CyberSecurity Newsletter 17th June 2024
CyberSecurity Newsletter 17th June 2024
In this week’s news: a critical PHP vulnerability, Scattered Spider arrests, linux exploits using discord emojis, Outlook critical RCE vulnerability, Microsoft Wifi Vulnerability, and an ASUS critical vulnerability.
Microsoft will not roll out "Recall", an AI-powered feature that tracks computer usage, with its new computers next week and will instead preview it with a smaller group later, the tech giant said, amid concerns of privacy risks:
https://www.itnews.com.au/news/microsoft-to-delay-release-of-recall-ai-feature-608832
Hacker Accesses Internal ‘Tile’ Tool That Provides Location Data to Cops. A hacker broke into systems used by Tile, the tracking company, then stole a wealth of customer data and had access to internal company tools:
https://www.404media.co/hacker-accesses-internal-tile-tool-that-provides-location-data-to-cops/
Law enforcement authorities have allegedly arrested a key member of the notorious cybercrime group called Scattered Spider. The individual, a 22-year-old man from the United Kingdom, was arrested this week in the Spanish city of Palma de Mallorca as he attempted to board a flight to Italy. The move is said to be a joint effort between the U.S. Federal Bureau of Investigation (FBI) and the Spanish Police:
https://thehackernews.com/2024/06/uk-hacker-linked-to-notorious-scattered.html
A newly discovered Linux malware dubbed 'DISGOMOJI' uses the novel approach of utilising emojis to execute commands on infected devices in attacks on government agencies in India:
https://www.bleepingcomputer.com/news/security/new-linux-malware-is-controlled-through-emojis-sent-from-discord/
PCBA manufacturing giant Keytronic is warning it suffered a data breach after the Black Basta ransomware gang leaked 530GB of the company's stolen data two weeks ago:
https://www.bleepingcomputer.com/news/security/keytronic-confirms-data-breach-after-ransomware-gang-leaks-stolen-files/
A critical zero-click remote code execution (RCE) vulnerability has been discovered in Microsoft Outlook. This vulnerability, CVE-2024-30103, enables attackers to run arbitrary code by sending a specially designed email. When the recipient opens the email, the exploit is triggered:
https://cybersecuritynews.com/microsoft-outlook-zero-click-rce-flaw/
Auction house to the wealthy Christie's says 45,798 people were affected by its recent cyberattack and resulting data theft. That's according to public filings made with US state attorneys general on Friday, including template letters being distributed to customers. The letter templates didn't reveal the exact data types involved in the breach; instead, a nondescript mail merge code is in its place. However, the public filing page in Maine states that the thieves stole both names and ID document numbers:
https://www.theregister.com/2024/06/10/christies_clients_data_stolen/
Microsoft chose profit over security and left the U.S. government vulnerable to Russian hacks, Whistleblower says. The former employee says the software giant dismissed his warnings about a critical flaw because it feared losing government business. Russian hackers later used the weakness to breach the National Nuclear Security Administration, among others:
https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers
Microsoft has confirmed a new and quite alarming Wi-Fi vulnerability in Windows, rated 8.8 out of 10 in terms of severity using the Common Vulnerability Scoring System. The vulnerability, assigned as CVE-2024-30078, does not require an attacker to have physical access to the targeted computer, although physical proximity is needed:
https://www.forbes.com/sites/daveywinder/2024/06/14/new-wi-fi-takeover-attack-all-windows-users-warned-to-update-now/
Cybersecurity headlines are being dominated by reported claims of a significant data breach involving Snowflake, a leading cloud-based data storage and analytics platform. These claims are driven by a series of breach disclosures from Snowflake customers and a swath of cybercriminal claims, including contested claims made to a security vendor that these breaches were downstream from a larger breach of Snowflake. Snowflake has confirmed threat activity and an ongoing incident response through a series of updates from Snowflake:
https://securityboulevard.com/2024/06/what-we-know-so-far-about-the-snowflake-breach/
Critical PHP CVE is under attack — research shows it’s easy to exploit. Researchers warn they are seeing thousands of attacks against various targets, including financial services and healthcare, in the U.S. and other countries:
https://www.cybersecuritydive.com/news/critical-vulnerability-php-exploitation/718478/
The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack:
https://github.com/php/php-src/security/advisories/GHSA-hh26-4ppw-5864
CVE-2024-4577: Critical Vulnerability in PHP's CGI Configurations:
https://github.com/manuelinfosec/CVE-2024-4577
A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature:
https://www.bleepingcomputer.com/news/security/new-arm-tiktag-attack-impacts-google-chrome-linux-systems/
MacOS password hash dump (Falcon bypassed tested in late May 2024):
https://medium.com/@f1h3/macos-password-hash-dump-falcon-bypassed-0415a8ae4f5c
Hackers Using OTP Bots To Bypass Two-Factor Authentication. Two-factor authentication (2FA) is a security method that requires two verification steps for user access and is commonly implemented with one-time passwords (OTPs) delivered via various channels:
https://cybersecuritynews.com/hackers-otp-bots-bypass-2fa/
Fortinet has disclosed multiple stack-based buffer overflow vulnerabilities (CVE-2024-23110) in FortiOS’s command line interpreter. These vulnerabilities could allow authenticated attackers to execute unauthorised code or commands:
https://cybersecuritynews.com/fortios-vulnerability-unauthorized-commands/
VideoLAN, the organisation behind the popular VLC Media Player, has disclosed multiple critical vulnerabilities that could allow attackers to execute arbitrary code remotely. These vulnerabilities affect both the desktop and iOS versions of the software:
https://cybersecuritynews.com/vlc-media-player-vulnerabilities/
Privacy authorities in Canada and the United Kingdom have launched a joint investigation to assess the scope of sensitive customer information exposed in last year's 23andMe data breach. The Privacy Commissioner of Canada and The Information Commissioner's Office (ICO) will also look into whether the company had adequate safeguards to secure customer data stored on its systems:
https://www.bleepingcomputer.com/news/security/23andme-data-breach-under-investigation-in-uk-and-canada/
Taiwanese manufacturer giant ASUS addressed a critical remote authentication bypass vulnerability impacting several router models. ASUS addresses a critical remote authentication bypass vulnerability, tracked as CVE-2024-3080 (CVSS v3.1 score: 9.8), impacting seven router models:
https://securityaffairs.com/164549/security/asus-router-models-critical-rce.html
ICC probes cyberattack in Ukraine as possible war crimes:
https://www.itnews.com.au/news/icc-probes-cyberattacks-in-ukraine-as-possible-war-crimes-608833
Hackers abuse high-ranking infected websites to leverage their established credibility and large user base to spread malware, launch phishing attacks, or redirect traffic to malicious sites. While exploiting such trusted infected platforms, they can now reach out to larger audiences, increase the efficiency of their attacks, and escape from being caught for a more extended period through this way:
https://cybersecuritynews.com/badspace-malware-high-ranking-sites/
Malicious emails trick consumers into false election contributions:
https://www.helpnetsecurity.com/2024/06/17/global-cyber-threat-activities/