In this latest edition of Security & Tech Insights newsletter, the topic of vulnerabilities of digital connectivity are analyzed in special regards to IoT, Smart Cities, and Space. Also included are articles reviewing Cybersecurity Awareness and Preparedness, and new threats to contend with from AI-enabled Ransomware. Thanks for reading and sharing! Chuck Brooks.
#cybersecurity #internetofthings #smartcities #space #ai #ransomware | on LinkedIn.
The activity targeted diplomatic organizations in Hungary, Belgium, Italy, and the Netherlands, as well as government agencies in Serbia, Arctic Wolf said in a technical report published Thursday.
“The attack chain begins with spear-phishing emails containing an embedded URL that is the first of several stages that lead to the delivery of malicious LNK files themed around European Commission meetings, NATO-related workshops, and multilateral diplomatic coordination events,” the cybersecurity company said.
The files are designed to exploit ZDI-CAN-25373 to trigger a multi-stage attack chain that culminates in the deployment of the PlugX malware using DLL side-loading. PlugX is a remote access trojan that’s also referred to as Destroy RAT, Kaba, Korplug, SOGU, and TIGERPLUG.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation.
“By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security configurations, and adopting zero trust (ZT) security model principles, organizations can significantly bolster their defenses against potential cyber attacks,” CISA said.
The agencies said malicious activity aimed at Microsoft Exchange Server continues to take place, with unprotected and misconfigured instances facing the brunt of the attacks. Organizations are advised to decommission end-of-life on-premises or hybrid Exchange servers after transitioning to Microsoft 365.
CISA confirmed on Thursday that a high-severity privilege escalation flaw in the Linux kernel is now being exploited in ransomware attacks.
While the vulnerability (tracked as CVE-2024–1086) was disclosed on January 31, 2024, as a use-after-free weakness in the netfilter: nf_tables kernel component and was fixed via a commit submitted in January 2024, it was first introduced by a decade-old commit in February 2014.
Successful exploitation enables attackers with local access to escalate privileges on the target system, potentially resulting in root-level access to compromised devices.
Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace.
The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both Microsoft’s VS Code Marketplace and Open VSX to have inadvertently exposed their access tokens within public repositories, potentially allowing bad actors to seize control and distribute malware, effectively poisoning the extension supply chain.
“Upon investigation, we confirmed that a small number of tokens had been leaked and could potentially be abused to publish or modify extensions,” Mikaël Barbero, head of security at the Eclipse Foundation, said in a statement. “These exposures were caused by developer mistakes, not a compromise of the Open VSX infrastructure.”
WhatsApp is rolling out passkey-encrypted backups for iOS and Android devices, enabling users to encrypt their chat history using their fingerprint, face, or a screen lock code.
Passkeys are a passwordless authentication method that allows users to sign in using biometrics (such as face recognition or fingerprint), PINs, or security patterns instead of traditional passwords. They enable logging into websites, online services, or apps without needing to remember complex passwords or use a password manager.
When creating a passkey, your device generates a unique cryptographic key pair consisting of a private key stored on the device and a public key sent to the website or app. Because of this, passkeys provide significantly improved security over regular credentials, seeing that they can’t be stolen in data breaches because the private key never leaves your device.