⚡ THN Recap: Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03)

Don't miss out on the must-know cybersecurity headlines from last week to stay informed and secure.
The hacker News

THN Recap - Top Cybersecurity Threats, Tools, and Practices (Oct 28 - Nov 03)

This week was a total digital dumpster fire! Hackers were like, "Let's cause some chaos!" and went after everything from our browsers to those fancy cameras that zoom and spin. (You know, the ones they use in spy movies? 🕵️‍♀️)


We're talking password-stealing bots, sneaky extensions that spy on you, and even cloud-hacking ninjas! 🥷  It's enough to make you want to chuck your phone in the ocean. (But don't do that, you need it to read this newsletter!)


The good news? We've got the inside scoop on all the latest drama. Think of this newsletter as your cheat sheet for surviving the digital apocalypse. We'll break down the biggest threats and give you the knowledge to outsmart those pesky hackers. Let's go!

⚡ Threat of the Week

North Korean Hackers Deploy Play Ransomware: In what's a sign of blurring boundaries between nation-state groups and cybercrime actors, it has emerged that the North Korean state-sponsored hacking crew called Andariel likely collaborated with the Play ransomware actors in a digital extortion attack that took place in September 2024. The initial compromise occurred in May 2024. The incident overlaps with an intrusion set that involved targeting three different organizations in the U.S. in August 2024 as part of a likely financially motivated attack.

Upgrade Your Cybersecurity Skills with SANS at CDI 2024 + Get a $1,950 Bonus!


Unlock top-tier cybersecurity training at SANS CDI 2024, December 13-18 in Washington, DC. With over 40 expert-led courses, you'll gain practical skills and a $1,950 bonus, including extended lab access and a GIAC certification attempt when you train in-person! Offer ends November 11.

🔔 Top News

  • Chinese Threat Actor Uses Quad7 Botnet for Password Spraying: A Chinese threat actor tracked by Microsoft as Storm-0940 is leveraging a botnet called Quad7 (aka CovertNetwork-1658) to orchestrate highly evasive password spray attacks. The attacks pave the way for the theft of credentials from multiple Microsoft customers, which are then used for infiltrating networks and conducting post-exploitation activities.

  • Opera Fixed Bug That Could Have Exposed Sensitive Data: A fresh browser attack named CrossBarking has been disclosed in the Opera web browser that compromises private application programming interfaces (APIs) to allow unauthorized access to sensitive data. The attack works by using a malicious browser extension to run malicious code in the context of sites with access to those private APIs. These sites include Opera's own sub-domains as well as third-party domains such as Instagram, VK, and Yandex.

  • Evasive Panda Uses New Tool for Exfiltrating Cloud Data: The China-linked threat actor known as Evasive Panda infected a government entity and a religious organization in Taiwan with a new post-compromise toolset codenamed CloudScout that allows for stealing data from Google Drive, Gmail, and Outlook. The activity was detected between May 2022 and February 2023.

  • Operation Magnus Disrupts RedLine and MetaStealer: A coordinated law enforcement operation led by the Dutch National Police led to the disruption of the infrastructure associated with RedLine and MetaStealer malware. The effort led to the shutdown of three servers in the Netherlands and the confiscation of two domains. In tandem, one unnamed individual has been arrested and a Russian named Maxim Rudometov has been charged for acting as one of RedLine Stealer's developers and administrators.

  • Windows Downgrade Allows for Kernel-Level Code Execution: New research has found that a tool that could be used to rollback an up-to-date Windows software to an older version could also be weaponized to revert a patch for a Driver Signature Enforcement (DSE) bypass and load unsigned kernel drivers, leading to arbitrary code execution at a privileged level. Microsoft said it's developing a security update to mitigate this threat.


Trending CVEs

CVE-2024-50550, CVE-2024-7474, CVE-2024-7475, CVE-2024-5982, CVE-2024-10386, CVE-2023-6943, CVE-2023-2060, CVE-2024-45274, CVE-2024-45275, CVE-2024-51774

📰 Around the Cyber World

  • Security Flaws in PTZ Cameras: Threat actors are attempting to exploit two zero-day vulnerabilities in pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, business conferences, government, religious places, and courtroom settings. Affected cameras use VHD PTZ camera firmware < 6.3.40, which are found in PTZOptics, Multicam Systems SAS, and SMTAV Corporation devices based on Hisilicon Hi3516A V600 SoC V60, V61, and V63. The vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, enable threat actors to crack passwords and execute arbitrary operating system commands, leading to device takeover. "An attacker could potentially seize full control of the camera, view and/or manipulate the video feeds, and gain unauthorized access to sensitive information," GreyNoise said. "Devices could also be potentially enlisted into a botnet and used for denial-of-service attacks." PTZOptics has issued firmware updates addressing these flaws.

  • Multiple Vulnerabilities in OpenText NetIQ iManager: Nearly a dozen flaws have been disclosed in OpenText NetIQ iManager, an enterprise directory management tool, some of which could be chained together by an attacker to achieve pre-authentication remote code execution, or allow an adversary with valid credentials to escalate their privileges within the platform and ultimately achieve post-authenticated code execution. The shortcomings were addressed in version 3.2.6.0300 released in April 2024.

  • Phish 'n' Ships Uses Fake Shops to Steal Credit Card Info: A "sprawling" fraud scheme dubbed Phish 'n' Ships has been found to drive traffic to a network of fake web shops by infecting legitimate websites with a malicious payload that's responsible for creating bogus product listings and serving these pages in search engine results. Users who click on these phony product links are redirected to a rogue website under the attacker's control, where they are asked to enter their credit card information to complete the purchase. The activity, ongoing since 2019, is said to have infected more than 1,000 websites and built 121 fake web stores in order to deceive consumers. "The threat actors used multiple well-known vulnerabilities to infect a wide variety of websites and stage fake product listings that rose to the top of search results," HUMAN said. "The checkout process then runs through a different web store, which integrates with one of four payment processors to complete the checkout. And though the consumer’s money will move to the threat actor, the item will never arrive." Phish 'n' Ships has some elements in common with BogusBazaar, another criminal e-commerce network that came to light earlier this year.

  • Funnull Behind Scam Campaigns and Gambling Sites: Funnull, the Chinese company which acquired Polyfill[.]io JavaScript library earlier this year, has been linked to investment scams, fake trading apps, and suspect gambling networks. The malicious infrastructure cluster has been codenamed Triad Nexus. In July, the company was caught inserting malware into polyfill.js that redirected users to gambling websites. "Prior to the polyfill[.]io supply chain campaign, ACB Group – the parent company that owns Funnull's CDN – had a public webpage at 'acb[.]bet,' which is currently offline," Silent Push said. "ACB Group claims to own Funnull[.]io and several other sports and betting brands."

  • Security Flaws Fixed in AC charging controllers: Cybersecurity researchers have discovered multiple security shortcomings in the firmware of Phoenix Contact CHARX SEC-3100 AC charging controllers that could allow a remote unauthenticated attacker to reset the user-app account's password to the default value, upload arbitrary script files, escalate privileges, and execute arbitrary code in the context of root. The vulnerabilities have been addressed in firmware versions 1.5.1 and 1.6.3, or later.

🔥 Resources, Guides & Insights

🎥 Infosec Expert Webinar

Learn LUCR-3’s Identity Exploitation Tactics and How to Stop Them — Join our exclusive webinar with Ian Ahl to uncover LUCR-3’s advanced identity-based attack tactics targeting cloud and SaaS environments.

Learn practical strategies to detect and prevent breaches, and protect your organization from these sophisticated threats. Don’t miss out—register now and strengthen your defenses.

🔧 Cybersecurity Tools

  • SAIF Risk Assessment — Google introduces the SAIF Risk Assessment, an essential tool for cybersecurity professionals to enhance AI security practices. With tailored checklists for risks such as Data Poisoning and Prompt Injection, this tool translates complex frameworks into actionable insights and generates instant reports on vulnerabilities in your AI systems, helping you address issues like Model Source Tampering.

  • CVEMap — A new user-friendly tool for navigating the complex world of Common Vulnerabilities and Exposures (CVE). This command-line interface (CLI) tool simplifies the process of exploring various vulnerability databases, allowing you to easily access and manage information about security vulnerabilities.

🔒 Tip of the Week

Essential Mobile Security Practices You Need  To ensure robust mobile security, prioritize using open-source apps that have been vetted by cybersecurity experts to mitigate hidden threats. Utilize network monitoring tools such as NetGuard or AFWall+ to create custom firewall rules that restrict which apps can access the internet, ensuring only trusted ones are connected. Audit app permissions with advanced permission manager tools that reveal both background and foreground access levels. Set up a DNS resolver like NextDNS or Quad9 to block malicious sites and phishing attempts before they reach your device. For secure browsing, use privacy-centric browsers like Firefox Focus or Brave, which block trackers and ads by default. Monitor device activity logs with tools like Syslog Viewer to identify unauthorized processes or potential data exfiltration. Employ secure app sandboxes, such as Island or Shelter, to isolate apps that require risky permissions. Opt for apps that have undergone independent security audits and use VPNs configured with WireGuard for low-latency, encrypted network connections. Regularly update your firmware to patch vulnerabilities and consider using a mobile OS with security-hardening features, such as GrapheneOS or LineageOS, to limit your attack surface and guard against common exploits.


Conclusion

And that's a wrap on this week's cyber-adventures! Crazy, right?  But here's a mind-blowing fact:  Did you know that every 39 seconds, there's a new cyberattack somewhere in the world? Stay sharp out there!  And if you want to become a true cyber-ninja, check out our website for the latest hacker news. See you next week! 👋

Follow Us for More Updates


Powered by:
GetResponse

Older messages

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned

Saturday, November 2, 2024

THN Daily Updates Newsletter cover Introduction to Algorithms: A Comprehensive Guide for Beginners: Unlocking Computational Thinking ($34.99 Value) FREE for a Limited Time Begin your journey into the

Urgent: Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft

Friday, November 1, 2024

THN Daily Updates Newsletter cover Introduction to Algorithms: A Comprehensive Guide for Beginners: Unlocking Computational Thinking ($34.99 Value) FREE for a Limited Time Begin your journey into the

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

Thursday, October 31, 2024

THN Daily Updates Newsletter cover The Data Science Workshop: Learn how you can build machine learning models and create your own real-world data science projects, Second Edition ($35.99 Value) FREE

How to Conduct an AI Risk Assessment [Free Guide]

Wednesday, October 30, 2024

Follow these 5 steps to identify and mitigate AI security risks. ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

Researchers Uncover Vulnerabilities in Open-Source AI and ML Models

Wednesday, October 30, 2024

THN Daily Updates Newsletter cover [Watch LIVE] How LUCR-3 (Scattered Spider) Orchestrates Identity-Based Attacks Across Multiple Environments Uncovering the Tactics Advanced Attackers Use to Exploit

You Might Also Like

🤳🏻 We Need More High-End Small Phones — Linux Terminal Setup Tips

Sunday, November 24, 2024

Also: Why I Switched From Google Maps to Apple Maps, and More! How-To Geek Logo November 24, 2024 Did You Know Medieval moats didn't just protect castles from invaders approaching over land, but

JSK Daily for Nov 24, 2024

Sunday, November 24, 2024

JSK Daily for Nov 24, 2024 View this email in your browser A community curated daily e-mail of JavaScript news JavaScript Certification Black Friday Offer – Up to 54% Off! Certificates.dev, the trusted

OpenAI's turbulent early years - Sync #494

Sunday, November 24, 2024

Plus: Anthropic and xAI raise billions of dollars; can a fluffy robot replace a living pet; Chinese reasoning model DeepSeek R1; robot-dog runs full marathon; a $12000 surgery to change eye colour ͏ ͏

Daily Coding Problem: Problem #1618 [Easy]

Sunday, November 24, 2024

Daily Coding Problem Good morning! Here's your coding interview problem for today. This problem was asked by Zillow. Let's define a "sevenish" number to be one which is either a power

PD#602 How Netflix Built Self-Healing System to Survive Concurrency Bug

Sunday, November 24, 2024

CPUs were dying, the bug was temporarily un-fixable, and they had no viable path forward ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

RD#602 What are React Portals?

Sunday, November 24, 2024

A powerful feature that allows rendering components outside their parent component's DOM hierarchy ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

C#533 What's new in C# 13

Sunday, November 24, 2024

Params collections support, a new Lock type and others ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌

⚙️ Smaller but deeper: Writer’s secret weapon to better AI

Sunday, November 24, 2024

November 24, 2024 | Read Online Ian Krietzberg Good morning. I sat down recently with Waseem Alshikh, the co-founder and CTO of enterprise AI firm Writer. Writer recently made waves with the release of

Sunday Digest | Featuring 'How Often People Go to the Doctor, by Country' 📊

Sunday, November 24, 2024

Every visualization published this week, in one place. Nov 24, 2024 | View Online | Subscribe | VC+ | Download Our App Hello, welcome to your Sunday Digest. This week we visualized the GDP per capita

Android Weekly #650 🤖

Sunday, November 24, 2024

View in web browser 650 November 24th, 2024 Articles & Tutorials Sponsored Why your mobile releases are a black box “What's the status of the release?” Who knows. Uncover the unseen challenges