As we enter 2024, the team at Cyber Vigilance would like to wish you all a very Happy (and cyber safe) New Year!
New and noteworthy this week: Our vendor partner Abnormal Security surveyed 300 security leaders to capture their perspectives on the threats and opportunities of AI. The results have been published in an infographic that you can view HERE. Also this week - Discover the hidden dangers of an inadequate BYOD policy in this BLOG by the CEO of ThreatAware, Jon Abbott.
Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.
This week we were warned about a critical EPM bug from Ivanti, a whopping lawsuit settlement by Google and more crypto scams on X targeting government and business accounts.
Keep reading to stay up to date on the latest cyber security news.
Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server. Ivanti EPM helps manage client devices running a wide range of platforms, from Windows and macOS to Chrome OS and IoT operating systems. Attackers with access to a target's internal network can exploit the vulnerability in low-complexity attacks that don't require privileges or user interaction.
Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the "incognito" or "private" mode on web browsers.
The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed. The plaintiffs had alleged that Google violated federal wiretap laws and tracked users' activity using Google Analytics to collect information when in private mode. They said this allowed the company to collect an "unaccountable trove of information" about users who assumed they had taken adequate steps to protect their privacy online.
Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. The attack targets the SSH protocol, affecting both clients and servers, and was developed by academic researchers from Ruhr University Bochum in Germany. It manipulates sequence numbers during the handshake process to compromise the integrity of the SSH channel, particularly when specific encryption modes like ChaCha20-Poly1305 or CBC with Encrypt-then-MAC are used.
Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11. The approach "leverages executables commonly found in the trusted WinSxS folder and exploits them via the classic DLL search order hijacking technique," cybersecurity firm Security Joes said in a new report exclusively shared with The Hacker News. In doing so, it allows adversaries to eliminate the need for elevated privileges when attempting to run nefarious code on a compromised machine as well as introduce potentially vulnerable binaries into the attack chain, as observed in the past.
Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams, phishing sites, and sites with crypto drainers. A recent high-profile case is the X account of cyber threat intelligence company Mandiant, a Google subsidiary, which was hijacked yesterday to distribute a fake airdrop that emptied cryptocurrency wallets. MalwareHunterTeam has been tracking this type of activity on X lately and reported several notable examples of compromised “gold” and “grey” accounts.