The Hidden Danger in WiFi Protocols
Researchers at Northeastern University have discovered a critical vulnerability in the IEEE 802.11 protocol, which could allow attackers to force access points to leak network frames in plaintext. The flaw is exploitable when access points enter power-saving mode and queue frames to send upon waking. Although Cisco acknowledged the vulnerability, they claimed that any data obtained would have minimal value in a securely configured network.
Cyber Campaign Targeting Environmental Activists
Court records revealed that Israeli private detective Aviram Azari operated a years-long cyber campaign against environmental activists and organizations such as the Rockefeller Family Fund and Green Peace. Azari, arrested in 2019, pled guilty to hacking conspiracy, wire fraud, and identity theft last year. His attorney stated that he is not cooperating with the ongoing investigation.
Open Letter Urges AI Development Halt
Over 1,000 signatories, including Elon Musk, Steve Wozniak, and Tristan Harris, have called for AI labs to pause the training of AI systems more powerful than GPT-4 for at least six months. The open letter argues that the AI industry is locked in an uncontrolled race for more powerful models without proper planning and management.
Massive Data Breach at NCB Management Services
Debt servicing giant NCB Management Services disclosed a cyberattack that exposed personal data of approximately 495,000 people, including names, addresses, Social Security numbers, and credit card information. The company claims to have obtained assurances that the third party no longer has any of the exposed data on its systems, suggesting a ransom was paid. Bank of America, whose closed credit cards were targeted, will provide victims with two years of identity theft protection.
Google Uncovers Spyware Zero-Days
Google’s Threat Analysis Group has identified over thirty spyware vendors working with government actors and reported two targeted campaigns that exploited zero-day vulnerabilities in Chrome, iOS, and Android. One campaign utilized an iOS remote code execution flaw to send GPS location data back to the attackers, while the other exploited multiple flaws in Samsung’s Internet browsers to install a full spyware suite on targeted devices. Google has reported all vulnerabilities to the affected vendors, who have since patched the issues.
Microsoft Defender Produces False Positives
Microsoft confirmed that its Defender software began incorrectly flagging legitimate links as malicious and not displaying content as expected. While users can still access the flagged URLs, admins have been overwhelmed with alerts since the issue arose on March 29th. Microsoft is currently investigating the root cause.
API Attacks Skyrocket
Salt Security’s State of API Security Q1 Report 2023 found a 400% increase in API attacks over the last six months, with 80% occurring over authenticated APIs. As a result, API security has become a top concern among organizations, reaching C-level discussions in nearly half of the surveyed companies.
North Dakota Passes Cybersecurity Education Bill
North Dakota has become the first US state to require cybersecurity education in K-12 schools, with a plan for implementation approved by July 1st, 2024. The state will also offer online cybersecurity, networking, and programming classes to all residents.
Cyberespionage Campaign Targets Governments
A hacking group with suspected ties to Russia or Belarus has been using simple but effective techniques to infiltrate multiple governments’ email systems. Their focus appears to be on cyberespionage operations related to Russia’s invasion of Ukraine. The group has targeted U.S. elected officials, European governments, and private telecommunications firms supporting Ukraine. Security firms Proofpoint and SentinelOne have been monitoring the group’s activities, noting its strategic intent and sophistication.
AlienFox Malware Targets Cloud Services API Keys
SentinelOne security researcher Alex Delamotte revealed the discovery of a new malware toolkit called AlienFox. Distributed via Telegram, AlienFox aims to harvest credentials from API keys and secrets from popular cloud service providers. The modular toolset is constantly evolving to incorporate new features and improvements. Organizations are advised to follow configuration management best practices and adhere to the principle of least privilege (PoLP) to mitigate the risks posed by AlienFox.
3CX Desktop App Compromised in Supply Chain Attack
3CX, a voice and video conferencing software provider, is working on a software update after multiple cybersecurity vendors detected an active supply chain attack targeting its desktop application. The compromised app acts as the first stage in a multi-stage attack chain, which uses GitHub to download malicious payloads. While the attack has been largely confined to the Windows Electron client of the PBX phone system, 3CX products are used by over 600,000 customers worldwide. CEO Nick Galea has recommended customers to uninstall and reinstall the app or use the PWA client until the issue is resolved.
That wraps up todays cybersecurity brief. As always, stay safe, stay vigilant and we’ll see you tomorrow with another update!