CyberSecurity Knuggets

Jan 03, 2024

Today’s top news includes Google settling a $5 billion privacy lawsuit over tracking users in ‘Incognito Mode,’ as well as the discovery of a new variant of DLL search order hijacking that bypasses Windows 10 and 11 protections. Additionally, a new Terrapin flaw has been found that could let attackers downgrade SSH protocol security, and a new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and XLoader malware. Cybersecurity researchers are also warning about an increase in phishing attacks capable of draining cryptocurrency wallets, and there have been cyber attacks on the Albanian Parliament and One Albania Telecom.

Another concerning development is the ransomware attack on Victoria’s court system, which is believed to have been orchestrated by Russian hackers, giving them access to sensitive video material. This attack has affected court hearings and recordings, including those related to sensitive cases such as historical and child sexual abuse. Furthermore, there have been reports of Indian government officials trying to block iPhone notices and discredit Apple’s internal threat algorithms after warnings of government hackers attempting to break into iPhones of journalists and opposition party politicians.

Another critical issue is the revelation of a sophisticated exploit targeting iPhones, backdooring them using four critical zero-day vulnerabilities. Additionally, four cyber attackers in China have been arrested for developing ransomware using ChatGPT, and media giant National Amusements has confirmed a data breach involving the theft of personal and financial information. Lastly, EasyPark Group, Europe’s largest parking app operator, reported a data breach involving customer names, phone numbers, addresses, and partial credit card numbers, potentially affecting thousands of users.

These developments highlight the increasing sophistication and impact of cyber attacks on individuals, organizations, and government institutions. The ransomware attack on Victoria’s court system and the exploit targeting iPhones are particularly concerning and require immediate attention to mitigate the potential damage caused by these security breaches. Additionally, the rise in phishing attacks draining cryptocurrency wallets and the data breaches affecting large organizations such as National Amusements and EasyPark Group underscore the critical need for robust cybersecurity measures to protect sensitive information and prevent further breaches.

Stay Well!