Google, Microsoft & Intel Patches | Linux, Adobe & Android Targeted | City of Helsinki & Nissan Breaches
Noor Maryam
Application Security Consultant | Cybersecurity Professional | TryHackMe Top 0.1%
Google announced the release of Chrome 125 to the stable channel, which includes patches for nine vulnerabilities, four of which were reported by external Researchers.
Nissan North America informed the Maine Attorney General this week that a ransomware attack launched last year compromised the personal information of 53,000 employees.
Intel published 41 new security advisories addressing over 90 vulnerabilities discovered in the company’s products.
The Ebury Linux botnet's expansion has continued uninterrupted over the past decade, with approximately 100,000 infected systems identified at the end of 2023, according to ESET reports.
Microsoft released its latest security updates, tackling about 60 vulnerabilities spanning various software products. Of particular concern was a zero-day actively exploited, which had been reported by several external threat-hunting teams, prompting urgent attention.
Adobe has disclosed 35 security vulnerabilities across its product range, emphasizing the need for immediate action regarding critical bugs in Adobe Acrobat and Reader, both extensively used programs.
The City of Helsinki, Finland's capital, revealed that a cyberattack at the end of April resulted in the theft of personal information belonging to students and personnel.
VMware released a security advisory notifying Workstation and Fusion customers that patches are now accessible for vulnerabilities exploited earlier this year at the Pwn2Own hacking competition.
At an upcoming Chinese hacking contest, a prize pool of $2.5 million is being offered for exploits targeting various technology products, with a particular focus on those made in Western countries.
The Black Basta ransomware group has targeted over 500 organizations worldwide, including critical infrastructure entities across North America, Europe, and Australia, according to warnings from the US government.
Microsoft reports that cybercriminals utilizing the Black Basta ransomware have been observed abusing the Quick Assist remote management tool in vishing (voice phishing) attacks.
Cyble, a threat intelligence company, is sounding the alarm about a newly identified Android banking trojan capable of stealing users' credentials, and conversations, and spying on them.
Alkira, the on-demand network infrastructure-as-a-service vendor, has successfully raised $100 million in Series C funding. This latest round of investment brings the total funding raised by the company to $176 million.
Google Patches Third Chrome Zero-Day in One Week
Google has released Chrome 125 to the stable channel, addressing nine vulnerabilities, including a zero-day. The most critical of these is CVE-2024-4947, a high-severity type confusion flaw in the V8 JavaScript engine that has already been exploited.
Another significant issue resolved is CVE-2024-4948, a high-severity use-after-free vulnerability in Dawn, the open-source, cross-platform implementation of the WebGPU standard in Chromium. No reward has been disclosed for this vulnerability.
Users are urged to update their browsers immediately, as CVE-2024-4947 is the third Chrome zero-day fixed in one week. The other three zero-day vulnerabilities—CVE-2024-2886, CVE-2024-2887, and CVE-2024-3159—were patched soon after being demonstrated at the Pwn2Own Vancouver 2024 hacking contest.
Nissan Data Breach Affects 53,000 Employees
Nissan North America recently determined that a ransomware attack launched last year resulted in the compromise of employee personal information. The company reported that in early November 2023, a threat actor gained access to its systems via an external VPN. Although the attacker did not encrypt data or disrupt any systems, they stole files from local and network shares and demanded a ransom.
Initially, the investigation suggested that only business information was accessed. However, in late February 2024, Nissan discovered that the compromised files included personal information, primarily related to current and former employees, such as names and social security numbers. The carmaker informed the Maine Attorney General’s Office that just over 53,000 individuals were impacted by the data breach.
Intel Publishes 41 Security Advisories Addressing Over 90 Vulnerabilities
The most critical flaw, CVE-2024-22476, has a severity rating of 'critical' and a CVSS score of 10. This vulnerability has been identified in Neural Compressor, an AI product that optimizes model size and increases the speed of deep learning inference for deployment on CPUs or GPUs.
High-severity vulnerabilities were found in various products, including the UEFI firmware of server products, Arc & Iris Xe Graphics, PROSet/Wireless, Power Gadget, Trust Domain Extensions, Secure Device Manager, Dynamic Tuning Technology, Thunderbolt, Graphics Performance Analyzers, BIOS Guard, Platform Properties Assessment Module, and Ethernet Controller I225 Manageability products. These flaws could allow privilege escalation, DoS attacks, or information disclosure.
Medium-severity vulnerabilities have been addressed in the Data Streaming Accelerator and Analytics Accelerator, Processor Diagnostic Tool, Graphics Performance Analyzers, Extreme Tuning Utility, Computing Improvement Program, Ethernet Controller Administrative Tools, Quartus Prime, Processor Identification Utility, Programmable Gate Array, Core Ultra processor, and Advisor products.
400,000 Linux Servers Compromised by Ebury Botnet
The Ebury Linux botnet has compromised over 400,000 Linux systems over the past 15 years, with around 100,000 still infected. Ebury, an OpenSSH backdoor and credential stealer, has been continuously updated and has exploited these systems for financial gain since 2009, according to a new ESET report.
Many of the infected systems belong to hosting providers, enabling attackers to intercept SSH traffic from interesting targets and redirect it to an attacker-controlled server to capture login credentials. The malware operators have also targeted Tor exit nodes, Bitcoin, and Ethereum nodes to steal cryptocurrency wallets and have eavesdropped on network traffic to steal credit card data.
领英推荐
Microsoft Alerts of Ongoing Zero-Day Exploit, Releases Patches for 60 Windows Vulnerabilities
Microsoft has documented 60 security flaws across multiple software products and has flagged an actively exploited zero-day vulnerability in Windows, urging immediate attention.
The zero-day bug, identified as CVE-2024-30051, is described as a heap-based buffer overflow in the Windows Desktop Window Manager (DWM) Core Library. This vulnerability has already been leveraged in malware attacks requiring elevated SYSTEM privileges.
Exploiting this flaw bypasses OLE mitigations in Microsoft 365 and Microsoft Office, designed to protect users from vulnerable COM/OLE controls. An attacker, without authentication, who successfully exploits this vulnerability, could execute code by tricking a user into opening a malicious document. This could lead to arbitrary code execution within the user's context.
Additionally, Microsoft highlighted CVE-2024-30044, a critical-severity remote code execution vulnerability in Microsoft SharePoint, urging Windows admins to give it immediate attention as well.
Adobe Patches Critical Vulnerabilities in Reader and Acrobat
Adobe has identified multiple code execution flaws across its product lineup, including the widely used Adobe Acrobat and Reader software. The company has noted that it is not currently aware of any exploits in the wild for these documented issues.
These security-focused updates also address critical code execution vulnerabilities in Adobe Illustrator for both Windows and macOS, as well as code execution and memory leak software defects in Adobe Substance 3D Painter. Additionally, there is an arbitrary code execution bug in Adobe Aero and critical issues found in Adobe Animate software.
Furthermore, Adobe has released patches for Adobe Framemaker and Adobe Dreamweaver for both Windows and MacOS systems.
Student and Personnel Data Compromised in the City of Helsinki Cyberattack
The City of Helsinki reported that usernames, email addresses, and personal information were stolen in a recent cyberattack. The city disclosed that the breach compromised the usernames and email addresses of all city personnel, as well as the IDs and addresses of students, guardians, and personnel from the city's education division.
While most of the data on the network drive, amounting to tens of millions of files, consists of documents without personally identifying information or containing only ordinary personal information, the risk of abuse is deemed low. However, the potentially compromised information includes details such as children's education and care fees, student welfare information, special support needs, medical certificates for students who suspended studies, and sick leave records for division personnel. More than 80,000 students and guardians are likely impacted by the breach.
The city's official mentioned that the investigation hasn't found evidence of other city divisions being affected, but continuous monitoring of all networks is underway. It remains unclear if the cyberattack involved ransomware, as no ransomware group has claimed responsibility for the breach.
VMware Resolves Vulnerabilities Exploited at Pwn2Own 2024
VMware has successfully patched three vulnerabilities that were exploited earlier this year at the Pwn2Own hacking competition.
The latest advisory from VMware details four vulnerabilities, with three of them being reported at the Pwn2Own Vancouver 2024 competition organized by Trend Micro’s Zero Day Initiative (ZDI). The fourth flaw was reported separately to VMware by a researcher through ZDI, outside the context of the hacking competition.
One of the critical vulnerabilities, identified as CVE-2024-22267, was exploited at Pwn2Own by Theori and Star Labs SG teams.
Another high-severity vulnerability, tracked as CVE-2024-22269, was found in the Bluetooth component and could be exploited by a local attacker with admin privileges on a VM to access privileged information from the hypervisor memory. This issue was reported by the Theori team at Pwn2Own.
The third vulnerability, credited to the Star Labs SG team at Pwn2Own, is an information disclosure problem associated with the Host Guest File Sharing (HGFS) functionality. This high-severity issue, tracked as CVE-2024-22270, permits a malicious actor with local administrative privileges on a VM to access privileged information in hypervisor memory.
The Theori team was awarded $130,000 at Pwn2Own for an exploit chain that combined several bugs, enabling them to escape VMware Workstation and execute arbitrary code with System privileges on the host Windows operating system.
$2.5 Million Offered for ‘Matrix Cup’ Chinese Hacking Contest
The Matrix Cup, a Chinese hacking contest, is offering substantial rewards for exploits targeting a wide range of technology products. Described as the Eastern hemisphere’s top cybersecurity competition, it will run from June 26-28 and is sponsored by Qihoo 360 and Beijing Huayun’an Information Technology.
A total of 20 million yuan ($2.75 million) is up for grabs, with 18 million yuan ($2.5 million) allocated for zero-day exploits. The contest targets include operating systems like Windows, Linux, and macOS, popular smartphones such as Samsung Galaxy, Google Pixel, and iPhones, enterprise software from Microsoft, Zimbra, F5, and Citrix, networking devices from Cisco, Juniper Networks, and others, as well as NAS devices, cybersecurity products, databases, web browsers, virtualization technologies, printers, and data processing frameworks like Hadoop.
500 organizations affected by the Black Basta attack
The US government has issued a warning regarding Black Basta ransomware attacks targeting critical infrastructure organizations. According to a recent alert from CISA, the FBI, HHS, and MS-ISAC, Black Basta affiliates have targeted 12 out of 16 critical infrastructure sectors, including healthcare organizations.
Following network compromise, the attackers utilize a range of tools for activities such as remote access, network scanning, lateral movement, privilege escalation, and data exfiltration. These tools include SoftPerfect, BITSAdmin, PsExec, Mimikatz, and RClone.
Black Basta affiliates have also been observed exploiting vulnerabilities such as ZeroLogon, NoPac, and PrintNightmare for privilege escalation, using Remote Desktop Protocol (RDP) for lateral movement, and deploying the Backstab tool to disable endpoint detection and response (EDR) solutions
The new alert provides comprehensive details on the tactics, techniques, and procedures (TTPs) utilized by Black Basta affiliates, indicators of compromise (IoCs), and recommended mitigation strategies.
Microsoft Quick Assist Tool Abused for Ransomware Delivery
The Black Basta group has been exploiting the remote connection tool Quick Assist in vishing attacks that result in the deployment of ransomware. Microsoft has reported that these threat actors have been using tools like ScreenConnect and NetSupport Manager, followed by deploying Qakbot, Cobalt Strike, and Black Basta ransomware.
Their modus operandi begins with signing up the victim's email address to multiple subscription services to flood their inbox. They then impersonate IT support in phone calls, purportedly to assist the victim in resolving the issue. During these calls, they persuade the victim to grant access to their device through Quick Assist, a Microsoft application for remote connection, allowing the attackers to view the screen or take control, typically under the guise of troubleshooting.
In addition to Quick Assist, the attackers utilize ScreenConnect for persistence and lateral movement. They engage in hands-on activities such as domain enumeration and deploying ransomware across the network using PsExec.
To combat these malicious tactics, Microsoft plans to incorporate alerts into Quick Assist to warn users about potential tech support scams and mitigate such abuse.
New ‘Antidot’ Android Trojan Allows Cybercriminals to Hack Devices, Steal Data
The Antidot Android banking trojan is designed to spy on users and steal their credentials, contacts, and SMS messages. Upon infecting a device, Antidot presents a fake Google Play update page that matches the device's language settings (including English, French, German, Portuguese, Romanian, Russian, and Spanish). This page then redirects the victim to the Accessibility settings, tricking them into granting elevated permissions to the malware.
In the background, the trojan establishes communication with a server controlled by the attacker to receive commands. These commands empower it to execute overlay attacks, unlock the device, activate sleep mode, open and uninstall apps, make calls, send SMS messages, gather information, initiate VNC sessions, display push notifications, and even use the camera to capture photos.
Antidot also incorporates an overlay attack module that leverages WebView to display HTML phishing pages, posing as legitimate banking or cryptocurrency apps. To execute overlay attacks, the trojan communicates a list of application package names to the command-and-control (C&C) server, which then sends back tailored overlays designed for specific targeted apps. When a user tries to open one of these apps, Antidot creates an overlay window, capturing the victim's login credentials in the process.
Alkira Raises $100 Million for Secure Network Infrastructure Platform
Alkira, the network infrastructure-as-a-service provider, has secured $100 million in a Series C funding round led by Tiger Global Management. Other participants in this investment round include Dallas Venture Capital, Geodesic Capital, Kleiner Perkins, Koch Disruptive Technologies, NextEquity Partners, and Sequoia Capital.
The software offered by Alkira enables organizations to swiftly construct global and secure networks without the need to procure or manage physical hardware or maintain software appliances on-premises.
Alkira has outlined several areas where the new funding will be utilized:
Fagansvarlig Offensive Security - Author - Speaker - Content Creator - Nerd
9 个月Interesting!