Hello, this is your dose for the week”what the hell is going on in cyber security land” – and trust me, you NEED to be in the know this time around. We’ve got everything from zero-day exploits and AI gone rogue to the FBI playing crypto-rights – it’s full of everything they don’t know 🤫 so you know.
So let’s get down to business before we get FOMO.
⚡ Threat of the week
GoldenJackal hacks air-gapped systems: Meet GoldenJackal, a hacking team you’ve probably never heard of but should definitely know about now. They break into super safe, air-gapped computer systems with sneaky worms that spread via infected USB drives (yes, really!), proving that even the most isolated networks aren’t safe. ESET researchers caught them red handed using two different special tools to attack known victims, including the embassy of South Asian countries in Belarus and a government organization of the European Union.
🔔 Top news
- Mozilla patches Firefox 0-Day: Mozilla patched up a critical zero-day flaw in the Firefox browser that he says has been widely exploited in the wild to target users of the Tor browser. While there are currently no details on the attacks, users are advised to update to Firefox 131.0.2, Firefox ESR 128.3.1, and Firefox ESR 115.16.1.
- Contagious interview remains profitable for North Korea: Ever since the North Korean hacking campaign called Contagious Interview came to light nearly a year ago, it has continued to target the tech sector with no signs of stopping anytime soon. These attacks are aimed at deliver backdoors and malware that steal information by tricking developers into running malicious code under the guise of a coding job interview after approaching them on platforms like LinkedIn.
- OpenAI disrupts malicious operations: OpenAI said since the beginning of the year, it has stopped more than 20 malicious cyber operations that used its chatbot ChatGPT with generative artificial intelligence to debug and develop malware, spread disinformation, evade detection and research vulnerabilities. One cluster of activity was observed targeting OpenAI employees via phishing attacks to deploy the SugarGh0st RAT.
- The FBI creates fake cryptography to disrupt fraudulent operations: The US Federal Bureau of Investigation (FBI) took an “unprecedented step”. creation its own cryptocurrency token and a company called NexFundAI to stop a fraud operation that allegedly manipulated digital asset markets by orchestrating an illegal scheme known as wash trading. A total of 18 individuals and entities have been charged in connection with the “pump and dump” scam, with three arrests reported.
- Gorilla Botnet Launches 300,000 DDoS Attacks in 100 Countries: A botnet malware family called Gorilla has been released 300,000 attack teams September 2024 only, targeting universities, government websites, telecommunications, banking, gaming and gambling. China, USA, Canada and Germany. The botnet is based on the leaked Mirai botnet source code.
📰 Around the cyber world
- Microsoft announces Windows 11 security baseline: Microsoft has released Windows 11 base security version 24H2 with added protection for LAN Manager, Kerberos, User Account Control and Microsoft Defender Antivirus. It also includes Windows Protected Print (WPP), which the company described as “a new, modern and more secure print for Windows, built from the ground up with security in mind.” In related development, the technology giant announced a redesigned Windows Hello experience and API support for third-party passkey providers like 1Password and Bitwarden to connect to the Windows 11 platform.
- Apple macOS iPhone Mirroring does not work: Apple announced a new iPhone mapping feature with macOS 15.0 Sequoia, but cybersecurity firm Sevco uncovered a privacy risk that could expose metadata associated with apps on an employee’s personal iPhone to their corporate IT department. The problem arises because iOS apps mirrored on Macs populate the same app metadata as native macOS apps, leaking information about apps that might be installed on their phones. Apple has acknowledged the problem and is said to be working on a fix.
- Social engineering through phone calls: Threat actors have found an effective social engineering vector in phone calls to trick users into taking an unintended action, a technique also known as telephone-oriented attack (TOAD), callback phishing, and hybrid phishing (a combination of voice and phishing). Intel 471 said it observed “a dramatic increase in underground offerings of illegal call center services that can assist in the delivery of malware, ransomware-related calls, and other fraud-oriented social engineering efforts.”
- Malicious extensions can bypass the V3 manifest: Google said Manifesto V3its latest version extensions platform, avoids its predecessor’s security holes that allowed browser add-ons to have excessive permissions and inject arbitrary JavaScript. However, a new study has shown that it is still possible intruders for using minimum permissions and data theft. There were conclusions presented from SquareX at DEF CON back in August. The study is also consistent with research that revealed “hundreds of extensions that automatically extract user content from web pages, affecting millions of users.”
- What can USB show?: A new Group-IB analysis details the artifacts created in a USB device when files are accessed or modified on devices running different operating systems. “USB formatted in NTFS, FAT32 and ExFAT often creates temporary files, especially when modifying files,” the company said in a statement. said. “USB formatted to NTFS on Windows provides more information about file system changes than $Logfile thanks to its logging capabilities.” A USB formatted in HFS+ is found to store versions of files that have been edited using GUI tools in a version control database. Likewise, FAT32/ExFAT formatted USB on macOS creates “._filename” files to provide file system compatibility for storing extended attributes.
🔥 Cyber security resources and information
- Webinars of experts
- Building a successful data security posture management program: Drowning in data security headaches? Hear directly from Global-e’s CISO how Data Security System Management (DSPM) has changed data security. Get real-world information and practical advice, get answers to your questions and actionable strategies in this exclusive webinar, and walk away with a clear road map. Book your place today!
- Former Mandiant expert exposes identity theft tactics: LUCR-3 disrupts organizations like yours through identity-based attacks. Learn how to protect your cloud and SaaS environments from this advanced threat. Cybersecurity expert Ian Al (ex-Mandiant) reveals the latest tactics and ways to protect your organization. Register for this important webinar to get a head start.
- Ask an Expert
- Q: With mobile devices increasingly being targeted by cybercriminals, how can people protect their devices from network attacks, especially in unfamiliar or high-risk environments such as when traveling?
- A: When you’re traveling, your mobile device can become a target for attacks such as fake base stations — fake cell towers designed to steal data or track your location. To protect yourself, start by turning it on Lock mode on the iPhone, which blocks vulnerable 2G connections. Always use a VPN to keep your internet traffic encrypted, and avoid using public Wi-Fi without one. A great awareness tool is this CellGuard application for iOS. It scans your network for suspicious activity, such as fake base stations, by analyzing things like signal strength and network anomalies. While this may indicate some false alarms, it gives you an extra layer of protection.
- Cyber security tools
- Broken Hill: A new tool for testing weaknesses in artificial intelligence models – This is an advanced tool that makes it easy to make large AI models behave badly, bypassing their limitations. It uses a Greedy Coordinate Gradient (GCG) attack to create smart hints that push popular models like Llama-2 and Microsoft’s Phi to react in ways they normally wouldn’t. The best part? You can run it on consumer GPUs like the Nvidia RTX 4090 without the need for expensive cloud servers. Perfect for researchers and security testers, Broken Hill helps identify and patch vulnerabilities in AI models, making it an essential tool in the fight against AI threats.
- Tip of the week
- Your browser extensions are spying on you: Browser extensions can be useful, but they can also be risky, with possible access to your data or hidden malware. Protect yourself by removing unused extensions, checking their permissions, and allowing them to run only on certain sites. Enable Click to Activate for more control and use tools like Chrome Extension Source Viewer to spot any suspicious behavior. Update extensions, monitor network traffic for unusual activity, and consider using a separate browser for sensitive tasks. Features like temporary Firefox container tabs can also help by isolating extension access. These simple steps can make your browsing safer.
Conclusion
And that’s how the cybersecurity cookie crumbles this week! But listen, before you log out and calm down, remember this: Always check the sender’s email address before clicking on any link, even if it looks like it’s from your friend or your bank. Phishing scams are getting more insidious, so be careful! Until next time, stay safe and cyber-aware!
