22-Feb-24: In Security News Today

Wyze Connected Cameras Mistakenly Send Feeds to Wrong Users

Wyze cameras experienced a cybersecurity incident where 13,000 users received camera images and feeds that were not theirs, allowing unintentional spying. This is the second time Wyze has faced such an issue, with the first being in September 2023 due to a Web caching problem. The incident was attributed to a server overload after an AWS outage, and while Wyze has taken steps to address the issue, the impact on user trust and future prevention measures remain uncertain.

Wireless Charger Takeover Vulnerability Explored with ‘VoltSchemer’ Attack

Researchers from the University of Florida and CertiK have developed the ‘VoltSchemer’ attack, which manipulates power supply voltage to take over wireless chargers, potentially allowing threat actors to damage devices and manipulate voice assistants. By exploiting voltage noises, this attack can bypass Qi standard mechanisms, compromising communication between the charger and the device. The researchers tested this attack on nine different commercial wireless chargers, all of which were found to be vulnerable.

Lucifer Botnet Targeting Apache Hadoop and Druid Servers

The Lucifer botnet is targeting organizations running Apache Hadoop and Apache Druid big data technologies, combining cryptojacking and DDoS capabilities. The campaign involves exploiting misconfigurations and vulnerabilities in these platforms, with over 3,000 unique attacks observed in the last month alone. To prevent potential attacks, enterprises are advised to review their configurations, keep patches up-to-date, and use runtime detection and response solutions to identify unknown threats.

German Control Systems Firms Struggles to Recover After Ransomware Attack

PSI Software, a German provider of control system solutions, is battling to recover from a ransomware attack that led to the shutdown of its systems earlier this month. Despite taking immediate action to disconnect from the internet to prevent data exfiltration, the company’s internal IT infrastructure remains impacted, with no evidence of customer system compromise. This incident underscores the persistent threat ransomware poses to critical infrastructure providers and the complexities involved in recovery efforts.

Multiple High Severity Browser Patches for Chrome and Firefox

Google and Mozilla have patched multiple high-severity vulnerabilities in Chrome 122 and Firefox 123, addressing memory safety bugs and other security defects. These updates are crucial for protecting against potential exploits that could compromise user data and system integrity. Users are advised to update their browsers to these latest versions to ensure protection against these identified vulnerabilities.

Russian Government Software Backdoored to Deploy Konni RAT Malware

A German cybersecurity company, DCSO, discovered that an installer used by the Russian Consular Department of the Ministry of Foreign Affairs was backdoored to deliver the Konni RAT malware, originating from North Korean threat actors. The malware was hidden within an MSI file, allowing for remote access and command execution capabilities. The incident highlights the ongoing cyber espionage activities targeting Russia, with suspicions that the threat actors leveraged historical espionage operations to identify and exploit vulnerabilities.

Cybercriminals Weaponizing Open-Source SSH-Snake Tool

The open-source network mapping tool SSH-Snake has been repurposed by threat actors to conduct malicious activities, leveraging SSH credentials to spread throughout networks. The tool is fileless, self-replicating, and provides stealth and flexibility for lateral movement. The developer emphasizes using SSH-Snake to identify infrastructure weaknesses proactively, highlighting the importance of comprehensive security measures to prevent cyber attacks.

America Healthcare Provider Change Healthcare Faces Cybersecurity Crisis After a Cyberattack

Change Healthcare experienced significant network disruptions due to a cyberattack, leading to the unavailability of over 100 applications across various healthcare services. The company responded by disconnecting systems to contain the incident, suspecting ransomware as the cause. This attack underscores the vulnerability of healthcare technology infrastructures to cyber threats and the potential impact on medical services.

Leaked Chinese Hacking Documents Offers a Rare Window Into Pervasive State Surveillance

An unprecedented leak of documents from a Chinese security contractor offers insight into China’s extensive surveillance and hacking operations targeting dissidents, foreign nationals, and promoting pro-Beijing narratives. These documents detail the use of sophisticated hacking tools and social media manipulation, implicating both Chinese police and the Ministry of Public Security. This leak, considered highly significant, underscores the global reach of China’s state-sponsored cyber activities and raises concerns about privacy and international cybersecurity.

Russian Threat Actor Turla Attacks Polish NGOs with Advanced Backdoor

The Russian state-sponsored group Turla has deployed a sophisticated new backdoor named TinyTurla-NG in attacks against Polish NGOs, particularly those supporting Ukraine. This evolution of the TinyTurla malware allows for persistent network access and employs compromised WordPress sites for command-and-control, showcasing Turla’s advanced capabilities in cyber espionage. The targeted campaigns utilize PowerShell scripts for data exfiltration, highlighting the ongoing cyber threats faced by organizations involved in geopolitical conflicts.

Iran-Backed Charming Kitten Targets Policy Experts with Fake Webinar Platform

APT group Charming Kitten, also known as Charming Cypress, has launched a new campaign targeting policy experts in the Middle East, Europe, and the US by setting up a fake webinar platform. This cybersecurity news highlights the ongoing threat posed by Iran-backed threat actors in the region, emphasizing the need for heightened vigilance and security measures to protect against such attacks.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.