The weekly cyber security newsletter is a brief summary of what the most recent threats, vulnerabilities, and innovations in the digital security space are all about.
This weekly drill encourages a deeper comprehension of the quick-changing malicious tactics, and threat environment by facilitating timely adjustments to security protocols.
Eventually, this helps organizations and individuals to maintain stronger system protection against the constantly shifting array of cyber threats.
Threats
1. Fake regreSSHion Exploit Attacking Security Researchers
An alarming new threat has emerged targeting cybersecurity researchers. A malicious archive, masquerading as an exploit for the CVE-2024-6387 vulnerability (regreSSHion), is being distributed on social media. This archive contains a mix of source code, malicious binaries, and scripts designed to compromise systems by achieving persistence and retrieving additional payloads from a remote server. Researchers are advised to exercise extreme caution when downloading and analyzing files from untrusted sources.
Read more
2. Information Stealing Malware Distributed as AI Tools & Chrome Extensions
The first half of 2024 has seen a significant rise in information-stealing malware disguised as AI tools and Chrome extensions. Notable threats include the Rilide Stealer and Vidar info stealer, which exploit the public’s fascination with AI to trick users into downloading malware-laden applications. The gaming community has also been heavily targeted, with malware like Lumma Stealer and RedLine Stealer compromising personal information. Additionally, sophisticated mobile malware such as GoldPickaxe has emerged, capable of stealing facial recognition data for fraudulent financial transactions.
Read more
3. Kimsuky Hackers Using .exe and .docx Files in Attacks
The North Korean cyber espionage group Kimsuky has been observed using .exe and .docx files to deliver malware. These malicious files are part of spear-phishing campaigns targeting specific individuals and organizations. The attackers use social engineering techniques to trick recipients into opening the files, which then execute malicious code to compromise the victim’s system.
Read more
4. FIN7 Domains Mimic Brands to Uncover New Phishing Campaigns
The notorious cybercrime group FIN7 has been found using domains that mimic well-known brands to conduct phishing campaigns. These domains are designed to deceive users into believing they are interacting with legitimate websites, thereby stealing their credentials and other sensitive information. This tactic highlights the importance of vigilance and the need for robust security measures to detect and block phishing attempts.
Read more
5. Phishing Attack Targets SharePoint Servers
A new phishing attack has been identified targeting SharePoint servers. Attackers are exploiting vulnerabilities in SharePoint to gain unauthorized access and distribute phishing emails. This attack underscores the importance of keeping software up to date and implementing strong security protocols to protect against unauthorized access and data breaches.
Read more
Cyber Attack Highlights
1. STORMOUS Ransomware Group Claims Breach of HITC Telecom
The STORMOUS ransomware group has claimed responsibility for a significant breach of HITC Telecom. The group announced via social media that they have infiltrated the company’s systems, exfiltrating sensitive data including customer information, internal communications, and financial records. HITC Telecom has yet to release an official statement but has activated an emergency response team to assess the damage and mitigate further risks. This incident underscores the growing threat posed by ransomware groups targeting high-profile organizations. Read more
2. Hackers Weaponize Shortcut Files with Zero-day Tricks
Cybersecurity researchers have identified that hackers are weaponizing shortcut files (.url) with zero-day exploits (CVE-2024-38112) to attack Windows users. These malicious shortcut files can bypass modern browser protections by exploiting retired Internet Explorer functionalities, leading to potential remote code execution on fully patched Windows 10 and Windows 11 systems. Microsoft has released a patch to address this vulnerability. Read more
3. AT&T Reveals Massive Data Breach
AT&T has disclosed a significant data breach affecting millions of customers. The breach involved unauthorized access to sensitive customer information, including personal details and account data. AT&T is currently investigating the incident and has taken steps to secure its systems and notify affected customers. This breach highlights the ongoing challenges in safeguarding customer data in the telecommunications industry. Read more
4. FishXProxy Fuels Phishing Attacks
A new phishing campaign leveraging the FishXProxy tool has been identified, targeting users with sophisticated phishing attacks. FishXProxy allows attackers to bypass traditional security measures and deliver phishing payloads more effectively. This tool’s emergence underscores the evolving tactics of cybercriminals in conducting phishing attacks and the need for enhanced security measures to protect against such threats. Read more
Vulnerabilities
Cisco Warns of regreSSHion RCE Impacting Multiple Products
Cisco has issued a security advisory regarding a critical remote code execution (RCE) vulnerability, dubbed “regreSSHion,” that affects multiple products. The vulnerability, tracked as CVE-2024-6387, impacts the OpenSSH server (sshd) in glibc-based Linux systems and allows unauthenticated attackers to gain root access to affected systems. Cisco has identified several products across various categories affected by this vulnerability and recommends restricting SSH access, upgrading OpenSSH, and adjusting the LoginGraceTime
parameter to mitigate the risk of exploitation. Read more
Hackers Exploit Microsoft SmartScreen Vulnerability to Deploy Stealer Malware
Cybersecurity researchers have discovered that hackers are actively exploiting a vulnerability in Microsoft SmartScreen to deploy stealer malware. The vulnerability, CVE-2024-21412, was initially patched in February 2024, but threat actors continue to leverage it to bypass SmartScreen and spread malware such as Lumma and Meduza Stealer. The attack chain involves malicious links distributed via spam email, leading to a multi-step attack using PowerShell and JavaScript scripts. Read more
New OpenSSH Vulnerability CVE-2024-6409
A new vulnerability in OpenSSH, tracked as CVE-2024-6409, has been discovered. This vulnerability affects the OpenSSH server and could potentially allow attackers to execute arbitrary code on affected systems. Administrators are advised to apply the latest patches and updates to mitigate the risk. Read more
PoC for Splunk Enterprise Local File Inclusion
A proof-of-concept (PoC) exploit for a local file inclusion vulnerability in Splunk Enterprise has been released. This vulnerability allows attackers to read arbitrary files on the server, potentially leading to further exploitation. Users are urged to update their Splunk Enterprise installations to the latest version to address this issue. Read more
Outlook Zero-Click RCE Vulnerability
A zero-click remote code execution (RCE) vulnerability has been discovered in Microsoft Outlook. This vulnerability allows attackers to execute arbitrary code on the victim’s machine without any user interaction. Microsoft has released patches to address this issue, and users are strongly encouraged to update their Outlook installations. Read more
Microsoft Patch Tuesday – July 2024
Microsoft’s Patch Tuesday for July 2024 includes fixes for multiple critical vulnerabilities across various products. Administrators are advised to apply these patches promptly to secure their systems against potential exploits. Read more
Citrix NetScaler Authentication Vulnerability
A critical authentication vulnerability has been discovered in Citrix NetScaler ADC and Gateway. This vulnerability could allow attackers to bypass authentication mechanisms and gain unauthorized access to affected systems. Citrix has released patches to address this issue, and users are urged to apply them immediately. Read more
Data Breach Updates
Massive 9.4GB Twitter Data Leaked Online – 200 Million Records Exposed
Researchers at Cyber Press have discovered a significant data breach involving a 9.4GB dataset containing nearly 200 million Twitter user records. The leaked data includes email addresses, names, and Twitter account details, making users vulnerable to phishing attacks, identity theft, and social engineering schemes. The data was posted on a well-known hacking forum by a user named “michupa” on July 7, 2024. Users are advised to change their passwords, enable two-factor authentication, and monitor their accounts for unusual activity. Read more
1.4 GB of NSA Data Leaked – Phone Numbers, Email Addresses & More Classified Data Exposed Online
A 1.4GB file containing sensitive and classified information from the National Security Agency (NSA) has been leaked online. The data includes full names, emails, office numbers, and personal cell numbers of NSA employees, as well as email addresses of government officials from various entities. The leak was posted on a data breach forum by a user named “Gostingr” on July 9, 2024. The NSA is expected to implement additional security measures in response to this breach. Read more
Threat Actors Claiming Breach of Nokia Database
Threat actors have claimed to breach a Nokia database, exposing sensitive information. Details about the extent of the breach and the specific data compromised are still emerging. Organizations are advised to monitor for updates and take necessary precautions to protect their data. Read more
Truecaller Data Leak – 273 Million Users Affected
A data leak involving Truecaller has exposed the information of 273 million users. The leaked data includes phone numbers, names, and other personal details, posing a risk of identity theft and other cyber threats. Users are urged to be cautious of unsolicited communications and to review their account security settings. Read more
Other News
Researchers Decrypt DoNex Ransomware
Researchers have successfully decrypted the DoNex ransomware and its rebranded versions, including Muse, fake LockBit 3.0, and DarkRace. A flaw in the encryption scheme allowed the creation of a decryptor, which has been secretly provided to victims since March 2024. The decryptor works for all DoNex variants and targets victims primarily in the US, Italy, and Belgium. This effort was publicly revealed in July 2024, making the secret decryption unnecessary. The ransomware uses CryptGenRandom() to generate a key for the ChaCha20 symmetric cipher, with the key appended with its corresponding RSA-4096 encrypted symmetric key. The decryptor is a wizard-based tool that guides users through the recovery process. Read more
Microsoft Bans Android Devices for China Employees
Microsoft has mandated that its employees in China use iPhones, banning Android devices from accessing corporate resources. This decision is part of a broader initiative to strengthen defenses against cyber threats. The primary reason is the unavailability of Google Mobile Services in China, which are essential for running Microsoft’s security apps. To facilitate the transition, Microsoft will provide each employee currently using an Android phone with an iPhone 15. This move underscores Microsoft’s commitment to high-security standards and reflects the ongoing geopolitical tensions between the US and China. Read more
Notepad Text Editor Gets Spell Check
The popular Notepad text editor has received an update that includes a spell check feature. This enhancement aims to improve the user experience by providing real-time spell checking, which is particularly useful for those who use Notepad for writing and editing text. The update is part of a broader effort to modernize the text editor and make it more competitive with other text editing tools available in the market. Read more
Browser Rendering Process PDF Pricing
A new development in browser technology involves the rendering process for PDFs. This update aims to improve the efficiency and security of handling PDF documents within web browsers. By optimizing the rendering process, browsers can provide a smoother user experience and better protect against potential vulnerabilities associated with PDF files. This change is part of ongoing efforts to enhance browser performance and security. Read more
Wireshark 4.2.6 Released
Wireshark, the widely-used network protocol analyzer, has released version 4.2.6. This update includes several new features, bug fixes, and performance improvements. Wireshark is an essential tool for network troubleshooting, analysis, and protocol development. The latest version aims to provide users with enhanced capabilities and a more robust toolset for their network analysis needs. Read more
The post Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories) appeared first on Cyber Security News.