Daily Cybersecurity Wire – January 26, 2024
| Daily Cybersecurity Wire |
| January 26, 2024 |
NEW DEVELOPMENTS
| RUSSIA-LINKED APT GROUP MIDNIGHT BLIZZARD HACKED HEWLETT PACKARD ENTERPRISE (HPE) |
| Source: Security Affairs |
| Russian APT group Midnight Blizzard successfully breached HPE, gaining unauthorized access to sensitive data within its cybersecurity division through Microsoft Office 365. A parallel attack on Microsoft was identified, involving unauthorized access to a small percentage of employee email accounts. Both companies are actively addressing the incidents and collaborating with law enforcement to mitigate the impact and enhance cybersecurity measures. |
| Article Link |
| New CherryLoader Malware Mimics CherryTree to Deploy PrivEsc Exploits |
| Source: The Hacker News |
| CherryLoader, a newly discovered Go-based malware, poses as the legitimate CherryTree note-taking application to deceive users during installation. Identified by Arctic Wolf Labs, this loader deploys privilege escalation tools for subsequent exploitation. Notably, CherryLoader exhibits modularity, enabling threat actors to interchange exploits without recompiling code. Employing sophisticated techniques like process ghosting, the malware evades detection and sets up persistence on compromised hosts. |
| Article Link |
| Cybercriminals stole $1.7 billion from crypto funds in 2023 as attacks proliferated |
| Source: The Record |
| Cybercriminals stole $1.7 billion from cryptocurrency platforms in 2023, experiencing a $2 billion decrease from the previous year’s record. Despite the overall decline in losses, the number of individual incidents rose to 231, fueled by exchange collapses and cryptocurrency value declines. The loss reduction is attributed to fewer cyber thefts targeting decentralized finance (DeFi) platforms, with notable incidents drawing attention. Cybersecurity experts highlight vulnerabilities in poorly built platforms that are prioritizing growth over security. Threat actors from North Korea stole $1 billion in 2023, down from $1.7 billion in 2022, employing obfuscation techniques and laundering methods. |
| Article Link |
| ‘Significant security loophole’ found in Google software container system |
| Source: The Record |
| A major security flaw in Google Kubernetes Engine (GKE), a cloud service frequently used for deploying and administering containerized applications, has been fixed. The vulnerability, known as Sys:All, presented major security threats because it could have let attackers using any Google account take over improperly configured Kubernetes clusters. More than 100 of the 1,300 potentially exposed clusters were found to be susceptible. The problem emphasizes how crucial it is for businesses to set up identity and access controls more thoughtfully to prevent permissive access. |
| Article Link |
| Blackwood APT delivers malware by hijacking legitimate software update requests |
| Source: Help Net Security |
| A newly detected advanced persistent threat (APT) group, Blackwood, which is believed to be affiliated with China, uses sophisticated tactics to transmit malware to targets in China, Japan, and the United Kingdom. The attackers use a complicated multistage infection known as NSPX30 to hijack legitimate software update requests through adversary-in-the-middle methods. The NSPX30 implant evolved from an older backdoor known as Project Wood, allowing the APT group to spy on apps, snap screenshots, and exfiltrate sensitive data. The attackers’ ability to intercept communications and use lawful networks for anonymity raises concerns. |
| Article Link |
| Southern Water Confirms Data Breach Following Black Basta Claims |
| Source: Infosecurity Magazine |
| Southern Water, a UK utility serving 4.6 million customers, has confirmed a data breach following a cyber attack by the Black Basta ransomware group. Customer data, including identity documents and HR-related files, was leaked. The group threatens further data release unless a ransom is paid by February 29. Southern Water is cooperating with authorities, investigating the incident, and has not experienced service disruptions. The breach, potentially resulting from a supply chain attack, reveals vulnerabilities in the water sector’s cybersecurity. |
| Article Link |
VULNERABILITIES TO WATCH
| CISA Adds Atlassian Confluence Data Center Bug To Its Known Exploited Vulnerabilities Catalog |
| Source: Security Affairs |
| CISA has flagged the Atlassian Confluence Data Center and Server template injection vulnerability (CVE-2023-22527) as a Known Exploited Vulnerability. Atlassian has released patches to address the critical flaw, urging users to update to the latest versions. Federal agencies must comply with CISA’s directive (Binding Operational Directive 22-01) and remediate this vulnerability by February 14, 2024, to enhance network security and prevent potential exploitation. |
| Article Link |
| Critical Jenkins Vulnerability Exposes Servers to RCE Attacks – Patch ASAP! |
| Source: The Hacker News |
| Jenkins has addressed a critical vulnerability (CVE-2024-23897) that could expose servers to remote code execution (RCE) attacks. The flaw allows arbitrary file read through the built-in command-line interface (CLI), potentially leading to severe security risks. Users are strongly urged to apply the provided fixes in Jenkins 2.442 and LTS 2.426.3 immediately. Disabling access to the CLI is recommended as a temporary workaround until the patch is implemented. |
| Article Link |
| Firefox 122 Patches 15 Vulnerabilities |
| Source: Security Week |
| Mozilla has issued security updates for Firefox and Thunderbird, addressing 15 vulnerabilities, including five rated as “high severity.” One critical flaw involves an out-of-bounds write in ANGLE (Almost Native Graphics Layer Engine), the graphics engine used as the default WebGL backend in Firefox and Chrome. Another high-severity issue is related to a failure to update the user input timestamp, potentially allowing unintentional activation or dismissal of certain browser prompts. Other vulnerabilities include a TLS handshake code issue, a JavaScript code bug, and a stack buffer overflow in WebAudio. Users are advised to update their browsers to Firefox 122 to mitigate the potential risks of these vulnerabilities. |
| Article Link |
| Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems |
| Source: The Hacker News |
| Cisco has released fixes to resolve a severe security problem (CVE-2024-20253) that affects certain Unified Communications and Contact Center Solutions products. The vulnerability, which has a CVSS score of 9.9, enables an unauthenticated, remote attacker to execute arbitrary code on an affected device. Successful exploitation may result in the execution of commands on the underlying operating system with the privileges of the web services user, potentially granting root access. The impacted products are Unified Communications Manager, Unified Communications Manager IM & Presence Service, Unified Communications Manager Session Management Edition, Unified Contact Center Express, Unity Connection, and Virtualized Voice Browser. |
| Article Link |
SPECIAL REPORTS
| CISOs’ role in identifying tech components and managing supply chains |
| Source: Help Net Security |
| In an exclusive interview with Help Net Security, Nate Warfield, Director of Threat Research and Intelligence at Eclypsium, provides essential insights for Chief Information Security Officers (CISOs) on safeguarding supply chains. The discussion covers tasks like identifying tech components, fostering collaboration between security and development teams, adapting strategies to global cybersecurity regulations, and ensuring rapid deployment without compromising security. Warfield also delves into the role of AI/ML in supply chain security, emphasizing proactive measures to address vulnerabilities. |
| Article Link |
| Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024 |
| Source: The Hacker News |
| The Axur Threat Landscape Report for 2023/2024 provides a comprehensive analysis of the evolving cybersecurity landscape. The report, amalgamating data from the Surface, Deep, and Dark Web surveillance and insights from in-depth investigations, reveals key findings and anticipates upcoming trends. Notable shifts include the integration of cyber risk with business risk, geopolitical influences, and the escalating sophistication of cyber threats. The report delves into seven key findings, emphasizing the urgent need for organizations to adapt and fortify cybersecurity strategies and controls. |
| Article Link |