CyberSecurity Newsletter January 6th, 2025
In this week’s news: AWS RCE vuln story, Treasury sanctions chinese mssp, NTT telecom hacked, LDAPNightmare, Tenable and Nuclei have RCE vulns, Windows 11 bitlocker still vulnerable and new jailbreak method for LLMs.
AWS introduced same RCE vulnerability three times in four years. Python’s pip package manager has some quirks that make it difficult to install packages from private package registries correctly. Very often, people discover the “extra-index-url” parameter and use that if they want to install a package from some other package registry:
https://giraffesecurity.dev/posts/amazon-hat-trick/
The U.S. Treasury Department sanctioned Chinese cybersecurity firm Integrity Tech for its involvement in attacks attributed to the Flax Typhoon group. The U.S. Treasury sanctioned a Chinese cybersecurity firm, Integrity Tech, for links to cyberattacks by China’s state-backed Flax Typhoon APT group (also called Ethereal Panda or RedJuliett).:
https://securityaffairs.com/172665/intelligence/us-sanctioned-chinese-cybersecurity-firm-linked-flax-typhoon.html
Japan Mobile Carrier NTT Docomo Suffers Cyberattack Causing System Glitch and Service Disruptions:
https://dailysecurityreview.com/security-spotlight/japan-mobile-carrier-ntt-docomo-suffers-cyberattack-causing-system-glitch-and-service-disruptions/
Apple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging that its Siri assistant recorded private conversations and shared them with third parties. The proposed lawsuit alleges that the audio data was disclosed without users' consent to a network of third-party marketers and advertisers:
https://www.bleepingcomputer.com/news/security/apple-offers-95-million-in-siri-privacy-violation-settlement/
LDAPNightmare, a PoC exploit targets Windows LDAP flaw CVE-2024-49113. Experts warn of a new PoC exploit, LDAPNightmare, that targets a Windows LDAP flaw (CVE-2024-49113), causing crashes & reboots. The vulnerability CVE-2024-49113 (CVSS score of 7.5), named LDAPNightmare, is a Windows Lightweight Directory Access Protocol (LDAP) Denial of Service flaw that was discovered by the researcher Yuki Chen.:
https://securityaffairs.com/172618/security/ldapnightmare-exploit-cve-2024-49113.html
Proposed HIPAA Amendments Will Close Healthcare Security Gaps. Changes to the healthcare privacy regulation, including technical controls for network segmentation, multifactor authentication, and encryption, would strengthen cybersecurity protections for electronic health information and address evolving threats against healthcare entities.:
https://www.darkreading.com/cyber-risk/proposed-hipaa-amendments-close-healthcare-security-gaps
A US Army soldier was reportedly arrested Dec. 20 in Texas and charged with two counts of unlawful transfer of confidential phone records. Cameron John Wagenius, 20, is suspected of leaking presidential call logs belonging to AT&T and Verizon under an online alias of "Kiberphant0m." Wagenius was initially flagged as being involved in the Snowflake hacking campaign along with Connor Riley Moucka, also known as "Judische," who was arrested last October as part of the Snowflake account hacking.:
https://www.darkreading.com/cyberattacks-data-breaches/us-soldier-arrested-in-verizon-at-t-hack
A remarkable number of BeyondTrust instances remain connected to the Internet, despite dire warnings Chinese state-sponsored threat actors are actively exploiting a critical vulnerability in unpatched systems. The BeyondTrust bug, tracked under CVE-2024-12356, has an assigned CVSS score of 9.8 and affects Privileged Remote Access (PRA) and Remote Support (RS). It was first reported by BeyondTrust on Dec. 16, 2024.:
https://www.darkreading.com/threat-intelligence/thousands-of-buggy-beyondtrust-systems-still-exposed
Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. As the cybersecurity company acknowledged in an incident report issued after pausing plugin updates to prevent the issue from impacting even more systems, the agents went offline "for certain users on all sites." This ongoing incident affects systems updated to Nessus Agent versions 10.8.0 and 10.8.1 across the Americas, Europe, and Asia. Tenable has since pulled the bad versions and released Nessus Agent version 10.8.2 to fix the issue causing agents to shut down:
https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/
A vulnerability in Nuclei, an open-source vulnerability scanner, could allow attackers to bypass signature checks and execute malicious code. A high-severity security flaw, tracked as CVE-2024-43405 (CVSS score of 7.4), in the open-source vulnerability scanner ProjectDiscovery’s Nuclei, could allow attackers to bypass signature checks and execute malicious code.:
https://securityaffairs.com/172692/security/nuclei-flaw-execute-malicious-code.html
A new Android malware named ‘FireScam’ is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia's app market for mobile devices. RuStore launched in May 2022 by the Russian internet group VK (VKontakte) as an alternative to Google Play and Apple’s App Store, following Western sanctions that impacted Russian users’ access to mobile software:
https://www.bleepingcomputer.com/news/security/new-firescam-android-data-theft-malware-poses-as-telegram-premium-app/
Malicious npm packages target Ethereum developers, impersonating Hardhat plugins to steal private keys and sensitive data:
https://securityaffairs.com/172671/malware/malicious-npm-packages-target-ethereum-developers.html
A new jailbreak method for large language models (LLMs) takes advantage of models’ ability to identify and score harmful content in order to trick the models into generating content related to malware, illegal activity, harassment and more. The “Bad Likert Judge” multi-step jailbreak technique was developed and tested by Palo Alto Networks Unit 42, and was found to increase the success rate of jailbreak attempts by more than 60% when compared with direct single-turn attack attempts.:
https://www.scworld.com/news/new-llm-jailbreak-uses-models-evaluation-skills-against-them
Hacker demonstrates the supposedly-patched Windows 11 BitLocker is still vulnerable to hackers — default encryption can be overcome with network access:
https://www.tomshardware.com/software/windows/hacker-demonstrates-the-supposedly-patched-windows-11-bitlocker-is-still-vulnerable-to-hackers-default-encryption-can-be-overcome-with-network-access