Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More


Stay up to date with cybersecurity news! Our Weekly Cybersecurity Newsletter provides a curated summary of the most important updates, trends, and insights from the cybersecurity world.

Whether you’re an IT professional, a business executive, or just someone interested in protecting your online life, our newsletter is designed to keep you informed.

EHA

Our cybersecurity team carefully creates each edition to make sure you get the latest and most relevant information. Subscribe now to stay updated and protect yourself against cyber threats.

Threats

1. Telegram-Controlled tRat Attacking Linux Systems

A new threat actor campaign has been identified, leveraging the Telegram messaging app to control the tRat malware targeting Linux systems. This malware allows attackers to execute arbitrary commands and steal sensitive data from compromised machines. The campaign highlights the increasing sophistication of threat actors in using legitimate platforms for malicious activities.
Read more

2. Sitting Ducks DNS Attack Hijacks 35,000 Domains

The Sitting Ducks DNS attack, first reported in 2016, continues to be a significant threat, hijacking around 35,000 domains. This attack exploits flaws in DNS infrastructure, enabling malware distribution, phishing, and data theft. Researchers from Infoblox and Eclypsium are collaborating with law enforcement to address this critical vulnerability.
Read more

3. Fake Google Authenticator Sites Spreading DeerStealer Malware

A new malware campaign has been discovered, where fake Google Authenticator download sites are spreading DeerStealer malware. These deceptive websites trick users into downloading malicious files, leading to data theft and potential system compromise.
Read more

4. DevPopper: Social Engineering Attack Targeting Developers

The DevPopper campaign is a sophisticated social engineering attack targeting software developers. By impersonating trusted entities, attackers are tricking developers into downloading malicious software, which can lead to significant security breaches within development environments.
Read more

5. Audi Q7 Car for Sale Scam Delivers Malware Instead

A new scam has emerged where threat actors are posing as sellers of Audi Q7 cars online. Instead of delivering the vehicle, they provide malware-laden files to unsuspecting buyers. This scam underscores the importance of verifying the authenticity of online sellers.
Read more

Cyber Attack

1. Fresnillo PLC Suffers Cyber Attack

Fresnillo PLC, a leading precious metals mining company, recently experienced a significant cyber attack. The incident has disrupted operations, and the company is working with cybersecurity experts to investigate and mitigate the impact. Read more: Fresnillo PLC Suffers Cyber Attack

2. Hackers Abuse TryCloudflare Service to Deliver Malware

Cybercriminals are increasingly leveraging the TryCloudflare Tunnel to distribute Remote Access Trojans (RATs) like Xworm, AsyncRAT, and VenomRAT. By exploiting the temporary nature of Cloudflare Tunnels, attackers create ephemeral infrastructures that bypass traditional security measures. Read more: Hackers Abuse TryCloudflare Service to Deliver Malware

3. Specula Outlook C2 Registry

A new threat actor group named Specula has been identified using Outlook’s C2 registry for command and control operations. This method allows them to evade detection by blending in with legitimate Outlook traffic. Read more: Specula Outlook C2 Registry

4. Proofpoint’s Email Protection Service Exploited

A critical vulnerability in Proofpoint’s email protection service has been exploited to send millions of spoofed phishing emails. The attack, dubbed “EchoSpoofing,” has targeted major brands and highlighted significant vulnerabilities in email security protocols.Read more: Proofpoint’s Email Protection Service Exploited

5. Ransomware Gangs Exploiting VMware ESXi Auth Bypass Flaw

Ransomware operators are exploiting a critical authentication bypass vulnerability (CVE-2024-37085) in VMware’s ESXi hypervisors. This flaw allows attackers to gain full administrative permissions, posing severe risks to organizations that use ESXi for hosting virtual machines. Read more: Ransomware Gangs Exploiting VMware ESXi Auth Bypass Flaw 

Vulnerability

1. SLUBStick Linux Vulnerability

Security researchers have uncovered a severe vulnerability in the Linux kernel, named “SLUBStick,” which could allow attackers to gain full control over affected systems. This exploit technique leverages memory allocation flaws to achieve arbitrary read and write access to kernel memory, affecting recent Linux kernel versions, including 5.19 and 6.2. The vulnerability allows unprivileged users to elevate privileges and potentially escape container environments. Users are advised to apply security updates as soon as they become available to mitigate this risk. Read more:SLUBStick Linux Vulnerability

2. Microsoft Edge Vulnerability

Microsoft has released a critical security update for its Edge browser to address multiple vulnerabilities, including a severe validation flaw that could allow attackers to execute arbitrary code on affected systems. The update, released on August 1, 2024, patches three significant vulnerabilities in Microsoft Edge versions prior to 127.0.2651.86. Users are strongly advised to update their browsers to the latest version to mitigate these risks. Read more:Microsoft Edge Vulnerability

3. Bitdefender SSRF Vulnerability

A critical security vulnerability has been discovered in Bitdefender’s GravityZone Update Server, potentially exposing organizations to server-side request forgery (SSRF) attacks. The flaw, identified as CVE-2024-6980, carries a high severity rating with a CVSS score of 9.2 out of 10. Bitdefender has released an automatic update to product version 6.38.1-5, which fixes the vulnerability. Organizations using affected versions are strongly advised to update their systems immediately. Read more:Bitdefender SSRF Vulnerability

4. Google Chrome Critical Security Update

Google has rolled out a critical security update for its Chrome browser, addressing a severe flaw that could lead to browser crashes. The update brings Chrome to version 127.0.6533.88/89 for Windows and Mac and 127.0.6533.88 for Linux. This update includes three significant security fixes, two of which were reported by an external researcher. Users are urged to update their browsers promptly to ensure they are protected against these vulnerabilities. Read more:Google Chrome Critical Security Update

5. Multiple SMTP Servers Vulnerable

Multiple SMTP servers have been found vulnerable to critical security flaws that could allow attackers to exploit these servers for malicious activities. Organizations using affected SMTP servers are advised to apply the necessary patches and updates to secure their systems against potential attacks. Read more:Multiple SMTP Servers Vulnerable

6. RADIUS Protocol Vulnerability in Cisco

A vulnerability in the RADIUS protocol implementation in Cisco devices has been discovered, potentially allowing attackers to bypass authentication mechanisms. Cisco has released updates to address this vulnerability, and users are strongly encouraged to apply these updates to protect their systems. Read more:RADIUS Protocol Vulnerability in Cisco

Other News

1. DDoS Attack Leads to Microsoft Azure Global Outage

On July 30, 2024, Microsoft experienced a significant global outage affecting its Azure cloud services and Microsoft 365 products. The incident, which lasted nearly 10 hours, was triggered by a Distributed Denial-of-Service (DDoS) attack and impacted users worldwide. The outage began at approximately 11:45 UTC and was resolved by 19:43 UTC. Microsoft confirmed that the initial trigger was a DDoS attack, which caused an unexpected usage spike, overwhelming Azure Front Door (AFD) components and Azure Content Delivery Network (CDN), leading to intermittent errors, timeouts, and latency spikes. Source:DDoS Attack Leads to Microsoft Azure Global Outage

2. DigiCert to Revoke Thousands of Certificates Following DNS Validation Error

DigiCert, a major certificate authority, is set to revoke thousands of SSL/TLS certificates due to a Domain Control Verification error. The issue arose from an oversight in the DNS-based verification process, affecting approximately 0.4% of its domain validations. The problem was due to the failure to include an underscore prefix in the random value used for CNAME-based domain validation, violating the guidelines set by the CA/Browser Forum (CABF). Source:DigiCert to Revoke Thousands of Certificates Following DNS Validation Error



Source link