13-Mar-24: In Security News Today

Investment Scams Grow, 13,000 Domains Detected in January 2024

Internet security experts have detected and blocked thousands of fake investment platform domains across numerous IPs, indicating a 25% increase in January 2024. Investment scams have led to over $4.6 billion in fraud losses in the US in 2023, with cybercriminals using sophisticated tactics like social media recruitment and email campaigns to deceive victims. Enhanced cybersecurity measures and increased awareness are crucial in combating the proliferation of online investment scams.

Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes

A security bug in Kubernetes allows attackers to remotely execute code with system privileges on Windows endpoints, potentially leading to full takeover of Windows nodes within a Kubernetes cluster. The flaw, tracked as CVE-2023-5528, can be exploited by manipulating Kubernetes volumes, enabling attackers to escalate to admin privileges on Windows nodes. It is crucial to patch Kubernetes clusters running on Windows nodes to mitigate this vulnerability, as exploitation is expected to increase.

European Parliament approves EU AI Act

The European Parliament has approved a comprehensive law to govern artificial intelligence (AI) with a focus on promoting trustworthy and human-centric AI while ensuring protection for health, safety, fundamental rights, and the environment. The law includes harsh penalties for non-compliance, bans on certain AI practices, and provisions to protect employee rights in the workplace. Despite some criticism from MEPs, the law also includes measures to support innovation and small and medium-sized businesses through regulatory sandboxes and real-world testing.

Attackers abuse cloud accounts to spawn thousands of crypto CDN nodes

Hackers are exploiting cloud accounts to spawn virtual machines for a blockchain-based content delivery service, bypassing traditional detection methods focused on CPU and RAM usage. By deploying thousands of micro instances across different regions, attackers are able to monetize cryptojacking through storage space and bandwidth usage. To detect such attacks, organizations are advised to monitor for spikes in traffic, storage use, outbound connections, and unusual RunInstances events in Cloudtrail logs.

Fortinet warns of critical RCE bug in endpoint management software

Fortinet has patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) software, impacting versions 7.0 and 7.2. The vulnerability, CVE-2023-48788, allows unauthenticated attackers to execute unauthorized code via SQL injection in the DB2 Administration Server component. Additionally, Fortinet addressed other high-severity flaws in FortiOS and FortiProxy, emphasizing the importance of promptly applying security patches to prevent potential exploitation in cyber attacks.

Major CPU, Software Vendors Impacted by New GhostRace Attack

A novel speculative race condition attack, GhostRace, compromises major CPU and software vendors, leveraging speculative execution to bypass security defenses for data leakage, including passwords and encryption keys. The attack necessitates physical or privileged access for practical exploitation, with its discovery leading to advisories by AMD and mitigation steps in Linux despite performance concerns. Vendors including Intel, AMD, Arm, and IBM have acknowledged the vulnerability, emphasizing the need for industry-wide vigilance and updates.

US Seizes $1.4 Million in Cryptocurrency From Tech Scammers

US law enforcement seized $1.4 million in Tether tokens from tech scammers who targeted primarily elderly Americans with fake tech support popups. The scammers convinced victims to transfer funds to cryptocurrency for “protection,” which were then seized by the FBI through court orders. This operation underscores the growing concern over tech scams and the use of cryptocurrencies in fraudulent activities.

Israeli Universities Hit by Supply Chain Cyberattack Campaign

Israeli universities were hit by a supply chain cyberattack campaign orchestrated by an Iranian hacktivist group called Lord Nemesis and Nemesis Kitten. The group targeted an academic sector software firm in Israel to compromise its customers’ systems.

PixPirate’ RAT Invisibly Triggers Wire Transfers From Android Devices

A sophisticated Brazilian banking Trojan named PixPirate is targeting Android devices to invisibly trigger wire transfers through the Pix app. The malware spreads through fake bank authentication apps and hides its presence on compromised devices, making it difficult for users to detect. While the threat is currently specific to the Pix payment system in Brazil, the tactics used by PixPirate could inspire similar attacks on US payment apps, highlighting the importance of proactive security measures.

Bitcoin Fog mixer operator convicted for laundering $400 million

Roman Sterlingov, a Russian-Swedish national, was convicted for operating Bitcoin Fog, a cryptocurrency tumbler used by cybercriminals to launder $400 million over a decade. The mixing service allowed users to obfuscate the origin of their digital assets, making it challenging for law enforcement to trace the funds. Sterlingov faces up to 20 years in prison for money laundering conspiracy and other charges, highlighting the ongoing efforts to combat money laundering in the cybercriminal ecosystem.

Critical ChatGPT Plug-in Vulnerabilities Expose Sensitive Data

Critical vulnerabilities in ChatGPT plug-ins were discovered and remediated, posing a risk of unauthorized access to user accounts and services like GitHub. The vulnerabilities allowed for malicious code approval, account takeovers, and OAuth redirection manipulation. Security experts emphasize the need for robust security standards, regular audits, and employee training to mitigate risks associated with third-party applications and AI-enabled platforms.

LockBit Ransomware Affiliate Sentenced to Prison in Canada

Mikhail Vasiliev, a Russian-Canadian, has been sentenced to nearly four years in prison in Canada for his involvement with the LockBit ransomware operation, targeting at least three Canadian organizations. In addition to facing charges in the US, Vasiliev has been ordered to pay $860,000 in restitution to his victims. This case highlights the global efforts to combat ransomware and the consequences for those involved in such cybercriminal activities.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.