News of a Bathaee Dunne-led lawsuit (112-page class action complaint) against Intel over the Downfall vulnerability emerged in late August when the law firm announced that it was preparing to file a complaint. The lawsuit was filed against Intel over its handling of speculative execution vulnerabilities found in its CPUs, particularly the recently disclosed attack method named Downfall.
The plaintiffs say the Intel CPUs they have purchased are “defective” because they are either left vulnerable to cyberattacks or they have significantly slower performance due to the vulnerability fixes made available by the chip giant.
The complaint says Intel has known about speculative execution vulnerabilities in its processors since 2018 when cybersecurity researchers disclosed the existence of two attack methods named Meltdown and Spectre.
These types of attacks typically allow an attacker who has access to the targeted system — and in some cases remotely — to bypass security protections and obtain sensitive information such as passwords and encryption keys from memory. However, conducting an attack is often not an easy task and there are no public reports about such flaws being exploited in the wild. Customers are displeased with the fact that fixes for these issues introduce significant performance degradation and accuse Intel of selling CPUs that it knew were flawed over the course of several years.
The plaintiffs “seek monetary relief against Intel measured as the greater of (a) actual damages in an amount to be determined at trial or (b) statutory damages in the amount of $10,000 for each plaintiff.”
https://www.infosecurity-magazine.com/news/infostealing-malware-escalates-in/
The global online gaming community faces a rising threat from cyber-criminals exploiting vulnerabilities in gamers’ interactions. A Sekoia.io report reveals a targeted campaign using Discord messages and fake download sites to distribute information-stealing malware. Gamers, seeking enhanced experiences, unwittingly expose themselves to deceptive tactics like enticing in-game offers and fake cheat codes, leading to the unintentional running of malicious payloads. The severity of this threat is increasing, with concerns in the gaming and cybersecurity communities. In a specific incident, French gaming influencers were targeted through Discord messages offering exclusive game access. Malicious payloads are distributed through compromised accounts, targeting specific individuals. Info-stealer families like Doenerium and Epsilon Stealer, with low antivirus detection rates, are identified. To counter these threats, preventative measures are recommended, including downloading software from official sources and guidance on post-infection steps such as computer resets and password changes.
“Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers”
Vietnamese threat actors linked to the Ducktail stealer malware have orchestrated a new campaign targeting marketing professionals in India from March to early October 2023, aiming to hijack Facebook business accounts. Notably, this campaign diverges by using Delphi as the programming language instead of the usual .NET applications. The attackers, part of a Vietnamese cybercrime ecosystem, employ sponsored Facebook ads to disseminate malware, including Ducktail, Duckport, and NodeStealer, which pilfer victims’ login cookies. In this specific attack, potential victims receive archive files posing as PDFs, launching a PowerShell script that alters browser shortcuts and deploys a rogue extension to hijack Facebook business accounts. The evolution in attack techniques underscores the dynamic nature of cyber threats, as seen in Ducktail’s strategic shift. Additionally, Google has filed a lawsuit against individuals in India and Vietnam for spreading malware via Facebook, capitalizing on public interest in generative AI tools like Bard, revealing an ongoing challenge in combatting deceptive practices on social media platforms.
URL: https://thehackernews.com/2023/11/vietnamese-hackers-using-new-delphi.html
Malaysian Police Dismantle “BulletProftLink” Phishing Operation https://www.infosecurity-magazine.com/news/malaysian-police-bulletproftlink/
Police in Malaysia have disrupted a significant phishing-as-a-service (PhaaS) and initial access broker (IAB) operation that supplied thousands of threat actors, according to local reports.
This article reports on the disruption of a significant phishing-as-a-service (PhaaS) and initial access broker (IAB) operation by the Royal Malaysia Police, with assistance from the Australian Federal Police and the FBI. The Royal Malaysia Police, with intelligence support from the Australia Federal Police and the FBI, announced the disruption of a significant PhaaS and IAB operation. The operation led to the arrest of eight individuals, including a software developer responsible for designing phishing templates.
The syndicate, BulletProftLink, was allegedly involved in compromising websites, including those belonging to financial and educational institutions and official government sites in Australia.
The operation, known as BulletProftLink, has been active since 2015. Over the years, it has provided phishing services and stolen login credentials to more than 8,000 clients, according to information from Intel471.
BulletProftLink was identified as providing phishing services and engaging in initial access brokering by selling stolen login credentials. This type of activity marks the beginning of many cybercriminal operations, fraud, and attacks.
The threat intelligence firm Intel471 warned that there were indications of BulletProftLink showing an interest in ransomware. This suggests a potential shift in focus towards more destructive and financially motivated cybercriminal activities.
The operation’s scope, duration, and potential evolution toward ransomware underscore the ongoing challenges posed by sophisticated cybercriminal groups and the importance of international collaboration in addressing such threats.
In his article titled “The Shift, to an Identity First World; Cybersecurity Awareness Month 2023 ” Matthew Chiodi highlights the change in the field of cybersecurity. He emphasizes the growing importance of prioritizing identity over perimeter based approaches. Chiodi points out that a majority (74%) of breaches in 2023 were targeted at individuals underlining the need for a shift in focus.
Chiodi advocates for embracing the principles of Secure By Design/Secure by Default (SBD2) stressing the challenge posed by applications that do not adhere to security standards. These applications have been responsible for cybersecurity incidents. To address this Chiodi emphasizes the importance of integrating these applications with identity providers such as Okta, Azure AD and SailPoint.
Furthermore Chiodi calls for a security framework that combines SBD2 principles with management of nonstandard applications and a strong emphasis on identity. He urges the industry to simplify security processes for users and highlights the necessity of automation and built in security measures, in shaping a world where navigating security does not require expert knowledge. https://www.scmagazine.com/perspective/cybersecurity-awareness-month-2023-the-shift-to-an-identity-first-world
https://thehackernews.com/2023/11/cisa-sets-deadline-patch-juniper-junos.html
On November 17, 2023, federal agencies and organizations are to apply mitigations to several security flaws in Juniper Junos OS. On Monday five vulnerabilities were added to a list of known exploited vulnerabilities based on the fact of active exploitation. The five vulnerabilities could be set up in a way as an exploit chain so the attackers using them achieve remote code execution on unpatched devices. All of the vulnerabilities were listed as a CVSS score of 5.3 but when you click on CVE 2023 36845 its base score is listed as 9.8 which is very critical. Based on the vulnerabilities they can do several things when exploited like authentication bypass, SQL injection, and elevation of privilege.
The news discusses the low confidence in file upload security in industries moving to cloud-based systems. It points out that even though companies are updating their technology, their security measures are not keeping up, leading to risks like data breaches and malware attacks. The news suggests using better security methods, like scanning files with multiple tools and rebuilding them safely, to protect against these threats.
Google has filed a lawsuit against cybercriminals who falsely claimed users could download its AI tool, Bard. The scammers set up deceptive social media pages and ads, delivering malware to take control of victims’ social media accounts. Google seeks an order to prevent such scams and disable related domains through U.S. registrars. The company conducted 300 takedowns since April. Google emphasizes these legal actions as efforts to safeguard innovation and promote a safer internet.
ENDPOINT SECURITYIntel Sued Over ‘Downfall’ CPU Vulnerability
https://www.securityweek.com/lawsuit-filed-against-intel-over-downfall-cpu-vulnerability/
News of a Bathaee Dunne-led lawsuit (112-page class action complaint) against Intel over the Downfall vulnerability emerged in late August when the law firm announced that it was preparing to file a complaint. The lawsuit was filed against Intel over its handling of speculative execution vulnerabilities found in its CPUs, particularly the recently disclosed attack method named Downfall.
The plaintiffs say the Intel CPUs they have purchased are “defective” because they are either left vulnerable to cyberattacks or they have significantly slower performance due to the vulnerability fixes made available by the chip giant.
The complaint says Intel has known about speculative execution vulnerabilities in its processors since 2018 when cybersecurity researchers disclosed the existence of two attack methods named Meltdown and Spectre.
These types of attacks typically allow an attacker who has access to the targeted system — and in some cases remotely — to bypass security protections and obtain sensitive information such as passwords and encryption keys from memory. However, conducting an attack is often not an easy task and there are no public reports about such flaws being exploited in the wild. Customers are displeased with the fact that fixes for these issues introduce significant performance degradation and accuse Intel of selling CPUs that it knew were flawed over the course of several years.
The plaintiffs “seek monetary relief against Intel measured as the greater of (a) actual damages in an amount to be determined at trial or (b) statutory damages in the amount of $10,000 for each plaintiff.”
https://www.infosecurity-magazine.com/news/infostealing-malware-escalates-in/
The global online gaming community faces a rising threat from cyber-criminals exploiting vulnerabilities in gamers’ interactions. A Sekoia.io report reveals a targeted campaign using Discord messages and fake download sites to distribute information-stealing malware. Gamers, seeking enhanced experiences, unwittingly expose themselves to deceptive tactics like enticing in-game offers and fake cheat codes, leading to the unintentional running of malicious payloads. The severity of this threat is increasing, with concerns in the gaming and cybersecurity communities. In a specific incident, French gaming influencers were targeted through Discord messages offering exclusive game access. Malicious payloads are distributed through compromised accounts, targeting specific individuals. Info-stealer families like Doenerium and Epsilon Stealer, with low antivirus detection rates, are identified. To counter these threats, preventative measures are recommended, including downloading software from official sources and guidance on post-infection steps such as computer resets and password changes.
“Vietnamese Hackers Using New Delphi-Powered Malware to Target Indian Marketers”
Vietnamese threat actors linked to the Ducktail stealer malware have orchestrated a new campaign targeting marketing professionals in India from March to early October 2023, aiming to hijack Facebook business accounts. Notably, this campaign diverges by using Delphi as the programming language instead of the usual .NET applications. The attackers, part of a Vietnamese cybercrime ecosystem, employ sponsored Facebook ads to disseminate malware, including Ducktail, Duckport, and NodeStealer, which pilfer victims’ login cookies. In this specific attack, potential victims receive archive files posing as PDFs, launching a PowerShell script that alters browser shortcuts and deploys a rogue extension to hijack Facebook business accounts. The evolution in attack techniques underscores the dynamic nature of cyber threats, as seen in Ducktail’s strategic shift. Additionally, Google has filed a lawsuit against individuals in India and Vietnam for spreading malware via Facebook, capitalizing on public interest in generative AI tools like Bard, revealing an ongoing challenge in combatting deceptive practices on social media platforms.
URL: https://thehackernews.com/2023/11/vietnamese-hackers-using-new-delphi.html
Malaysian Police Dismantle “BulletProftLink” Phishing Operation
https://www.infosecurity-magazine.com/news/malaysian-police-bulletproftlink/
Police in Malaysia have disrupted a significant phishing-as-a-service (PhaaS) and initial access broker (IAB) operation that supplied thousands of threat actors, according to local reports.
This article reports on the disruption of a significant phishing-as-a-service (PhaaS) and initial access broker (IAB) operation by the Royal Malaysia Police, with assistance from the Australian Federal Police and the FBI. The Royal Malaysia Police, with intelligence support from the Australia Federal Police and the FBI, announced the disruption of a significant PhaaS and IAB operation. The operation led to the arrest of eight individuals, including a software developer responsible for designing phishing templates.
The syndicate, BulletProftLink, was allegedly involved in compromising websites, including those belonging to financial and educational institutions and official government sites in Australia.
The operation, known as BulletProftLink, has been active since 2015. Over the years, it has provided phishing services and stolen login credentials to more than 8,000 clients, according to information from Intel471.
BulletProftLink was identified as providing phishing services and engaging in initial access brokering by selling stolen login credentials. This type of activity marks the beginning of many cybercriminal operations, fraud, and attacks.
The threat intelligence firm Intel471 warned that there were indications of BulletProftLink showing an interest in ransomware. This suggests a potential shift in focus towards more destructive and financially motivated cybercriminal activities.
The operation’s scope, duration, and potential evolution toward ransomware underscore the ongoing challenges posed by sophisticated cybercriminal groups and the importance of international collaboration in addressing such threats.
In his article titled “The Shift, to an Identity First World; Cybersecurity Awareness Month 2023 ” Matthew Chiodi highlights the change in the field of cybersecurity. He emphasizes the growing importance of prioritizing identity over perimeter based approaches. Chiodi points out that a majority (74%) of breaches in 2023 were targeted at individuals underlining the need for a shift in focus.
Chiodi advocates for embracing the principles of Secure By Design/Secure by Default (SBD2) stressing the challenge posed by applications that do not adhere to security standards. These applications have been responsible for cybersecurity incidents. To address this Chiodi emphasizes the importance of integrating these applications with identity providers such as Okta, Azure AD and SailPoint.
Furthermore Chiodi calls for a security framework that combines SBD2 principles with management of nonstandard applications and a strong emphasis on identity. He urges the industry to simplify security processes for users and highlights the necessity of automation and built in security measures, in shaping a world where navigating security does not require expert knowledge. https://www.scmagazine.com/perspective/cybersecurity-awareness-month-2023-the-shift-to-an-identity-first-world
https://thehackernews.com/2023/11/cisa-sets-deadline-patch-juniper-junos.html
On November 17, 2023, federal agencies and organizations are to apply mitigations to several security flaws in Juniper Junos OS. On Monday five vulnerabilities were added to a list of known exploited vulnerabilities based on the fact of active exploitation. The five vulnerabilities could be set up in a way as an exploit chain so the attackers using them achieve remote code execution on unpatched devices. All of the vulnerabilities were listed as a CVSS score of 5.3 but when you click on CVE 2023 36845 its base score is listed as 9.8 which is very critical. Based on the vulnerabilities they can do several things when exploited like authentication bypass, SQL injection, and elevation of privilege.
The news discusses the low confidence in file upload security in industries moving to cloud-based systems. It points out that even though companies are updating their technology, their security measures are not keeping up, leading to risks like data breaches and malware attacks. The news suggests using better security methods, like scanning files with multiple tools and rebuilding them safely, to protect against these threats.
https://thehackernews.com/2023/11/confidence-in-file-upload-security-is.html
https://www.securityweek.com/google-suing-cybercriminals-who-delivered-malware-via-fake-bard-downloads/
Google has filed a lawsuit against cybercriminals who falsely claimed users could download its AI tool, Bard. The scammers set up deceptive social media pages and ads, delivering malware to take control of victims’ social media accounts. Google seeks an order to prevent such scams and disable related domains through U.S. registrars. The company conducted 300 takedowns since April. Google emphasizes these legal actions as efforts to safeguard innovation and promote a safer internet.