CyberSecurity updates
2025-01-06 14:06:13 Pacfic

Apple Settles Siri Privacy Eavesdropping Lawsuit - 21h
Apple Settles Siri Privacy Eavesdropping Lawsuit

Apple is facing a class-action lawsuit over its Siri voice assistant due to privacy concerns. The lawsuit claims Siri was eavesdropping and recording users without their consent. Apple has agreed to a $95 million settlement to resolve the issue. The settlement impacts millions of users who might have been affected. Some of the recordings have been shared with third parties. Users can disable Siri to avoid being recorded. This settlement highlights the importance of user data privacy and transparency, and it has also resulted in Apple making changes to its Siri privacy policy and functionality.

Windows LDAP RCE Vulnerability Exploit Released - 3d

A critical remote code execution (RCE) vulnerability, tracked as CVE-2024-49112, has been identified in Windows LDAP. A Proof of Concept (PoC) exploit has been released demonstrating how an attacker can send a malicious LDAP request to unpatched Domain Controllers, leading to memory corruption and remote code execution without any user interaction. This vulnerability poses a significant threat to Windows environments. This is a zero click RCE vulnerability.

T3 Unit Freezes $100M in Crypto Crime Assets - 3d
T3 Unit Freezes $100M in Crypto Crime Assets

The T3 Financial Crime Unit, a collaboration between TRON, Tether, and TRM Labs, has frozen over $100 million in cryptocurrency assets linked to illicit activities. This initiative involves working with global law enforcement to disrupt organized crime schemes that utilize blockchain technology for illicit transactions, highlighting the increasing efforts to combat crypto-related financial crimes.

China Hack US Treasury via BeyondTrust - 6d

Chinese state-sponsored threat actors compromised the US Treasury Department by exploiting a vulnerability in a third-party software provider, BeyondTrust. The attackers accessed employee workstations and exfiltrated unclassified documents. This incident highlights the risk associated with third-party dependencies and supply chain attacks. The attackers gained remote access, raising concerns about the security posture of government agencies. The affected systems were not immediately identified but were confirmed to be workstations.

US sanctions Russia Iran election interference - 5d
US sanctions Russia Iran election interference

The U.S. Treasury Department has sanctioned entities in Russia and Iran for attempting to interfere in the 2024 presidential election using AI-generated disinformation and cyber tactics. These organizations are accused of creating fake news websites and engaging in campaigns aimed at disrupting the election process. This incident highlights the growing concern over foreign actors using artificial intelligence to spread misinformation and undermine democratic processes which needs to be defended from such attacks.

Atos Denies Space Bears Ransomware Attack Claims - 2d
Atos Denies Space Bears Ransomware Attack Claims

French tech giant Atos, a major contractor for the French government and military, is denying claims by the Space Bears ransomware gang that they have breached their systems. The Space Bears group claims to have stolen data and has threatened to leak it, while Atos insists that no breach occurred. This incident highlights the ongoing threat of ransomware attacks, even against major organizations, and the potential for conflicting claims following such attacks. The truth will likely come out if Space Bears publishes the stolen data next week.

Terraform Labs Founder Pleads Not Guilty to Fraud - 2d
Terraform Labs Founder Pleads Not Guilty to Fraud

Do Hyeong Kwon, the co-founder of Terraform Labs, was extradited to the U.S. and pleaded not guilty to fraud charges related to the collapse of the TerraUSD and LUNA cryptocurrencies. The collapse resulted in over $40 billion in investor losses. The indictment alleges Kwon engaged in deceptive practices, including market manipulation and misrepresentations about the stability of Terraform’s products. Kwon faces multiple counts of fraud and money laundering. His extradition and court appearance highlight the severe consequences of large-scale cryptocurrency fraud.

US Soldier Arrested for Telecom Data Theft - 5d

A 20-year-old U.S. Army soldier, identified as Kiberphant0m, has been arrested for allegedly stealing and selling sensitive customer call records from AT&T and Verizon. The suspect, a communications specialist previously stationed in South Korea, is accused of extorting the telecommunication companies and leaking customer data. This incident highlights the risk of insider threats and the potential damage caused by unauthorized access to sensitive customer information.

The soldier allegedly used his position and access to systems to exfiltrate the data. The arrest comes after a thorough investigation and raises concerns about the security protocols used by telecommunication companies to protect customer data from insider threats and the need for strict access controls and continuous monitoring to prevent such incidents in the future.

VW EV Location Data Exposed by Cloud Misconfig - 6d
VW EV Location Data Exposed by Cloud Misconfig

A significant data leak exposed the location data of approximately 800,000 Volkswagen electric vehicles (EVs), encompassing models from VW, Audi, Seat, and Skoda. The leak, caused by a cloud misconfiguration, revealed real-time GPS locations of the vehicles, along with other sensitive data. This incident raises serious privacy concerns, particularly as the exposed data could be linked to vehicle owners, including sensitive individuals.

The data leak allowed unauthorized access to vehicle locations, potentially enabling surveillance and tracking of individuals. The incident highlights the critical importance of robust cloud security practices and the need for stringent data protection measures by automotive manufacturers and their software subsidiaries. The incident was brought to light by a whistleblower and security researchers.

WPForms Plugin Vulnerability Exposes WordPress Sites - 3d
WPForms Plugin Vulnerability Exposes WordPress Sites

A critical vulnerability, CVE-2024-11205, has been discovered in the WPForms plugin for WordPress, affecting versions 1.8.4 through 1.9.2.1. This vulnerability stems from a missing authorization check in the wpforms_is_admin_page function, allowing attackers with Subscriber-level privileges to perform unauthorized actions such as refunding payments and canceling subscriptions. This flaw has the potential to cause significant financial losses and service disruptions for website owners using the plugin. A fix is available in version 9.1.2.2 or later. Website administrators should review user permissions, enable 2FA, monitor site activity, and back up regularly to mitigate risks. This vulnerability highlights the importance of proactive security measures and staying informed about software updates.

Palo Alto Firewall DoS Flaw Exploited - 9d
Palo Alto Firewall DoS Flaw Exploited

A high-severity denial-of-service (DoS) vulnerability (CVE-2024-3393, CVSS 8.7) has been discovered in Palo Alto Networks PAN-OS software and Prisma Access firewalls. Unauthenticated attackers can exploit this by sending malicious DNS packets through the firewall’s data plane, causing the firewall to reboot and potentially enter maintenance mode. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode, disrupting network operations. A patch is available, and it should be applied immediately. Palo Alto Networks is aware of customers experiencing this denial of service (DoS) when their firewall blocks malicious DNS packets that trigger this issue.

Four-Faith Router Flaw Enables Remote Attacks - 6d

A critical vulnerability, CVE-2024-12856, has been discovered in Four-Faith routers, models F3x24 and F3x36, allowing for remote code execution. The vulnerability, located in the /apply.cgi endpoint, can be exploited by manipulating the adj_time_year parameter. This flaw allows attackers to gain reverse shells on vulnerable devices, potentially leading to malware installation, data theft, and significant network disruptions. Over 15,000 devices with default credentials have been identified as being at high risk, emphasizing the urgent need for remediation.

Threat actors are actively exploiting this vulnerability to gain unauthorized access. Users of Four-Faith routers are strongly advised to update their devices to the latest firmware and implement strong password policies immediately. The vulnerability poses a serious threat to industrial networks and critical infrastructure relying on these devices.

Rhode Island Health Data Leaked Online - 5d
Rhode Island Health Data Leaked Online

Rhode Island’s health benefits system was breached, leading to a data leak on the dark web, compromising residents’ personal data. The compromised data included sensitive information from the state’s health benefits system. This incident demonstrates the ongoing threats to government infrastructure and highlights the importance of robust security measures. The breach underscores the necessity for continuous monitoring and improvements in state-level cybersecurity protocols.

Salt Typhoon Cyber Espionage on Telecoms - 9d
Salt Typhoon Cyber Espionage on Telecoms

The China-linked Salt Typhoon hacking group successfully launched a cyber espionage campaign targeting major telecommunications companies AT&T and Verizon. The attackers aimed to gather foreign intelligence, although both companies have stated that their networks are now secure. This incident highlights the ongoing threat of state-sponsored cyber espionage targeting critical infrastructure and telecommunications providers. The initial breach was achieved by exploiting vulnerabilities in network infrastructure, and although the networks are now secure, it emphasizes the need for continuous monitoring and robust security measures to detect and mitigate these threats.

Microsoft Urges .NET Devs to Update Installer Links - 6d
Microsoft Urges .NET Devs to Update Installer Links

Microsoft has issued an urgent warning to .NET developers, urging them to update their app and pipeline configurations to avoid using the ‘azureedge.net’ domain for installing .NET components. The domain will soon become unavailable due to the bankruptcy and imminent shutdown of CDN provider Edgio. This change will affect the delivery of .NET installers and archives and requires developers to update their dependencies promptly to prevent application failures. This issue highlights the fragility of relying on third-party services for critical application dependencies.

Apache Fixes Critical Vulnerabilities - 11d
Apache Fixes Critical Vulnerabilities

Apache has released security updates to address multiple critical vulnerabilities, including a SQL Injection flaw, affecting MINA, HugeGraph-Server, and Traffic Control products. These vulnerabilities, if exploited, could allow attackers to compromise systems, highlighting the importance of immediate patching. Organizations using these Apache products should prioritize updating them to the latest versions to mitigate the risk of exploitation.

Russia-Linked Tanker Detained for Baltic Sea Cable Damage - 10d
Russia-Linked Tanker Detained for Baltic Sea Cable Damage

A Russia-linked tanker, Eagle S, has been detained by Finnish authorities for allegedly damaging undersea power and data cables in the Baltic Sea, connecting Finland to Estonia. The incident is under investigation, and the tanker is suspected to be part of Russia’s shadow fleet, raising concerns over potential sabotage on critical infrastructure. This action highlights the vulnerabilities of undersea cables to external threats and underscores the geopolitical tensions in the region.

North Korean Hackers Use OtterCookie Malware - 9d
North Korean Hackers Use OtterCookie Malware

North Korean threat actors are actively using a new malware called ‘OtterCookie’ in their ‘Contagious Interview’ campaign. This campaign is targeting software developers with fake job offers. The malware acts as a backdoor, enabling unauthorized access to compromised systems. This is part of a broader trend of North Korean cyber activity aimed at financial gain and espionage. The activity indicates a sophisticated and persistent threat actor leveraging social engineering to infiltrate targeted systems.