Friday, May 24th, 2024

Cybersecurity Week in Review (23/05/24)

Microsoft’s new Windows 11 Recall is a privacy nightmare 

Microsoft’s announcement of the new AI-powered Windows 11 Recall feature has sparked a lot of concern, with many thinking that it has created massive privacy risks and a new attack vector that threat actors can exploit to steal data. 

Revealed during a Monday AI event, the feature is designed to help “recall” information you have looked at in the past, making it easily accessible via a simple search. 

While it’s currently only available on Copilot+ PCs running Snapdragon X ARM processors, Microsoft says they are working with Intel and AMD to create compatible CPUs. 


Western Sydney University data breach exposed student data 

Western Sydney University (WSU) has notified students and academic staff about a data breach after threat actors breached its Microsoft 365 and Sharepoint environment. 

WSU is an educational institute in Australia offering a wide range of undergraduate, postgraduate, and research programs across various disciplines. It has 47,000 students and over 4,500 regular and seasonal staff, and it operates on a budget of $600 million (USD). 

In an announcement posted on the Western Sydney University website today, the University warned that hackers had accessed its Microsoft Office 365 environment, including email accounts and SharePoint files. 


OmniVision discloses data breach after 2023 ransomware attack 

The California-based imaging sensors manufacturer OmniVision is warning of a data breach after the company suffered a Cactus ransomware attack last year. 

OmniVision, a subsidiary of the Chinese Will Semiconductor, designs and develops imaging sensors for smartphones, laptops, webcams, automotive, medical imaging systems, and others. 

In 2023, the company employed 2,200 people and reported an annual revenue of $1.4 billion. 


CISA warns of hackers exploiting Chrome, EoL D-Link bugs 

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its ‘Known Exploited Vulnerabilities’ catalog, one impacting Google Chrome and two affecting some D-Link routers. 

Adding the issues to the KEV catalog serves as a warning to federal agencies and companies that threat actors are leveraging them in attacks and security updates or mitigations should be applied. 

Federal agencies in the U.S. have until June 6th to replace affected devices or implement defenses that reduce or eliminate the risk of an attack. 


Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users 

A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. 

The starting point of the attack chain is a phishing email bearing a ZIP archive file, which contains an executable that masquerades as a Microsoft Excel file. 

In an interesting twist, the filename makes use of the hidden right-to-left override (RLO) Unicode character (U+202E) to reverse the order of the characters that come after that character in the string. 


Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox 

A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. 

Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. 

llama_cpp_python, a Python binding for the llama.cpp library, is a popular package with over 3 million downloads to date, allowing developers to integrate AI models with Python. 


GhostEngine mining attacks kill EDR security using vulnerable drivers 

A malicious crypto mining campaign codenamed ‘REF4578,’ has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner. 

Researchers at Elastic Security Labs and Antiy have underlined the unusual sophistication of these crypto-mining attacks in separate reports and shared detection rules to help defenders identify and stop them. 

However, neither report attributes the activity to known threat actors nor shares details about targets/victims, so the campaign’s origin and scope remain unknown. 


Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass 

Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. 

Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. 

All the flaws have been addressed in version However, Veeam noted that deploying Veeam Backup Enterprise Manager is optional and that environments that do not have it installed are not impacted by the flaws. 


Rockwell Advises Disconnecting Internet-Facing ICS Devices Amid Cyber Threats 

Rockwell Automation is urging its customers to disconnect all industrial control systems (ICSs) not meant to be connected to the public-facing internet to mitigate unauthorized or malicious cyber activity. 

The company said it’s issuing the advisory due to ” Heightened geopolitical tensions and increased hostile cyber operations worldwide.” 

To that end, customers are required to take immediate action to determine whether they have devices that are accessible over the internet and, if so, cut off connectivity for those that are not meant to be left exposed. 


Over two million exposed after breach of US healthcare firm 

Attackers roamed the company’s network for several days in April of 2023, WebTPA said in a breach notification letter to affected individuals. However, the company detected the breach only in December of 2023, notifying potential victims in May 2024, which means people whose data was impacted learned about it over a year after the incident. 

The incident’s postmortem revealed that attackers may have accessed personal client details such as names, contact details, dates of birth, dates of death, Social Security numbers, and insurance information. 



Contact Us

The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.

    Copyright Smarttech247 - 2021