Cyber Security News - 13-22 FEB

Three Years After BS Arrest For Hacking, Swedish Digital Rights Activist Freed By Ecuadorian Court

  Bini was held for 70 days without being criminally charged. After a court forced prosecutors to get on with the prosecuting, Bini was released to his family while the government built its case. And what a case it was. The only evidence prosecutors had was a screenshot of CNT’s telnet login screen, one that appeared to have been taken by Bini as he informed a local system administrator of this apparent security hole.

The Israel Institute of Technology Technion suffered a ransomware attack

 Israeli authorities launched an investigation into the incident, the Israel National Cyber Directorate (INCD) said it is “in touch with the Technion to get a full picture of the situation, to assist with the incident and to study its consequences.” “The field of higher education has been a central target for cyber attackers, with the INCD identifying 53 [serious] incidents of such attacks in 2022, most of which were prevented,” said the authority.

Healthcare in the Crosshairs of North Korean Cyber Operations

 The alert also cautioned ransomware victims in healthcare and critical infrastructure sectors against paying ransoms. "Doing so does not guarantee files and records will be recovered and may pose sanctions risks," it said. There is little in the advisory to indicate whether it was prompted by new threat intelligence or word about imminent attacks. But it comes amid a continuing increase in ransomware attacks against healthcare entities overall. A report by the Journal of the American Medical Association (JAMA) earlier this year identified a doubling in the number of ransomware attacks against healthcare entities between 2016 and 2021. Of the total 374 ransomware attacks on US healthcare organizations during that period, some 44% disrupted heathcare delivery.

Apple releases iOS 16.3.1 and other updates with fix for “actively exploited” bug

 Apple is releasing minor updates to all of its major software platforms today to address one high-priority security vulnerability and to fix a handful of other device- and service-specific issues. The iOS 16.3.1, iPadOS 16.3.1, and macOS 13.2.1 updates all patch an "actively exploited" arbitrary code execution vulnerability in WebKit/Safari, and a second kernel vulnerability that isn't known to be actively exploited.

Cloudflare blocks record-breaking 71 million RPS DDoS attack

The company said it detected and mitigated not just one but a wave of dozens of hyper-volumetric DDoS attacks targeting its customers over the weekend. The attacks were launched using over 30,000 IP addresses from multiple cloud providers against various targets, including gaming providers, cloud computing platforms, cryptocurrency firms, and hosting providers.

RedEyes Hacking Group Uses Steganography Technique to Deploy Malware on PC & Mobile Phones

When a user opens the malicious attachment that was distributed in the recent series of cyber-attacks, it triggers the exploitation of an old EPS vulnerability, which is identified as CVE–2017–8291. This vulnerability is present in the Hangul word processor, which is commonly used in South Korea. A particular exploit has been identified that can allow an attacker to run a shellcode on a victim’s computer. This exploit is designed to be triggered when a user opens a JPEG image that has been tampered with by the attacker.

Hyundai and Kia to Patch a Flaw That Allows Theft of the Cars With a USB Cable

 While the Kia Challenge was becoming viral, law enforcement observed a surge in the theft of the impacted car models in the US. In Los Angeles, the thefts of these vehicles increased by 85% in 2022 compared to the previous year. In September 2022, a national class action lawsuit was filed in federal court in Orange County, California, against the carmakers for this flaw. The lawsuit blames Kia and Hyundais for building vehicles without engine immobilizers allowing cars to be hot-wired and stolen. The complaint states that, unlike any other carmakers, Kia and Hyundai did not use this protection system over the last 20 years

Atlassian: Leaked Data Stolen via Third-Party App

 The company statement added there is an ongoing investigation into the breach. Envoy says the breach likely occurred due to the threat actor gaining access to employee credentials. "We’re investigating this right now and are not aware of any compromise to our systems,” an Envoy spokesperson said in a statement emailed provided to Dark Reading. “Our initial research shows that a hacker gained access to an Atlassian employee's valid credentials to pivot and access the Atlassian employee directory and office floor plans held within Envoy’s app.”

Fortinet fixes critical vulnerabilities in FortiNAC and FortiWeb

 The CVE–2022|39952 flaw (CVSS score of 9.8) is an external control of file name or path in the keyUpload scriptlet of FortiNAC. The vulnerability was internally discovered and reported by Gwendal Guégniaud of Fortinet Product Security team.

Twitter will allow using the SMS-based two-factor authentication (2FA) only to its Blue subscribers

 Non-Twitter Blue subscribers that are using the text message/SMS method of 2FA will have 30 days to enroll in another authentication method. “After 20 March 2023, we will no longer permit non-Twitter Blue subscribers to use text messages as a 2FA method”. continues the statement. “At that time, accounts with text message 2FA still enabled will have it disabled. Disabling text message 2FA does not automatically disassociate your phone number from your Twitter account”.

Social Engineering, Deception Becomes Increasingly Sophisticated

 The accessibility and effectiveness of deepfake technology have led cybercrime to use it for sophisticated social engineering attacks for the purpose of extortion, fraud, or to cause reputational damage. Consider the impact of a voice phishing attack that replicates the voices of a company’s stakeholders to persuade employees to take a series of actions that could harm security and privacy, or the effectiveness of a phone call with simulated voices for the purpose of convincing an employee to send funds to an offshore bank account.

‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector

He subsequentially obtained CEH, CISSP, and OSCP certificates before eventually being offered an opportunity to help lead penetration testing services at public accounting firm Moss Adams, where he still works as lead web app pen tester. Recently focusing more narrowly on web API security – a largely underserved area – Ball has launched a free online course on the topic and published Hacking APIs: Breaking Web Application Programming Interfaces (No Starch Press, 2022). In an interview with The Daily Swig, Ball explains how the growing use of web APIs requires a change of perspective on how we secure our applications.

Samsung announces Message Guard feature to neutralize zero-click attacks

The new feature will be immediately supported by the Samsung Galaxy S23 series, but the company plans to gradually roll it out to other devices of the Galaxy smartphone family. The South Korean giant pointed out that it is not aware of such attacks on Samsung Galaxy smartphones, Samsung Electronics, but it constantly works to the development of preemptive security measures.