CyberSecurity Newsletter May 28th 2024
CyberSecurity Newsletter May 28th 2024
In this week’s news: Pulse Secure has a critical RCE, Google tries to oust Microsoft from public sector contracts, Cloudflare Workers used for phishing, Breachforums is back, Phishing-as-a-Service tool used to steal creds and exploits for Git Modules vulnerability.
Cybersecurity experts have identified a critical zero-day vulnerability in Pulse Connect Secure VPN, a widely used virtual private network solution. The vulnerability, which allows for remote code execution (RCE), has been actively exploited by hackers, raising significant concerns among organizations relying on this technology for secure remote access:
https://cybersecuritynews.com/hackers-advertising-pulse-connect/
Google is aiming to poach Microsoft's public sector customers by attacking its competitor over recent high-profile breaches and offering new incentives for federal agencies to reduce the U.S. government's "overreliance on a single technology vendor.":
https://www.govinfosecurity.com/google-urges-feds-to-ditch-microsoft-over-security-concerns-a-25286
Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail:
https://thehackernews.com/2024/05/new-tricks-in-phishing-playbook.html
Exploit for CVE-2024-30056 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability:
https://github.com/absholi7ly/Microsoft-Edge-Information-Disclosure
Exploit for Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled:
https://github.com/hakaioffsec/CVE-2024-21338
Exploit - Proof of Concept (PoC) for CVE-2024-32002, a Remote Code Execution (RCE) vulnerability in Git submodules. The exploit demonstrates how a malicious payload can be triggered via a recursive clone of a Git repository:
https://github.com/safebuffer/CVE-2024-32002
A new Phishing-as-a-Service (PaaS) tool called Greatness is being used by cybercriminals to steal Microsoft 365 login credentials. First detected in 2022, Greatness allows attackers to bypass security measures and has been continuously updated with evasion tactics:
https://cybersecuritynews.com/greatness-paas-tool-microsoft-365/
NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw (CVE-2023-37679):
https://fortiguard.fortinet.com/threat-signal-report/5460
Hackers Exploiting Arc Browser Popularity with Malicious Google Search Ads:
https://cybersecuritynews.com/hackers-exploiting-arc-browser/
Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274):
https://www.helpnetsecurity.com/2024/05/24/cve-2024-5274/
A threat actor has claimed to have gained unauthorised access to API keys for major cloud service providers, including Amazon Web Services (AWS), Microsoft Azure, MongoDB, and GitHub:
https://cybersecuritynews.com/threat-actor-claiming-access/
A security issue in PMB library software by sigb.net has been identified, and patches have been made available. If successfully exploited, this vulnerability could lead to a compromise of the server running the PMB software, including remote code execution (RCE):
https://cert.be/en/advisory/warning-remote-code-inclusion-vulnerability-multiple-versions-pmb-library-software-patch
Microsoft Threat Intelligence team stated that a cybercriminal group, identified as Storm-1811, has been exploiting Microsoft’s Quick Assist tool in a series of social engineering attacks. This group is known for deploying the Black Basta ransomware attack:
https://securityboulevard.com/2024/05/black-basta-ransomware-attack-microsoft-quick-assist-flaw/
Breachforums, has re-emerged after being confiscated by authorities in a surprising development:
https://cybersecuritynews.com/data-leak-site-breachforums/
threat actor named “888” has purportedly exposed a database linked to the well-liked sporting goods store Decathlon in a surprising development:
https://cybersecuritynews.com/threats-claimimg-breach/
Researchers at OneKey discovered a a critical remote code execution (RCE) vulnerability, tracked as CVE-2024-5035 (CVSS score 10.0), in TP-Link Archer C5400X gaming router:
https://securityaffairs.com/163762/hacking/tp-link-archer-c5400x-critical-flaw.html
An improper access control bug in Apache Flink that was fixed in January 2021 has been added to the US government's Known Exploited Vulnerabilities Catalog, meaning criminals are right now abusing the flaw in the wild to compromise targets:
https://www.theregister.com/2024/05/24/apache_flink_flaw_cisa/
A massive Microsoft outage affects Bing.com, Copilot for web and mobile, Copilot in Windows, ChatGPT internet search and DuckDuckGo. Microsoft outage started at approximately 3 AM EDT on May 23rd and seems to have primarily affected users in Asia and Europe:
https://www.bleepingcomputer.com/news/microsoft/microsoft-outage-affects-bing-copilot-duckduckgo-and-chatgpt-internet-search/
Threat actors are exploiting a WordPress plugin Dessky Snippets to insert malicious PHP code in e-commerce sites and steal credit card data:
https://securityaffairs.com/163777/malware/wordpress-plugin-insert-e-skimmer.html