CyberTechWeekly
Five Key Events from September 8 - 14, 2024
Teenager Arrested for Transport for London Cyberattack
In a significant breach, a 17-year-old hacker was arrested following a cyberattack on Transport for London (TfL), which disrupted systems and potentially exposed sensitive customer data. The attacker reportedly exploited an SQL injection vulnerability within TfL’s web applications, allowing unauthorized access to backend databases. This type of attack, which involves inserting malicious code into a system through vulnerable input fields, is one of the oldest but most effective hacking techniques, especially when web applications are improperly secured.
Although SQL injection attacks have been well-documented for years, they remain one of the most frequently exploited vulnerabilities due to their potential to cause significant damage, including unauthorized data access, database corruption, and service disruptions.
Kali Linux 2024.3 Released with 11 New Hacking Tools
The new Kali Linux 2024.3 release brings 11 new tools tailored for penetration testers and cybersecurity professionals, enhancing the platform's versatility. Among the highlights is Hekatomb, which extracts and decrypts credentials from all domain computers, making it valuable for large network assessments.
Another addition, SQLmc, focuses on identifying SQL injection vulnerabilities across all URLs of a domain, automating a critical aspect of web security.
The update also introduces Sprayhound, a tool integrated with Bloodhound for conducting password spraying attacks, helping testers evaluate weak password policies. This release not only expands the toolset but also improves performance and compatibility with new hardware.
Massive Android TV Botnet: 1.3 Million Devices Compromised by Android.vo1d malware
More than 1.3 million Android-based TV boxes have fallen victim to the Android.Vo1d malware, turning them into part of a massive botnet used for DDoS attacks and other malicious activities. The malware takes advantage of an unpatched privilege escalation vulnerability (CVE-2024-12345) present in older versions of the Android OS used by many smart TV devices. Once the malware gains root access, it hijacks the device, allowing attackers to control the TV box remotely and utilize its resources for nefarious purposes.
TrickMo Malware Targets Android Banking Apps, Stealing Login Credentials and 2FA Codes
TrickMo, a new variant of Android banking malware, has been discovered targeting users' login credentials and two-factor authentication (2FA) codes, primarily in Europe. The malware operates by tricking users into entering their login details into fake banking app interfaces through overlay attacks. Once the user enters their credentials, TrickMo immediately forwards this information to attackers, who then exploit it to gain unauthorized access to banking accounts.
Unlike older banking Trojans, TrickMo leverages Android's accessibility services to bypass several security mechanisms, including those implemented by modern banking apps. The malware disables SMS-based 2FA by intercepting the codes directly from incoming messages and sending them to attackers. This malware poses a significant risk because it can persist on the device without detection, preventing users from removing it easily.
Google Air-Gapped Backups: The New Defense Against Ransomware
Google has introduced an innovative feature to its cloud services—air-gapped backups. This new feature is designed to protect organizations from ransomware attacks by creating immutable (unalterable) backups that are isolated from the primary network. By using an air-gapped solution, Google ensures that once a backup is created, it cannot be modified or deleted, even if an attacker gains access to the primary systems.
This feature, integrated into Google Cloud’s Backup and Disaster Recovery (DR) services, aims to secure critical data against ransomware operators who often target backups to extort victims.