Friday, August 23rd, 2024
Cybersecurity Week in Review (23/08/24)
GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk
A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks.
The flaw, tracked as CVE-2024-5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164, has been credited with discovering and reporting the issue.
Source: https://thehackernews.com/2024/08/givewp-wordpress-plugin-vulnerability.html
Vulnerabilities in Microsoft’s macOS apps could help hackers access microphones and cameras
Researchers said they discovered eight vulnerabilities in a range of Microsoft applications for macOS, including Teams, Outlook, Word, PowerPoint, OneNote and Excel, that could allow an attacker to gain access to a user’s “microphone, camera, folders, screen recording, user input and more.”
According to a blog post published Monday by Cisco Talos, if users have already given those apps permission to access device resources then the way Microsoft has designed its apps means hackers could exploit them to secretly record video or audio without users’ knowing.
Source: https://therecord.media/microsoft-macos-apps-vulnerabilities-cisco
Windows Zero-Day Attack Linked to North Korea’s Lazarus APT
Security researchers at Gen Threat Labs are linking one of the exploited zero-days patched by Microsoft last week to North Korea’s Lazarus APT group. The vulnerability, tracked as CVE-2024-38193 and marked as ‘actively exploited’ by Microsoft, allows SYSTEM privileges on the latest Windows operating systems.
Source: https://www.securityweek.com/windows-zero-day-attack-linked-to-north-koreas-lazarus-apt/
Ransomware rakes in record-breaking $450 million in first half of 2024
Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level. Last year, ransomware payments reached a record $1.1 billion, which Chainalysis previously predicted from stats gathered in the first half of the year when ransomware activity grossed $449,100,000.
Source: https://www.bleepingcomputer.com/news/security/ransomware-rakes-in-record-breaking-450-million-in-first-half-of-2024/
Toyota confirms third-party data breach impacting customers
Toyota confirmed that customer data was exposed in a third-party data breach after a threat actor leaked an archive of 240GB of stolen data on a hacking forum. The company added that it’s “engaged with those who are impacted and will provide assistance if needed,” but has yet to provide information on when it discovered the breach, how the attacker gained access, and how many people had their data exposed in the incident.
Source: https://www.bleepingcomputer.com/news/security/toyota-confirms-third-party-data-breach-impacting-customers/
Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters
Cybersecurity researchers have disclosed a security flaw impacting Microsoft Azure Kubernetes Services that, if successfully exploited, could allow an attacker to escalate their privileges and access credentials for services used by the cluster.
“An attacker with command execution in a pod running within an affected Azure Kubernetes Services cluster could download the configuration used to provision the cluster node, extract the transport layer security (TLS) bootstrap tokens, and perform a TLS bootstrap attack to read all secrets within the cluster,” Google-owned Mandiant said.
Source: https://thehackernews.com/2024/08/researchers-uncover-tls-bootstrap.html
Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware
Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat.
“These attacks are opportunistic in nature, targeting users seeking popular business software,” the Mandiant Managed Defense team said in a technical report. “The infection utilizes a trojanized MSIX installer, which executes a PowerShell script to download a secondary payload.”
Source: https://thehackernews.com/2024/08/cybercriminals-exploit-popular-software.html
Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group
Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7. The two clusters of potential FIN7 activity “indicate communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd (Russia) and SmartApe (Estonia), respectively,” Team Cymru said in a report published this week as part of a joint investigation with Silent Push and Stark Industries Solutions.
Source: https://thehackernews.com/2024/08/researchers-uncover-new-infrastructure.html
Azure domains and Google abused to spread disinformation and malware
A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites. Android users receive a “new info related to…” Google search notification about a subject they have previously searched about, but are then presented with misleading search results, driving traffic to scam websites disguised as infotainment articles.
Source: https://www.bleepingcomputer.com/news/security/azure-domains-and-google-abused-to-spread-disinformation-and-malware/
Every Google Pixel Phone Has a Verizon App that Doubles as a Backdoor
A defunct yet unremovable application embedded in the firmware of all Google Pixel phones can function as a perfect malicious backdoor. “Showcase.apk” was designed by Pittsburgh-based Smith Micro, specifically for Pixel devices on display at Verizon stores. Somehow, some way, it ended up pre-installed in every Pixel phone shipped since at least September 2017 — millions around the globe, across every model besides the very first, even in those not serviced by Verizon.
Source: https://www.darkreading.com/remote-workforce/every-google-pixel-phone-has-a-verizon-app-backdoor
Contact Us
The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.