Cybersecurity Digest #90: 20/02/2024 – 05/03/2024

Cybersecurity News

  • Lazarus Group has been exploiting a flaw in the Windows AppLocker driver as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD techniques.
  • Four new vulnerabilities have been discovered in some of the Zyxel Firewall and access point versions that are associated with Denial of Service, OS Command Injection, and Remote code execution.
  • PayPal has filed a patent application for a novel method that can identify when “super-cookie” is stolen. This could improve the cookie-based authentication mechanism and limit account takeover attacks.
  • Researchers at Guardio Labs have discovered a massive email ad fraud campaign called SubdoMailing. Threat actors have been carrying out SPF-hijacking to bypass spam security by leveraging legitimate domains to send millions of emails for malvertising and click scams for at least 16 months.
  • A dangerous vulnerability CVE-2024-23204 has been discovered in Apple Shortcuts. It could give attackers access to sensitive data across the device without the user being asked to grant permissions.
  • Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password.
  • Large-scale malware distribution campaigns have been abusing Google Cloud Run to transmit banking trojans. The attacks begin with phishing emails created to mimic legitimate communication for messages from governmental and tax agencies.
  • Researchers have shown that a new set of attacks called VoltSchemer can inject voice commands to manipulate a smartphone’s voice assistant through the magnetic field emitted by an off-the-shelf wireless charger.

Cybersecurity Blog Posts

  • Noam Dotan, Senior Researcher and GenAI Lead in Legit Security, discussed how companies are using AI to reduce false positives in secret scanners. In his article, author explores the types of secrets, limitations of current security solutions, and the efficacy of integrating artificial intelligence and machine learning in security tools.
  • Patrick Harding, Chief Architect at Ping Identity, examined the promises and implications of decentralized identity in cybersecurity. Patrick also explained how this approach achieves complete user control and privacy.
  • James Kettle, Director of Research at PortSwigger, has identified the most common hacking techniques in 2023. In his opinion, the exploitation of Hardened .NET Deserialization, phishing and utilization of HTTP vulnerabilities were particularly popular among attackers.
  • Deepak Taneja, CEO of Zilla Security, has shared his thoughts on how organizations can navigate identity security risks in 2024. Author believes that innovative solutions leveraging AI and automation offer promising avenues to simplify identity management and enhance security in modern work environments.

Research and Analytics

  • Kaspersky Lab’s report highlights that businesses are facing a huge cybersecurity talent shortage, with many positions requiring cybersecurity skills remaining unfilled. The research identifies the most understaffed roles, the skills and characteristics bosses look out for in the hiring process and how they evaluate potential candidates’ effectiveness and their education.
  • Infosecurity Europe has published a report which unveils that 69% of IT security decision-makers have reported or anticipate an increase in their cybersecurity budgets, ranging from 10% to a significant 100% in 2024. This surge in financial commitment underscores the growing awareness and response to the dynamic and escalating cyber threat landscape, coupled with stricter regulatory demands.
  • AuditBoard’s new research reveals that 68% of survey respondents are overwhelmed by the new SEC cybersecurity disclosure ruling established in October 2023.  Many executives are still in the initial stages of conducting gap assessments, assigning responsibility for remediation, establishing standards for determining materiality, creating new disclosure processes, and implementing technology.
  • Arctic Wolf has published its annual Arctic Wolf Labs Threat Report. Insights from the report reveal that 2023 was filled with increased ransom demands, exploitation of well-known vulnerabilities that pre-date 2023, and execution of business email compromise schemes on a massive scale.
  • Proofpoint has shared its annual State of the Phish report, in which they’ve put together in-depth regional summaries to explore how local nuances affect user behavior when it comes to cybersecurity awareness. The report states that more than 69% of organizations experienced a successful ransomware incident in 2023.
  • Viakoo’s study provides the numbers on how IT leaders view the significance of the IoT threat to their organizations, what the impact of those key threats are, the missing pieces of the IoT security technology stack to improve defenses, and how governance is more focused on IoT applications and device system security.
  • Group-IB has published Hi-Tech Crime Trends Report 2023/2024 which analyzes the various aspects of the cybercriminal industry’s operations. It examines attacks from the past year and provides forecasts for the threat landscape worldwide.

Major Cyber Incidents

  • The Golden Corral American restaurant chain has disclosed a data breach. The attackers have had access to its systems and have stolen the sensitive data of current and former employees and beneficiaries.
  • Ransomware group Mogilevich claims that it has hacked into Epic Games and has stolen 189GB of data comprised of emails, passwords, full names, payment information, source code, and more.
  • Pepco Group, a European retailer operating in 21 countries, has reported a phishing attack in its Hungary branch. It resulted in €15.5 million in losses before any potential recovery.
  • A cyberattack on a unit affiliated with UnitedHealthcare, the nation’s largest insurer, has disrupted drug prescription orders at thousands of pharmacies for about a week.
  • IntelBroker has hacked the Los Angeles International Airport by exploiting a flaw in one of its CRM systems. The hacker claims to have gained access to a database containing confidential data of the owners of private planes.
  • Steel giant ThyssenKrupp has disclosed a security breach that impacted its Automotive division. The company has been forced to shut down its IT systems as a part of the response and containment effort.
  • Internet service provider Tangerine has suffered a data breach. Hackers has gained information about full names, dates of birth, email address and mobile phone numbers of more than 200,000 customers taken by hackers.
  • PSI Software SE, a German software developer for complex production and logistics processes, has fallen a victim to a cyberattack. The disruption has been caused by ransomware actors targeting its internal systems.