Newsletter 15 November 2024

📧 Secure Transmission: Your Latest Intel

Welcome to our November 15, 2024 edition of Secure Transmission! This week, we’re diving into critical developments that are shaping the cybersecurity world. From the alarming rise in Quad7 botnet activity targeting cloud environments to Microsoft’s warning on critical Outlook vulnerabilities, we’ve got the insights you need to act fast.

Discover how CRON#TRAP, a newly identified cyberattack campaign, is leveraging advanced Linux evasion techniques, and explore the implications of AI-driven vulnerability discovery with breakthroughs in SQLite security. With ransomware like Interlock targeting FreeBSD servers and Veeam Backup exploits driving new attack waves, staying ahead of threats has never been more critical.

These stories and more are in this week’s highlights to ensure you’re informed and fortified. Let’s navigate these challenges together—stay sharp, stay secure!

Top stories last week

✈️ Delta Air Lines sues CrowdStrike over major tech outage. Delta is pursuing legal action against CrowdStrike, alleging the company’s technology caused a five-day disruption that resulted in over 7,000 canceled flights during peak travel season. The incident underscores the critical importance of robust cybersecurity measures in aviation. Read more

🗳️ FBI warns of scams exploiting U.S. election season. Fraudsters are targeting the 2024 U.S. General Election with schemes to steal personal data and money, including fake campaign contributions and phishing. The FBI urges vigilance and recommends verifying requests directly with official sources. Read more

⚔️ Sophos battles Chinese hackers exploiting zero-days. Sophos revealed ongoing efforts to thwart sophisticated cyberattacks by Chinese APT groups, leveraging zero-day vulnerabilities in its enterprise products. These campaigns highlight escalating threats to global cybersecurity. Read more

🤖 AI detects first real-world SQLite vulnerability. Google Project Zero and DeepMind collaborated to identify a memory-safety issue in SQLite using AI. This groundbreaking discovery showcases AI’s growing potential in vulnerability detection. Read more

🔐 Microsoft warns of Quad7 botnet targeting online accounts. Linked to Chinese threat actors, the Quad7 botnet uses password-spraying attacks to exploit vulnerabilities in online accounts and devices. Organizations are urged to enhance password security and implement multi-factor authentication. Read more

🛠️ New ransomware ‘Interlock’ hits FreeBSD servers. The ransomware operation employs double-extortion tactics to target FreeBSD server users globally. Organizations are advised to patch systems and bolster defenses against ransomware threats. Read more

💾 Veeam backup vulnerability exploited in ransomware attacks. Hackers are leveraging CVE-2024-40711 in Veeam Backup & Replication software to execute remote attacks. The flaw allows unauthorized code execution, emphasizing the need for immediate updates. Read more

🌐 Androxgh0st botnet targets IoT and web servers. Active since January 2024, the botnet exploits vulnerabilities to compromise web servers and IoT devices, highlighting critical risks in device security and system updates. Read more

🐧 CRON#TRAP malware campaign evades detection with custom emulation. The campaign uses advanced techniques to stage malware in Linux environments, bypassing traditional defenses. Security teams are urged to strengthen detection capabilities. Read more

🎮 NVIDIA patches critical GPU vulnerabilities. NVIDIA’s latest security update addresses multiple critical vulnerabilities in its GPU drivers and vGPU software. These flaws could enable unauthorized code execution or privilege escalation, potentially leading to severe security breaches. Read more

Stories this week

Breaches

• Importance of Incident Response Plans for Cybersecurity
• ISPs Face Challenges from DDoS Attacks
• Surge in Data Breaches Affects High-Profile Companies in 2024
• Data Forging Attacks Threaten Machine Learning Model Integrity
• Hot Topic Faces Cybersecurity Breach Affecting Customer Data
• Presentation Highlights Key Strategies for Incident Response Efficiency
• Study Examines Impact of Data Breach Laws on Loan Costs
• Study Examines Vulnerabilities of Large Language Models to Attacks
• Advancements in Membership Inference Attacks Research Introduced
• Scrutiny of Language Models Due to Extraction Attack Vulnerabilities
• Study Examines Vulnerabilities of Language Models to Attacks
• Study Reveals Vulnerabilities in 5G Networks to Jamming Attacks
• AI-Driven Cyberattacks Identified as Top Security Concern
• Chinese Group TAG-112 Linked to Cyberattacks on Tibetan Websites
• DemandScience Data Breach Exposes 122 Million Email Addresses
• Importance of Incident Response Plans for Businesses
• New Method Developed for Detecting Network Attack Traffic
• October 2024 Sees Multiple Significant Cybersecurity Breaches
• Increase in Cyberattacks Using “Sitting Ducks” Technique
• New Framework MultiKG Enhances Cyber Attack Technique Representation
• New Tool JSLeakRecon Detects Leaks in JavaScript Files
• Rise in Server-Side Script Attacks and Detection Methods
• River Machine Walkthrough on Attack The Box Platform
• Windows Event Tracing Enhances Incident Investigation Capabilities
• Research Paper Proposes New Method to Combat Backdoor Attacks
• Exchange Server Database Management and Recovery Strategies
• FBI Reports Increase in Misuse of Emergency Data Requests
• User-Managed Access (UMA) Enhances OAuth 2.0 for Data Control
• Microsoft Power Pages Web API Faces Data Exposure Concerns
• Study Proposes Blockchain-Based Data Sharing for IoT Security

Cybercrime

• Volt Typhoon Cybercrime Group Resumes Operations Targeting U.S

Education

• Flare Hosts Threat Intelligence Workshop on Cybersecurity Challenges
• Analysis of Certification Authority Authorization in Web Security

Industry News

• 2024 U.S. Presidential Election Results and Cybersecurity Overview
• Analysis of macOS Sandbox Vulnerabilities and Security Concerns
• Limitations of VPNs in Cloud-Based Work Environments
• New Android Banking Trojan “AMEXTROLL” Identified
• Challenges and Strategies in DevSecOps Implementation
• Disintermediation’s Impact on Internet Power Dynamics
• Red Hat Expands Product Portfolio and Delivery Options
• Security Vulnerabilities in QEMU Affect Multiple Ubuntu Versions
• Advancements in Classification of Almost Perfect Nonlinear Functions
• Advancements in Zero-Knowledge Argument Systems Using Garbled Circuits
• Cybersecurity Challenges in Mobility-as-a-Service Systems
• Five Malicious npm Packages Target Roblox Developers Identified
• HackerOne Report Highlights AI’s Impact on Cybersecurity
• Hybrid Quantum-Classical Symmetric Encryption Method Introduced
• Introduction of PANCCD Model for Cybersecurity Enhancement
• Meta AI Unveils Segment Anything Model and Adversarial Challenges
• MicroPython’s Reverse Engineering Challenges Discussed at DEF CON 32
• Microsoft Outlook Vulnerabilities Raise Concerns Over Remote Code Execution
• Mirantis CEO Discusses Cloud Security Challenges for CISOs
• New Defense Mechanism BAN Enhances Backdoor Detection in Deep Learning
• Overview of Privileged Access Workstations (PAWs)
• Reptile 2.0 Rootkit Introduces New Kernel Loading Method
• Security Concerns Raised Over Microsoft Entra Feature
• Security Risks in Microsoft Entra Account Creation Process
• Signal Launches “Call Links” Feature for Group Calls
• Smart Grid 2.0: Enhancements and Security Challenges Identified
• Technical Debt Identified as Cybersecurity Risk for Enterprises
• Ubuntu Releases Version 24.10 of Linux Distribution
• Advancements in Private Information Retrieval Client Preprocessing
• Advancements in Verification of Jolt zkVM Lookup Semantics
• Concerns Raised Over Safety of Large Language Models
• Former Professor to Launch New Programming Language TrapC
• Importance of User-Friendly Account Setup and Login Experiences
• Intellectual Property Protection for Deep Learning Models Discussed
• Introduction of Non-Interactive Zero-Knowledge Proofs with Certified Deletion
• LaZer Library Introduces Quantum-Safe Cryptographic Solutions
• Machine Learning Model Enhances Intrusion Detection in SDN
• New Defense Mechanism Eguard Enhances LLM Embedding Security
• NIST Introduces Quantum-Safe Cryptography Standards Amid Security Concerns
• Security Vulnerabilities Identified in Quantum Computing Circuits
• Zero Trust Security Gains Attention Amid Cloud Migration Challenges
• Google Chrome Introduces Application-Bound Encryption for Security
• Growing Importance of Non-User Entities in Cybersecurity
• Hamas-Linked Group WIRTE Expands Cyber Operations
• Increase in Cybersecurity Vulnerabilities Noted in 2023
• Microsoft Introduces SecEncoder Language Model for Security Applications
• Navy Launches Zero Trust Deployment Initiative Flank Speed
• New Method for Privacy-Preserving Record Linkage Introduced
• Okta Enhances Cybersecurity Event Detection with Autoencoders
• Overview of Real-Time Operating Systems for Developers in 2024
• Security Evaluation Reveals Vulnerabilities in Ivanti Endpoint Manager
• Analysis of Security Scanners for Large Language Models
• Challenges of Shadow IT in Modern Enterprises
• Concerns Raised Over MySQL’s Application-Layer Encryption Methods
• Device Intelligence Enhances Fraud Detection in Digital Banking
• Fingerprint Launches Device Reputation Network for Android Security
• Increase in Ad Blocker Use Sparks Concerns Over Misleading Ads
• Insights for Beginners in Cybersecurity Careers
• New Method for DLL Injection via Return-Oriented Programming
• O-RAN’s Role in Wireless Communication and Security Challenges
• Overview of JSON Web Tokens and Security Considerations
• PyPI Introduces Index-Hosted Digital Attestations for Packages
• Weak Passwords Remain Common, NordPass Report Finds
• Advancements in Privacy-Preserving Machine Learning Protocols
• Advancements in Twin Column Parity Mixers for Cryptography
• Advancements in Zero-Knowledge Probabilistically Checkable Proofs Announced
• Cadet Blizzard Cyber Group Targets Ukraine and NATO Entities
• Concerns Raised Over Battery Safety and Supply Chain Security
• Investigation Reveals Vulnerabilities in WordPress Sites
• Mikhail Shefel Identified as Cybercriminal “Rescator”
• New Forkcipher Designs Proposed for Lightweight Cryptography
• New Group Authenticated Key Exchange Protocols Introduced
• New Protocol Enhances Privacy in Machine Learning Applications
• Roman’kov Introduces Novel RSA-like Cryptosystem for Security
• Newsletter 8 November 2024

Threats and Exploits

• Increase in CosmicBeetle Ransomware Group Activity Observed in 2023
• KillSec Increases Ransomware and Data Breach Activities
• Analysis of AsyncRAT Malware Infection Methods
• New Phishing Campaign Distributes Remcos Remote Access Trojan
• Ransomware Attack Reported by Cisco Talos Incident Response
• Resurgence of Fakebat Malware Loader Detected in Ads
• Cryptography in Malware Development: The Decorrelated Fast Cipher
• Global Law Enforcement Operation Targets RedLine Stealer Malware
• WhatsApp Phishing Scam Targets Users with Fake India Post Offer
• GootLoader Malware Evolves into Initial Access Platform
• Increase in Ransomware Incidents Highlights Cybersecurity Challenges
• New Ransomware Family “Ymir” Identified in Cybersecurity Investigation
• UAB Experiences Ransomware Attack Impacting 50,000 Users
• Android Spynote Malware Disguises as Antivirus Software
• Growth in Phishing-Resistant MFA Adoption Noted in 2023
• Malware Linked to North Korea Discovered Using Flutter Framework
• New Ransomware Family ‘Ymir’ Discovered by Kaspersky Researchers
• North Korean Threat Actors Use Malware in Flutter Apps
• Study Develops LLM-Based Method for Malware Detection
• Volt Typhoon Group Rebuilds KV-Botnet Malware Network
• Bitdefender Releases Free Decryption Tool for ShrinkLocker Ransomware
• Emergence of Emmenhtal Loader Malware Identified in 2024
• Infostealer Malware Threatens Information Security for Users
• New Ransomware Variant ShrinkLocker Exploits BitLocker Encryption
• Surge in Phishing Emails Highlights Cybersecurity Threats
• Analysis of WezRat Malware Linked to Iranian Cyber Group
• New Stealth Malware Variant Targets Red Hat Systems
• Phishing Campaign Targets E-Commerce Shoppers During Black Friday
• Surge in Malware Infections Targeting WordPress Websites
• CUJO AI Monitors ViperSoftX Malware Threats
• Phishing Kits: Challenges and Opportunities for Cybersecurity Defenders
• Cybersecurity Threat: Earth Estries Group Identified
• Cybersecurity Threats Targeting Developers Identified in New Campaign
• Threat Actors Use ZIP File Concatenation to Evade Detection
• Cyber Threat Landscape Report Highlights Risks in Construction Sector
• Malicious npm Packages Identified as Threat to Developers
• New Benchmark CTIBench Evaluates LLMs in Cyber Threat Intelligence
• Russia Recognized as Major Cyber Power and Threat Actor
• Federal Authorities Warn Healthcare Sector of Godzilla Webshell Threat
• Adversarial Threat Emulation Enhances Cybersecurity Defense Strategies
• Infostealers Pose Growing Cybersecurity Threat in 2023
• New Threat Model Identified for E2E Encrypted Applications

Tools and Techniques

• Generative AI Framework Aims to Streamline Security Control Development
• Akamai Technologies Launches Behavioral DDoS Engine Tool
• NIST Updates Guidelines for Password Security Practices
• Antivirus Software and Computer Performance Optimization Tips
• New Framework Introduces Secure Digital Consent Process
• Microsoft Releases November Security Update Addressing 89 Vulnerabilities
• New Framework Developed for Secure Medical Data Sharing
• Overview of Essential Security Tools for CISOs
• PentestAgent Framework Enhances Penetration Testing Automation
• Powerpipe Tool Enhances Cloud Infrastructure Management for DevOps
• Pulumi Launches New Tools for Kubernetes Management
• Study Introduces AMAZE Framework for Efficient Cryptographic Hash Functions
• Study Proposes Framework for Improved Deepfake Detection
• TITAN Framework Enhances Real-Time Cyber Threat Intelligence
• New System IRIS Enhances Detection of Software Vulnerabilities
• Framework Developed for Analyzing Cryptographic Functions in Binaries
• ARCHER Tool Analyzes Side-Channel Vulnerabilities in RISC-V Processors
• New Face Anonymization Technique Enhances Privacy Protection

Vulnerabilities

• CVE and CVSS: Key Components of Cybersecurity Management
• Wordfence Bug Bounty Program Addresses WPLMS Vulnerability
• Google Advances AI for Software Vulnerability Discovery
• Critical Security Vulnerability Disclosed in Ruby-SAML Libraries
• KExecDD Proof-of-Concept Explores Windows Driver Exploits
• Microsoft Introduces New Format for Security Vulnerability Data
• New Automated Vulnerability Detection System Introduced: LProtector
• Samsung Devices Face JSON Injection Vulnerability Concerns
• Smart-LLaMA Method Enhances Smart Contract Vulnerability Detection
• U.S. Government Launches Vulnerability Disclosure Policy Platform
• Vulnerability Discovered in Filecoin Network Clients
• Exploitation of DACLs in Active Directory Environments
• Security Vulnerability Discovered in Target Website’s Email System
• Security Vulnerability Discovered in TL-WR841N Router
• New System LProtector Addresses Cybersecurity Vulnerability Detection Challenges
• Research Identifies New Vulnerability in Rowhammer Exploits
• D-Link NAS Devices Found Vulnerable to Command Injection

Research and Studies

• Research Introduces Privacy-Preserving Data Structures for Distance Metrics
• Researchers Introduce Pseudorandom Codes for Enhanced Cybersecurity
• Research Examines PU Learning for DDoS Detection in Cloud Environments
• Research Examines Quantum Computing’s Impact on Cryptography
• Research Identifies Page Spray Technique Targeting Linux Kernel Vulnerabilities
• Research Paper Explores Certified Deletion of Quantum Information
• ETH Zurich Researchers Study Authentication for Smart Home Devices
• Trustwave Research Identifies Risks to U.S. Election System
• New Concept in Functional Encryption Introduced by Researchers
• Study Introduces Privacy-Preserving Name Matching for Finance
• Study Reveals Vulnerabilities in Chase-Shen Encryption Scheme
• Study Analyzes Machine Learning for DDoS Detection in IoT
• Study Examines Maximal Extractable Value in Ethereum and Rollups
• Study Examines Undetectable Backdoors in Machine Learning Models
• Study Explores Future of Quantum Cryptography Systems
• Study Highlights Advances in Pseudorandom Codes for AI Security
• Study Identifies Vulnerabilities in Google’s Vertex AI Platform
• Study Reveals Security Risks in VS Code Extensions
• Study Reveals Vulnerabilities in Large Language Models
• Study Examines Environmental Impact of AI and Energy Use
• Study Examines Security Risks of Voice Assistants
• Study Examines Vulnerabilities in MAYO Digital Signature Scheme
• Study Identifies Vulnerabilities in Threshold Fully Homomorphic Encryption
• Study Reveals Vulnerabilities in Large Language Models

🛠 Tools

• aws-firewall-factory v4.6.0 | AWS WAF manager | Automated IP set management, CloudWatch metrics for IP updates, major enum restructuring requires file import updates.
• openappsec v1.1.19 | Security engine for APIs | Added Apache APISIX support, bug fixes for local policies, updated Docker images with new NGINX versions.
• netmaker v0.26.0 | WireGuard network automation | New ACL/tag system, managed DNS for Linux, fixes for failover and scalability.
• authentik 2024.10.2 | Authentication platform | Fixes for redirect URI, captcha improvements, recovery flow fixes, enhanced certificate validation.
• chainloop v0.108.0 | Software supply chain attestation | Policy checks enhanced, workflow updates for CLI/server, OCI Helm charts supported.
• cloud-custodian 0.9.42.0 | Cloud governance | Support for new AWS, Azure resources, enhancements for IAM, S3, Lambda, and Kubernetes filters.
• dnsrecon 1.3.1 | DNS enumeration | Improved timeout handling for DNS calls, location fixes for logs, minor doc updates.
• firezone gateway-1.4.1 | Zero-trust access | Minor UI updates and optimizations, changelog not detailed.
• kanidm v1.4.2 | Identity management | Fixed access control migration issues, PAM updates, new SCIM foundations, web UI rewrite.
• SecretScanner v2.5.0 | Secrets scanning | CLI rules download support, proxy server integration, upgraded to Go 1.23.
• YaraHunter v2.5.0 | Malware scanning | Added CLI mode rule support, proxy support, set default skip non-executable behavior.
• trufflehog v3.83.6 | Secret detection | Enhanced false-positive logging, various detector improvements for RabbitMQ, Mailgun, MongoDB.
• security_content v4.43.0 | Security analytics | Critical alerts detections, anomaly queries, enhanced drilldowns for investigation.
• kubescape v3.0.19 | Kubernetes security | Dependency updates for containers/common, minor bug fixes.

🌐 Upcoming Events

• November 18-21 - Tanium Converge, Virtual and Orlando, Florida, USA
• November 19 - Identity Management (IDM) Nordics, Stockholm, Sweden
• November 19-21 - ISC East, New York, New York, USA
• November 21 - San Diego Cybersecurity Conference, Virtual and San Diego, California, USA
• November 21 - Boston Cybersecurity Conference, Virtual and Boston, Massachusetts, USA
• November 26-27 - Global Cyber Conference, Zurich, Switzerland
• November 28 - Enterprise Security & Risk Management (ESRM) UK, London, UK

Briefs

Threats

• Volt Typhoon group rebuilt its botnet using compromised legacy routers to target critical infrastructure.
• Raspberry Robin malware uses a WebDAV server for delivering malicious payloads, emphasizing the need for strong defenses.
• New malware tactic employs a QEMU-emulated Linux environment for persistent backdoor access.
• LUNAR SPIDER targets financial sectors with advanced ransomware techniques using the Latrodectus JavaScript loader.
• Iranian state-sponsored hackers target aerospace workers with fake job offers, distributing malware similar to North Korean tactics.

Vulnerabilities

• Palo Alto Networks PAN-OS faces a critical remote code execution flaw.
• Epson devices exposed to unauthorized access due to blank admin passwords.
• PostgreSQL CVE-2024-10979 allows unprivileged users to alter environment variables.
• Citrix’s Session Recording vulnerabilities could allow unauthorized system access.
• Schneider Electric Modicon programmable automation controllers face critical vulnerabilities.

Breaches

• Amazon data breach exposed 2.8 million lines of employee information due to a third-party vendor hack.
• Instagram data leak exposed 489 million user records.
• DeltaPrime reported a breach resulting in a $4.8 million token theft.
• Sheboygan ransomware attack caused outages and unauthorized network access.
• DemandScience breach exposed data of 122 million individuals.

Policy

• Australia’s social media legislation aims to ban access for individuals under 16, enforcing stricter age verification.
• Germany enhances cybersecurity against potential threats ahead of elections.
• NIST, with CISA’s help, has cleared its vulnerability backlog but missed its year-end goal.

Tools and Technology

• Google updated Chrome’s Enhanced Protection with AI-powered real-time security features.
• Microsoft introduced a Zero Trust Workshop to guide organizations in implementing cybersecurity strategies.
• Didier Stevens enhanced zipdump.py with new options for analyzing PKZIP records.

Industry

• Logicalis and Cisco introduced a managed XDR service.
• Xiphera and Crypto Quantique partnered to develop quantum-resilient IoT security solutions.
• BlackFog launched Version 5 of its anti-data exfiltration platform with features like air gap protection.

Education

• The 11th edition of the OSINT Techniques guide includes updates across 47 chapters.
• CISA and public health agencies launched a cybersecurity readiness survey for better preparedness.

---

Thank you for joining us for this week’s edition of Secure Transmission! Our mission is to empower your cybersecurity journey with actionable insights and updates. We’re experimenting with the format to ensure readability and avoid overwhelming you with too much information. If you enjoyed this week’s newsletter, share it with your network. Stay vigilant, and we’ll see you next week with more essential news and strategies to stay secure!

Check out what's latest

Nov 22, 2024

Study Reveals Vulnerabilities of LLMs to Bit-Flip Attacks

Nov 22, 2024

APT-K-47 Group Linked to Sophisticated Cyber Attack Campaign

Nov 22, 2024

New Detection System for Advanced Persistent Threats Introduced