Sunday 1st December 2024

Good morning everyone, I hope you're all having a lovely weekend, thank you for joining me for the latest edition of Cyber Daily. Cybercriminals and hackers are making waves this week—and not in a good way. From the arrest of a notorious ransomware affiliate in Russia to the emergence of Rockstar 2FA, a tool designed to outsmart even the savviest MFA setups, it’s clear that the battle between cybercrime and cybersecurity is heating up. Oh, and for Zabbix users, it’s time to patch up, as an unforgivable SQL injection flaw has been uncovered.

Enjoy the read!

Russia arrests ransomware operator wanted by the US

Russian authorities have arrested Mikhail Pavlovich Matveev, aka Wazawaka, a prominent ransomware affiliate accused of ties to hacking groups LockBit, Conti, and Babuk. Matveev, apprehended in Kaliningrad, faces charges for developing malicious programs and targeting entities in both Russia and abroad.

This isn’t Matveev’s first brush with international law enforcement. In May, the U.S. Justice Department indicted him for ransomware attacks that crippled police departments in Washington, D.C., and New Jersey, as well as healthcare organisations. He’s also on the FBI’s Most Wanted list, with a $10 million reward for information leading to his arrest.

Matveev’s arrest marks a rare instance of Russian cooperation against cybercrime, potentially signaling an acknowledgment of growing global pressure to curb ransomware activity. Still, with charges filed under Russian law, it remains to be seen if he’ll face justice outside of his home country.

Rockstar 2FA: The new tool making phishing attacks even sneakier

A new phishing-as-a-service (PhaaS) platform, Rockstar 2FA, is taking cybercrime to the next level by enabling large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials—even bypassing multifactor authentication (MFA).

Victims are directed to fake login pages mimicking Microsoft 365, where their credentials are stolen and intercepted via valid session cookies. These cookies allow attackers to bypass MFA entirely and directly access accounts.

Rockstar 2FA builds on earlier kits like DadSec and Phoenix and boasts a slick admin panel and features like randomised source code, Cloudflare Captcha integration, and automated organisation branding. It’s been spotted operating over 5,000 phishing domains since May, with services starting at $200.

The persistence of platforms like Rockstar 2FA, despite crackdowns on similar services, highlights the ongoing battle against phishing campaigns. Until access to such tools is curbed, the risk of widespread attacks targeting sensitive credentials remains high.

Critical SQL injection flaw puts Zabbix systems at risk

Zabbix, an open-source enterprise network monitoring provider, is alerting users to a severe SQL injection vulnerability (CVE-2024-42327) that could allow attackers to compromise systems fully. The flaw, scoring 9.9 on the CVSSv3 scale, can be exploited by any user with API access, even with minimal permissions.

The vulnerability lies in the CUser class and can be exploited via the addRelatedObjects function, exposing customers to privilege escalation and potential ransomware attacks. Zabbix serves major clients, including Dell, the European Space Agency, and Vodacom, underscoring the widespread potential impact.

The affected versions—6.0.0 to 6.0.31, 6.4.0 to 6.4.16, and 7.0.0—should be updated to versions 6.0.32rc1, 6.4.17rc1, and 7.0.1rc1 respectively.

SQL injection vulnerabilities, like the infamous MOVEit MFT breach, are not only easy to exploit but can lead to massive data theft. With 10% of CISA’s known exploited vulnerabilities being SQLi-related, the FBI and CISA have labeled them “unforgivable” flaws and urged vendors to eliminate them proactively.