This Week in Cyber 04th November 2024
Analyst Insight
This week in cyber, Operation Magnus led to the takedown of the RedLine and META infostealers, with authorities seizing servers, domains, and arresting individuals. In other news, EmeraldWhale exposed the theft of over 15,000 credentials due to misconfigured Git services. Additionally, a critical CyberPanel vulnerability (CVE-2024-51378) affecting 22,000 web servers was disclosed and quickly patched. We also saw Microsoft delay the rollout of its Recall feature for Windows Copilot+ PCs to address privacy concerns. Finally, a new version of the LightSpy spyware targeting iPhones has emerged, prompting users to update their devices.
?
Operation Magnus: RedLine and META Infostealers Taken Offline
Frequent readers of our weekly newsletter may remember us mentioning RedLine stealer in our previous articles. On Monday, an international effort of police and intelligence organisations announced the takedown of popular infostealer’s RedLine and META. Named Operation Magnus, a coalition of authorities in The Netherlands, United States, Belgium, Portugal, United Kingdom, and Australia, saw three servers taken down, two domains seizures, charges in the US, and two people taken into custody in Belgium.
?
They also retrieved a database with client information relating to criminals utilising these infostealers, and Belgian authorities took down multiple RedLine and META communication channels, the article states. ESET released a tool for free to help potential victims of these infostealers, allowing them to check if their data was stolen.
?
Emerlandwhale: Over 15k Credentials Stolen
The Sysdig research team has revealed a global operation, dubbed Emerald Whale, that targeted exposed Git configurations. By deploying multiple tools with the intention of abusing misconfigured web services, they were able to steal over 15000 credentials. At least 10,000 of these are likely to be associated with private repositories, with the stolen data being stored in an S3 bucket of one of their previous victims. These credentials are likely to find their way onto various grey and black markets.?
?
CyberPanel Vulnerability Leaves 22,000 Web Servers Open to Exploitation
CyberPanel is an open-source web hosting control panel that is powered by LiteSpeed Web Server. Researcher DreyAnd disclosed a vulnerability affecting CyberPanel v2.3.6 – 2.3.7. Assigned CVE-2024-51378 with a CVSS score of 10 (Critical), the vulnerability allows remote attackers to bypass authentication and execute arbitrary commands, meaning an attacker can gain full control over a web server running the unpatched software.
领英推荐
?
According to LeakIX, a search engine to find mis-configurations and vulnerabilities online, stated that 22,000 vulnerable CyberPanel instances were found after the 0-day disclosure. Within 30 minutes of the disclosure, CyberPanel stated the team released version 2.3.8 which patched the vulnerability.
?
Copilot + Recall Release Delayed due to Privacy Concerns
Microsoft has postponed the rollout of its Recall feature for Windows Copilot+ PCs. Initially set for an October preview, the AI-powered tool will now release in December. The feature will allow Windows Insiders to explore a "visual timeline" of their screens over time. However, despite its innovative approach to logging computing activities, privacy issues have led Microsoft to reengineer the system with improved security measures and make it an opt-in feature.?
?
iPhones Targeted by LightSpy Malware
Cybersecurity experts have found a new version of the LightSpy spyware targeting iPhones. This updated spyware not only steals more information but also has destructive features that can stop the user's device from working.
?
Originally discovered in 2020, LightSpy now uses more plugins to capture data like Wi-Fi info, photos, and even messages from apps like WhatsApp and WeChat. The spyware spreads through known security flaws in iOS and macOS. Recent iOS updates and patches have resolved many of these flaws, and users are encouraged to make sure their devices are up to date.
??