Good morning, brew enthusiasts! 

First up, we dive into Google's latest controversy – a new malware that's resurrecting expired Google tokens, causing a stir in the realm of digital security. Google's response? A cool shrug, treating it as just another day at the cyber office.

Then, we shift gears to a cunning cybercrime technique that's giving sleepless nights to email users worldwide. Dubbed SMTP smuggling, this newfound vulnerability is making it easier for hackers to send fake emails, posing a serious challenge to our trust in digital communication.

And finally, we spotlight a significant alert from CISA, warning about a perilous flaw in an Excel-reading Perl library. This vulnerability has been exploited by Chinese hackers to unleash malware, putting a spotlight on the ever-present need for vigilant cybersecurity measures.

As these stories unfold, they serve as a critical reminder of the ongoing battle in cyberspace. Whether it's Google downplaying a security risk, a new email spoofing technique, or a vulnerability in commonly used software, the need for robust cyber defenses has never been more apparent. So, buckle up as we delve into these intriguing updates, keeping you informed and cyber-safe! 🌐💻🔐

Google tries to downplay cookie security risk as nothing new

In the ever-evolving world of cybersecurity, Google has found itself at the center of a new controversy. Security experts recently identified a malware that revives expired Google authentication tokens through a Chrome API. This sneaky malware allows hackers to stay logged into Google accounts longer than usual. Google, however, seems to be playing it cool, brushing off the issue as just another case of session cookie theft.

Is it really just a vulnerability? Google insists it's on top of things, stating that malware attacks targeting cookies and tokens aren't groundbreaking news. They've bolstered their defenses and are working to secure compromised accounts. Still, they recommend users log out of Chrome and end all active sessions to invalidate the Refresh token.

Prevention is better than cure, but often overlooked Google's advice includes proactive measures like enabling Enhanced Safe Browsing in Chrome. However, most users don't take these steps until it's too late. Hudson Rock, a cybersecurity research team, raised alarms in November 2023 about the Lumma infostealer, capable of restoring expired Google cookies. A dark web forum ad for Lumma boasted this feature, highlighting its ability to “restore dead cookies” specifically for Google.

This development in cybersecurity underlines the importance of vigilance and proactive measures in digital security. Google's response, while confident, serves as a reminder that threats are continually evolving, and so should our defenses.

This new cybercrime technique makes it easier for criminals to send fake emails

The digital world is facing a new threat: SMTP smuggling. Security experts have unveiled a technique that lets hackers send spoofed emails, posing as legitimate addresses. This method is particularly dangerous as it can bypass email security systems, opening the door for highly targeted phishing attacks.

SMTP Smuggling: How it works SMTP, the backbone protocol for email transfer, has a flaw that can be exploited. By manipulating how SMTP servers handle end-of-data sequences, hackers can insert arbitrary SMTP commands, effectively "smuggling" entire email messages. This vulnerability affects major servers like Microsoft, GMX, and Cisco, as well as SMTP implementations from Postfix and Sendmail.

Cisco's surprising stance While Microsoft and GMX have patched this issue, Cisco has taken a different route. They view SMTP smuggling not as a vulnerability but as a feature, choosing not to alter their default configuration. This leaves Cisco Secure Email instances potentially open to such attacks unless users tweak their settings.

The Phishing Menace Phishing remains the top tool for cybercriminals, due to its ease, low cost, and high effectiveness. With SMTP smuggling, attackers can pose as reputable entities or even company executives, often using AI to craft convincing messages. Unsuspecting victims are tricked into actions like clicking dangerous links or downloading harmful attachments, leading to data breaches or worse.

This development in cybercrime highlights the ever-present need for vigilance and updated security measures in our digital communications. The balance between convenience and security continues to be a critical challenge in the fight against cyber threats.

CISA warns of a nasty flaw abusing Excel

The Cybersecurity and Infrastructure Agency (CISA) of the US Government has issued a warning about a significant vulnerability in the Perl library used for reading Excel files, named Spreadsheet::ParseExcel. The bug, now known as CVE-2023-7101, is a remote code execution (RCE) flaw, which could allow hackers to deploy and run various malware, including ransomware.

Parsing the Excel Peril The vulnerability lies in the way Spreadsheet::ParseExcel handles Number format strings within Excel, by passing unvalidated input into a string-type "eval." This flaw can let attackers execute code remotely on the affected device. US Government agencies have been given a deadline until January 23 to update the library to versions beyond 0.65 to mitigate this risk.

UNC4841 and the Spread of Malware The threat became apparent when Barracuda, an email protection and network security firm, observed Chinese hackers exploiting this vulnerability to attack its Email Security Gateway instances. The hackers were able to execute code by sending a customized Excel attachment, leveraging the Amavis virus scanner within the ESG. Barracuda, in collaboration with Mandiant, linked these attacks to a Chinese group known as UNC4841, notorious for deploying SEASPY and SALTWATER malware.

Remediation Efforts On December 22, 2023, Barracuda released a patch to fix the compromised ESG appliances. While they have taken care of the issue within their ecosystem, they stressed that the open-source library, Spreadsheet::ParseExcel, remains vulnerable. Barracuda advises organizations using this library to review CVE-2023-7101 and take prompt remedial actions.

This incident serves as a stark reminder of the ever-present threat of cyber attacks and the importance of maintaining up-to-date security measures, especially in commonly used software and libraries. The agility of threat actors to exploit even the most routine of software underscores the need for constant vigilance in the digital world.