• VulnVerse
  • Posts
  • Security Week Review - VulnVerse #20

Security Week Review - VulnVerse #20

Author

Marko Živanović
December 07, 2024

20 weeks in, and the chaos isn’t slowing down. Welcome back to VulnVerse, 20th weekly dispatch is here, and it’s packed. Fresh vulnerabilities, nasty exploits, and cyber threats that’ll make your head spin.

Content:

Vulnerabilities and Exploits 🔥

A vulnerability was discovered involving NTLM hash disclosure through URL files. This flaw can potentially be exploited to access sensitive authentication information, leading to unauthorized network access and data breaches.

A review of recent vulnerabilities in Industrial Control Systems (ICS) details potential risks and necessary steps for mitigation, underscoring the importance of robust security in industrial environments.

An analysis of supply chain vulnerabilities in secure boot key management that can compromise boot integrity.

An examination of a vulnerability in the Symantec Management Agent, known as Altiris, that allows attackers to extract account connectivity credentials, highlighting risks tied to enterprise software security.

A detailed look at vulnerabilities in Mitel MiCollab, including CVEs and a 0-day exploit.

Tenable's latest research identifies vulnerabilities and offers actionable insights to mitigate potential threats.

WordPress sites are being targeted by attackers injecting malicious scripts. These scripts can compromise site security, steal data, and conduct harmful activities, urging site owners to implement strong security measures.

A malicious Maven package posing as "XZ" has been found in the Java library ecosystem, designed to compromise projects by embedding harmful code.

Django has released security updates addressing vulnerabilities that could affect web applications.

Multiple vulnerabilities in the Lorex 2K Indoor Wi-Fi security camera have been resolved, addressing potential security risks that could be exploited to compromise the device.

A vulnerability in the Sweet Date WordPress theme allowed unauthenticated users to escalate privileges.

A vulnerability in IdentityIQ has been reported, involving improper access control that could allow unauthorized users to access sensitive data.

Data Breaches 💥

A major data breach occurred at an AI chatbot provider, exposing sensitive information of 346,000 customers, including identification documents, resumes, and medical records, underlining the importance of data protection.

New samples of the Pegasus spyware were found through iVerify’s mobile threat investigation, highlighting how advanced surveillance tools are used to compromise devices and gather private data.

Malware and Ransomware 🐛

An analysis of Termite ransomware’s attack on Blue Yonder explores its propagation and encryption techniques, underscoring the importance of staying prepared against such threats.

An analysis of Akira ransomware's implementation of Rust, highlighting its advantages in malware development.

Formbook malware has been leveraged during end-of-year PTO periods, exploiting employee inattention to exfiltrate data.

A recent indictment sheds light on the Phobos ransomware gang's widespread operations, showing that even small companies are at risk of being targeted by this group’s demanding tactics.

Russian authorities have been reported to return confiscated devices with Monokle-type spyware pre-installed, raising concerns about surveillance and privacy violations for individuals.

Taiwan has been the target of an advanced cyberattack involving the Smokeloader malware. This attack aims to exploit vulnerabilities in networks, compromising security and potentially facilitating further malicious activities.

DroidBot, a new Turkish mobile malware-as-a-service (MaaS) operation, has been discovered targeting users for financial fraud. This scheme represents an evolution in cybercriminal tactics involving mobile devices.

Cloud ☁️

Network troubleshooting in a multicloud environment requires updated approaches to address complexities. This approach improves efficiency, reduces downtime, and adapts to the growing demands of modern network management.

The Pages.dev and Workers.dev domains by Cloudflare are increasingly being misused by threat actors for phishing attacks. This abuse poses significant risks as attackers leverage trusted platforms to deceive users and steal credentials.

Tools 🛠️

A new tool, Supply Chain Firewall, is designed to enhance security by monitoring and defending against supply chain threats. It adds an extra layer of protection, addressing vulnerabilities in software supply chains.

An in-depth look at the HRTNG IDA Pro plugin, its capabilities, and how it can be utilized for reverse engineering.

Cybersecurity Measures and Recommendations 🔒️

This guide identifies the top mobile security risks facing enterprises, including phishing and data leakage.

Identifying and prioritizing risks is crucial for effective data security. This guide stresses the need for a risk-based approach to allocate resources effectively and protect data assets against the most significant threats.

The use of missing or broken URL structures by cybercriminals can bypass security filters and trick users into clicking harmful links.

Techniques to safeguard APIs from bot-driven abuse are outlined, focusing on implementing security layers that can mitigate the risk of automated attacks on web services.

Advanced Persistent Threats (APT) 🕵️

Russian hacktivists are increasingly focusing on energy and water infrastructure, highlighting the need for strong cybersecurity measures to protect these critical sectors from disruption.

Industry-targeted phishing scams are becoming more sophisticated, using tailored content to deceive employees.

Lateral movement is a critical phase in ransomware attacks, allowing threat actors to navigate networks after initial breaches.

BlueAlpha, a cybercriminal group, has been observed misusing Cloudflare’s tunneling service to disguise malicious traffic.

An analysis of the "Horns N' Hooves" cyber campaign, which distributes the NetSupport RAT. This report sheds light on the campaign's tactics and the risks associated with remote access trojans in targeted attacks.

Trend Micro's research on Earth Minotaur reveals the techniques used by this sophisticated threat group.

So there you have it! An electrifying overview of the latest vulnerabilities, exploits, data breaches, malware, ransomware, APTs, software and system issues, and practical cybersecurity measures.

Have any questions, comments, or feedback? Feel free to reply directly, I'd love to hear from you. I’m all ears!

If you find this newsletter helpful and think others would too, please consider forwarding it to them. 🙏

Thanks for reading!

exit(0);

Reply

or to participate.