Vulnerable IP Cameras, BITSLOTH, and a Discord DDoS Campaign

Tickler, Voldemort, and Roblox Supply Chain Attack

Thank you so much for your support and tuning in. Our full show notes can be found here:  https://thecybersecuritydigest.tech/p/cybersecurity-digest-podcast-week-review-2630-aug-2024 [https://thecybersecuritydigest.tech/p/cybersecurity-digest-podcast-week-review-2630-aug-2024]  Please do not forget to share this show out with someone you know as well as leave this show a rating in your platform of choice!  Thank you so much for your continued support!

Locked out of GSuite, ALBeast, Qilin Stealing Chrome Creds, and Velvet Ants!

Show notes for this week's show can be found here: https://thecybersecuritydigest.tech/p/the-cybersecurity-digest-podcast-week-in-review-19-23-august-2024 [https://thecybersecuritydigest.tech/p/the-cybersecurity-digest-podcast-week-in-review-19-23-august-2024] As stated in the show, comments are turned on for the website. I would love to hear from you regarding your feedback! Please also feel free to leave feedback on Spotify or YouTube and I will review those comments ASAP!  If you are interested in subscribing to our newsletter you can do so here: https://thecybersecuritydigest.tech/subscribe [https://thecybersecuritydigest.tech/subscribe]    If you would like to see all the platforms our show is available on you can review our podcast here:  https://www.thecybersecuritydigest.com/ [https://www.thecybersecuritydigest.com/]

Newsletter Announcement

This an announcement for the upcoming Cybersercurity Digest Newsletter that is launching on Aug 19 2024.  If you are interested in subscribing or viewing the newsletter you can do so here: https://thecybersecuritydigest.tech/ [https://thecybersecuritydigest.tech/]

Vulnerable IP Cameras, BITSLOTH, and a Discord DDoS Campaign

Security Digest for 6 August 2024: Podcast Requested Feedback: https://forms.gle/w2RB5DRzbbvu3ziS7 [https://forms.gle/w2RB5DRzbbvu3ziS7] Notable News: Over 20,000 Ubiquiti Cameras and Routers are Vulnerable to Amplification Attacks and Privacy Risks - Check Point Blog [https://blog.checkpoint.com/research/over-20000-ubiquiti-cameras-and-routers-are-vulnerable-to-amplification-attacks-and-privacy-risks/] BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor — Elastic Security Labs [https://www.elastic.co/security-labs/bits-and-bytes-analyzing-bitsloth] Panamorfi: A New Discord DDoS Campaign (aquasec.com) [https://www.aquasec.com/blog/panamorfi-a-new-discord-ddos-campaign/] 4.6 Million Voter and Election Documents Exposed Online by Technology Contractor (vpnmentor.com) [https://www.vpnmentor.com/news/report-election-records-breach/] StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms | Volexity [https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/] Israeli hacker group takes responsibility for collapse of Wi-Fi in Ira - The Jerusalem Post (jpost.com) [https://www.jpost.com/breaking-news/article-813000] TgRAT malware returns with a Linux variant (broadcom.com) [https://www.broadcom.com/support/security-center/protection-bulletin/tgrat-malware-returns-with-a-linux-variant] Linux kernel impacted by new SLUBStick cross-cache attack (bleepingcomputer.com) [https://www.bleepingcomputer.com/news/security/linux-kernel-impacted-by-new-slubstick-cross-cache-attack/] Fighting Ursa Luring Targets With Car for Sale (paloaltonetworks.com) [https://unit42.paloaltonetworks.com/fighting-ursa-car-for-sale-phishing-lure/] Keytronic reports losses of over $17 million after ransomware attack (bleepingcomputer.com) [https://www.bleepingcomputer.com/news/security/keytronic-reports-losses-of-over-17-million-after-ransomware-attack/] Justice Department sues TikTok for alleged violations of children’s privacy (therecord.media) [https://therecord.media/justice-department-sues-tiktok-ftc-privacy] Prevalent Patches: Critical Bitdefender Patch for GravityZone Update Server: CVE-2024-6980 Could Lead to SSRF Attacks - SOCRadar® Cyber Intelligence Inc. [https://socradar.io/critical-bitdefender-patch-for-gravityzone-update-server-cve-2024-6980-could-lead-to-ssrf-attacks/] SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability | SonicWall [https://blog.sonicwall.com/en-us/2024/08/sonicwall-discovers-second-critical-apache-ofbiz-zero-day-vulnerability/] CISA Corner: CISA Adds One Known Exploited Vulnerability to Catalog | CISA [https://www.cisa.gov/news-events/alerts/2024/08/05/cisa-adds-one-known-exploited-vulnerability-catalog] NVD - CVE-2018-0824 (nist.gov) [https://nvd.nist.gov/vuln/detail/CVE-2018-0824]

Revoked Certs, Microsoft Outage, and Sitting Ducks

Security Digest for 2 August 2024: Podcast Requested Feedback: https://forms.gle/w2RB5DRzbbvu3ziS7 [https://forms.gle/w2RB5DRzbbvu3ziS7] Notable News: Certificate Revocation Incident | DigiCert [https://www.digicert.com/support/certificate-revocation-incident] 1910322 - DigiCert: Random value in CNAME without underscore prefix (mozilla.org) [https://bugzilla.mozilla.org/show_bug.cgi?id=1910322] DigiCert Status - DigiCert Revocation Incident (CNAME-Based Domain Validation) [https://status.digicert.com/incidents/3sccz3v31lc9] Azure status history | Microsoft Azure [https://azure.status.microsoft/en-us/status/history/#incident-history-collapse-KTY1-HW8] Unmasking the SMS Stealer: Targeting Several Countries with Deceptive Apps - Zimperium [https://www.zimperium.com/blog/unmasking-the-sms-stealer-targeting-several-countries-with-deceptive-apps/] Zscaler ThreatLabz 2024 Ransomware Report I Threat Research [https://www.zscaler.com/resources/industry-reports/threatlabz-ransomware-report.pdf] Cost of a data breach 2024 | IBM [https://www.ibm.com/reports/data-breach] OneDrive Pastejacking (trellix.com) [https://www.trellix.com/blogs/research/onedrive-pastejacking/] Threat actor impersonates Google via fake ad for Authenticator | Malwarebytes [https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator] BingoMod: The new android RAT that steals money and wipes data | Cleafy Labs [https://www.cleafy.com/cleafy-labs/bingomod-the-new-android-rat-that-steals-money-and-wipes-data] Who Knew? Domain Hijacking is So Easy | Infoblox [https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/] Ducks Now Sitting (DNS): Internet Infrastructure Insecurity - Eclypsium | Supply Chain Security for the Modern Enterprise [https://eclypsium.com/blog/ducks-now-sitting-dns-internet-infrastructure-insecurity/] Threat Actor Abuses Cloudflare Tunnels to Deliver RATs | Proofpoint US [https://www.proofpoint.com/us/blog/threat-insight/threat-actor-abuses-cloudflare-tunnels-deliver-rats] Ransomware Details | OneBlood [https://www.oneblood.org/pages/ransomware-details.html] Prevalent Patches: Security notices | Ubuntu [https://ubuntu.com/security/notices] Red Hat Product Errata - Red Hat Customer Portal [https://access.redhat.com/errata-search/] CISA Corner: CISA Adds One Known Exploited Vulnerability to Catalog | CISA [https://www.cisa.gov/news-events/alerts/2024/07/30/cisa-adds-one-known-exploited-vulnerability-catalog] CISA Releases Nine Industrial Control Systems Advisories | CISA [https://www.cisa.gov/news-events/alerts/2024/08/01/cisa-releases-nine-industrial-control-systems-advisories] CISA Names First Chief Artificial Intelligence Officer | CISA [https://www.cisa.gov/news-events/news/cisa-names-first-chief-artificial-intelligence-officer]