Weekly Cyber Security News - Last weeks of Aug

Weekly Cyber Security News ??- Last weeks of Aug

1.? ?Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE

A critical vulnerability, CVE-2024-42815, with a CVSS score of 9.8, has been discovered in TP-Link RE365 V1_180213 series routers, allowing for remote exploitation and potential takeover.

2.? ?Critical Fortra FileCatalyst Workflow Vulnerability Patched (CVE-2024-6633)

The flaw, known as CVE-2024-6633, involves the use of default credentials for the HSQL database, which could compromise the software's confidentiality, integrity, and availability.

3.? ?Threat Group 'Bling Libra' Pivots to Extortion for Cloud Attacks

The threat group known as Bling Libra, previously linked to the Ticketmaster data breach, has shifted to the double extortion strategy in cloud attacks, according to researchers at Palo Alto Networks' Unit 42.

4.? AWS Load Balancer Plagued by Authentication Bypass Flaw

Miggo has uncovered a security flaw in AWS Load Balancer that could allow cybercriminals to bypass authentication and authorization services, potentially affecting over 15,000 applications.??

5.? ?CISA Adds Google Chromium V8 Bug to its Known Exploited Vulnerabilities Catalog

Google released a security update this week to address the actively exploited Chrome zero-day vulnerability. The vulnerability, CVE-2024-7965, is an inappropriate implementation issue in Chrome's V8 JavaScript engine.

6.? ?New Unicode QR Code Phishing Scam Bypasses Traditional Security

Cybercriminals are using Unicode QR codes in a new type of phishing attack that can bypass traditional security measures, putting users at risk of visiting malicious websites and having their data stolen.

7.? ?BlackByte Blends Known Tactics With New Encryptor Variant and Vulnerability Exploits to Support Ongoing Attacks

The latest encryptor variant identified by researchers at Cisco Talos appends the file extension ‘blackbytent_h’ to encrypted files. This variant also includes the deployment of four vulnerable drivers, an increase from previous reports.

8.? ??Microsoft's Sway Serves as Launchpad for 'Quishing' Campaign

A new QR code phishing campaign is using Microsoft Sway to steal credentials. The attacks primarily target users in Asia and North America, particularly in the technology, manufacturing, and finance sectors.

9.? ??New Phishing Campaign Steals VPN Credentials Using Social Engineering Methods

The GuidePoint Research and Intelligence Team (GRIT) discovered attacker domain names and IP addresses targeting over 130 US organizations through a campaign that begins by stealing credentials and passcodes using social engineering tactics.

10.? ?China's Volt Typhoon Exploits Zero-Day Flaw in Versa's SD-WAN Director Servers

Lumen researchers identified the bug and reported it to Versa in June, with active exploitation by Volt Typhoon observed since at least June. The attackers use a Web shell called VersaMem to capture credentials and monitor system activity.

11.? ?South Korean APT Group Exploits WPS Office Zero-Day for Espionage

ESET uncovered a new cyber-espionage campaign tied to a South Korean APT group that used a remote code execution (RCE) vulnerability in WPS Office for Windows to deploy a custom backdoor called "SpyGlace."

12.? ?Critical Apache OFBiz Vulnerability CVE-2024-38856 Identified and Actively Exploited

This flaw allows attackers to execute remote code without authentication, posing a serious risk. Versions up to 18.12.14 are affected, and organizations are advised to upgrade to version 18.12.15 to mitigate the issue.

13.? ?Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot

New details have emerged about a patched vulnerability in Microsoft 365 Copilot that could lead to the theft of sensitive user information through a technique known as ASCII smuggling.

14.? ?Report: A Third of Organizations Suffer SaaS Data Breaches Last Year

According to AppOmni, one-third of organizations experienced SaaS data breaches last year due to a lack of visibility and control, as revealed by a survey of 644 enterprises globally.

15.? ?Google Tags a Tenth Chrome Zero-Day as Exploited This Year

The vulnerability, tracked as CVE-2024-7965 and reported by a security researcher known as TheDog, involved a bug in the compiler backend that could allow remote attackers to exploit heap corruption through a crafted HTML page.

16.? ?SonicWall Patches Critical Flaw Affecting its Firewalls (CVE-2024-40766)

SonicWall has addressed a critical vulnerability (CVE-2024-40766) in its next-gen firewalls, which could be exploited by remote attackers to gain unauthorized access and potentially crash the devices.

17.? ?PythonAnywhere Cloud Platform Abused for Hosting Ransomware

Researchers found that attackers are leveraging PythonAnywhere cloud platform to host and distribute malicious files using Razr ransomware discreetly. The ransomware generates a unique machine ID, encryption key, and IV to begin operations.

18.? ?Researcher Publishes PoC Exploit for Zero-Click Windows RCE Threat

A security researcher has published a proof-of-concept exploit for a critical zero-click vulnerability, CVE-2024-38063, in Windows TCP/IP. This flaw allows remote code execution on Windows systems with IPv6 enabled, affecting millions of devices.

? ?

19.? ?Researcher Publishes PoC Exploit for Zero-Click Windows RCE Threat

Inherent vulnerabilities stem from the underlying formats and processes of the technology, allowing attackers to exploit features like automatic code execution in ML models and certain dataset formats.

20.? ?Tech Support Scam Found Hijacking Microsoft Search Queries Through Google Ads

Two deceptive campaigns were identified recently using Google ads and Microsoft's infrastructure. The first scam involves a fake helpdesk page on Microsoft Learn whereas the second one hijacks Microsoft search queries through a Google ad.

21.? ?Critical SSTI Flaw in WPML Plugin Exposes Millions of WordPress Sites to RCE Attacks

This vulnerability allows authorized users to inject and execute malicious code through the plugin's shortcode feature, potentially leading to data theft and website takeover.

22.? ?Centreon Issues Critical Security Update to Fix SQL Injection Vulnerabilities That Threaten IT Monitoring

These vulnerabilities, known as CVE-2024-32501, CVE-2024-33852, CVE-2024-33853, CVE-2024-33854, CVE-2024-5725, and CVE-2024-39841, pose a significant risk to organizations relying on Centreon for IT infrastructure monitoring.

23.??Vulnerability Prioritization is Only the Beginning

Vulnerability prioritization is crucial in managing security threats but is only the beginning. Knowing which vulnerabilities to address is not enough; the focus should be on quickly addressing and mitigating them.

24.? ?Over 3400 High and Critical Cyber Alerts Recorded in First Half 2024

A report from Critical Start’s Cyber Research Unit revealed over 3400 high and critical cyber alerts in the first half of 2024, marking a 46.15% increase in attacks in the US compared to 2023.

25.? ?Two Remote Code Execution Vulnerabilities Discovered in Traccar GPS Tracking System

The two vulnerabilities are path traversal flaws, with CVE-2024-24809 allowing unrestricted file upload with dangerous types and CVE-2024-31214 enabling remote code execution through device image uploads.

26.? ?YouTube Launches AI Tool to Recover Hacked Accounts

YouTube has launched an AI tool to help users recover hacked accounts more easily. The AI chatbot called "support assistant" will guide users through the process of securing their login and recovering their account.

27.? ?Another Critical SolarWinds Web Help Desk Bug Fixed (CVE-2024-28987)

SolarWinds has fixed another critical bug in Web Help Desk, known as CVE-2024-28987. This flaw involves hardcoded credentials that can be exploited by remote unauthenticated users to access internal functions and alter data.

28.? ?CISA Adds Dahua IP Camera, Linux Kernel, and Microsoft Exchange Server Bugs to its KEV Catalog

The CISA has added new vulnerabilities to its Known Exploited Vulnerabilities catalog, including Dahua IP Camera authentication bypass flaws, a Linux Kernel buffer overflow issue, and a Microsoft Exchange Server vulnerability.

29.? ?Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities

The urgent security update, Microsoft Edge Stable Channel Version 128.0.2739.42, based on Chromium versions 128.0.6613.85 and 128.0.6613.84, addresses a total of 25 security issues.

30.? ?Slack Patches AI Bug That Exposed Private Channels

Slack fixed a vulnerability in its AI feature that could allow attackers to steal data from private channels. The flaw involved a prompt injection flaw in an AI feature, which allowed attackers to manipulate the system to perform malicious actions.

31.??China-linked APT Velvet Ant Exploited Zero-Day to Compromise Cisco Nexus Switches

The China-linked APT group Velvet Ant exploited a zero-day vulnerability in Cisco switches, CVE-2024-20399, to take control of network devices. The flaw in Cisco NX-OS Software's CLI enabled attackers with Admin credentials to run arbitrary commands.

32.? Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk

This vulnerability allows local attackers to escalate privileges to SYSTEM level through a heap-based buffer overflow. With a CVSS score of 7.8, CVE-2024-38054 is a critical flaw patched by Microsoft in July.