March 25, 2024

CyberSecurity Newsletter 25th March 2024

In this week’s news: CISA hacked, Apple unpatchable vulnerability, Nemesis market taken down,DHCP Coerce exploit can compromise entire neworks, US trucks vulnerable, PhantomBlu phishing, WordPress exploitation and Cisco WAP RCE.

• The Cybersecurity and Infrastructure Security Agency (CISA) — responsible for cybersecurity and infrastructure protection across all levels of the United States government — has been hacked. CISA had warned that cyber threat actors exploit previously identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. CISA itself has fallen victim to a cyberattack involving Ivanti products. the attack compromised two CISA systems, which were immediately taken offline: https://malware.news/t/cisa-hit-by-hackers-key-systems-taken-offline/79769

• National Institute of Standards and Technology (NIST) has almost completely stopped adding analysis to Common Vulnerabilities and Exposures (CVEs) listed in the National Vulnerability Database. That means big headaches for anyone using CVEs to maintain their security: https://www.theregister.com/2024/03/22/opinion_column_nist/

• Glassdoor users have been reporting lately that the platform has introduced changes in its privacy policy, which include publishing people’s real names and locations on their profiles without securing consent: https://restoreprivacy.com/employer-review-site-glassdoor-deanonymized-users-without-consent/

• Vulnerabilities in common Electronic Logging Devices (ELDs) required in US commercial trucks could be present in over 14 million medium- and heavy-duty rigs, according to Colorado State University: https://www.theregister.com/2024/03/22/boffins_tucktotruck_worm/

• A new security vulnerability has been discovered in Apple's Mac and MacBook computers – and the worst part is that it's unpatchable. Academic researchers discovered the vulnerability, first reported by Ars Technica, which allows hackers to gain access to secret encryption keys on Apple computers with Apple's new Silicon M-Series chipset. This includes the M1, M2, and M3 Apple MacBook and Mac computer models: https://mashable.com/article/apple-silicon-m-series-chip-vulnerability-hackers-encryption-keys

• A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat (APT) group known as 'Earth Krahang' has breached 70 organisations and targeted at least 116 across 45 countries. According to Trend Micro researchers monitoring the activity, the campaign has been underway since early 2022 and focuses primarily on government organisations. Specifically, the hackers have compromised 48 government organisations, 10 of which are Foreign Affairs ministries, and targeted another 49 government agencies: https://www.bleepingcomputer.com/news/security/chinese-earth-krahang-hackers-breach-70-orgs-in-23-countries/

• Hackers can unlock over 3 million hotel doors in seconds: https://arstechnica.com/security/2024/03/hackers-can-unlock-over-3-million-hotel-doors-in-seconds/

• A massive malware campaign dubbed Sign1 has compromised over 39,000 WordPress sites in the last six months, using malicious JavaScript injections to redirect users to scam sites: https://thehackernews.com/2024/03/massive-sign1-campaign-infects-39000.html

• Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers: https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/

• Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and international partners, have issued a stark warning about a sophisticated cyber threat group known as “Volt Typhoon.”: https://cybersecuritynews.com/cisa-nsa-fbi-warns/

• DMV facilities ‘back up and running’ after nationwide network outage: https://wgntv.com/news/dmv-facilities-experiencing-nationwide-network-outage/

• Security researchers have uncovered a sophisticated method of exploiting the Dynamic Host Configuration Protocol (DHCP) administrators group to escalate privileges within Windows domains. This technique, dubbed “DHCP Coerce,” leverages legitimate privileges to compromise entire networks potentially: https://gbhackers.com/researched-hacked-dhcp/

• Remote Command Execution in Cisco Access Point WAP Products: https://onekey.com/blog/security-advisory-remote-command-execution-in-cisco-access-point-wap-products/

• A new tool, GEOBOX, was advertised on the Dark Web that utilizes Raspberry Pi devices for fraud and anonymization, allowing users to spoof GPS locations, emulate network settings, mimic Wi-Fi access points, and bypass anti-fraud filters: https://gbhackers.com/hackers-transform-the-raspberry-pi-into-an-online-anonymity-tool/

• Hackers have claimed unauthorised access to Fortinet devices across various companies. This breach highlights cybercriminals’ persistent threat to corporate security infrastructures and the importance of robust cybersecurity measures: https://gbhackers.com/hackers-claiming-unauthorized-access/

• The North Korea-linked threat actor known