21-Feb-24: In Security News Today

Apple Introduces PQ3 for iMessage to Combat Quantum Threats

Apple has unveiled PQ3, a post-quantum cryptographic protocol for iMessage, designed to secure messages against future quantum computing attacks. This protocol places iMessage at ‘level 3’ encryption, ensuring protection during both key establishment and message exchanges by combining post-quantum algorithms with classical Elliptic Curve cryptography. Scheduled for release in iOS 17.4 and other OS updates, PQ3 aims to safeguard against ‘Harvest Now, Decrypt Later’ threats, demonstrating Apple’s proactive stance on encryption security.

Malware Operators Use Google Cloud Run To Evade Detection

Researchers have observed a significant increase in campaigns using Google Cloud Run to distribute banking Trojans such as Astaroth, Mekiotio, and Ousaban, initially targeting Latin America but now expanding globally. The attacks often start with phishing emails mimicking financial documents or government tax communications. This exploitation of Google Cloud Run highlights the sophistication of attackers in using legitimate cloud services to bypass security measures and target a broader geographic area.

Joomla CMS Vulnerable to Cross-Site Scripting (XSS) Security Flaws

Joomla’s open-source content management system is susceptible to multiple XSS security vulnerabilities, including one tracked as CVE-2024-21726, which allows for remote code execution. Cyberattackers can exploit these flaws to inject malicious scripts, potentially leading to data theft, malicious redirects, or malware infections. To mitigate these risks, users are advised to update to the patched versions 5.0.3/4.4.3 released by Joomla.

VMware Urges Removal of Outdated Plug-in for VSphere Due to Critical Flaws

VMware is advising network administrators to remove an outdated plug-in for its VSphere due to two critical flaws that can be exploited by attackers to hijack cloud computing sessions. The vulnerabilities tracked as CVE-2024-22245 and CVE-2024-22250, allow for arbitrary authentication relay and session hijacking. VMware has provided instructions for removing the vulnerable plug-in and recommends using safer authentication methods like Active Directory over LDAPS and Microsoft Active Directory Federation Services.

Aviation Security Experts Should Pay Special Attention to this El Al Flight Hack

An El Al flight from Phuket to Tel Aviv experienced an attempted communication takeover, receiving false navigational instructions, suspected to be from hostile elements over Houthi or Somaliland airspace. The crew, suspecting deception, switched to alternative communication methods, ensuring the flight’s safety. El Al emphasized the disruption wasn’t targeted or a security breach, highlighting pilot professionalism and the importance of backup communication protocols in aviation cybersecurity.

Critical Security Vulnerability in ConnectWise ScreenConnect Remote Desktop Management Tool

ConnectWise ScreenConnect faces active cyberattacks due to a critical security vulnerability that allows attackers to bypass authentication and gain full control over the server. The exploit can lead to unauthorized file access and compromise high-value endpoints in corporate networks. Researchers are warning of the potential for a mass compromise event, urging users to upgrade to version 23.9.8 immediately and monitor for signs of exploitation using provided indicators of compromise.

Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks

Cybersecurity researchers have uncovered an influence operation targeting Ukraine by Russian-aligned threat actors, involving phishing attacks to harvest Microsoft login credentials. The disinformation campaign, codenamed Operation Texonto, spread false information through spam emails with PDF attachments on topics like heating interruptions and drug shortages. The attackers also expanded their targeting to include Ukrainian speakers in other European nations, with messages suggesting extreme measures to avoid military deployment.

VietCredCare Stealer Targeting Facebook Advertisers in Vietnam

VietCredCare is a new information stealer targeting Facebook advertisers in Vietnam since August 2022, with the goal of taking over corporate Facebook accounts to post political content or conduct phishing and affiliate scams. The malware is distributed through bogus sites on social media and messaging platforms, posing as legitimate software to extract credentials and evade detection. Group-IB warns that organizations in the public and private sectors are at risk of reputational and financial damage due to the theft of sensitive accounts by VietCredCare.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.