01-Mar-24: In Security News Today

Apple Warns of Increased iPhone Security Risks Due to EU Competition Laws

Apple is warning European customers that new EU competition laws will make iPhones less safe as the company is forced to open up its platforms to third-party App Stores. The changes mandated by the Digital Markets Act (DMA) include support for third-party app stores and payment systems other than Apple Pay, raising concerns about security risks like social engineering, fake apps, spyware, and ransomware. Apple is striving to balance compliance with EU law while maintaining the security and privacy of its users, but the move is generating controversy and concerns about potential security vulnerabilities.

Biden Orders Investigation into Chinese Connected Vehicles

US President Joe Biden has directed an investigation into the national security risks posed by Chinese technology in connected vehicles, warning that they could be used to steal sensitive data and even be remotely accessed or disabled on US roads. The White House highlighted concerns about China’s unfair practices in the automobile market and emphasized the need for safeguards against potential threats. This move follows an executive order aimed at preventing the sale of personal and financial data to countries of concern, including China, amidst ongoing warnings about Chinese state hackers.

GitHub Enhances Security with Default Secret Scanning Push Protection

GitHub has implemented default secret scanning push protection for all public repositories, allowing users to remove detected secrets or bypass the block if deemed safe. The feature identifies over 200 token types to prevent fraudulent use and has expanded to include validity checks for popular services like AWS and Microsoft. This enhancement comes in response to ongoing ‘repo confusion’ attacks targeting GitHub with obfuscated malware designed to steal passwords and cryptocurrency.

US Charges Iranian National for Cyberattacks on State and Defense Entities

The US has indicted Alireza Shafie Nasab, an Iranian national, for his involvement in cyberattacks targeting the US State and Treasury Departments, defense contractors, and private companies between 2016 and 2021. Nasab, associated with the IT firm Mahak Rayan Afraz, which has connections to the Islamic Revolutionary Guard Corps, is charged with multiple offenses, including wire fraud and identity theft, carrying sentences up to 20 years. Despite these charges, Nasab remains at large, with a $10 million reward for information leading to his capture.

FBI and CISA release Indicators of Compromise for Phobos Ransomware

The FBI and CISA have released indicators of compromise for the Phobos ransomware, which has targeted government, healthcare, and critical infrastructure organizations since 2019. Threat actors use tactics like phishing emails, exploiting RDP ports, and privilege escalation to gain access and deploy the ransomware. Phobos actors exfiltrate data before encryption, targeting financial records and databases, and delete backups to pressure victims into paying for decryption.

New BIFROSE Linux Malware Variant

A new Linux variant of the BIFROSE remote access trojan (RAT) has been discovered, utilizing a deceptive domain resembling VMware to evade security measures. The malware, active since 2004, has been linked to a state-backed hacking group from China and is distributed through email attachments or malicious websites. Recent spikes in BIFROSE activity, along with new deceptive domain strategies, highlight the evolving and dangerous nature of this malware.

CISA Alert on Windows Streaming Service Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity elevation of privilege vulnerability in the Windows Streaming Service to its catalog of exploited vulnerabilities, indicating active exploitation. The vulnerability, identified as CVE-2023-29360 with a CVSS score of 8.4, affects Windows 10, 11, and various Windows Server versions, and could enable attackers to gain system privileges. Despite the availability of patches since June 2023, the exploit remains a significant threat, prompting CISA to urge organizations to apply necessary updates promptly.

Five Eyes Alert on Ivanti VPN Vulnerabilities

Government agencies from the Five Eyes alliance have issued a warning about active exploitation of vulnerabilities in Ivanti VPN appliances, urging organizations to assume compromise and start hunting for malicious activity. The identified flaws allow attackers to bypass authentication and execute commands with high privileges, with patches available since January 31. Despite patching, agencies emphasize the importance of assuming compromise due to potential root-level persistence by sophisticated threat actors.

Golden Corral Data Breach Affects Over 180,000

Golden Corral reported a data breach impacting approximately 180,000 current and former employees, occurring between August 11 and 15, 2023. The breach led to the theft of sensitive information, including Social Security numbers, driver’s licenses, and financial details. The company has begun notifying affected individuals and offering credit monitoring services, amid ongoing investigations and emerging class action lawsuits.

New Phishing Kit Targeting Cryptocurrency Users with SMS and Voice Calls

A new phishing kit is impersonating well-known cryptocurrency services to target mobile users, primarily in the United States, by using a combination of email, SMS, and voice phishing techniques. The kit has successfully phished over 100 victims, including employees of the FCC and users of platforms like Binance and Coinbase. The phishing pages are designed to evade automated analysis tools and give an illusion of credibility by customizing the phishing page in real-time, capturing credentials and OTPs to access victims’ accounts.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.