Our weekly summary of cybersecurity news provides information on the most recent threats, vulnerabilities, innovations, attacks, dangers, and stories in the field.
It also discusses possible upcoming malicious tactics that can threaten the devices and make you take defensive measures just in time.
This is important as it enables us to put appropriate security measures in place on time consequently being defensive.
In addition, this continuing situational comprehension promotes a comprehensive perception that ensures proper system strengthening against ever-changing threat matrixes and risk management.
Bondnet Using High-Performance Bots For C2 Server
Threat actors are leveraging high-performance bots to execute large-scale automated attacks. These bots can flood systems, steal information, and conduct sophisticated cyber operations autonomously. Bondnet has been using these bots for C2 servers, configuring reverse RDP environments on compromised systems source.
Discord-Based Malware Attacking Linux Systems in India
A Pakistani-based threat actor, UTA0137, has been using Discord-based malware, DISGOMOJI, to target Linux systems in India. This malware uses emojis for command and control communications and exploits the DirtyPipe vulnerability in BOSS Linux systems source.
New Moonstone Sleet North Korean Actor Deploying Malicious Open Source Packages
Moonstone Sleet, a North Korean threat actor, has been targeting the open-source software supply chain by distributing malicious NPM packages. These packages are designed to execute their payload immediately upon installation, targeting both Windows and Linux systems source.
SmokeLoader Modular Malware Capabilities
SmokeLoader, a modular malware, has been observed with enhanced capabilities, including credential theft, system information gathering, and the ability to download additional payloads. This malware is being used in various cyber espionage campaigns source.
Hackers Abuse Windows Search
Cybercriminals are exploiting Windows Search to deliver malware. By manipulating search results, they can trick users into downloading and executing malicious files, leading to system compromise source.
Black Basta Actors Exploited Windows Zero-day Privilege Escalation Vulnerability
The Cardinal cybercrime group, operating the Black Basta ransomware, exploited a Windows privilege escalation vulnerability (CVE-2024-26169) as a zero-day. The vulnerability, patched on March 12, 2024, was found in the Windows Error Reporting Service. Analysis revealed that the exploit tool used in recent attacks was compiled before the patch, indicating potential zero-day exploitation. The attackers used batch scripts masquerading as software updates, although no ransomware payload was deployed in the investigated attack source.
Chinese Hackers Compromised 20K FortiGate Systems Worldwide
Chinese state actors targeted FortiGate systems with COATHANGER malware, compromising at least 20,000 systems globally, including government and defense industry networks. The attackers exploited the CVE-2022-42475 vulnerability, which they knew about two months before its disclosure. Despite security updates, the threat actors retained access to many systems, highlighting the need for robust mitigation strategies source.
ValleyRAT Password Stealing Techniques
Researchers from Zscaler detailed the techniques used by ValleyRAT, a remote access tool first observed in early 2023. The malware employs multi-stage payload delivery, DLL sideloading, and anti-AV evasion tactics. It uses XOR and RC4 encryption, process injection, and API resolving tricks to maintain stealth and persistence on infected systems source.
APT Hackers Abusing Google OneDrive
Advanced Persistent Threat (APT) groups have been abusing Google OneDrive to host and distribute malware. This tactic allows them to bypass traditional security measures and deliver malicious payloads to targeted systems. The use of legitimate cloud services for malicious purposes underscores the evolving strategies of cyber threat actors source.
MultiRDP Malware Attacks Multiple Systems Simultaneously
The MultiRDP malware has been identified as a tool that allows attackers to control multiple Remote Desktop Protocol (RDP) sessions simultaneously. This capability enables widespread and coordinated attacks on multiple systems, increasing the potential impact and damage of such cyberattacks source.
UNC5537 Hijacks Snowflake
The UNC5537 threat group has been linked to a significant data breach involving Snowflake, a cloud AI data platform. The attackers managed to infiltrate the platform, affecting multiple organizations and exposing sensitive data source.
Hackers Use OTP Bots to Bypass 2FA
Cybercriminals have developed OTP bots capable of bypassing two-factor authentication (2FA) mechanisms. These bots automate the process of intercepting and using one-time passwords (OTPs), posing a significant threat to the security of online accounts and services source.
Stay informed and vigilant to protect your systems from these evolving cybersecurity threats.
Data Breaches
Kulicke & Soffa Data Breach
Kulicke & Soffa, a semiconductor equipment manufacturer, has suffered a data breach. The breach exposed sensitive information, including employee and customer data source.
Investigation Over 23andMe Hack
Genetic testing company 23andMe is investigating a data breach that potentially exposed the personal information of millions of users. The breach has raised concerns about the security of genetic data source.
Japan Video Sharing Website Cyber Attack
A popular video-sharing website in Japan has been targeted by a cyber attack, resulting in the exposure of user data. The attack highlights the vulnerabilities in online platforms and the need for robust security measures source.
Vulnerabilities
FortiOS Vulnerability Allows Unauthorized Commands
A critical vulnerability in FortiOS allows attackers to execute unauthorized commands. This vulnerability poses a significant risk to organizations using Fortinet products source.
Microsoft Patch for RCE and Privilege Escalation
Microsoft has released patches addressing remote code execution (RCE) and privilege escalation vulnerabilities. These patches are crucial for maintaining the security of Windows systems source.
Chrome 126 Released
Google has released Chrome 126, which includes several security fixes. Users are advised to update their browsers to protect against potential exploits source.
VLC Media Player Vulnerabilities
Multiple vulnerabilities have been discovered in VLC Media Player, which could allow attackers to execute arbitrary code. Users should update to the latest version to mitigate these risks source.
Microsoft Outlook Zero-Click RCE Flaw
A zero-click remote code execution flaw in Microsoft Outlook has been identified. This vulnerability allows attackers to compromise systems without user interaction source.
Other News
Windows AI Recall Delayed
Technical issues have delayed the recall of a Windows AI feature. This delay affects users who rely on the feature for various applications.
CISA Urges Administrators
The Cybersecurity and Infrastructure Security Agency (CISA) is urging administrators to implement critical security updates to protect against emerging threats. This advisory highlights the importance of timely patch management source.