12th January:** Microsoft disclosed a security breach in its cloud-based email infrastructure, revealing infiltration by the hacking group “Nobelium” or “Midnight Blizzard,” linked to Russian intelligence. Discovered on January 12, 2024, the attack began in November 2023 through a password spray attack on a non-production test account. Despite advocating two-factor authentication, Microsoft’s internal infrastructure lacked this security measure. The attacker manipulated a test OAuth application, compromising Office 365 Exchange Online mailboxes, including those of senior leadership and cybersecurity research teams. Microsoft responded swiftly to contain the incident, and further details can be found in the MCRC Blog.
23th December 2023: The FBI recently engaged in an online battle with the notorious ransomware group AlphV. They successfully seized control of the group’s infrastructure which was responsible for over $300 million in illicit payments. The Justice Department released a tool to aid around 500 victims in restoring their systems and data. It was disclosed that AlphV had extorted $300 million from 1,000 victims. The FBI was able to obtain 946 private keys with the help of a confidential source. Although AlphV initially displayed an FBI seizure notice, they regained control after hours of back-and-forth with the authorities. Despite the FBI’s actions, AlphV downplayed the significance of the seizure notice. This ongoing struggle highlights the challenges faced in dealing with ransomware groups that operate through the anonymous Tor network.
A recent investigation reveals, Wi-Fi access points are facing security vulnerabilities in the management of queued frames. The study exposes that by exploiting power-save features, attackers can deceive access points into leaking frames either in plaintext or using insecure encryption methods. The absence of clear guidance in the 802.11 standards for handling security contexts of buffered frames is identified as a key issue. Additionally, a fundamental design flaw in the power-save bit of a frame’s header is uncovered, enabling adversaries to force denial-of-service attacks by redirecting queued frames meant for a specific client. The research also highlights a flaw in hotspot-like networks, allowing attackers to control the security context of frames before queuing, bypassing Wi-Fi encryption. These findings have far-reaching consequences, affecting various devices and operating systems such as Linux, FreeBSD, iOS, and Android, posing risks to TCP connections, client interception, and web traffic. The study emphasizes the urgent need for transparency in managing security contexts across network stack layers, acknowledging the inherent challenges in addressing these vulnerabilities.
New vulnerabilities have been discovered in microarchitectures and DRAMs, which have expanded the scope of Rowhammer attacks. Previous studies mainly focused on passive leakages. However, the latest research has found that Rowhammer can inject faults into stack variables and register values, which can be exploited. The researchers have successfully bypassed SUDO and SSH authentication, demonstrating the real-world impact of these findings. Moreover, the study has identified MySQL and cryptographic libraries as potential targets for this new attack vector. Despite existing countermeasures, the study reveals that CPU internals, including register values, are not immune to software-based fault injection attacks like Rowhammer.
31st January: CEOs of major social media platforms recently faced tough questions during a Senate Judiciary Committee hearing. The hearing was focused on addressing the potential risks posed to young people on social media platforms. Titled “Big Tech and the Online Child Sexual Exploitation Crisis,” the hearing raised concerns about child safety on these platforms. The CEOs, who represented Meta, TikTok, Snap, Discord, and X, expressed support for the controversial Kids Online Safety Act (KOSA). However, the bill has faced backlash over concerns about potential privacy invasion and censorship. One of the requirements of the bill is for age verification through face ID and social security numbers, which has sparked debates about mass data collection.
30th January: There have been recent cyber attacks on government websites in India, which are being attributed to Indonesian hacktivists and threat actors. It is believed that the motive behind these attacks is India’s stance on the Israel-Hamas conflict, and the hackers aim to bring down and deface these platforms. On January 13th, the Indian Army website faced downtime for over two hours due to actions by Indonesian hackers named Mr D1CK and TOXCAR Cyber. Additionally, the Census of India website was breached, and personal information was exposed on public channels. Another group, Lulzsec Muslims of Indonesia, claimed responsibility for infiltrating the Banaras Hindu University (IIT BHU) website and accessing personally identifiable information about students.