Friday 22nd November 2024
Aidan Dickenson
Business Development Manager // Tailored solutions to enhance security, improve efficiency, and drive growth.
Good morning everyone, a very happy Friday and thank you for joining me for the latest instalment of Cyber Daily.
In today’s edition:
Enjoy the read and have a great end to the week!
NodeStealer 2.0: Targeting Facebook Ad Accounts and Browser Data
A revamped version of the Python-based NodeStealer malware is making waves, with threat hunters warning it's now capable of raiding Facebook Ads Manager accounts and siphoning credit card data from web browsers.
The malware, linked to Vietnamese threat actors, harvests cookies to log into Ads Manager and use the Facebook Graph API to extract account details and budgets, potentially weaponising accounts for malicious ad campaigns. To evade scrutiny, NodeStealer avoids infecting machines in Vietnam and employs crafty techniques like unlocking SQLite database files via Windows Restart Manager.
Cybercriminals further exfiltrate data using Telegram, underscoring its persistence as a tool for cyberattacks. In parallel, phishing tactics like the ClickFix technique exploit fake CAPTCHA verifications, tricking victims into executing malicious scripts.
These evolving threats underline the pressing need for businesses to secure ad accounts and reinforce employee awareness around phishing techniques. With attackers leveraging trusted platforms like Facebook, vigilance remains key.
Citrix Vulnerabilities Under Attack: Act Fast
Two freshly patched vulnerabilities in Citrix's Session Recording component (CVE-2024-8068 and CVE-2024-8069) are drawing exploitation attempts mere hours after a proof-of-concept (PoC) was made public by researchers.
Discovered by WatchTowr, these flaws enable privilege escalation and remote code execution, potentially allowing attackers to target Citrix Virtual Apps and Desktops setups. Though Citrix deems the issues “medium severity,” researchers argue they’re a bigger deal: many organisations expose Session Recording servers to the internet, contrary to Citrix’s recommendations.
What's happening?
Citrix urges users to update immediately. The advisory emphasises isolating Session Recording servers on trusted networks and enabling HTTPS with Active Directory for authentication.
Citrix flaws are no strangers to exploitation, with two of its vulnerabilities ranking among the most exploited in 2023. Businesses relying on Citrix need to patch now to stay ahead.
AI-Powered Fuzzing Finds Decades-Old Bugs
Google’s AI-enhanced fuzzing tool, OSS-Fuzz, has helped identify 26 vulnerabilities across open-source projects, including CVE-2024-9143, a medium-severity flaw in the OpenSSL cryptographic library. The bug, which had lingered in the codebase for nearly two decades, could enable remote code execution or application crashes.
AI has proven instrumental in uncovering these issues by generating fuzz targets that surpass human-written ones in code coverage. Since integrating large language models (LLMs) into OSS-Fuzz in 2023, the tool has added over 370,000 lines of fuzzing code to 272 C/C++ projects, unearthing hard-to-find bugs in deeply nested code paths.
Why it matters:
With AI taking the lead in finding vulnerabilities, automated security tools are transforming how developers secure open-source software.
Empowering Small Businesses to Surge Ahead of Competition. 9X LinkedIn Top Voice: Brand Development | Creative Strategy | Content Marketing | Digital Marketing | Performance Marketing | SEO | SMM | Web Development
4 天前Aidan Dickenson Staying updated on these threats is the best way to stay one step ahead—thanks for the heads-up!
Agile Coach at Evolve IT | Innovation Culture for Business Growth | Digital Transformation | Agile, High-Performing, and Autonomous Teams
4 天前AI-driven tools uncovering long-hidden vulnerabilities is a game-changer. :) Aidan Dickenson
LOCKSMITH who unlocks excellence in people and technology | Executive Coach | CTO, CIO, CXO | Innovator
5 天前Aidan Dickenson Question for Friday: In the old days of phising the advice was look at the mis-spelt domain names, spelling, grammer etc.What are the main look outs for AI driven threats. Any thoughts anyone?