security measures can help mitigate the risk of infection. #PrivacyThreat #SecurityRisk #DeviceSafety
https://www.infosecurity-magazine.com/news/malware-infected-devices-retailers/
EvilProxy phishing attack targets executives on job search platform Indeed. The attack started in July and persisted into August 2023. EvilProxy leverages a phishing kit to intercept requests and harvest session cookies, bypassing multi-factor authentication. The primary targets are US organizations, particularly those in banking, finance, insurance, property management, and manufacturing. The attackers exploit an open redirection vulnerability on Indeed.com and use phishing emails with deceitful links. Menlo Labs recommends user education, phishing-resistant MFA, URL verification, and real-time protection against zero-hour phishing attacks. Hashtags: #EvilProxy #PhishingAttack #Indeed #Executives #Cybersecurity.
https://www.infosecurity-magazine.com/news/evilproxy-phishing-attack-strikes/
LightSpy iPhone Spyware Linked to Chinese APT41 Group. #iPhoneSpyware #ChineseAPT41 #CybersecurityNews #ThreatGroup
https://www.infosecurity-magazine.com/news/lightspy-iphone-spyware-linked/
Malicious ads found in Bing Chat. #malware #marketing #chatbots
https://www.schneier.com/blog/archives/2023/10/malicious-ads-in-bing-chat.html
New Supermicro BMC Vulnerabilities expose servers to remote attacks. Multiple vulnerabilities in BMC IPMI firmware allow for remote code execution. Cross-site scripting (XSS) flaws and command injection are among the vulnerabilities identified. Phishing emails can be used to exploit the flaws. #Supermicro #BMC #vulnerabilities #remoteattacks #cybersecurity
Qualcomm has patched three zero-day vulnerabilities that were reported by Google. These vulnerabilities may have been exploited by spyware vendors. The remaining vulnerabilities discovered internally by Qualcomm were assigned critical and high severity ratings. The patches impact modems, WLAN firmware, and automotive products. The vulnerabilities include memory bugs and information disclosure issues. #Qualcomm #ZeroDay #Cybersecurity
https://www.securityweek.com/qualcomm-patches-3-zero-days-reported-by-google/
Red Cross releases rules for hacktivists during wartime: #RedCross #hacktivistrules #cyberwarfare
International Committee of the Red Cross warns of cyber-attacks on non-military targets during conflict: #ICRC #cyberattacks
Hacktivists risk putting themselves in danger by signaling to opposing forces: #hacktivists #warfare
Red Cross urges governments to limit hacktivist activity during wartime: #government #limitactivity
New rules of engagement in cyberspace published by the ICRC: #rulesofengagement #cybersecurity
Hacktivists should not target civilian objects or conduct cyber-attacks against medical and humanitarian facilities: #notargeting #nomedicalattacks
ICRC's intervention in response to offensive activity from pro-Russia groups and the IT Army of Ukraine: #proRussia #ITArmy
Web defacements and DDoS attacks used as propaganda tools: #webdefacements #DDoSattacks
Difficulty of attributing attacks makes it unlikely that the ICRC's rules will be followed: #attributingattacks #ignoringrules
https://www.infosecurity-magazine.com/news/red-cross-issues-wartime/
Arm and Qualcomm have released security updates to patch multiple zero-day vulnerabilities found in their chips. Qualcomm was informed by Google TAG and Project Zero about the vulnerabilities, which include CVE-2023-33106, CVE-2023-33107, CVE-2023-33063, and CVE-2022-22071. Arm also received information about a new zero-day vulnerability, CVE-2023-4211, which is being actively exploited in targeted attacks. The companies have issued patches and recommend users to upgrade if affected. Plus, Arm disclosed two additional vulnerabilities, CVE-2023-33200 and CVE-2023-34970, affecting its Mali GPU kernel driver (#Arm #Qualcomm #security #vulnerabilities #chips #patches #upgrades).
#Arm #Qualcomm #security #vulnerabilities #chips #patches #upgrades
https://www.infosecurity-magazine.com/news/arm-qualcomm-hit-multiple-zeroday/