InfoSec News 20241121
Top News
-
Now BlueSky hit with crypto scams as it crosses 20 million users
"As many more users are flocking to BlueSky from social media platforms like X/Twitter, so are threat actors."
TLP1 : Green
-
Ghost Tap: Hackers Exploiting NFCGate to Steal Funds via Mobile Payments
"Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale."
TLP1 : Green
-
“Sad announcement” email implies your friend has died
"Tech support scammers are again stooping low with their email campaigns. This particular one hints that one of your contacts may have met an untimely end."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
FBI says BianLian based in Russia, moving from ransomware attacks to extortion
"BianLian ransomware actors are likely based in Russia and have multiple Russia-based affiliates, according to new information shared by the FBI and Australian law enforcement."
TLP1 : Green
-
5 Scattered Spider Gang Members Indicted in Multi-Million Dollar Cybercrime Scheme
"Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars."
TLP1 : Green
-
Hacker obtained documents tied to lawsuit over Matt Gaetz’s sexual misconduct allegations
"A hacker allegedly accessed a file containing testimony from a woman claiming she had sex with Matt Gaetz when she was 17, sparking controversy."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Threat actor sells data of over 750,000 patients from a French hospital
"A threat actor had access to electronic patient record system of an unnamed French hospital, and the health data of 750,000 patients was compromised."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published
"A newly discovered vulnerability in popular remote desktop software AnyDesk could allow attackers to uncover users’ IP addresses, posing significant privacy risks. Security researcher Ebrahim Shafiei identified the flaw (CVE-2024-52940) in AnyDesk’s “Allow Direct Connections” feature on Windows systems."
TLP1 : Green
-
CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution
"A high-severity vulnerability has been discovered in Kubernetes, potentially allowing attackers to execute arbitrary commands outside of container boundaries. Tracked as CVE-2024-10220 and assigned a CVSS score of 8.1, the flaw affects Kubernetes clusters running specific versions of kubelet."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
One day left to get this $20 PowerShell course bundle deal
"Automation has become a key aspect for most businesses, and there's a good reason why. Most employees would rather avoid complicated operations and lighten their workloads, and automation tactics only continue to grow. To take advantage of this development to maximize your own workweek or beef up your resume, you may be interested in learning Windows PowerShell."
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 20)
"Palo Alto Networks and Unit 42 are engaged in tracking a limited set of exploitation activity related to CVE-2024-0012 and and CVE-2024-9474 and are working with external researchers, partners, and customers to share information transparently and rapidly."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.