Cyber Security News Weekly Round-Up: Cyber Attacks, Vulnerabilities, Threats & New Cyber Stories
With our weekly cybersecurity news summary, explore and learn about the most recent developments in the cybersecurity field.?
This practice will allow you to remain up-to-date on the newest developments, weaknesses, groundbreaking progress, hacking incidents, potential dangers, and fresh narratives occurring within the relevant field or industry.?
Doing so will help you avoid missing out on important news and information.
Within our summary report, you will discover new cyber threats as well as ways to deal with them. This entails a report on the latest malicious techniques that may result in damage to your trusted devices.
By staying current about these critical issues of cybersecurity, it allows for the execution of timely safeguarding measures and preventive actions.
Moreover, this ongoing awareness ensures that you have a comprehensive understanding of the cybersecurity landscape and hence can secure your systems properly against a continually changing set of risks.
Tools
DarkGPT is an AI OSINT tool that is based on GPT-4-200K is meant detect the databases that are leaked or compromised. The idea behind DarkGPT is to help security researchers improve their traditional OSINT methods and make them better.
However, this software needs Python 3.8 or above to install it, and can be used in automation of cybersecurity tasks, this increases the efficiency by reducing the number of human errors.
AI systems like DarkGPT are able to identify abnormal activities, intrusions and cyber-attacks by monitoring network traffic, user activities and system logs.
CloudGrappler is a free software that detects dangers in cloud environments, concentrating on the behaviors of infamous malicious actors such as LUCR-3 (Scattered Spider).?
By utilizing CloudGrep, it makes available very accurate detections within AWS and Azure by assuming the role of a cyber detective who uncovers suspicious and malicious activities.?
This tool comes with comprehensive reports in JSON format that can help security teams deal with potential threats faster by going through large amounts of cloud data.?
To improve the effectiveness and efficiency of professionals in the security sector, Microsoft has designed an AI tool called Microsoft Copilot for Security.
These include a stand-alone portal and integration with other Microsoft security products. This speeds up the work of experienced security professionals by 22% more accurate with 97% saying they would use it again for other tasks.
Microsoft’s introduction of Copilot as a pay-per-use model has allowed it to reach many organizations worldwide. It is multilingual, working on prompts in eight languages as well as features linking with external attack surfaces, analysis of audit logs and usage reporting.
Threats
This happened in a case where Earth Kapre malware had infected several computers and established connections with their C&C servers.?
Following this, the team from Trend Micro Managed Extended Detection and Response (MDR), Incident Response (IR) investigated the attack to bring out the wrong activities of Earth Kapre downloader.
The report from CSN has shown how dangerous is the Remcos RAT, which provides remote access to exploited systems.?
So, if used, it can have negative effects on companies that include data loss, system penetration, business interruption, espionage, and harm to company reputation.?
This underscores the gravity of deploying the Remcos RAT as well as the necessity for guarding against these types of cyber attacks.
This report is about SnakeKeylogger that explains how keyloggers are used by threat actors to steal sensitive information such as credentials, screenshots, etc secretly.
SnakeKeylogger is a .NET malware that spreads with phishing, bypasses sandboxes and sends out data through FTP, email, and Telegram.
It is a great threat to cybersecurity aimed at personal and corporate accounts capturing account credentials for malicious use.
This report highlights the new malicious PyPI packages that target the crypto wallets.?
These are used by threat actors to get into systems and steal wallet passwords of crypto wallets leading to data exfiltration, ransomware deployment, or system compromise.?
The seven malicious PyPI packages were found being used by ReversingLabs for a campaign aimed at stealing developer's BIP39-derived wallet phrases.?
The report points out deceptive tactics employed by the threat actors like malicious dependencies and name squatting to avoid detection and compromise on crypto infrastructures as well as assets.
Magnet Goblin is a financially-driven threat actor group that uses 0-day vulnerabilities to go after Linux servers as explained in the report.
This group generates funds by attacking edge devices and public facing server using custom malware, such as NerbianRAT or MiniNerbian.
For organization that are slow with security patching, this is a very important point because Magnet Goblin is known for being very quick at picking up the more recent exploits which are disclosed while stressing on the need for proactive cyber security practices against agile threat actors.
Hackers had used an unpatched Popup Builder's vulnerability in order to inject malicious code into the websites, leading to over 3,300 affected sites.?
Such malevolent code is designed to manipulate popup events and redirect users to phishing sites as well as infect other malware.?
In addition, mitigation involves updating the plugin to version 4.2.7, deploying a temporary protection using web application firewalls, removing bad codes from the website, scanning for back doors, deleting unknown accounts, and upgrading all website software with latest security patches available.
The report shows a malicious campaign aimed at Roblox users with an infostealer called Tweaks, using platforms like YouTube or Discords to spread malware that poses as FPS optimization tools.?
On YouTube, attackers make videos on how to increase the frame-per-second of Roblox games, and as a result, people end up installing malwares. To their advantage when it comes to detection, these malware steals sensitive information besides enhancing gameplay.
This campaign is an illustration of the significance of robust cyber security measures in combating ever-evolving online threats.?
Last month, a Darktrace customer fell prey to an advanced phishing attack that leveraged Dropbox. The criminals employed a real Dropbox message to send the PDF link which in turn goes to a fake log-in page.?
Although detected by Darktrace, the PDF link was viewed thereby resulting into compromised Microsoft 365 accounts. The attackers bypassed MFA through leveraging valid tokens and manipulated email rules to deceive recipients.?
This event reveals how cybercriminals are using new methods by misusing existing trusted services for their malicious campaigns.
Developers are being targeted by threat actors through malicious Notepad++ sites that are exploiting the common text editor's flaws to get at sensitive information and systems.?
It is highly dangerous as renowned programs like Notepad++ have a lot of users which makes them more vulnerable to attacks.?
Kaspersky Lab cyber security experts have detected these malicious campaigns, pointing out the employment of malvertising to deceive victims through ads above search results.?
The attackers release modified editions of some text editors, such as Notepad++, which they use for initiating infections and can also lead to backdoors in Linux and macOS systems.
Symantec’s recent findings show that ransomware attacks have been taken to a new level by cyber criminals who use more than 12 genuine data exfiltration tools.
This trend means a leaning toward using dual-purpose instruments in bad faith, stressing the importance of better security against computer crimes.?
Such popular applications as Rclone have been hijacked for attacking purposes, which serve to demonstrate how well their flexibility is employed for mass data thefts.?
The usage of legal software can make detection difficult, hence the need for constant watchfulness and the ability to adapt security measures to current types of extortionate software.
The French government experienced severe disruptions on several websites due to a Distributed Denial of Service (DDoS) attack. The attack began on a Sunday, rapidly intensifying and lasting approximately six hours.?
Cloudflare detected the attack, with Anonymous Sudan claiming responsibility. Despite efforts by the French government's digital transformation agency, DINUM, to defend against the attack, Cloudflare data showed continued Layer 7 attacks.?
While the Prime Minister Gabriel Attal's office acknowledged the cyberattacks as unprecedented in intensity.
Vulnerabilities
The report highlights vulnerabilities in popular fonts that can be exploited for XXE attacks and arbitrary command execution, affecting various systems like web browsers and operating systems. The vulnerabilities were identified as CVE-2023-45139, CVE-2024-25081, and CVE-2024-25082.
These vulnerabilities pose a significant security risk which highlight the importance of addressing font-rendering security risks in software applications and operating systems.
Google's AI was hacked by the researchers who managed to access victims' email accounts and the Google Cloud Console.?
They notified Google immediately about the weak point which resulted in a $20,000 reward for them.?
The initiative was designed to improve Google's Security Red Teaming approach which is intended to encourage people to identify vulnerabilities.?
This violation serves as an example of ongoing problems with cybersecurity and how important it is to have defensive measures in place earlier.?
ChatGPT-Next-Web, also called NextChat has a crucial Server-Side Request Forgery (SSRF) vulnerability which could allow attackers to break into internal systems and possibly the entire network.?
This is CVE-2023-49785, with critical severity level of 9.1 making it highly dangerous to organizations.?
Organizations are still vulnerable to possible attacks from this vulnerability since by November 2023 when it was reported to the vendor, no patch had been issued yet.
领英推荐
Microsoft's March 2024 Patch Tuesday addressed nearly 59 vulnerabilities across various products, with two critical and 57 important severity patches.?
The release covered issues in Skype, Microsoft Components for Android, Office, Azure, SQL Server, and more.?
Notably, the update included a Critical Denial of Service vulnerability in Windows Hyper-V and a Remote Code Execution flaw in Microsoft Exchange Server. This patch cycle precedes the Pwn2Own competition, making it a relatively low-volume release for March
In light of recent developments, bugs that allow code execution have been identified in several Adobe Enterprise applications including Adobe Experience Manager, Premier Pro, ColdFusion, Bridge, Lightroom, and Animate.?
Such flaws can result in the execution of arbitrary codes allowing threat actors to manipulate compromised programs.?
Adobe has provided security advisories for fixing these issues with Adobe Experience Manager being the most affected with 43 code execution vulnerabilities due to cross-site scripting and improper access controls.
The update is about a Chrome security enhancement that corrects the Use After Free flaw in Google Chrome leading to the crashing of the browser by attackers.?
The update contains three other securities fixes with vulnerabilities identified as Use after free in Performance Manager.?
While threat actors can exploit this security flaw remotely using a maliciously created HTML page causing heap corruption and browser crashes. The report highlights the need to upgrade Chrome to its latest version to address these security threats.
For being a part of the LockBit ransomware group, Mikhail Vasiliev, a dual Russian-Canadian citizen has been sentenced to almost four years in jail.?
Vasiliev pleaded guilty to several crimes including cyber extortion, mischief, and weapons violations by admitting that he was involved in ransomware attacks against companies all over Canada.?
His actions were called premeditated and willful since they resulted in disruptions of great magnitude for Canadian firms after encrypting their data as well as demanding ransoms.?
Vasiliev stopped his criminal activities following his arrest at his home in Bradford, Ontario where he had been under surveillance by American investigators for two years.?
The report about the vulnerability of Gemini AI by Google points out a severe flaw that permits hackers to hack into people's questions by putting dangerous instructions in Google documents.?
This particular vulnerability exploits the model's fine-tuning with instructions and allows attackers to then manipulate user interactions with it and possibly have access to sensitive data.?
Gemini Ultra, which is Google's advanced language model, is used as an example here to demonstrate its vulnerability to such injection attacks which makes it very dangerous for users' data and any communications taking place.?
Modern CPUs contain a new data leakage vulnerability which is called the GhostRace attack and uses speculative execution and race conditions to emit information from target.?
Every CPU vendor like Intel, Arm, AMD, IBM has had its major processors affected by this Spectre v1 variant that can be used by unauthenticated attackers to pull out arbitrary information from processor.?
The bug has been assigned the CVE-2024-2193 identifier as it allows creation of Speculative Race Conditions (SRCs) used to bypass synchronization primitives exposing potentially sensitive data such as passwords and encryption keys.?
These vulnerabilities have been confirmed by various vendors that have also provided remediation recommendations against this security threat.
Cisco Systems, Inc has recently announced that it has released its half-yearly security advisory bundle fixing critical vulnerabilities in its IOS XR Software.?
By publishing this document and issuing advisories in March and September each year, Cisco shows its commitment towards improving cybersecurity transparency.?
This release includes eight advisories covering nine vulnerabilities demonstrating how important customer feedback can be to security strategies and updating cycles.
Following the report, attackers can execute malicious code in VMware ESXi, Workstation and Fusion products, which are believed to have considerable vulnerabilities.?
These weaknesses are present on different VMware products that are ranked as 'Important' each cumulatively escalating to 'Critical.'?
All these vulnerabilities have been warned against by Shadowserver as they increase the chances of local admin privileges bypassing sandbox protections.?
VMware has fixed these issues and praised those security researchers who found out and reported these vulnerabilities.
The OpenEdge Authentication Gateway and AdminServer suffer from a serious vulnerability, CVE-2024-1403; as such, an exploit called Proof of Concept (PoC) has been published.
This could lead to unauthorized access to sensitive systems. Mitigation and upgrades in multiple versions of the OpenEdge platform are important in order to forestall potential security threats.?
There is misconfiguration within OpenEdge Domain which uses an OS local authentication provider that prompts immediate action towards making the system secure against exploitation.
The report discusses different flaws in QNAP operating systems and applications, namely CVE-2024-21899, CVE-2024-21900, and CVE-2024-21901.
Additionally, these can be highly dangerous to users since they provide an opening for intruders to break into the system's security and launch malicious commands
QNAP acted fast by releasing patches that address the vulnerabilities. These include the vulnerability of system security via invalid logins, manipulating database content by hackers as well as execution of remote code which highlights how essential it is to have the latest security controls.
The research paper shows how the BianLian hackers used a TeamCity vulnerability to install a GO backdoor through the use of a disguised PowerShell backdoor that appeared as legitimate tools.?
It was an attack that moved sideways across the network, which introduced such malicious tools like web.ps 1 PowerShell script. The asynchronous execution ways were utilized by PowerShell backdoor where it communicated through SSL streams with Command and Control server.?
According to the investigation, this IP address has been identified as hosting the BianLian Go Backdoor Server, indicating that the group is using increasingly sophisticated methods and tactics in response to evolving cyber threats.
There is a critical flaw in the Fortinet’s FortiOS and FortiProxy systems that leads to attackers, who send HTTP requests with special properties, to execute any code of their own choosing.
This vulnerability was identified as an out-of-bounds write issue and a stack-based buffer overflow. This affects many versions of FortiOS and FortiProxy and could result in unauthorized code execution.
Companies that use affected ones are susceptible to focused attacks which may impair services or steal sensitive information.
Fortinet has released patches and workarounds for these bugs, advising users to update their systems quickly so as to avoid exploitation.
Three critical vulnerabilities have been pointed out in ChatGPT plugins in the report. These include malicious plugin installation, account takeovers, and OAuth redirection manipulation.?
Such vulnerabilities are due to a lack of security awareness among developers.?
Cybersecurity analysts have advised OpenAI to prioritize security guidelines for plugin developers so as to solve these recurrent security glitches.?
Data Exposure
The report shows how the darknet market administrator is threatening to reveal users’ identities unless they pay a ransom, thus emphasizing the risks on these platforms.?
According to him, he has gathered massive amounts of information about the users such as personal messages sent and transaction histories that he intends to post in case his demands won’t be met. Payment of ransoms is discouraged by legal practitioners because there are no assurances.?
This occurrence illustrates a weakness in darknet markets where administrators retain substantial authority over users’ unknownness and secrecy.
There was a data breach at Stanford University in its Department of Public Safety due to a ransomware attack in September 2023. The breach, which lasted from May 12, 2023, until it was discovered, affected 27,000 individuals.?
Names, Social Security numbers, and biometric data are among the personal information that could have been compromised.?
Stanford University took immediate measures to secure its network and there is no indication that the accessed information has been misused.?
People who were affected by this are being contacted and also given chances to be secured against identity theft.
Nissan Oceania was under a cyberattack resulting in the loss of personal data for over 10,000 persons including high-risk details such as government identity numbers and employment information.
The security of information has become a matter of concern since December 5, 2023, when it was realized that there had been a breach. Nissan is collaborating with law enforcement agencies to determine the extent of damage and help affected parties.
About 100,000 people will be notified while one out of every ten falls into significant risk of having his or her identity stolen by hackers. As a result, Nissan intends to remedy the situation and assist those affected.
Other Stories
A dual Russian-Canadian citizen, Mikhail Vasiliev has been given a sentence of nearly four years in jail for being part of the LockBit ransomware group which is involved in cyber extortion, mischief, and weapons charges.
Vasiliev, who was labeled a “cyber terrorist,” admitted to conducting ransomware attacks on Canadian firms, demanding ransoms and causing significant disruptions.
The business world has felt the global impact of the LockBit gang which demands more than $100 million in ransoms.
Google Chrome is attempting to improve its security by incorporating in it a real-time URL protection mechanism that it calls Safe Browsing 2.0.
The aim of this new feature is to protect users from infections, frauds and other related cybercrimes by monitoring the web for unsafe websites that appear and disappear within few minutes while still remaining privacy-focused.
Chrome's improved safe browsing achieves faster threat detection and better defense against changing online threats through the use of a new API for real-time URL checks, as well as encryption techniques that protect user data.
Hi, I came across your profile and noticed your interest in technology & innovation industry. I wanted to reach out and inform you about an exciting event coming up that I believe would be of great interest to you – the 2nd Indonesia Technology and Innovation Exhibition happening from August 12th to 14th, 2024, at Jakarta International Expo, Indonesia. With a focus on Internet & Telecommunication, Digital Technology, Artificial Intelligence, Data Center & Cloud, Cybersecurity, and many other cutting-edge sectors, our exhibition promises to be a hub of innovation and collaboration. It's not just an opportunity for Indonesians but also for professionals from around the world to network, learn, and explore the latest advancements in technology. I believe your expertise and passion would be a valuable addition to our event. I encourage you to visit our website at www.inti.asia or check out our LinkedIn page at https://www.dhirubhai.net/company/indonesia-technology-and-innovation/ for more information and consider joining us at the exhibition. Please feel free to reach out if you have any questions or would like further details. Looking forward to the possibility of your participation!
Chief Information Security Officer, iomart
8 个月Great article - keep them coming.
--
8 个月Dsus está VIDO AO SEY LADO
BBA || CSM ||cyber security analyst
8 个月Please can you send me this information… they willl really help me in my studies to become a cybersecurity analyst. Thanks