From safetydetectives.com
SafetyDetectives’ Cybersecurity Team stumbled upon a clear web forum post where a threat actor published a .CSV file allegedly containing over 200 million records from X users.
BU-CERT News
Catastrophic hack of AT&T and Verizon is proof Apple is right about iPhone encryption
From bgr.com
For years, Apple has implemented strong encryption in the iPhone and most of its other products, resisting requests from Western governments to build backdoors into its encrypted software. Because, for years, we saw politicians in the US, UK, and other regions demand iPhone backdoors that law enforcement agencies can use when dealing with criminals hiding behind encrypted products and services.
…Fast-forward to early October, and a stunning The Wall Street Journal report shows exactly what happens with backdoors in secure systems. A team of hackers associated with the Chinese government reportedly obtained access to critical infrastructure belonging to AT&T, Lumen, and Verizon that US law enforcement uses for wiretapping purposes.
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
From thehackernews.com
Details have emerged about a now-patched security flaw impacting Apple’s Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device’s virtual keyboard.
The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865.
“A novel attack that can infer eye-related biometrics from the avatar image to reconstruct text entered via gaze-controlled typing,” a group of academics from the University of Florida, CertiK Skyfall Team, and Texas Tech University said.
“The GAZEploit attack leverages the vulnerability inherent in gaze-controlled text entry when users share a virtual avatar.”
Following responsible disclosure, Apple addressed the issue in visionOS 1.3 released on July 29, 2024. It described the vulnerability as impacting a component called Presence.
Cloudflare outage cuts off access to websites in some regions
From bleepingcomputer.com
A rolling Cloudflare outage is impacting access to web sites worldwide, including BleepingComputer, with sites working in some regions and not others.
While Cloudflare says they are currently conducting scheduled maintenance in Sinagpore and Nashville, its status page does not indicate any problems.
However, for many users worldwide, when attempting to access websites utilizing Cloudflare, web browsers will display error messages stating they have trouble connecting to the server, as shown below.
Student Smishing Scams on the Rise
From gov.uk / Student Loans Company
At the start of the 24/25 academic year, the Students Loans Company (SLC) is reminding students to be vigilant of smishing scams.
Scammers target students at this time of year as they receive their first maintenance loan payment. SLC is expecting to pay £2bn to students over the autumn term and last year it stopped £2.9m of maintenance loan payments being taken by smishing and phishing scams, where students received and acted on false communications.
Smishing, which is fraud involving text messages, is currently the most popular form of scam, with students usually being asked to click a link to complete a task – for example verifying bank details or confirming their personal information, providing an opportunity for a payment to be diverted to a scammer’s bank account.
Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs
From bleepingcomputer.com
The Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks.
Versa Director is a management platform ISPs and MSPs use to manage virtual WAN connections created using SD-WAN services.
The vulnerability is tracked as CVE-2024-39717 and resides in a feature allowing admins to upload custom icons to customize the Versa Director GUI. However, the flaw allowed threat actors with administrator privileges to upload malicious Java files disguised as PNG images, which can then be executed remotely.
In an advisory published yesterday, Versa says that Director versions 21.2.3, 22.1.2, and 22.1.3 are impacted by the flaw. Upgrading to the latest version, 22.1.4, will fix the vulnerability, and admins should review the vendor’s system hardening requirements and firewall guidelines.
Versa told BleepingComputer that they classify this vulnerability as a privilege elevation flaw as it was used to harvest credentials from users who logged into the system. However, other types of malware could have been used to perform different types of malicious activity on the device.
macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users
From thehackernews.com
Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT.
The artifacts “almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers’ server,” Kaspersky researcher Sergey Puzan said.
HZ RAT was first documented by German cybersecurity company DCSO in November 2022, with the malware distributed via self-extracting zip archives or malicious RTF documents presumably built using the Royal Road RTF weaponizer.
The attack chains involving RTF documents are engineered to deploy the Windows version of the malware that’s executed on the compromised host by exploiting a years-old Microsoft Office flaw in the Equation Editor (CVE-2017-11882).