Cybersecurity News Rollup May-June 2024

In May - other big stories such as Stark Industries internet hosting firm performing major DDoS attacks starting 2 weeks before Russia invaded Ukraine on various enemies of Russia

ALSO - research showing how your wifi router doubles as an Apple AirTag, and MORE!

So much cyber news comes out daily I tend to cover the biggest or most interesting stories so you don't miss them!

5/29 - Largest botnet ever taken down

The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5, a ten-year-old online anonymity service that was powered by what the director of the FBI called “likely the world’s largest botnet ever.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime.

5/30 - ‘Operation Endgame’ Hits Malware Delivery Platforms

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedID, Smokeloader and Trickbot.

6/5 - Kali Linux 2024.2 released with 18 new tools

The Y2038 problem is like Y2K all over again

Due to the way some C language programs store dates as 4-bit code, many systems will overflow as of 03:14:07 UTC on 19 January 2038.

You have about 14 years to fix it, so it should be a big nothing-burger like Y2K unless your jam is legacy systems, then you might be in trouble

6/6 - Nvidia surpasses Apple with $3T valuation

Becomes 2nd largest company only to Microsoft (after posting this, Nvidia became #1 largest company!!)

6/7 - Microsoft rolls back Recall for CoPilot+

In the dumbest cybersec move in a decade, MS had a hackable feature that recorded your every move - the rollback is available in patch Tuesday last week:

Recall constantly takes screenshots of what the user is doing on their PC. Security experts roundly trashed Recall as a fancy keylogger, noting that it would be a gold mine of information for attackers if the user’s PC was compromised with malware.

Microsoft countered that Recall snapshots never leave the user’s system, and that even if attackers managed to hack a Copilot+ PC they would not be able to exfiltrate on-device Recall data.

But former Microsoft threat analyst Kevin Beaumont detailed on his blog how any user on the system (even a non-administrator) can export Recall data, which is just stored in an SQLite database locally.

6/7 - Data warehousing firm Snowflake was attacked

Starting in April, As many as 165 customers of Snowflake, including Pure Storage, are said to have had their information potentially exposed as part of an ongoing campaign designed to facilitate data theft and extortion, indicating the operation has broader implications than previously thought. Google's Mandiant is leading the CIR efforts there

6/13 - Cyber-insurance claims reached record highs in 2023

With over 1,800 cyber claims sent in from the US and Canada, with the healthcare industry leading the pack, much of it being some form of cyber-extortion

6/14 - Panera employees just notified of a data breach from March

This raised speculation they were hit with a ransomware attack

6/14 - North Korean Hackers Target Brazilian Fintech

With Sophisticated Phishing Tactics - Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups.

"North Korean government-backed actors have targeted the Brazilian government and Brazil's aerospace, technology, and financial services sectors,"

6/16 - Alleged Ringleader of Scattered Spider arrested in Spain

Linked to high profile breaches such as Caesars Entertainment, Twilio, Mailchimp, Doordash, and about 180 other organizations. Scattered Spider is a very large disbursed group of about 1000 people by FBI estimates

6/17 - Hacker released jailbroken "Godmode" ChatGPT

While only up a few hours before OpenAI took it down, was able to swear and teach others how to jailbreak cars, and make napalm, and meth.

6/18 - Critical VMware Bugs expose VMs to RCE & Data Theft

Patch is available, apply ASAP

6/18 - Malware campaign targets exposed Docker API endpoints

...with the aim of delivering cryptocurrency miners and other payloads.

OTHER NEWS

MITRE D3FEND - Announced in June 2021 - just 3 years ago, many people talk about ATT&CK but don't talk or even know about D3FEND

D3FEND stands for Detection, Denial, and Disruption Framework Empowering Network Defense

It's a knowledge graph of cybersecurity countermeasure techniques

It's goal is to help standardize the vocabulary used to describe defensive cybersecurity technology functionality