The “Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More” provides a comprehensive overview of the latest developments in the cybersecurity landscape.
Each edition highlights significant data breaches, emerging vulnerabilities, and notable cyber attacks, offering insights into the evolving threats that organizations face.
By staying informed through this newsletter, readers can better understand the current cybersecurity challenges and trends, enabling them to enhance their security measures and strategies.
Threats
Sumter County Targeted by Rhysida Ransomware
Sumter County has fallen victim to a Rhysida ransomware attack, causing significant disruptions. The attack has led to the encryption of critical data, impacting local government operations. Efforts are underway to restore systems and mitigate the damage caused by the ransomware. Read more
Hackers’ Toolkit Exposed
Cybersecurity researchers have uncovered an extensive hacker toolkit that includes tools for various stages of cyberattacks. This toolkit, found in an open directory, showcases sophisticated methods used by threat actors to gain and maintain access to compromised systems. Notable tools include PoshC2 and Sliver, which have been repurposed for malicious activities. Read more
Post-Exploitation Tactics on Ivanti and Fortigate VPN Servers
Threat actors are employing advanced post-exploitation tactics on Ivanti and Fortigate VPN servers. These tactics include leveraging vulnerabilities to gain unauthorized access and maintain persistence within compromised networks. The report highlights the need for organizations to patch vulnerabilities promptly to prevent such intrusions. Read more
New Phishing Campaign Targets Users
A new phishing campaign has been identified, targeting users with sophisticated techniques to steal sensitive information. The campaign uses deceptive emails that appear legitimate, tricking users into providing personal data. Cybersecurity experts urge vigilance and recommend verifying the authenticity of emails before responding. Read more
CryptoCore Cryptocurrency Scam Draining Wallets
The CryptoCore group is behind a cryptocurrency scam that has been draining victims’ wallets. This scam involves sophisticated social engineering tactics to trick users into revealing their wallet credentials. The report emphasizes the importance of securing cryptocurrency assets and being wary of unsolicited communications. Read more
New SSLoad Loader Malware Attacking
A new variant of the SSLoad loader malware has been identified, which is being used in targeted attacks. This malware is part of a broader campaign aimed at compromising systems and stealing sensitive information. The SSLoad loader is known for its stealthy operations, making it a significant threat to cybersecurity. Read more
ArtiPACKED: Hacking GitHub Repositories
Security researchers have discovered a vulnerability in GitHub’s Actions feature, named “ArtiPACKED.” This exploit leverages a race condition in GitHub’s artifact system, allowing attackers to compromise repositories and inject malicious code. The vulnerability could lead to remote code execution and unauthorized code pushes into repositories. Read more
Fortinet Patches Multiple Vulnerabilities
Fortinet has released patches for several vulnerabilities identified in its products. These vulnerabilities, if exploited, could allow attackers to execute arbitrary code, gain unauthorized access, or cause denial of service. Users are advised to update their systems promptly to mitigate these risks. Read more
Iranian APT42 Phishing Campaign
A new phishing campaign by the Iranian threat actor group APT42 has been uncovered. This campaign targets individuals and organizations to gather intelligence and compromise systems. The group uses sophisticated phishing techniques to lure victims into revealing sensitive information. Read more
New Threat Actors and Tools Found
Recent investigations have uncovered new threat actors and tools being used in cyber attacks. These actors are employing advanced tactics to breach security defenses and exploit vulnerabilities in various systems. Organizations are urged to enhance their security measures to defend against these emerging threats. Read more
Vulnerabilities
Critical Vulnerabilities in AWS Services
Researchers from Aqua have identified critical vulnerabilities in several Amazon Web Services (AWS), including CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar. These vulnerabilities could potentially allow remote code execution, data exposure, and denial of service attacks. The research introduced new attack vectors, such as the “Shadow Resource” and “Bucket Monopoly” techniques, which exploit automatically generated AWS resources. AWS has implemented fixes, but organizations are advised to follow best practices for additional protection. Read more
Industrial Remote Access Gateway Tool Hacked
Security researchers have uncovered severe vulnerabilities in the Ewon Cosy+, an industrial remote access gateway tool. These vulnerabilities allow attackers to gain root access, compromising the device’s security. The flaws include OS command injection and insecure permissions, which could lead to unauthorized VPN session hijacking. HMS Networks has released firmware updates to address these issues, and users are advised to update their devices promptly. Read more
Vulnerabilities in Qualcomm’s Adreno GPU Chipset
Details are emerging about vulnerabilities in Qualcomm’s Adreno GPU chipset, which could potentially affect a wide range of devices using this technology. The specifics of these vulnerabilities and their impact on device security are still being assessed. Read more
Sonos Vulnerability Allows Remote Code Execution
A newly discovered vulnerability in Sonos devices could allow remote code execution, posing a significant risk to users. This vulnerability highlights the importance of keeping IoT devices updated with the latest security patches to prevent unauthorized access and control. Read more
CLFS BSOD Error
A critical error related to the Common Log File System (CLFS) has been identified, causing Blue Screen of Death (BSOD) incidents. This error underscores the need for regular system updates and monitoring to mitigate potential disruptions. Read more
AMD Sinkclose Vulnerability
A recently discovered vulnerability in AMD processors, known as the Sinkclose vulnerability, allows attackers to access the most privileged portions of a computer. This high-severity issue, identified as CVE-2023-31315, affects almost all AMD processors manufactured since 2006. It enables hackers to execute their code in System Management Mode (SMM), posing significant challenges for detection and removal. AMD has released mitigation options for recent processors, but older models remain unsupported. Read more
Zabbix Server Vulnerability
A critical vulnerability, CVE-2024-22116, was found in Zabbix, a popular monitoring solution. This vulnerability allowed administrators with restricted permissions to execute arbitrary code via the Ping script, compromising infrastructure. It affected versions 6.4.0 to 6.4.15 and 7.0.0alpha1 to 7.0.0rc2. Zabbix has released patches in versions 6.4.16rc1 and 7.0.0rc3 to address this issue. Read more
0-Click Outlook Vulnerability
A critical vulnerability in Microsoft Outlook, identified as CVE-2024-30103, allows remote code execution as soon as an email is opened. This vulnerability exploits a flaw in the allow-listing mechanism, enabling unauthorized instantiation of custom forms. Microsoft has issued a patch to address this vulnerability by revising the allow-listing matching algorithm. Read more
Microsoft Patches Six Zero-Days
Microsoft has released patches for six zero-day vulnerabilities, addressing critical security threats across its products. These updates are part of the company’s ongoing efforts to enhance security and protect users from potential exploits. Read more
Zoom Vulnerabilities Escalate Privileges
Zoom has addressed vulnerabilities that could allow attackers to escalate privileges on affected systems. These vulnerabilities posed significant risks, enabling unauthorized access and potential data breaches. Zoom has released updates to mitigate these security issues. Read more
Critical 0-Click RCE in Windows TCP/IP Stack
Microsoft has released an urgent security update to address a critical remote code execution vulnerability in the Windows TCP/IP stack, identified as CVE-2024-38063. This vulnerability affects all supported Windows and Windows Server versions and can be exploited remotely without user interaction by sending specially crafted IPv6 packets. Organizations are advised to apply the latest security updates immediately and consider disabling IPv6 if not needed. Read more
Chrome V8 Engine RCE Vulnerability
A critical vulnerability, CVE-2024-5830, has been discovered in Chrome’s V8 JavaScript engine. This type confusion bug allows attackers to execute arbitrary code by getting victims to visit a malicious website. Google has released patches to address this vulnerability, highlighting the ongoing security challenges in complex web browsers. Read more
Prisma Access Browser Vulnerability
Palo Alto Networks has issued a high-severity security update for the Prisma Access Browser to address vulnerabilities in the Chromium engine, such as “use after free” and type confusion issues. Users are advised to update to version 127.100.2858.4 or later to mitigate these vulnerabilities. Read more
Kubernetes Vulnerability: Command Injection
A command injection vulnerability has been identified in Kubernetes, allowing attackers to execute arbitrary commands. This vulnerability underscores the need for continuous monitoring and updating of Kubernetes environments to protect against potential exploits. Read more
Cyber Attack
Massive DDoS Attack on X During Trump Interview
Elon Musk reported a massive Distributed Denial-of-Service (DDoS) attack on the social media platform X (formerly Twitter) during a scheduled live interview with former President Donald Trump. The attack disrupted services, preventing many users from accessing the event. Despite the technical difficulties, the interview proceeded with a reduced number of live listeners, and the unedited audio was released afterward. This incident highlights ongoing challenges faced by the platform during high-profile events. Read more
New Phishing Campaign Targets AWS Accounts
A sophisticated phishing campaign has been identified, targeting AWS accounts to steal login credentials. The attack begins with a phishing email containing a PNG image, redirecting victims to a malicious domain and eventually leading to a fake AWS login page. The campaign highlights the importance of layered security measures, such as enforcing strong account security and using phishing-proof multi-factor authentication (MFA). Read more
Golddigger Gigabud Malware Affecting Airlines
There is a critical error on the website, and details regarding the Golddigger Gigabud malware affecting airlines are currently unavailable. For more information, please visit the website directly. Read more
Windows 0-Day Flaw Exploited
Information regarding the exploitation of a Windows 0-day flaw is not available in the provided search results. Please check the website for updates and detailed information. Read more
FBI Dismantles Dispossessor Ransomware Operations
The FBI has successfully dismantled the operations of the Radar/Dispossessor ransomware group, which gained notoriety for targeting small- to mid-sized businesses across various sectors, including healthcare, financial services, and transportation. This group was known for its dual-extortion tactics, exfiltrating and encrypting files from victim organizations. The FBI’s operation involved taking down multiple servers and criminal domains across the United States, the UK, and Germany. Organizations are advised to strengthen their cybersecurity measures and report any ransomware activities to the FBI’s Internet Crime Complaint Center. Read more