Blog

Cybersecurity Digest #92: 19/03/2024 – 02/04/2024

Cybersecurity News

  • Experts has warned of info stealer malware targeting macOS users via malicious ads and rogue websites. One of the attacks relies on sponsored ads proposed to the users while searching for “Arc Browser” on Google.
  • Cisco has notified its customers of password-spraying attacks that have been targeting Remote Access VPN services of Cisco Secure Firewall devices.
  • Security vulnerabilities discovered in Dormakaba’s Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms.
  • Scientists have identified a vulnerability inVirtual Reality headsets that could let hackers access private information without the wearers’ knowledge.
  • Researchers have developed ZenHammer, the first variant of the Rowhammer DRAM attack. It works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips.
  • Experts demonstrated a new side-channel attack, named GoFetch, against Apple CPUs. The attack could allow an attacker to obtain secret keys.
  • Microsoft has released emergency out-of-band updates to fix a known issue causing Windows domain controllers to crash.

More

Cybersecurity Digest #91: 05/03/2024 – 19/03/2024

Cybersecurity News

  • Researchers have demonstrated a new acoustic side-channel attack on keyboards. It can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.
  • Three types of vulnerabilities that can possibly lead to data exposure and account takeovers have been discovered in ChatGPT. One of the vulnerabilities can be exploited to install malicious plugins on ChatGPT users.
  • SIM swappers have adapted their attacks to steal a target’s phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.
  • Researchers have warned that of the critical vulnerability CVE-2024-21762 in Fortinet FortiOS. This flaw could potentially impact 150,000 exposed devices.
  • The financially motivated hacking group Magnet Goblin uses various 1-day vulnerabilities to hack servers and install malware. Windows and Linux systems are at risk.
  • The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to carry out their extortion-only attacks.
  • Hackers have been conducting widescale attacks on WordPress sites to inject scripts that force visitors’

More

Cybersecurity Digest #90: 20/02/2024 – 05/03/2024

Cybersecurity News

  • Lazarus Group has been exploiting a flaw in the Windows AppLocker driver as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD techniques.
  • Four new vulnerabilities have been discovered in some of the Zyxel Firewall and access point versions that are associated with Denial of Service, OS Command Injection, and Remote code execution.
  • PayPal has filed a patent application for a novel method that can identify when “super-cookie” is stolen. This could improve the cookie-based authentication mechanism and limit account takeover attacks.
  • Researchers at Guardio Labs have discovered a massive email ad fraud campaign called SubdoMailing. Threat actors have been carrying out SPF-hijacking to bypass spam security by leveraging legitimate domains to send millions of emails for malvertising and click scams for at least 16 months.
  • A dangerous vulnerability CVE-2024-23204 has been discovered in Apple Shortcuts. It could give attackers access to sensitive data across the device without the user being asked to grant permissions.
  • Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password.

More

New features of the Defensys SENSE 1.16

Defensys has released a new update of the Defensys SENSE Platform v. 1.16 to raise efficiency of companies’ information security. In the modified version detection scenarios were extended with new 15 anomalies. Additionally, the vendor has added a new section called “User profile” for object monitoring and has changed the timeline visualization for a quick artefacts collection during the investigation process.

Defensys has significantly changed the handling of monitored objects. The new section “User profile” immediately provides users with detailed data regarding all sessions of the monitored object, helps to analyze them in one tab and leave comments. Moreover, Defensys has divided event chronology into sessions and limited the display of the monitored object’s activity to one day. A wide range of data on a user’s behavior during a certain period of time is displayed for each session: anomalies, triggered alerts, users’ accounts, equipment, and overall rating. Now events of the same type are grouped in sessions to raise information value of the timeline and make it more convenient for data analysis. New functions allow CS specialists to promptly form the investigation context and to make the process of artefacts’ collection 3 times shorter.

Defensys’s team continues to improve detection features for a better cyber security posture.

More

Cybersecurity Digest #89: 06/02/2024 – 20/02/2024

Cybersecurity News

  • Google is testing a new feature to prevent malicious public websites from pivoting through a user’s browser to attack devices and services on internal, private networks.
  • Threat hunters have identified a new variant of Android malware called MoqHao. It automatically executes on infected devices without requiring any user interaction.
  • Fortinet has patched a critical vulnerability that enables unauthenticated remote code execution. The FortiOS and FortiProxy vulnerability tracked as CVE-2024-21762 has a CVSS score of 9.6.
  • LastPass has warned that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users’ credentials.
  • Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions.
  • The first security vulnerability known as a kernel exploit has been discovered in Apple’s visionOS software. It targets the device’s operating system and could potentially be used to create malware, provide unauthorized access or jailbreak the headset so that anyone could use it.
  • Threat actors are leveraging bogus job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer.

More