Cyber Security Newsletter

                January 8, 2024

            Cyber Security Newsletter

                January 8th 2024

            In this week’s news: Maniant’s Twitter account hacked, Merck settles with insurers, remote code execution using MobSF, SMTP Smuggling technique found, 23andMe told victims of a data breach that suing is futile, Hacker’s breach Australian court recordings, British library to spend 40% of reserves to recover from Cyberattack and New iPhone Exploit Uses Four Zero-Days.

Thanks for reading Bagheera’s Newsletter! Subscribe for free to receive new posts and support my work.

CyberSecurity Newsletter January 8th 2024
In this week’s news: Maniant’s Twitter account hacked, Merck settles with insurers, remote code execution using MobSF, SMTP Smuggling technique found, 23andMe told victims of a data breach that suing is futile, Hacker’s breach Australian court recordings, British library to spend 40% of reserves to recover from Cyberattack and New iPhone Exploit Uses Four Zero-Days.
Mendiant's account on X hacked to push cryptocurrency scam:
https://www.bleepingcomputer.com/news/security/mandiants-account-on-x-hacked-to-push-cryptocurrency-scam/
https://therecord.media/mandiant-resolving-x-account-takeover
The New York Times Launches a Very Strong Case Against Microsoft and OpenAI:
https://katedowninglaw.com/2024/01/06/the-new-york-times-launches-a-very-strong-case-against-microsoft-and-openai/
A new variant of the Bandook remote access trojan (RAT) was spotted in attacks aimed at Windows machines:
https://securityaffairs.com/157065/malware/bandook-rat-targets-windows.html
Merck has settled with insurers over its $1.4 billion NotPetya cyberattack claim. The US pharmaceutical giant made an eleventh-hour confidential agreement with insurers on Wednesday, putting a stop to a case that could have set a national cyber insurance precedent:
https://www.insurancebusinessmag.com/uk/news/cyber/pharma-giant-merck-settles-1-4-billion-cyberattack-case-471916.aspx
A remote execution exploit in MobSF was found by 0x33c0unt:
https://github.com/0x33c0unt/CVE-2024-21633
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. The manipulation of the argument Quiz Title/Quiz Description with the input </title><scRipt>alert(x)</scRipt> leads to cross-site scripting:
https://github.com/codeb0ss/CVE-2024-0190-PoC
Novel SMTP Smuggling Technique Slips Past DMARC Email Protections:
https://www.darkreading.com/cloud-security/novel-smtp-smuggling-technique-slips-past-dmarc-email-protections?ref=blog.mandos.io
GhostSec has developed a new ETHDrainer and released it starting at $250:

Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections:
https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks/
Ukraine: Russia hacked webcams to aid missile, drone strikes on Kyiv:
https://www.scmagazine.com/news/ukraine-russia-hacked-webcams-to-aid-missile-drone-strikes-on-kyiv
BishopFOx’s Swagger Jacker is an audit tool designed to improve inspection of unintentionally exposed OpenAPI definition files:
https://bishopfox.com/tools/swagger-jacker
23andMe told victims of a data breach that suing is futile; letter shows:
https://arstechnica.com/tech-policy/2024/01/23andme-shamelessly-blaming-users-for-data-breach-lawyer-says/
A cyber attack hit the Beirut International Airport:
https://securityaffairs.com/157079/hacking/cyber-attack-hit-beirut-international-airport.html
‘Unsettling’: hackers break into Victorian (Austrailian) court recordings database:
https://www.theguardian.com/australia-news/2024/jan/02/victoria-court-recording-hack-details
Reverse_Engineering_BQ20z70_Laptop_BMS by omarKmekkawy:
https://github.com/omarKmekkawy/Reverse_Engineering_BQ20z70_Laptop_BMS
British police are investigating a case involving a virtual sexual assault of a girl’s avatar. Even though there was no physical violence involved, the incident will be explored as it has caused psychological trauma:
https://www.malwarebytes.com/blog/news/2024/01/police-investigate-sexual-assault-on-an-avatar
Turkish Sea Turtle APT targets Dutch IT and Telecom firms:
https://securityaffairs.com/157021/apt/sea-turtle-targets-dutch-entities.html
Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. Malware using API is standard token theft, not an API issue:
https://www.bleepingcomputer.com/news/security/google-malware-abusing-api-is-standard-token-theft-not-an-api-issue/
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections:
https://thehackernews.com/2024/01/new-variant-of-dll-search-order.html?ref=blog.mandos.io
Bitwarden Heist - How to Break Into Password Vaults Without Using Passwords:
https://blog.redteam-pentesting.de/2024/bitwarden-heist/?ref=blog.mandos.io
British Library to burn through reserves to recover from cyber attack:
https://www.ft.com/content/4be5d468-0cc3-4881-a5fb-b5d0163de93e
Weak password blamed for three-hour Orange outage in Spain
https://www.datacenterdynamics.com/en/news/weak-password-blamed-for-three-hour-orange-outage-in-spain/
New JinxLoader Targeting Users with Formbook and XLoader Malware:
https://thehackernews.com/2024/01/new-jinxloader-targeting-users-with.html
A Chevrolet dealer offered an AI chatbot on its website. It told customers to buy a Ford:
https://www.usatoday.com/story/money/cars/2023/12/19/chevy-of-watsonville-chatgpt-use/71976591007/
Theft of Vancouver rape crisis centre server containing sensitive data raises privacy concerns:
https://www.cbc.ca/news/canada/british-columbia/stolen-rape-crisis-centre-server-raises-safety-concerns-1.7071727
Qualcomm chip vulnerability enables remote attack by voice call:
https://www.scmagazine.com/news/qualcomm-chip-vulnerability-enables-remote-attack-by-voice-call
Compromising Google Accounts: Malware Exploiting Undocumented OAuth2 Functionality for session hijacking:
https://www.cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking?ref=blog.mandos.io
New iPhone Exploit Uses Four Zero-Days:
https://www.schneier.com/blog/archives/2024/01/new-iphone-exploit-uses-four-zero-days.html
CISA warns of actively exploited bugs in Chrome and Excel parsing library:
https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-bugs-in-chrome-and-excel-parsing-library/
Iranian crypto exchange Bit24.cash leaks user passports and IDs:
https://securityaffairs.com/157043/breaking-news/bit24-cash-leaks-data-leak.html
650,000+ Malicious Domains Registered Resembling ChatGPT:
https://gbhackers.com/chatgpt-malicious-domains/
North Korea Was Responsible for Over $600M in Crypto Thefts Last Year: TRM Labs:
https://www.coindesk.com/policy/2024/01/05/north-korea-was-responsible-for-over-600m-in-crypto-thefts-last-year-trm-labs/
Mimecast Acquires Elevate Security to Address Human Risk:
https://www.bankinfosecurity.com/mimecast-acquires-elevate-security-to-address-human-risk-a-24043

                Don't miss what's next. Subscribe to BagheeraAltered's CyberSecurity Newsletter: