January 20, 2024 at 06:54AM
SecurityWeek’s weekly cybersecurity roundup provides a concise overview of significant stories. This week’s highlights include a multimillion-dollar crypto scam, DDoS attacks by a pro-Russian threat actor, new spyware detection methods, macOS infostealers, a malicious campaign targeting Docker hosts, a WhatsApp privacy issue, Drupal and libX11 patches, and reports on AI in the cloud, supply chain security, and internet exploitation.
From the provided meeting notes, here are the key takeaways:
1. Bigpanzi botnet infects tens of thousands of Android TVs and set-top boxes: A detailed analysis has been shared by security researchers at Qianxin, revealing that the botnet has been active for at least eight years and has been involved in illegal activities, including DDoS attacks.
2. Inferno Drainer multimillion-dollar scam-as-a-service detailed: Group-IB details the operation of Inferno Drainer, a defunct multichain crypto drainer that operated as a scam-as-a-service between November 2022 and November 2023, resulting in the theft of at least $80 million in assets.
3. NoName057(16) launched over 1,500 DDoS attacks against NATO-aligned nations: A pro-Russian threat actor has been reported to have conducted over 1,500 DDoS attacks since March 2022, using low-cost public cloud and web services as well as offering digital currency payments via the Project DDoSia service.
4. New Pegasus spyware detection method revealed: Kaspersky has identified a new method for detecting infections with sophisticated iOS spyware families, including Pegasus, Reign, and Predator.
5. Multiple macOS infostealers evading detection: Several macOS information stealer families capable of evading static signature detection have been detailed, continuing to evolve despite Apple’s efforts to update its XProtect signature database.
6. Malicious campaign targets Docker hosts with miner, 9hits application: A malicious campaign targeting vulnerable Docker services has been reported, deploying a cryptocurrency miner and the 9hits viewer application.
7. WhatsApp privacy issue: A potential privacy issue in WhatsApp has been identified, exposing a user’s device setup information to any other user, even if they are blocked or not in the contacts list, allowing potential attackers to gather actionable intelligence about their victim’s devices setup and changes to it.
8. Drupal and libX11 patches: Moderately critical DoS vulnerabilities have been patched in Drupal, and two vulnerabilities have been found and patched in X.Org’s libX11 graphics library.
9. Spying on tablet users via ambient light sensor: Researchers have shown that a malicious actor may be able to spy on tablet users by leveraging the built-in ambient light sensor, although the risk is currently limited due to the slow process and limited information that can be captured.
10. Reports on exploits, supply chain security, and AI in the cloud: Several reports have been published by various security firms, including Wiz, ReversingLabs, and GreyNoise, covering topics such as the state of AI in the cloud, software supply chain security, and a retrospective of internet exploitation in 2023.
These are the summarized key stories from the weekly cybersecurity roundup.