πΒ What’s the latest in the cyber world today?
QNAP, Patches for Critical Flaws, Ivanti SSRF Vulnerability, Outlook Security Alert, .ICS Files, ApateWeb, Malware Distribution Campaign, Law Enforcement System, SQL Injection, Deepfake Video Call, Japanese Diplomatic Documents, Northern Light Health, Icelandic ReykjavΓk University, Russian Cyber Assault, UK, France, Summit Against Cyber Mercenaries. US Visa Restrictions, Spyware Misuse, Google, Rust Foundation, MIT PhD Student, Apple Vision Pro, Wiz, Zscaler.
Listen to the full podcast
π¨Β Cyber Alerts
1. QNAP Systems Critical Vulnerabilities
Taiwan-based QNAP Systems issues fixes for two dozen vulnerabilities in its products, including high-severity flaws enabling command execution. Notably, vulnerabilities CVE-2023-45025 and CVE-2023-39297 impact various QNAP versions, facilitating OS command injection. Authentication is required for successful exploitation of these flaws, with CVE-2023-47567 being an OS command injection, and CVE-2023-47568 an SQL injection vulnerability.
2. Ivanti SSRF Flaw Widely Exploited
A critical SSRF vulnerability in Ivanti Connect Secure and Policy Secure faces widespread exploitation, with over 170 IPs launching reverse shell attempts, Shadowserver Foundation reports. CVE-2024-21893 enables unauthorized access to restricted resources via SAML components, intensifying threats post-public disclosure. Ivanti scrambles to address this escalating risk as Mandiant reveals actors leveraging associated vulnerabilities for custom web shells.
Following December 2023 Patch Tuesday Office updates, Microsoft investigates Outlook security alerts triggered by opening .ICS calendar files. Users encountering this issue report receiving warning dialog boxes, prompting Microsoft to acknowledge it as a bug to be addressed in a future update. The security concern stems from the CVE-2023-35636 vulnerability, which, if exploited, could compromise Windows credentials, emphasizing the importance of prompt patching and vigilance.
ApateWeb emerges as a large-scale threat, utilizing 130,000+ domains to distribute scareware and unwanted programs via deceptive emails. With a sophisticated infrastructure spanning three years, the campaign employs multilayered systems and intricate redirection tactics to deliver its payloads. Despite efforts to evade detection, analysts dissect the campaign into three distinct layers, shedding light on its complex workflow and evasion techniques.
A hacker claims access to the law enforcement request account “KodexGlobal,” allowing subpoenas from Coinbase, Binance, and others. Hudson Rock reports access sale on BreachForums for $5,000 or $300 per request. Exploiting Infostealer Infections, hackers could misuse the system, potentially leading to identity theft and financial losses.
π₯ Cyber Incidents
ResumeLooters’ infiltrates 65 job listing and retail sites, pilfering personal data from two million job seekers in the APAC region. Group-IB uncovers their sophisticated tactics, including SQL injection and XSS attacks, as they attempt to profit from selling stolen data through Telegram channels. Employing a range of tools like SQLmap and Acunetix, ResumeLooters targets vulnerable sites, highlighting the urgent need for enhanced cybersecurity measures to protect user information.
Scammers exploit deepfake technology, stealing $25.5 million from a Hong Kong multinational via a fabricated video call. Utilizing fake representations of the CFO and others, the fraudsters instructed an employee to transfer funds during the deceptive meeting. The scam was discovered a week later, triggering an ongoing investigation by local authorities to identify the perpetrators behind the sophisticated scheme.
A government source disclosed to Kyodo news agency that classified Japanese diplomatic documents were leaked following cyberattacks on the Ministry of Foreign Affairs in 2020, exposing the country’s vulnerability to digital infiltration. The breach, detected during Prime Minister Shinzo Abe’s tenure, compromised highly confidential diplomatic telegrams exchanged daily between the ministry and its international missions. Tokyo and Washington engaged in discussions on potential countermeasures in response to the breach, underscoring the seriousness of the incident and the imperative to bolster cybersecurity defenses.
Northern Light Health, a prominent healthcare provider in Maine, encountered a significant cybersecurity breach over the weekend, compelling the company to take swift action by temporarily shutting down all patient records following a targeted cyberattack on its computer servers. Despite the assurance that patient records were not compromised, the company initiated a precautionary measure to investigate an abnormality detected within their systems, highlighting their commitment to maintaining the integrity and security of patient data. Although patient care remained unaffected, Northern Light Health’s proactive response underscores the ongoing challenges healthcare organizations face in safeguarding against cyber threats, with investigations into the source of the attack still underway.
Net safety experts and ReykjavΓk University staff scramble to restore files after a cyber strike believed to be orchestrated by Russian hackers, aiming to decrypt or steal data for ransom. The attack, traced back to the group Akira, prompts urgent security measures, urging students and faculty to fortify passwords and be vigilant against phishing attempts. Despite the breach, efforts to resume classes by February 5th are underway, with ongoing updates promised to the university community.
π’ Cyber News
Britain and France unite with tech leaders to combat the rise of cyber mercenaries and malicious tool markets, aiming to safeguard international security and digital stability. Major firms like Apple, Google, and Microsoft join forces to discuss strategies for countering cyber snooping and attacks, as the threat landscape evolves rapidly. A joint agreement, the Pall Mall process, signals a collaborative effort to confront the growing menace of cyber threats, emphasizing the necessity for global cooperation in safeguarding digital integrity.
Secretary of State Antony Blinken unveils a new visa restriction policy targeting individuals connected to the misuse of commercial spyware, citing concerns over human rights abuses and security threats. The Biden Administration’s Executive Order further prohibits the use of mercenary surveillance tools, signaling a robust stance against espionage tactics that undermine global freedoms and national security. As part of a joint effort with 36 other nations, the US is spearheading initiatives to prevent the misuse of surveillance technology and uphold fundamental rights worldwide.
Google announces a $1 million grant to the Rust Foundation to enhance Rust and C++ interoperability, reinforcing its commitment to memory safety. Dave Kleidermacher, Google’s VP of Engineering, highlights Rust’s proactive prevention of vulnerabilities in the Android ecosystem, emphasizing the investment’s goal to expand Rust adoption across various platforms. With Google’s support, the Rust Foundation launches the ‘Interop’ initiative to streamline collaboration and improve memory safety across the software industry.
A PhD student reveals a kernel exploit in the Apple Vision Pro headset, allowing potential unauthorized access or jailbreaking. Joseph Ravichandran demonstrates the exploit’s capability to switch to full pass through mode upon device crash, prompting concerns over security integrity. While it’s unclear if Apple has been notified, the revelation highlights potential risks and prompts caution among users.
Fast-growing cybersecurity startup Wiz appoints former Zscaler executive Dali Rajic as COO and president ahead of its anticipated IPO. With a valuation of $10 billion, Wiz aims to triple its annual recurring revenue to $1 billion, supported by Rajic’s track record in scaling innovative companies. Rajic’s strategic oversight is pivotal as Wiz expands its workforce by 400 employees and accelerates its growth trajectory towards public listing.
