24-Oct-23: In Security News Today

Cisco patches IOS XE vulnerabilities actively being exploited

Cisco has released patches for two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, that were actively exploited by hackers to compromise IOS XE devices. The vulnerabilities allow remote attackers to gain unauthorized access and control of affected systems. The UK National Cyber Security Centre (NCSC) has urged organizations to mitigate the vulnerabilities and follow vendor best practices, while Cisco recommends disabling the HTTP Server feature or restricting its access to trusted source addresses.

PEACHPIT: Massive Ad Fraud Botnet Powered by Millions of Hacked Android and iOS

A botnet called PEACHPIT has been discovered, which used hundreds of thousands of hacked Android and iOS devices to generate profits through ad fraud. The botnet is part of a larger operation called BADBOX, which involves selling backdoored mobile and connected TV devices. The PEACHPIT botnet was found in 227 countries and territories, with an estimated peak of 121,000 Android devices and 159,000 iOS devices per day.

‘Log in with…’ Feature Allows Full Online Account Takeover for Millions

Flaws in the implementation of the OAuth standard across Grammarly, Vidio, and Bukalapak could have allowed attackers to take over hundreds of millions of user accounts on multiple websites, exposing people to credential theft and financial fraud. Researchers discovered critical API misconfigurations on these sites, leading them to believe that other sites are likely compromised in the same way. The researchers refer to the issue as a ‘Pass-The-Token’ flaw, where an attacker can use a token from a third-party site to log in to another service on behalf of the user.

Canada Warns of Chinese ‘Spamouflage’ Disinformation Campaign

Canada has issued a warning about a disinformation campaign linked to China that used deepfake videos and online posts to discredit Canadian lawmakers. The campaign, referred to as ‘Spamouflage,’ involved a bot network that targeted the social media accounts of numerous members of parliament, including Prime Minister Justin Trudeau. China’s foreign ministry has rejected the allegations, accusing Canada of spreading disinformation and damaging bilateral relations.

Former NSA Employee Pleads Guilty to Leaking Classified Data to Russia

A former employee of the U.S. National Security Agency (NSA) has pleaded guilty to charges of attempting to transmit classified defense information to Russia. The employee, Jareh Sebastian Dalke, used an encrypted email account to send excerpts of three classified documents to an individual he believed to be a Russian agent, but was actually an FBI employee. Dalke also requested $85,000 in exchange for sharing the information and could face a maximum penalty of up to life in prison.

EvilProxy Phishing Kit Targets Senior Executives in U.S. Firms

A new phishing campaign is targeting senior executives in U.S. organizations using the EvilProxy phishing toolkit. The campaign started in July 2023 and primarily targets banking and financial services, insurance, property management, real estate, and manufacturing sectors. The threat actors behind EvilProxy, known as Storm-0835, have hundreds of customers and charge monthly license fees ranging from $200 to $1,000 USD.

CEO of Cybersecurity Firm Group-IB Will Stay Behind Bars for “State Treason”

Ilya Sachkov, the CEO of cybersecurity firm Group-IB, has had his appeal rejected by the First Court of Appeal of General Jurisdiction in Russia. Sachkov was found guilty of treason and sentenced to 14 years in prison. The trial was held in closed mode, with the details of the charges and evidence remaining classified as ‘top secret’.

Citrix Urges Admins to Immediately Update NetScaler Due to a Critical Vulnerability

Citrix has issued a warning to administrators to promptly secure all NetScaler ADC and Gateway appliances due to a critical vulnerability (CVE-2023-4966) that can be remotely exploited by unauthenticated attackers. The vulnerability, rated at 9.4/10 in severity, allows for sensitive information disclosure and has been actively exploited since late August 2023. Attackers can bypass multifactor authentication and compromise accounts, potentially allowing them to move laterally within the network or compromise other accounts. Citrix advises affected users to install the recommended updates immediately.

34 Cybercriminals Arrested in Spain for Multi-Million Dollar Online Scams

Spanish law enforcement officials have arrested 34 members of a criminal group involved in various online scams, resulting in €3 million ($3.2 million) in illegal profits. The operation uncovered a database with information on four million people, obtained by infiltrating financial and credit institution databases. The scams involved impersonating banks and electricity supply companies, manipulating delivery notes, and tricking victims into clicking on bogus links to capture their credentials.

Massive Cyberattack Hits 2 New York Hospitals, Causing Patient Diversions

Two hospitals in New York experienced a cyberattack, leading to patient diversions to alternative healthcare facilities. The Westchester Medical Center Health Network took immediate action to address the cyber threat and restore their secure network. The hospitals have returned to full operational capacity, and an investigation has been launched by local law enforcement authorities, the FBI, and a cybersecurity firm.

iOS Zero-Day Attacks: Operation Triangulation Targets Apple iOS Devices

Kaspersky has uncovered new insights into Operation Triangulation, a sophisticated attack targeting Apple iOS devices. The attack utilizes a backdoor called TriangleDB and exploits zero-day security flaws to gain control over the device and steal sensitive information. The attackers take extensive measures to conceal their tracks and use private undocumented APIs, demonstrating a deep understanding of iOS internals.

High-Severity Flaws in ConnectedIO’s 3G/4G Routers Raise Concerns for IoT Security

Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO’s ER2000 edge routers and the cloud-based management platform, allowing attackers to execute malicious code and access sensitive data. The vulnerabilities in the 3G/4G routers could expose internal networks to severe threats, enabling attackers to take control, intercept traffic, and infiltrate Extended Internet of Things (XIoT) devices. The flaws include hard-coded authentication credentials and a command opcode that allows arbitrary code execution on all devices, posing serious risks to companies worldwide.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.