Blog

Cybersecurity Digest #93: 02/04/2024 – 16/04/2024

Cybersecurity News

  • Apple has sent a new batch of threat notifications to users in 92 countries who may have been targeted by mercenary spyware attacks.
  • Cybersecurity researchers have disclosed the first native Spectre v2 exploit against the Linux kernel on Intel systems. It could be used to read sensitive data from the memory.
  • Researchers have found multiple vulnerabilities in LG webOS running on smart TVs that could allow attackers to gain root access to the devices.
  • Google has introduced a new feature for its Chrome browser, which should eliminate, or at least minimize, memory corruption vulnerabilities.
  • The U.S. HHS Department has warned that hackers can be using social engineering tactics to target IT help desks across the Healthcare and Public Health sector.
  • An almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been detected. The security issue could lead to the exfiltration of process memory addresses.
  • Experts have discovered HTTP/2 protocol vulnerabilities, which can lead to DoS attacks. The flaws can be used to crash web servers with a single TCP connection in some implementations.

More

Cybersecurity Digest #92: 19/03/2024 – 02/04/2024

Cybersecurity News

  • Experts has warned of info stealer malware targeting macOS users via malicious ads and rogue websites. One of the attacks relies on sponsored ads proposed to the users while searching for “Arc Browser” on Google.
  • Cisco has notified its customers of password-spraying attacks that have been targeting Remote Access VPN services of Cisco Secure Firewall devices.
  • Security vulnerabilities discovered in Dormakaba’s Saflok electronic RFID locks used in hotels could be weaponized by threat actors to forge keycards and stealthily slip into locked rooms.
  • Scientists have identified a vulnerability inVirtual Reality headsets that could let hackers access private information without the wearers’ knowledge.
  • Researchers have developed ZenHammer, the first variant of the Rowhammer DRAM attack. It works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips.
  • Experts demonstrated a new side-channel attack, named GoFetch, against Apple CPUs. The attack could allow an attacker to obtain secret keys.
  • Microsoft has released emergency out-of-band updates to fix a known issue causing Windows domain controllers to crash.

More

Cybersecurity Digest #91: 05/03/2024 – 19/03/2024

Cybersecurity News

  • Researchers have demonstrated a new acoustic side-channel attack on keyboards. It can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise.
  • Three types of vulnerabilities that can possibly lead to data exposure and account takeovers have been discovered in ChatGPT. One of the vulnerabilities can be exploited to install malicious plugins on ChatGPT users.
  • SIM swappers have adapted their attacks to steal a target’s phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.
  • Researchers have warned that of the critical vulnerability CVE-2024-21762 in Fortinet FortiOS. This flaw could potentially impact 150,000 exposed devices.
  • The financially motivated hacking group Magnet Goblin uses various 1-day vulnerabilities to hack servers and install malware. Windows and Linux systems are at risk.
  • The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to carry out their extortion-only attacks.
  • Hackers have been conducting widescale attacks on WordPress sites to inject scripts that force visitors’

More

Cybersecurity Digest #90: 20/02/2024 – 05/03/2024

Cybersecurity News

  • Lazarus Group has been exploiting a flaw in the Windows AppLocker driver as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD techniques.
  • Four new vulnerabilities have been discovered in some of the Zyxel Firewall and access point versions that are associated with Denial of Service, OS Command Injection, and Remote code execution.
  • PayPal has filed a patent application for a novel method that can identify when “super-cookie” is stolen. This could improve the cookie-based authentication mechanism and limit account takeover attacks.
  • Researchers at Guardio Labs have discovered a massive email ad fraud campaign called SubdoMailing. Threat actors have been carrying out SPF-hijacking to bypass spam security by leveraging legitimate domains to send millions of emails for malvertising and click scams for at least 16 months.
  • A dangerous vulnerability CVE-2024-23204 has been discovered in Apple Shortcuts. It could give attackers access to sensitive data across the device without the user being asked to grant permissions.
  • Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password.

More

New features of the Defensys SENSE 1.16

Defensys has released a new update of the Defensys SENSE Platform v. 1.16 to raise efficiency of companies’ information security. In the modified version detection scenarios were extended with new 15 anomalies. Additionally, the vendor has added a new section called “User profile” for object monitoring and has changed the timeline visualization for a quick artefacts collection during the investigation process.

Defensys has significantly changed the handling of monitored objects. The new section “User profile” immediately provides users with detailed data regarding all sessions of the monitored object, helps to analyze them in one tab and leave comments. Moreover, Defensys has divided event chronology into sessions and limited the display of the monitored object’s activity to one day. A wide range of data on a user’s behavior during a certain period of time is displayed for each session: anomalies, triggered alerts, users’ accounts, equipment, and overall rating. Now events of the same type are grouped in sessions to raise information value of the timeline and make it more convenient for data analysis. New functions allow CS specialists to promptly form the investigation context and to make the process of artefacts’ collection 3 times shorter.

Defensys’s team continues to improve detection features for a better cyber security posture.

More