CyberBakery Chronicles

Your Weekly Cybersecurity Update (12 July 2024)

  • Major Security Flaw in CocoaPods Exposes Millions of Apple Devices to Supply Chain Attacks (Nicole Pearce)
  • Booking.com Scams: How to Avoid Getting Stung During Vacation Booking
  • US Govt Board Failed to Investigate Major Cyberattack Despite Presidential Order
  • Hackers Apologize After Crippling Indonesian Government Systems, Release Encryption Key
  • Warning Issued by Cybersecurity Agencies Regarding Rapid Exploit Adaptation by China-linked APT40
  • A Vulnerability in OpenSSH Could Allow for Remote Code Execution (CVE-2024-6387: RCE in OpenSSH’s server vulnerability)

Hackers Leak Ticketmaster Print-at-Home Tickets, Threatening Fans and Events

https://www.bleepingcomputer.com/news/security/hackers-leak-39-000-print-at-home-ticketmaster-tickets-for-154-events/

In a plot twist for concert-goers, hackers have leaked nearly 39,000 print-at-home ticket barcodes for upcoming events on Ticketmaster. This extortion campaign, targeting Ticketmaster, could also wreak havoc on attendees and the event itself.

The hackers, Sp1d3rHunters, claim these leaked tickets bypass Ticketmaster’s anti-fraud measures because they’re printable versions, not scannable mobile barcodes. This could create a denial-of-service (DoS) situation at events. 

Imagine hundreds of fans showing up with seemingly legitimate tickets, only to be denied entry because of duplicates or fraudulent copies in circulation. Or imagine the event having more people with tickets than it can accommodate.

Ticketmaster has yet to comment on how to address this leak. While it maintains that its security features can prevent these leaks from working, the situation remains tense. Concertgoers are advised to be cautious and only purchase tickets from reputable sources. This incident highlights the vulnerability of ticketing systems and the potential for large-scale disruption impacting both event organizers and fans. 

Major Security Flaw in CocoaPods Exposes Millions of Apple Devices to Supply Chain Attacks

https://www.theregister.com/2024/07/02/cocoapods_vulns_supply_chain_potential/

Imagine a backdoor hidden within the building blocks of your house. Security researchers discovered that in CocoaPods, a tool used in millions of Apple apps. This critical vulnerability, present for nearly a decade, could have allowed attackers to launch devastating supply chain attacks against a vast swathe of Apple devices. 

CocoaPods, an open-source library for managing code dependencies, acts like a supplier providing pre-built components for app developers. The vulnerability arose because unclaimed code packages (Pods) remained accessible. An attacker could have hijacked these unclaimed Pods, injected malicious code, and unknowingly distributed it to millions of users through unsuspecting developers.

This is a textbook example of a supply chain attack. Just like a poisoned ingredient from a supplier can contaminate a whole batch of food, attackers can compromise entire ecosystems by targeting foundational tools like CocoaPods. The potential impact is enormous. Apps from industry giants like Apple, Meta, and Amazon could have been laced with malware, putting user data and device security at risk.

Thankfully, there’s no evidence that this vulnerability has been exploited yet. However, it is a stark reminder of the vulnerabilities in our increasingly interconnected software world. The fact that such a critical flaw remained hidden for almost a decade underscores the need for stricter security measures throughout the software development chain.

Here’s what you can do:

  • Update CocoaPods immediately.
  • Be more vigilant about open-source software dependencies.
  • Demand better security practices from software providers who rely on third-party code.

The CocoaPods incident is a wake-up call. By understanding and mitigating supply chain risks, we can build a more secure software ecosystem for everyone.

Booking.com Scams: How to Avoid Getting Stung During Vacation Booking

https://www.welivesecurity.com/en/scams/common-bookingcom-scams/

This article explores the scams targeting Booking.com users, highlighting phishing emails, hijacked chats, fake listings, and bogus job offers. These scams aim to steal personal information and money or trick you into paying for non-existent accommodations.

Using Booking.com, we’ve encountered a similar situation to the “hijacked chats” scam. While booking a stay, I received a message through the platform claiming to be from the property owner. They mentioned a slight change in the agreed-upon price due to “unexpected fees” and requested an additional payment. Luckily, the message felt off-putting, and upon contacting the property directly (via Booking.com‘s messaging system), I discovered it was a fake attempt to collect extra money.

The article provides valuable tips on staying safe, which I completely agree with. Please always be careful of unsolicited messages, verify communication sources, avoid clicking suspicious links, and prioritize booking and payments through the official platform. Extra vigilance can save you a major headache (and financial loss) during your vacation.

Here’s what I found particularly interesting:

  • The rise of AI-generated phishing emails highlights scammers’ evolving tactics and the importance of staying informed about the latest threats.
  • The hijacked chat scam – This emphasizes the need for caution even within the platform’s messaging system.

By being aware of these scams and following the recommended safety measures, you can enjoy a safe and secure booking experience on Booking.com.

US Govt Board Failed to Investigate Major Cyberattack Despite Presidential Order

https://databreaches.net/2024/07/08/the-president-ordered-a-board-to-probe-a-massive-russian-cyberattack-it-never-did/

A US government board investigating major cyberattacks failed to properly scrutinise the SolarWinds hack, a devastating attack in 2020. The Biden administration had ordered the board to review the incident, but it instead focused on other vulnerabilities.

The SolarWinds attack involved Russian hackers infiltrating US government agencies through a flaw in Microsoft software. This hack was a major wake-up call, highlighting critical security weaknesses.

Experts believe a full investigation into SolarWinds could have exposed security flaws at Microsoft that were later exploited by Chinese hackers in 2023. This highlights the missed opportunity to prevent a future attack potentially.

The board, housed within the Department of Homeland Security (DHS), claims it fulfilled its mandate. However, critics argue that the board needed more independence due to its composition and limited resources. The board is now seeking more funding and investigative power.

Lawmakers are calling for reform, with some advocating for the board to become a fully independent agency like the National Transportation Safety Board. This would allow for a more thorough examination of cyberattacks, potentially leading to improved cybersecurity measures.

Hackers Apologize After Crippling Indonesian Government Systems, Release Encryption Key

https://www.theregister.com/2024/07/04/hackers_of_indonesian_government_apologize/

The hacking group Brain Cipher, responsible for a ransomware attack on the Indonesian government’s data centre, has apologized and released an encryption key to decrypt the stolen data. 

The attack disrupted essential government services and potentially exposed sensitive data. Brain Cipher demanded a ransom of $8 million, which the Indonesian government refused to pay.

The group claims they acted as security testers and that the attack exposed weaknesses in Indonesia’s cybersecurity infrastructure. They criticized the government for not prioritizing cybersecurity spending and using outdated security software.

Indonesian officials are scrambling to recover data and assess the damage, with the President ordering an audit of government data centres. The lack of proper backups has raised concerns about the government’s data security practices. 

Public anger is growing, with a petition calling for the resignation of the communications minister gaining significant support.

Warning Issued by Cybersecurity Agencies Regarding Rapid Exploit Adaptation by China-linked APT40

https://thehackernews.com/2024/07/cybersecurity-agencies-warn-of-china.html

Cybersecurity agencies from several countries have issued a joint advisory about a China-linked cyber espionage group known as APT40. This group can rapidly exploit newly disclosed security flaws and has targeted organizations in various countries, including the U.S. and Australia.

APT40 has been active since at least 2013 and is assessed to be based in Haikou. The U.S. and its allies have officially attributed the group to China’s Ministry of State Security, indicting several members for orchestrating a multi-year campaign to steal trade secrets and intellectual property. APT40 has been linked to intrusion waves targeting entities in the Asia-Pacific region and has carried out reconnaissance against networks in various countries, looking for opportunities to compromise targets. The group uses multiple tactics, such as deploying web shells, using Australian websites for command-and-control purposes, and incorporating out-of-date devices in its attack infrastructure.

To mitigate the risks posed by such threats, it’s recommended to implement adequate logging mechanisms, enforce multi-factor authentication, implement a robust patch management system, replace end-of-life equipment, disable unused services, ports, and protocols, and segment networks to prevent access to sensitive data.

A Vulnerability in OpenSSH Could Allow for Remote Code Execution (CVE-2024-6387: RCE in OpenSSH’s server vulnerability)

A critical security vulnerability has been identified in OpenSSH, a widely used suite of tools for secure remote login, which could potentially lead to remote code execution. If this vulnerability is exploited, an attacker could gain unauthorized access and execute code within the context of the unprivileged user operating the sshd server. As a result, the attacker could potentially install malicious software, access, modify, or delete sensitive data, and even create new user accounts with full privileges, posing a significant security risk to the affected systems. It is crucial for system administrators to promptly address this issue to prevent potential exploitation by malicious actors.

OpenSSH is a set of secure networking utilities that relies on the SSH protocol and plays a critical role in ensuring secure communication over unsecured networks. It is extensively used in enterprise environments to manage remote servers, carry out secure file transfers, and implement various DevOps practices.

REFERENCES:

Oligo Security https://www.oligo.security/blog/critical-openssh-vulnerability-cve-2024-6387-regresshion

OpenSSH http://www.openwall.com/lists/oss-security/2024/07/08/2

RedHat https://access.redhat.com/security/cve/CVE-2024-6409

Ubuntu https://ubuntu.com/security/CVE-2024-6409


Leave a Comment

Your email address will not be published. Required fields are marked *