CyberSecurity Newsletter 13th May 2024
CyberSecurity Newsletter 13th May 2024
In this week’s news: Hacker’s target cybersecurity vendors, the MGM hackers target banks, UK’s Ministry of Defense hacked, Ohio Lottery hacked and RCE found in iTunes.
Attackers increasingly target cybersecurity vendors with backdoor hacks:
https://www.itbrew.com/stories/2024/05/06/attackers-increasingly-target-cybersecurity-vendors-with-backdoor-hacks-expert-says
Cybersecurity researchers are sounding the alarm that hackers are exploiting software vulnerabilities faster than ever before. A new report from Fortinet found that in the second half of 2023, the average time between a vulnerability being disclosed and actively exploited in the wild shrunk to just 4.76 days – a staggering 43% decrease compared to the first half of the year:
https://gbhackers.com/hackers-exploiting-vulnerabilities-faster/
The Ministry of Defence has suffered a significant data breach and the personal information of UK military personnel has been hacked. A third-party payroll system used by the MoD, which includes names and bank details of current and past members of the armed forces, was targeted in the attack. A very small number of addresses may also have been accessed:
https://www.theguardian.com/technology/article/2024/may/06/uk-military-personnels-data-hacked-in-mod-payroll-breach
The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the deployment of NetSupport RAT:
https://thehackernews.com/2024/05/fin7-hacker-group-leverages-malicious.html
The hacking group accused of disrupting casinos and hotels at MGM Resorts International last year is engaged in a new campaign targeting banks and insurance companies, according to cybersecurity researchers:
https://www.bnnbloomberg.ca/hackers-behind-mgm-attack-targeting-financial-sector-in-new-campaign-1.2070373
Passwordless Authentication Standard FIDO2 Flaw Let Attackers Launch MITM Attacks:
https://gbhackers.com/fid02-mitm-vulnerability/
Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo:
https://thehackernews.com/2024/05/malicious-python-package-hides-sliver.html
Google Cloud Accidentally Deletes $125 Billion Pension Fund’s Online Account:
https://cybersecuritynews.com/google-cloud-accidentally-deletes/
Ohio Lottery Hacked: 500,000+ Customers Data Exposed:
https://gbhackers.com/ohio-lottery-hacked/
Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. Tinyproxy is an open-source HTTP and HTTPS proxy server designed to be fast, small, and lightweight. It is specifically tailored for UNIX-like operating systems and is commonly used by small businesses, public WiFi providers, and home users:
https://www.bleepingcomputer.com/news/security/over-50-000-tinyproxy-servers-vulnerable-to-critical-rce-flaw/
Aerospace giant Boeing has confirmed that the LockBit ransomware gang demanded a staggering $200 million extortion payment after breaching the company’s network and stealing sensitive data in October 2023:
https://cybersecuritynews.com/boeing-confirms-lockbit-demanded/
Ascension is one of the most extensive charity healthcare systems in the US. It has been hit hard by a ransomware attack, which has caused significant problems with its operations. The cyberattack has caused the healthcare provider to redirect ambulances and switch all of its hospitals to manual recording:
https://cybersecuritynews.com/ascension-healthcare-systems-hacked/
A new arbitrary code execution vulnerability has been discovered in iTunes that could allow a threat actor to perform malicious activities.
This vulnerability has been assigned with CVE-2024-27793, and the severity is yet to be categorised:
https://cybersecuritynews.com/itunes-windows-security-flaw/
The developers of Black Basta regularly introduce new obfuscation approaches and evasion tricks into it, which helps keep it a persistent and changing threat to conventional security measures. Recently, CISA discovered that Black Basta ransomware has attacked over 500 industries:
https://cybersecuritynews.com/cisa-black-basta-ransomware-industries/
Apache OFBiz RCE Flaw Let Attackers Execute Malicious Code Remotely:
https://gbhackers.com/apache-ofbiz-rce-flaw/
US and China to Hold Discussions on AI Risks and Security:
https://www.databreachtoday.co.uk/us-china-to-hold-discussions-on-ai-risks-security-a-25181