Cyber security news weekly
1. Microsoft bans Android phones for China-based employees for work, orders them to switch to iPhones
2. Record-breaking DDoS attack in a French cloud computing firm
3. AT&T's massive data breach
4.PHP vulnerability exploited to spread malware and launch DDoS attacks
5. Microsoft finally patches 2 zero days, exploited by hackers for over a year
6. Is “fin7” resurfacing?
7. Mt.Gox finally gets to repay its creditors
1. Microsoft bans Android phones for China-based employees for work, orders them to switch to iPhones
Part of the “Microsoft Secure Future initiative” takes effect on China-based employees as they are now required to use iPhones for work purposes and actively use Microsoft’s Authenticator password manager and Identity Pass app, taking effect in September 2024.
This security initiative also requires the employees to use their iPhones to verify their identities when logging in to work-related devices.
Employees using Android devices from Huawei or Xiaomi will have to acquire an iPhone 15 as a one-time purchase.
Microsoft added that this restriction is also due to the absence of Google Play services in China.
These are a few steps that Microsoft is taking to beef up its security posture following a few recent breaches and major security concerns.
2. Record-breaking DDoS attack in a French cloud computing firm
In April 2024, OVHcloud, a French cloud computing company, successfully mitigated a record-breaking DDoS attack, which reached 840 million packets per second (Mpps).
The 840 Mpps DDoS attack involved a combination of a TCP ACK flood originating from 5,000 source IPs and a DNS reflection attack utilizing approximately 15,000 DNS servers to amplify the traffic.
"Although the attack was globally distributed, two-thirds of the total packets entered from only four points of presence, all located in the U.S., with three on the West Coast," OVHcloud stated. "This demonstrates the adversary's capability to send a massive packet rate through only a few peerings, posing significant challenges."
There have been more record-breaking DDoS attacks with the most famous one being one on Google services which hit 2.54 Terabytes per second.
3.AT&T data breach
AT&T suffered a massive data breach that claimed the phone records of nearly all its customers(around 110 million people). The stolen data included phone numbers, location data, and call and text records, of cellular and landline customers.
AT&T said that the hackers accessed and stole the data from a third-party cloud platform in April, but delayed disclosing the attack to its customers. An AT&T spokesperson linked this breach to Snowflakes’s recent data breach.
AT&T said that it would notify its customers of the data breach, later on publishing a website to its customers about the data incident.
4. An exploited PHP vulnerability used to spread malware and launch DDoS attacks
According to Hackernews, Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. This vulnerability is tied to CVE-2024-4577 with a CVE score of 9.8, which according to researchers at Akamai, is a flaw that allows an attacker to escape the command line and pass arguments to be interpreted directly by PHP.
Users are advised to update to the latest version of PHP.
5. Microsoft finally patches zero-day exploited by hackers for over a year
Microsoft’s recent patch Tuesday fixed a vulnerability that has been actively exploited for some time.
CVE-2024-38112, a spoofing vulnerability in the Windows MSHTML platform. It was discovered by researchers at Check Point that threat actors have been using novel (or previously unknown) techniques to lure Windows users into remote code execution. Check Point researcher Haifei Li disclosed that this vulnerability had likely been exploited by attackers in the wild for over a year, “Specifically, attackers used special Windows Internet Shortcut files (.url extension), which, when clicked, would invoke the retired Internet Explorer (IE) to visit an attacker-controlled URL.”
By opening the URL with an outdated browser like Internet Explorer instead of the more secure Chrome, Edge, or Firefox browsers on Windows, attackers got significant advantages in exploiting the victim’s computer, even if it was running modern Windows 10 or 11 operating systems.
6. Is “fin7” resurfacing?
Fin7 is a financially motivated Russian cybercrime group, active since 2013 linked with high-level attacks. The group was disbanded but news claim that the group has resurfaced as Blackberry identified a spear-phishing campaign by fin7, using typosquatting as their means of malware delivery.
A group of fin7 domains have also been discovered by researchers at Silent Push. Is this fin7 or just a copycat?
7. Mt.Gox finally gets to repay its creditors
Mt.Gox, a successful crypto exchange platform was so successful that it accounted for almost 70% of the world’s bitcoin trading, but almost a decade ago, it was hacked and a lot of bitcoins went missing. Recently Mt.Gox has been preparing to repay all its creditors, which is billions worth of Bitcoin
