Ransomware, viruses, hacks

Russian Hackers Covertly Accessed Ukraine’s Telecom Network for Months

Sandworm by DALL-E

Ukrainian authorities revealed that Russian state-sponsored hackers, known as Sandworm, infiltrated Kyivstar’s telecom systems since May 2023. The hackers, linked to Russia’s GRU and operating under the name Solntsepyok, conducted a powerful attack, disrupting services for millions and wiping out data from Kyivstar’s servers. Despite restoring operations, the full extent of the breach and data compromise remains unclear. This attack is part of a series of Russian cyber operations targeting Ukraine’s infrastructure.

Malware Exploits Google MultiLogin for Persistent Access Even After Password Reset

Information-stealing malware is exploiting an undocumented Google OAuth endpoint called MultiLogin to hijack user sessions, allowing continuous access to Google services, even post-password reset. Security researcher Pavan Karthick M revealed that the exploit involves generating authentication cookies using the MultiLogin endpoint, posing a significant security risk. Google acknowledged the threat, advising users to sign out of affected browsers and turn on Enhanced Safe Browsing in Chrome for protection against such attacks.

Hackers Exploit Apache RocketMQ Servers Vulnerable to RCE Attacks

Security researchers have found hackers targeting Apache RocketMQ servers with two critical remote command execution (RCE) vulnerabilities, identified as CVE-2023-33246 and CVE-2023-37582. The vulnerabilities, particularly in the NameServer component, were not fully resolved in previous patches, leaving versions 5.1 and older of RocketMQ at risk. Apache has recommended upgrading to newer versions for enhanced security, as the vulnerabilities could allow attackers to execute commands remotely.

New macOS Backdoor Linked to North Korean Hackers

SpectralBlur, a new macOS backdoor linked to North Korean hackers, has been discovered, capable of uploading and downloading files, running shell commands, and more. It shares similarities with the KANDYKORN malware, used by the Lazarus sub-group BlueNoroff. The malware, designed to evade detection and hinder analysis, has been part of a trend of increasing macOS malware targeting in industries like cryptocurrency and blockchain. Researchers urge vigilance due to the rising number of macOS-targeted malware families.

Orange Spain Hit by BGP Traffic Hijack After RIPE Account Hack

Orange Spain experienced an internet outage due to a BGP traffic hijack after its RIPE account was compromised by malware. The breach, attributed to the Raccoon Stealer malware, led to unauthorized access and modifications in the company’s RIPE account, causing significant disruptions in service and traffic loss. The incident underscores the vulnerability of network infrastructure to cyber attacks and highlights the importance of strong security measures, including robust passwords and two-factor authentication.

Vulnerabilities

CISA Alerts on Exploited Vulnerabilities in Chrome and Excel Parsing Library

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of two actively exploited vulnerabilities, one in Google Chrome ( heap buffer overflow issue in WebRTC, CVE-2023-7024 )and another in an Excel parsing library called Spreadsheet::ParseExcel (CVE-2023-7101, remote code execution).

Google Settles $5 Billion Privacy Lawsuit Over Incognito Mode Tracking

Google has agreed to settle a $5 billion lawsuit alleging misleading user tracking in Incognito Mode. The lawsuit, filed in June 2020, claimed Google violated federal wiretap laws by using Google Analytics to track user activity even in private browsing mode. Plaintiffs argued this constituted an invasion of privacy, as users believed their activities were private. The settlement terms haven’t been disclosed, but the case highlights significant privacy concerns regarding online tracking practices.