Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, & Threats)
It is crucial to remain informed about the continuously changing landscape of cybersecurity in order to enhance an organization’s security measures.
Regularly reviewing the latest cyber-security developments is vital, as it offers a valuable understanding of new potential threats, weaknesses, data breaches, and methods to counter them.
A clear understanding of the current threat environment is essential for promptly addressing risks and safeguarding important resources from the most recent forms of cyber attacks and threats.
Malicious PyPI & NPM Packages Attacking MacOS Users
Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users. These packages, found on the Python Package Index (PyPI) and NPM, have been meticulously analyzed to uncover their malicious intent and sophisticated attack mechanisms. A CLI-based tool named GuardDog, released in late 2022, has been instrumental in identifying these malicious packages. The initial lead came from a package named “reallydonothing,” published on May 9, 2024, which exhibited several suspicious characteristics.
Chinese Hackers Hidden in Military Networks
Chinese hackers have been found exploiting vulnerabilities to infiltrate military networks. These sophisticated attacks involve the use of advanced persistent threats (APTs) to gain long-term access to sensitive information. The hackers employ various techniques, including spear-phishing and zero-day exploits, to compromise their targets.
Kinsing Malware Attacks Apache Tomcat Vulnerabilities
The Kinsing malware has been exploiting vulnerabilities in Apache Tomcat servers. This malware is known for its ability to execute remote commands and deploy additional payloads, making it a significant threat to compromised systems. The attacks highlight the importance of keeping software up-to-date and applying security patches promptly.
Rogue VMs and MITRE’s Cyber Attack
MITRE has reported a cyber attack involving rogue virtual machines (VMs). These VMs were used to bypass security measures and gain unauthorized access to sensitive data. The attack underscores the need for robust security protocols and continuous monitoring of virtual environments to detect and mitigate such threats[4].
Fake Antivirus Websites Spreading Malware
Cybersecurity researchers have uncovered a campaign involving fake antivirus websites designed to distribute malware. These websites mimic legitimate antivirus software, tricking users into downloading malicious programs. The malware can steal personal information, install additional malicious software, and compromise the security of the infected systems[5].
Greatness PaaS Tool Targeting Microsoft 365
A new Platform-as-a-Service (PaaS) tool named Greatness has been identified targeting Microsoft 365 users. This tool is used by cybercriminals to automate phishing attacks, making it easier to steal credentials and gain unauthorized access to Microsoft 365 accounts. The attacks emphasize the need for strong authentication measures and user awareness[6].
Internet Archive Under DDoS Attack
The Internet Archive has been subjected to a Distributed Denial-of-Service (DDoS) attack, disrupting access to its services. DDoS attacks overwhelm targeted systems with a flood of internet traffic, rendering them inaccessible. This incident highlights the importance of implementing DDoS protection measures to ensure service availability.
Hackers Weaponizing Microsoft Office
Hackers have been weaponizing Microsoft Office documents to deliver malware. These attacks often involve the use of malicious macros or embedded scripts that execute when the document is opened. Users are advised to be cautious when opening unsolicited documents and to disable macros by default.
Hackers Compromise SOHO Routers for Botnet
Small Office/Home Office (SOHO) routers have been compromised by hackers to create botnets. These botnets are used to launch large-scale cyber attacks, including DDoS attacks and data theft. The compromised routers often have weak security configurations, making them easy targets for attackers. It is crucial to secure routers with strong passwords and regular firmware updates.
Vulnerabilities
1. DNSBomb DoS Exploit
A new Denial of Service (DoS) exploit named DNSBomb has been discovered, which can disrupt DNS services by overwhelming them with traffic. This exploit poses a significant threat to the stability and availability of internet services reliant on DNS. Read more
2. Google Patches Chrome Zero-Day
Google has released a patch for a critical zero-day vulnerability in its Chrome browser, identified as CVE-2024-5274. This type confusion issue in the V8 JavaScript engine could allow attackers to execute arbitrary code. Users are strongly encouraged to update their browsers to the latest version to protect against potential exploits. Read more
3. Cisco Firepower Vulnerability
A critical vulnerability in Cisco Firepower Management Center (FMC) Software, tracked as CVE-2024-20360, has been identified. This flaw allows authenticated, remote attackers to conduct SQL injection attacks, potentially leading to unauthorized data access and command execution on the underlying operating system. Cisco has released updates to address this issue. Read more
4. macOS Privilege Escalation Exploit
A proof-of-concept (PoC) exploit for a privilege escalation vulnerability in macOS has been released. This exploit allows attackers to gain elevated privileges on affected systems, posing a significant security risk to macOS users. Read more
5. Windows 10 PlugScheduler Flaw
A vulnerability in Windows 10’s PlugScheduler has been discovered, which could allow attackers to execute arbitrary code with elevated privileges. Microsoft has released patches to address this issue, and users are advised to update their systems promptly. Read more
6. Hackers Target Check Point VPN Devices
Hackers are exploiting vulnerabilities in Check Point VPN devices to gain unauthorized access to enterprise networks. This highlights the importance of securing VPN devices and applying necessary patches to prevent such attacks. Read more
7. Exploiting Arc Browser
Cybercriminals are exploiting vulnerabilities in the Arc browser to execute malicious activities. Users of the Arc browser are advised to update to the latest version to mitigate these risks. Read more
8. Zscaler Client Connector Privilege Escalation Exploit
A privilege escalation exploit has been identified in the Zscaler Client Connector, which could allow attackers to gain elevated privileges on affected systems. Zscaler has released updates to address this vulnerability. Read more
9. TP-Link Archer C5400X Router Flaw
A critical flaw in the TP-Link Archer C5400X router has been discovered, which could allow remote attackers to gain control over the device. Users are advised to update their router firmware to the latest version to protect against this vulnerability. Read more
10. FortiSIEM PoC Exploit
A proof-of-concept exploit for a vulnerability in FortiSIEM has been released, which could allow attackers to execute arbitrary code on affected systems. Fortinet has released patches to address this issue, and users are encouraged to update their systems. Read more
11. Foxit PDF Reader and Editor Flaw
A vulnerability in Foxit PDF Reader and Editor has been identified, which could allow attackers to execute arbitrary code. Foxit has released updates to address this issue, and users are advised to update their software to the latest version. Read more
12. PoC Exploit Released for Multiple Vulnerabilities
A proof-of-concept exploit has been released for multiple vulnerabilities, highlighting the importance of timely updates and patches to protect against potential attacks. Users are encouraged to stay informed and apply necessary security updates to their systems. Read more
Data Breach
Shell Data Breach
In a shocking revelation, a threat actor has allegedly leaked sensitive data belonging to Shell, one of the world’s leading energy companies. The compromised data includes personal and sensitive information such as shopper codes, names, emails, contact numbers, and more. Shell has not yet released an official statement but is expected to initiate an internal investigation and collaborate with cybersecurity experts to assess the extent of the breach and mitigate any potential damage. Customers are advised to monitor their accounts closely and report any suspicious activity. Read more
Sav-Rx Data Breach
Pharmacy prescription services provider Sav-Rx has disclosed a significant data breach affecting 2.8 million users. The compromised data includes personal information, which could potentially be used for identity theft and other malicious activities. Sav-Rx is working with cybersecurity experts to investigate the breach and enhance their security measures to prevent future incidents. Read more
Ticketmaster Data Breach
Hackers have claimed a massive data breach involving Ticketmaster, allegedly exposing the details of 560 million users and their payment card information. The claim has generated significant media attention, although there are questions about its legitimacy. The evidence shared includes both new and old customer information, suggesting that the data might be a compilation of various sources rather than a single, cohesive breach. Read more
Other News
Okta Warns of Credential Stuffing Attacks
Okta has issued a warning about an increase in credential stuffing attacks targeting its customers. These attacks involve using automated tools to try large numbers of username and password combinations to gain unauthorized access to accounts. Okta advises users to enable multi-factor authentication and use strong, unique passwords to mitigate the risk.
VirusTotal Celebrates Anniversary
VirusTotal, a popular online service for analyzing files and URLs for viruses, has celebrated its anniversary. The service has been instrumental in helping cybersecurity professionals detect and analyze malware, contributing significantly to the global cybersecurity landscape.
Google Shares Details on Accidental File Deletion
Google has shared details about an incident involving the accidental deletion of a customer’s Google Cloud VMware Engine (GCVE) Private Cloud. The incident, which affected the Australian pension fund UniSuper, was caused by a misconfiguration during deployment. Google and UniSuper teams worked together to recover the data, and Google has since taken steps to prevent similar incidents in the future.
LangChain.js Vulnerability Exposes Sensitive Information
A vulnerability in LangChain.js has been discovered that could expose sensitive information. The flaw allows attackers to exploit the library to access confidential data. Developers using LangChain.js are advised to update to the latest version to mitigate this risk.
WAF Bypass Using Burp Plugin
A new method to bypass Web Application Firewalls (WAF) using a Burp Suite plugin has been identified. This technique allows attackers to evade security measures and potentially exploit web applications. Security professionals are encouraged to review their WAF configurations and consider additional layers of security.
911 S5 Botnet Dismantled
Authorities have successfully dismantled the 911 S5 botnet, which was responsible for numerous cyberattacks. The botnet, known for its use in distributed denial-of-service (DDoS) attacks and other malicious activities, has been taken down, reducing the threat it posed to online services and infrastructure.