CyberSecurity updates
Updated: 2024-09-12 06:01:47 Pacfic

Flag This

GitLab Critical Security Update Addresses Multiple Vulnerabilities, Including CVE-2024-6678, CVE-2024-8640, CVE-2024-8635 and CVE-2024-8124 - 4h

GitLab has released a critical security update addressing several vulnerabilities in its platform. These include CVE-2024-6678, CVE-2024-8640, CVE-2024-8635, and CVE-2024-8124, which are considered critical and require immediate action. Users are strongly urged to upgrade to the latest patched versions as soon as possible to prevent exploitation. The vulnerabilities could potentially lead to unauthorized access, data breaches, and other malicious activities. The update is available for versions 17.3.2, 17.2.5, and 17.1.7, and all users are encouraged to implement the patch at their earliest convenience.

Critical Vulnerabilities in Adobe Acrobat Reader Exploited in the Wild: Public Proof-of-Concept Exploit Available for Remote Code Execution Zero-Day - 7h

A critical zero-day vulnerability has been identified in Adobe Acrobat Reader, allowing for remote code execution. A proof-of-concept exploit for this vulnerability is publicly available, making it easier for attackers to exploit it. Users are strongly advised to upgrade to the latest version of Adobe Acrobat Reader immediately to patch this vulnerability and mitigate the risk of exploitation.

Microsoft Patch Tuesday September 2024 Addresses 79 Vulnerabilities Including 4 Zero-Days and a 6-Year-Old Flaw - 22h

Microsoft’s September 2024 Patch Tuesday addressed a total of 79 vulnerabilities across its products, including 4 zero-day flaws that were actively being exploited by attackers. Notably, one of the zero-days, CVE-2024-38217, had been exploited since at least 2018, affecting Windows Smart App Control (SAC) and SmartScreen. These updates are crucial for patching security loopholes and ensuring system integrity. The updates also include fixes for Windows 10 (22H2 and 21H2) and Windows 11 23H2, as well as performance issues arising from prior updates for Windows Server 2019. Organizations are urged to prioritize timely patching of systems running Microsoft software to mitigate risks.

Highline Public Schools Suffers Cyberattack, Leading to School Closures - 2d

Highline Public Schools, a K-12 district in Washington state, was hit by a cyberattack that resulted in the closure of all schools and the cancellation of related activities. The attack impacted the school’s technology systems, necessitating an immediate response to contain the damage and initiate a thorough investigation. The incident highlights the growing threat of cyberattacks targeting educational institutions, which often store a significant amount of sensitive personal and financial data. While the details of the attack remain limited, the disruption underscores the need for robust security measures within the educational sector to prevent data breaches and maintain operational continuity.

Multiple Critical Vulnerabilities Found in Intel's UEFI Firmware Affecting Millions of Devices - 2h

Intel has issued a security advisory regarding critical vulnerabilities found in the UEFI firmware of certain processors. These vulnerabilities, if exploited, could lead to privilege escalation, denial-of-service (DoS) attacks, or sensitive data leakage. Users are advised to wait for system manufacturers to release firmware updates to address these issues. The impact of these vulnerabilities is potentially widespread, as millions of devices may be affected. The security risks associated with these vulnerabilities are significant, as they could potentially grant attackers control over affected systems.

PIXHELL: Novel Acoustic Attack Exploiting LCD Monitor Noise to Leak Secrets from Air-Gapped Systems - 1d

A new acoustic attack called PIXHELL has been discovered, which can leak sensitive data from air-gapped and audio-gapped systems by exploiting the subtle noises emitted by LCD monitors. This attack can extract secrets without the need for speakers or physical access to the devices. The technique exploits the relationship between the brightness changes on the LCD screen and the associated acoustic emanations. By analyzing the audio generated by the display, attackers can extract the information being displayed, potentially including system prompts and user actions. This novel attack highlights a vulnerability in the security of physically isolated systems and emphasizes the need for organizations to implement comprehensive security strategies, including monitoring for unexpected acoustic anomalies in controlled environments.

GRU Unit 29155's Destructive Cyberattacks Target Ukrainian and NATO Infrastructure - 6d

The US Department of Justice has filed charges against five officers from Russia’s military intelligence service, the GRU, along with a civilian collaborator, for launching destructive cyberattacks against Ukrainian infrastructure and probing computer systems of 26 NATO member countries. The GRU’s Unit 29155, known for sabotage and influence operations, was actively involved in campaigns that began a month before Russia’s invasion. These attacks included data-wiping malware (WhisperGate) and data theft, aimed at undermining trust in Ukrainian government systems. Unit 29155 also used commercial tools and techniques and collaborated with cybercriminals. This indictment highlights the continuing threat posed by nation-state-backed cyberattacks, with a specific focus on Unit 29155’s tactics and techniques. This incident should raise awareness among security professionals concerning the potential for such attacks and encourage the implementation of robust defensive measures against them.

Apache OFBiz Remote Code Execution Vulnerability Exploited in Attacks, Patch Released - 4d

Apache OFBiz, an open-source enterprise resource planning and customer relationship management (CRM) suite, has been affected by a critical remote code execution (RCE) vulnerability (CVE-2024-45195). This flaw allows unauthenticated attackers to execute arbitrary code or SQL queries on affected systems due to missing view authorization checks in the web application. The vulnerability is a patch bypass that expands upon three previous vulnerabilities that stemmed from a fragmentation issue in the controller-view map. It’s crucial for organizations utilizing Apache OFBiz to update to version 18.12.16, which addresses this vulnerability. The exploitation of this flaw can lead to server compromises, data exfiltration, or disruption of critical business operations. The vulnerability’s emergence emphasizes the importance of organizations practicing robust security measures, such as implementing patch management practices, and highlights the growing sophistication of attack techniques that can circumvent past security fixes.

Telegram Messaging App Faces Scrutiny for High Volume of Criminal Activity, Including CSAM and Drug Trafficking - 4d

The Telegram messaging platform has been facing increasing scrutiny due to a substantial volume of criminal activity reported on the platform. A New York Times analysis of over 3.2 million messages across 16,000 channels revealed evidence of illegal and extremist activity, including CSAM, drug sales, and white supremacist channels. Telegram Founder, Pavel Durov, has publicly acknowledged the challenge of managing the app’s large user base and pledged to enhance moderation efforts. Telegram’s moderation policy has been under intense debate, with some critics labeling it an ‘anarchic paradise’ for cybercriminal activity. The platform is now actively working on removing features linked to illegal activities and improving its mechanisms for addressing law enforcement requests. Organizations and individuals using Telegram should be cautious of the risks associated with the platform and consider alternative messaging services where security and moderation are prioritized.

GeoServer Vulnerability (CVE-2024-36401) Exploited in Global Malware Campaign - 3d

A critical vulnerability (CVE-2024-36401, CVSS score 9.8) in GeoServer, an open-source geospatial data server, is being actively exploited by attackers to gain unauthorized access to systems and deploy malware. The vulnerability resides in GeoServer’s request parameters, enabling attackers to execute arbitrary code remotely. Attackers use this flaw to gain initial access, establish persistence, deploy malware, and carry out malicious activities. The malware observed in these campaigns includes GOREVERSE, SideWalk, JenX, Condi Botnet, and various cryptocurrency miners, depending on the attackers’ aims. This attack campaign has been observed targeting organizations across different regions including IT service providers in India, government entities in Belgium, technology companies in the US, and telecommunications companies in Thailand and Brazil. GeoServer users are urged to upgrade to the latest patched versions (2.23.6, 2.24.4, and 2.25.2) to mitigate the risk.

Russian GRU Unit 29155 (Cadet Blizzard) Cyber Espionage and Sabotage Operations Targeting Global Critical Infrastructure - 2d

The Russian General Staff Main Intelligence Directorate’s (GRU) 161st Specialist Training Center (Unit 29155), also known as Cadet Blizzard, has been identified as a significant threat actor carrying out cyberattacks against global targets, including critical infrastructure. This group’s activities include espionage, sabotage, and reputational harm, with operations observed as early as January 2022. The U.S. government, along with a coalition of international partners, has officially linked this APT group to the GRU and is offering a $10 million reward for information leading to the disruption of its activities. Their techniques and tactics are constantly evolving, posing challenges to cybersecurity professionals. It’s crucial for organizations globally to remain vigilant and adopt enhanced security measures to counter these sophisticated threats.

Slim CD Payment Gateway Data Breach Impacts 1.7 Million Individuals, Credit Card and Personal Information Compromised: Sensitive Data Exposed in Payment Processing System - 2d

A data breach at Slim CD, a payment gateway provider, has affected nearly 1.7 million individuals. The breach compromised credit card and personal information belonging to a large number of customers. This incident highlights the risks associated with payment processing systems and the importance of robust security measures to safeguard sensitive financial data. The scope and exact nature of the compromised data have not been fully disclosed, leading to ongoing concerns about potential misuse of the stolen information. Organizations utilizing Slim CD services should review their security practices and consider any necessary mitigations to ensure the protection of sensitive data.

Penpie DeFi Protocol Suffers $27 Million Crypto Hack, Exploiting Reward Distribution Vulnerability - 4d

The Penpie DeFi protocol, built on the Pendle platform, experienced a significant security breach in early September 2024. Attackers exploited a vulnerability in Penpie’s reward distribution mechanism, enabling them to deploy a malicious smart contract that inflated their staking balance. This manipulation allowed the attackers to claim an excessive share of rewards, resulting in the theft of approximately $27 million in cryptocurrency. The incident highlights the ongoing security challenges in the decentralized finance (DeFi) space, as vulnerabilities in smart contracts can lead to substantial financial losses. The Penpie team has responded by suspending deposits and withdrawals and contacting law enforcement agencies, including the FBI and Singaporean police. The hack also triggered a message on the blockchain from a notorious Euler Finance hacker praising the Penpie hacker for their actions, underscoring the growing sophistication and boldness of cybercriminal activity in the DeFi space.

ShrinkLocker Ransomware Exploits BitLocker to Encrypt Data and Destabilize Systems, Creating Challenges for Decryption - 4d

A new ransomware strain named ShrinkLocker has been identified, exploiting the legitimate Windows BitLocker feature to encrypt data and destabilize systems. This ransomware utilizes BitLocker’s secure boot partition to render data recovery challenging, potentially causing major damage to impacted systems. ShrinkLocker modifies key system registry settings to control RDP and TPM configurations. It disables key protectors, shrinks partitions, formats them and reconfigures boot files. It also exfiltrates data to a command-and-control server and deletes logs to obfuscate its activity. The use of BitLocker for encryption poses significant challenges for decryption and recovery, making data recovery complex and potentially costly. The vulnerability exploited by ShrinkLocker is still under investigation. Organizations and individuals need to be aware of the threat posed by this ransomware and implement comprehensive security measures to protect their data and systems. The encryption technique used by the ransomware is sophisticated and can cause disruption to users. It is vital for organizations and users to maintain regular backups and practice proper security hygiene to mitigate the impact of such attacks.

Avis Car Rental Suffers Data Breach, Customer Personal Information Stolen - 4d

Avis Budget Group, a major car rental company, disclosed a data breach following an attack that compromised one of its business applications and led to the theft of customer personal information. This incident highlights the increasing vulnerability of businesses to data breaches due to insufficient security measures. The attackers likely exploited a vulnerability in the company’s systems to gain unauthorized access, leading to the compromise of sensitive customer data. The specific vulnerability and attack methodology have not been publicly disclosed, but it indicates a potential weakness in Avis’s security posture. The stolen information may include names, addresses, and other personal identifiers, representing a significant privacy risk to impacted customers. This incident serves as a reminder for businesses to implement comprehensive security measures and ensure the protection of customer data, especially in the face of growing cyber threats.

Critical Security Flaw in LiteSpeed Cache Plugin for WordPress Exposes Millions of Websites to Attacks - 4d

Security researchers have discovered a critical security vulnerability in the LiteSpeed Cache plugin for WordPress, tracked as CVE-2024-44000. The flaw could enable unauthenticated attackers to potentially take control of accounts on vulnerable WordPress sites. This vulnerability impacts millions of websites using LiteSpeed Cache due to its wide adoption, making the exploitation potential significant. The issue stems from a flaw in the plugin’s debug logging functionality, allowing attackers to leverage a ‘/wp-content/debug.log’ file access to exfiltrate users’ session cookies or even hijack the site. The vulnerability has been addressed with a patch in version 6.5.0.1, highlighting the need for website owners to update the plugin promptly to mitigate the risk.

Gamaredon APT Launches Spear-Phishing Campaign Targeting Ukrainian Military Personnel - 5d

The Gamaredon APT (Advanced Persistent Threat) group has launched a spear-phishing campaign targeting Ukrainian military personnel. The group, also known as Primitive Bear or Armageddon, is a Russian-affiliated threat actor with a history of targeting Ukrainian government and critical infrastructure. The campaign uses emails disguised as military summons, with malicious attachments designed to deliver payloads that potentially exfiltrate sensitive data from compromised systems. This campaign highlights the ongoing cyber warfare threat in Ukraine.

SpyAgent Android Malware Uses OCR to Steal Cryptocurrency Recovery Phrases from Images: McAfee Mobile Research Team Discovers Advanced Threat - 4d

A new Android malware dubbed ‘SpyAgent’ has been discovered by McAfee’s Mobile Research Team, utilizing Optical Character Recognition (OCR) technology to steal cryptocurrency recovery phrases. SpyAgent targets 12-word mnemonic keys, which are often used to restore crypto wallets, by scanning images stored on infected devices. This sophisticated attack leverages OCR to automatically extract the recovery phrases from screenshots or images containing the sensitive information. The malware then transmits the stolen data to a remote server, potentially leading to cryptocurrency theft and financial loss for victims. Users are advised to be vigilant and implement appropriate security measures to protect their devices and cryptocurrency assets.

Microchip Technology Cyberattack: Play Ransomware Group Steals Employee Data, Company Restores Operations - 7d

Semiconductor giant Microchip Technology experienced a significant cyberattack that resulted in the theft of employee data, including contact information and encrypted passwords. The Play ransomware group claimed responsibility for the attack, threatening to release more stolen data. Despite operational disruptions, Microchip Technology has largely restored its systems and operations. The attack highlights the growing trend of ransomware attacks targeting semiconductor companies, underscoring the importance of strong cybersecurity practices within the industry. The attackers may potentially attempt to extort the company. The risk of the attackers leaking the stolen data is high, which could expose employees to phishing, identity theft, and other threats. The company has contacted law enforcement and is continuing to investigate the incident.

Latest

Multiple Critical Vulnerabilities Found in Intel's UEFI Firmware Affecting Millions of Devices (2h)
Find

GitLab Critical Security Update Addresses Multiple Vulnerabilities, Including CVE-2024-6678, CVE-2024-8640, CVE-2024-8635 and CVE-2024-8124 (4h)
Find

Critical Vulnerabilities in Adobe Acrobat Reader Exploited in the Wild: Public Proof-of-Concept Exploit Available for Remote Code Execution Zero-Day (7h)
Find

Microsoft Patch Tuesday September 2024 Addresses 79 Vulnerabilities Including 4 Zero-Days and a 6-Year-Old Flaw (22h)
Find

PIXHELL: Novel Acoustic Attack Exploiting LCD Monitor Noise to Leak Secrets from Air-Gapped Systems (1d)
Find

Slim CD Payment Gateway Data Breach Impacts 1.7 Million Individuals, Credit Card and Personal Information Compromised: Sensitive Data Exposed in Payment Processing System (2d)
Find

Highline Public Schools Suffers Cyberattack, Leading to School Closures (2d)
Find

Russian GRU Unit 29155 (Cadet Blizzard) Cyber Espionage and Sabotage Operations Targeting Global Critical Infrastructure (2d)
Find

GeoServer Vulnerability (CVE-2024-36401) Exploited in Global Malware Campaign (3d)
Find

Telegram Messaging App Faces Scrutiny for High Volume of Criminal Activity, Including CSAM and Drug Trafficking (4d)
Find

ShrinkLocker Ransomware Exploits BitLocker to Encrypt Data and Destabilize Systems, Creating Challenges for Decryption (4d)
Find

Avis Car Rental Suffers Data Breach, Customer Personal Information Stolen (4d)
Find

SpyAgent Android Malware Uses OCR to Steal Cryptocurrency Recovery Phrases from Images: McAfee Mobile Research Team Discovers Advanced Threat (4d)
Find

Apache OFBiz Remote Code Execution Vulnerability Exploited in Attacks, Patch Released (4d)
Find

Penpie DeFi Protocol Suffers $27 Million Crypto Hack, Exploiting Reward Distribution Vulnerability (4d)
Find

Critical Security Flaw in LiteSpeed Cache Plugin for WordPress Exposes Millions of Websites to Attacks (4d)
Find

Gamaredon APT Launches Spear-Phishing Campaign Targeting Ukrainian Military Personnel (5d)
Find

GRU Unit 29155's Destructive Cyberattacks Target Ukrainian and NATO Infrastructure (6d)
Find

Microchip Technology Cyberattack: Play Ransomware Group Steals Employee Data, Company Restores Operations (7d)
Find