29-Feb-24: In Security News Today

Facebook Patches A 0-Click Account Takeover Vulnerability

The user discovered a rate-limiting issue in a specific endpoint of Facebook’s password reset flow that could have allowed the takeover of any Facebook account through brute-forcing a nonce. By exploiting this vulnerability, the user was able to achieve a 0-click Account Takeover, leading to a significant impact and recognition in Facebook’s Hall of Fame. The issue was reported to Facebook, leading to a successful resolution and acknowledgment through a bug bounty reward.

Hundred LLMs Containing Malicious Code Uncovered on Hugging Face AI Model Platform

Researchers discovered about 100 malicious machine learning models on the Hugging Face AI platform, posing a significant security threat by allowing attackers to inject harmful code onto user machines. The malicious models were found to execute code when loaded, highlighting the risk of weaponizing publicly available AI models. To mitigate this risk, AI developers are advised to utilize tools like Huntr to enhance the security of AI models and platforms.

GTPDOOR Linux Malware Targeting Telecoms

GTPDOOR is a new Linux malware targeting telecom networks adjacent to GPRS roaming exchanges, leveraging the GPRS Tunnelling Protocol for command-and-control communications. The malware, likely linked to the threat actor LightBasin, disguises itself as syslog and opens a raw socket to receive UDP messages for executing commands on compromised hosts. GTPDOOR allows threat actors to contact compromised hosts on the roaming exchange network by sending GTP-C Echo Request messages with malicious payloads.

Cisco Patches High-Severity Vulnerabilities Data Center OS

Cisco addressed two high-severity vulnerabilities in its NX-OS software that could lead to denial-of-service (DoS) attacks, alongside two medium-severity flaws affecting both NX-OS and FXOS platforms. The vulnerabilities, identified through Cisco’s semiannual security advisory, were patched to prevent unauthenticated remote attacks, including DoS and ACL bypass incidents. Cisco recommends updating to the latest NX-OS versions to mitigate these risks, highlighting the importance of continuous vigilance and prompt patching in safeguarding network infrastructure.

European Retail Giant Pepco Group Loses €15 Million Via Phishing Attack

Pepco Group fell victim to a phishing scam in Hungary, resulting in a €15 million loss, showcasing the sophisticated nature of cyber threats. The attack involved a business email compromise scheme, highlighting the need for businesses to enhance cybersecurity defenses through staff training and payment verification processes. Despite the financial setback, Pepco Group’s response emphasizes the importance of resilience, recovery efforts, and continuous reinforcement of cybersecurity measures in the face of evolving cyber threats.

Cyberattack Targeting EU Diplomats with Wine-Tasting Event

A sophisticated cyberattack campaign named ‘SpikedWine’ targeted European Union diplomats with a fake wine-tasting event invitation, delivering a backdoor malware called ‘WineLoader’ that evades detection through encryption and memory manipulation. The attackers used compromised websites for command-and-control purposes, demonstrating a high level of sophistication in both the socially engineered campaign and the malware itself. Zscaler’s ThreatLabz researchers discovered the attack, notified relevant authorities, and provided indicators of compromise to help defenders detect and mitigate the threat.

North Korean Hackers Exploit Windows Zero-Day Flaw

North Korean hackers exploited a zero-day flaw in AppLocker, allowing them to gain kernel-level access on targeted systems. The hackers, believed to be part of the Lazarus group, used the FudModule rootkit to carry out malicious activities and evade detection. Lazarus has been targeting various sectors, including the defense sector, software developers, and the judicial system, showcasing a high level of technical sophistication and persistence in their cyber-espionage operations.

Money Laundering Goes Digital: Innovation in Money Laundering

The XHelper app is being used by cybercriminals to turn ordinary individuals into money mules, facilitating the laundering of stolen funds through a user-friendly interface. The app connects scammers with individuals in India to receive and transfer illicit funds, enabling various scams and illegal operations on a large scale. To combat this, a united effort involving banks, governments, regulators, and targeted organizations is necessary to educate and raise awareness among employees and customers, strengthening defenses against such cyber scams.

Silver SAML Attack Technique: A New Threat

A new attack technique called Silver SAML, similar to the Golden SAML tactic used in the SolarWinds campaign, allows threat actors to forge SAML response tokens to gain unauthorized access to applications and services without needing access to ADFS. This technique exploits externally generated signing certificates in identity provider environments like Entra ID, potentially enabling attackers to impersonate users and access sensitive information. Organizations using externally generated certificates should ensure secure management practices to mitigate the moderate severity threat posed by Silver SAML.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.