.png)
Welcome to the 12th edition Cyber Weekly Digest of 2024.
All great things come in 7's... Wonders of the World, Days of the week, Dwarfs in Snow White, Enid Blyton's Secret Seven, Colours of the Rainbow, Deadly Sins, Chakras, Oceans, Continents and the greatest of all... Nope, not S Club 7 (although they are obvs up there)! I'm talking about the 7 strong Cyber Vigilance crew heading up to Scotland next week.
Scot-Secure is Scotland's largest annual cyber security conference so not only are we attending this year with our vendor partners One Identity, Abnormal Security, Cequence Security and SentinalOne, we are taking Cyber Security... Is No Joke to Edinburgh!
We are very close to capacity so if you would like to join us please register ASAP
New and noteworthy this week:
Pentesting, cyber insurance, ransomware assessment... How do you start evaluating the different security validation solutions?
You use Pentera's Buyers Guide to figure out:
Which features are must-haves in security validation solutions
What scope should you define to evaluate the readiness of your IT security stack
How to set the success criteria of your security validation solutions and protocols
With recent #Ivanti vulnerabilities exposing critical security gaps, Cequence Security's Jason Kent offers expert insights on why vigilance is essential in today's threat landscape. Learn how to reassess your security posture and prepare for future challenges via this article from InformationWeek.
As organisations navigate the complex #cybersecurity landscape, PAM Essentials stands as a reliable ally! This week you can discover how this game-changing solution from One Identity empowers organisations to enhance security and simplify privileged access management confidently.
Last but not least... Threat actors leverage the features of source code management platforms like GitHub to hide malware traffic, host malicious payloads, and steal API keys and other enterprise data. In this blog post by our vendor partner SentinalOne, we explore the six ways threat actors abuse these DevOps platforms.
Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.
This week we were warned about security issues with hotel key cards, email accounts hacked at the Belgium Grand Prix and heard about a world wide phishing campaign that employ lure documents imitating government and non-governmental organisations
Keep reading to stay up to date on the latest cyber security news.
A novel denial-of-service (DoS) attack vector has been found to target application-layer protocols based on User Datagram Protocol (UDP), putting hundreds of thousands of hosts likely at risk. Called Loop DoS attacks, the approach pairs "servers of these protocols in such a way that they communicate with each other indefinitely," researchers from the CISPA Helmholtz-Center for Information Security said. UDP, by design, is a connectionless protocol that does not validate source IP addresses, making it susceptible to IP spoofing. Thus, when attackers forge several UDP packets to include a victim IP address, the destination server responds to the victim (as opposed to the threat actor), creating a reflected denial-of-service (DoS) attack.
Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. The Spa Grand Prix is a Formula 1 World Championship race held at the Circuit de Spa-Francorchamps in Stavelot, Belgium. The circuit’s challenging layout, historical significance, and dynamic weather conditions make the event one of the most prestigious on the Formula 1 calendar, attracting fans from all over the world. In a press release sent to BleepingComputer, the race organizer explains that the email account was hijacked on Sunday, March 17, 2024 and was followed by the threat actor sending fraudulent emails to an undisclosed number of people. The message informed the recipient that a €50 voucher for purchasing tickets for the F1 Grand Prix could be claimed by clicking on an embedded link.
Researchers disclosed vulnerabilities today that impact 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide, allowing the researchers to easily unlock any door in a hotel by forging a pair of keycards. The series of security flaws, dubbed "Unsaflok," was discovered by researchers Lennert Wouters, Ian Carroll, rqu, BusesCanFly, Sam Curry, shell, and Will Caruana in September 2022. As first reported by Wired, the researchers were invited to a private hacking event in Las Vegas, where they competed with other teams to find vulnerabilities in a hotel room and all the devices within it.
The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organisations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production," IBM X-Force said in a report published last week. The tech company is tracking the activity under the moniker ITG05, which is also known as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Pawn Storm, Sednit, Sofacy, TA422, and UAC-028.
A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads. The threat actors inject the malware into custom HTML widgets and legitimate plugins on WordPress sites to inject the malicious Sign1 scripts rather than modifying the actual WordPress files. Website security firm Sucuri discovered the campaign after a client's website randomly displayed popup ads to visitors. While Sucuri's client was breached through a brute force attack, Sucuri has not shared how the other detected sites were compromised.
