⚡ THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03)

Don't miss out on the must-know cybersecurity headlines from last week to stay informed and secure.
The hacker News

THN Recap - Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03)

This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️‍♀️)


We're talking password-stealing bots, sneaky extensions that spy on you, and even cloud-hacking ninjas! 🥷  It's enough to make you want to chuck your phone in the ocean. (But don't do that, you need it to read this newsletter!)


The good news? We've got the inside scoop on all the latest drama. Think of this newsletter as your cheat sheet for surviving the digital apocalypse. We'll break down the biggest threats and give you the knowledge to outsmart those pesky hackers. Let's go!

⚡ Threat of the Week

North Korean Hackers Deploy Play Ransomware: In what's a sign of blurring boundaries between nation-state groups and cybercrime actors, it has emerged that the North Korean state-sponsored hacking crew called Andariel likely collaborated with the Play ransomware actors in a digital extortion attack that took place in September 2024. The initial compromise occurred in May 2024. The incident overlaps with an intrusion set that involved targeting three different organizations in the U.S. in August 2024 as part of a likely financially motivated attack.

Upgrade Your Cybersecurity Skills with SANS at CDI 2024 + Get a $1,950 Bonus!


Unlock top-tier cybersecurity training at SANS CDI 2024, December 13-18 in Washington, DC. With over 40 expert-led courses, you'll gain practical skills and a $1,950 bonus, including extended lab access and a GIAC certification attempt when you train in-person! Offer ends November 11.

🔔 Top News

  • Chinese Threat Actor Uses Quad7 Botnet for Password Spraying: A Chinese threat actor tracked by Microsoft as Storm-0940 is leveraging a botnet called Quad7 (aka CovertNetwork-1658) to orchestrate highly evasive password spray attacks. The attacks pave the way for the theft of credentials from multiple Microsoft customers, which are then used for infiltrating networks and conducting post-exploitation activities.

  • Opera Fixed Bug That Could Have Exposed Sensitive Data: A fresh browser attack named CrossBarking has been disclosed in the Opera web browser that compromises private application programming interfaces (APIs) to allow unauthorized access to sensitive data. The attack works by using a malicious browser extension to run malicious code in the context of sites with access to those private APIs. These sites include Opera's own sub-domains as well as third-party domains such as Instagram, VK, and Yandex.

  • Evasive Panda Uses New Tool for Exfiltrating Cloud Data: The China-linked threat actor known as Evasive Panda infected a government entity and a religious organization in Taiwan with a new post-compromise toolset codenamed CloudScout that allows for stealing data from Google Drive, Gmail, and Outlook. The activity was detected between May 2022 and February 2023.

  • Operation Magnus Disrupts RedLine and MetaStealer: A coordinated law enforcement operation led by the Dutch National Police led to the disruption of the infrastructure associated with RedLine and MetaStealer malware. The effort led to the shutdown of three servers in the Netherlands and the confiscation of two domains. In tandem, one unnamed individual has been arrested and a Russian named Maxim Rudometov has been charged for acting as one of RedLine Stealer's developers and administrators.

  • Windows Downgrade Allows for Kernel-Level Code Execution: New research has found that a tool that could be used to rollback an up-to-date Windows software to an older version could also be weaponized to revert a patch for a Driver Signature Enforcement (DSE) bypass and load unsigned kernel drivers, leading to arbitrary code execution at a privileged level. Microsoft said it's developing a security update to mitigate this threat.


Trending CVEs

CVE-2024-50550, CVE-2024-7474, CVE-2024-7475, CVE-2024-5982, CVE-2024-10386, CVE-2023-6943, CVE-2023-2060, CVE-2024-45274, CVE-2024-45275, CVE-2024-51774

📰 Around the Cyber World

  • Security Flaws in PTZ Cameras: Threat actors are attempting to exploit two zero-day vulnerabilities in pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, business conferences, government, religious places, and courtroom settings. Affected cameras use VHD PTZ camera firmware < 6.3.40, which are found in PTZOptics, Multicam Systems SAS, and SMTAV Corporation devices based on Hisilicon Hi3516A V600 SoC V60, V61, and V63. The vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, enable threat actors to crack passwords and execute arbitrary operating system commands, leading to device takeover. "An attacker could potentially seize full control of the camera, view and/or manipulate the video feeds, and gain unauthorized access to sensitive information," GreyNoise said. "Devices could also be potentially enlisted into a botnet and used for denial-of-service attacks." PTZOptics has issued firmware updates addressing these flaws.

  • Multiple Vulnerabilities in OpenText NetIQ iManager: Nearly a dozen flaws have been disclosed in OpenText NetIQ iManager, an enterprise directory management tool, some of which could be chained together by an attacker to achieve pre-authentication remote code execution, or allow an adversary with valid credentials to escalate their privileges within the platform and ultimately achieve post-authenticated code execution. The shortcomings were addressed in version 3.2.6.0300 released in April 2024.

  • Phish 'n' Ships Uses Fake Shops to Steal Credit Card Info: A "sprawling" fraud scheme dubbed Phish 'n' Ships has been found to drive traffic to a network of fake web shops by infecting legitimate websites with a malicious payload that's responsible for creating bogus product listings and serving these pages in search engine results. Users who click on these phony product links are redirected to a rogue website under the attacker's control, where they are asked to enter their credit card information to complete the purchase. The activity, ongoing since 2019, is said to have infected more than 1,000 websites and built 121 fake web stores in order to deceive consumers. "The threat actors used multiple well-known vulnerabilities to infect a wide variety of websites and stage fake product listings that rose to the top of search results," HUMAN said. "The checkout process then runs through a different web store, which integrates with one of four payment processors to complete the checkout. And though the consumer’s money will move to the threat actor, the item will never arrive." Phish 'n' Ships has some elements in common with BogusBazaar, another criminal e-commerce network that came to light earlier this year.

  • Funnull Behind Scam Campaigns and Gambling Sites: Funnull, the Chinese company which acquired Polyfill[.]io JavaScript library earlier this year, has been linked to investment scams, fake trading apps, and suspect gambling networks. The malicious infrastructure cluster has been codenamed Triad Nexus. In July, the company was caught inserting malware into polyfill.js that redirected users to gambling websites. "Prior to the polyfill[.]io supply chain campaign, ACB Group – the parent company that owns Funnull's CDN – had a public webpage at 'acb[.]bet,' which is currently offline," Silent Push said. "ACB Group claims to own Funnull[.]io and several other sports and betting brands."

  • Security Flaws Fixed in AC charging controllers: Cybersecurity researchers have discovered multiple security shortcomings in the firmware of Phoenix Contact CHARX SEC-3100 AC charging controllers that could allow a remote unauthenticated attacker to reset the user-app account's password to the default value, upload arbitrary script files, escalate privileges, and execute arbitrary code in the context of root. The vulnerabilities have been addressed in firmware versions 1.5.1 and 1.6.3, or later.

🔥 Resources, Guides & Insights

🎥 Infosec Expert Webinar

Learn LUCR-3’s Identity Exploitation Tactics and How to Stop Them — Join our exclusive webinar with Ian Ahl to uncover LUCR-3’s advanced identity-based attack tactics targeting cloud and SaaS environments.

Learn practical strategies to detect and prevent breaches, and protect your organization from these sophisticated threats. Don’t miss out—register now and strengthen your defenses.

🔧 Cybersecurity Tools

  • SAIF Risk Assessment — Google introduces the SAIF Risk Assessment, an essential tool for cybersecurity professionals to enhance AI security practices. With tailored checklists for risks such as Data Poisoning and Prompt Injection, this tool translates complex frameworks into actionable insights and generates instant reports on vulnerabilities in your AI systems, helping you address issues like Model Source Tampering.

  • CVEMap — A new user-friendly tool for navigating the complex world of Common Vulnerabilities and Exposures (CVE). This command-line interface (CLI) tool simplifies the process of exploring various vulnerability databases, allowing you to easily access and manage information about security vulnerabilities.

🔒 Tip of the Week

Essential Mobile Security Practices You Need  To ensure robust mobile security, prioritize using open-source apps that have been vetted by cybersecurity experts to mitigate hidden threats. Utilize network monitoring tools such as NetGuard or AFWall+ to create custom firewall rules that restrict which apps can access the internet, ensuring only trusted ones are connected. Audit app permissions with advanced permission manager tools that reveal both background and foreground access levels. Set up a DNS resolver like NextDNS or Quad9 to block malicious sites and phishing attempts before they reach your device. For secure browsing, use privacy-centric browsers like Firefox Focus or Brave, which block trackers and ads by default. Monitor device activity logs with tools like Syslog Viewer to identify unauthorized processes or potential data exfiltration. Employ secure app sandboxes, such as Island or Shelter, to isolate apps that require risky permissions. Opt for apps that have undergone independent security audits and use VPNs configured with WireGuard for low-latency, encrypted network connections. Regularly update your firmware to patch vulnerabilities and consider using a mobile OS with security-hardening features, such as GrapheneOS or LineageOS, to limit your attack surface and guard against common exploits.


Conclusion

And that's a wrap on this week's cyber-adventures! Crazy, right?  But here's a mind-blowing fact:  Did you know that every 39 seconds, there's a new cyberattack somewhere in the world? Stay sharp out there!  And if you want to become a true cyber-ninja, check out our website for the latest hacker news. See you next week! 👋

Follow Us for More Updates


Powered by:
GetResponse

Older messages

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned

Saturday, November 2, 2024

THN Daily Updates Newsletter cover Introduction to Algorithms: A Comprehensive Guide for Beginners: Unlocking Computational Thinking ($34.99 Value) FREE for a Limited Time Begin your journey into the

Urgent: Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft

Friday, November 1, 2024

THN Daily Updates Newsletter cover Introduction to Algorithms: A Comprehensive Guide for Beginners: Unlocking Computational Thinking ($34.99 Value) FREE for a Limited Time Begin your journey into the

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

Thursday, October 31, 2024

THN Daily Updates Newsletter cover The Data Science Workshop: Learn how you can build machine learning models and create your own real-world data science projects, Second Edition ($35.99 Value) FREE

How to Conduct an AI Risk Assessment [Free Guide]

Wednesday, October 30, 2024

Follow these 5 steps to identify and mitigate AI security risks. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models

Wednesday, October 30, 2024

THN Daily Updates Newsletter cover [Watch LIVE] How LUCR-3 (Scattered Spider) Orchestrates Identity-Based Attacks Across Multiple Environments Uncovering the Tactics Advanced Attackers Use to Exploit

You Might Also Like

New Blogs on ThomasMaurer.ch for 11/05/2024

Tuesday, November 5, 2024

View this email in your browser Thomas Maurer Cloud & Datacenter Update This is the update for blog posts on ThomasMaurer.ch. Honored to Receive the YouTube Silver Creator Award By Thomas Maurer on

📱 I Tried Running Ubuntu on My Phone — Samsung's One UI Is How Android Should Be

Monday, November 4, 2024

Also: The Most Realistic Game Simulations, and More! How-To Geek Logo November 4, 2024 Did You Know Peter Weller, best known for his role as Robocop, is an accomplished academic and actor. He has a

Ranked | America’s Most Popular Drugs by Dollars Spent 💰

Monday, November 4, 2024

Tired of hearing about Ozempic? This chart isn't for you. It's one of America's most popular drugs in 2023. Here are some numbers. View Online | Subscribe | Download Our App Presented by:

Ranked | America’s Most Popular Drugs by Dollars Spent 💰

Monday, November 4, 2024

Tired of hearing about Ozempic? This chart isn't for you. It's one of America's most popular drugs in 2023. Here are some numbers. View Online | Subscribe | Download Our App Presented by:

Spyglass Dispatch 1: AI for Startups • RIP Quincy Jones • Days of Thunder 2 • Microsoft's Copilot Complaints • Apple's Shifting Vision Pro Strategy • A Game of Thrones Film • On 43

Monday, November 4, 2024

AI for Startups • RIP Quincy Jones • Days of Thunder 2 • Microsoft's Copilot Complaints • Apple's Shifting Vision Pro Strategy • A Game of Thrones Film • On 43 The Spyglass Dispatch is a free

Q3 Movers and Shakers

Monday, November 4, 2024

Top Tech Content sent at Noon! NODES 2024, a Dev Conference on AI, Knowledge Graphs & Apps Read this email in your browser How are you, @newsletterest1? 🪐 What's happening in tech today,

Learn more the future of access management with an IDC analyst

Monday, November 4, 2024

Join us on November 13th ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏

GCP Newsletter #423

Monday, November 4, 2024

Welcome to issue #423 November 4th, 2024 News Compute Engine Official Blog C4A VMs now GA: Our first custom Arm-based Axion CPU - Google has announced the general availability of C4A virtual machines,

How this election will determine tech's future

Monday, November 4, 2024

Netscape lives on; Gen AI experiments; Best early phone deals -- ZDNET ZDNET Tech Today - US November 4, 2024 gettyimages-1995802253 How the 2024 US presidential election will determine tech's

⚙️ Disney AI

Monday, November 4, 2024

Plus: Deepfake fraud & the US election ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌