Cyber Security News Weekly Round-Up

Welcome to the Cyber Security News Weekly Round-Up. Each week, we will explore the latest cyber threats, vulnerabilities, and notable stories that have shaped the cybersecurity landscape.

From sophisticated malware attacks to innovative phishing schemes, we cover the crucial updates you need to stay informed and protected.

Threats

Notepad++ Plugin Compromised by Hackers

Hackers have targeted a widely used Notepad++ plugin, “mimeTools.dll,” injecting malicious code that compromises users’ systems upon execution. The attack, discovered by the AhnLab Security Intelligence Center, leverages DLL Hijacking to execute encrypted malicious Shell Code, posing a significant threat to programmers and writers who rely on Notepad++ for its versatility and plugin support; read more.

Weaponized PDF Files Deliver Byakugan Malware

Cybersecurity researchers at Fortinet have uncovered a new attack vector involving weaponized PDF files used to deliver the multi-functional Byakugan malware. By exploiting the trust and popularity of PDFs, hackers have been able to infiltrate systems through malicious codes embedded in seemingly innocuous documents, highlighting the need for heightened awareness and protection against such files.

Fake E-Shopping Attack Targets Banking Credentials

A sophisticated fake e-shop scam campaign has been targeting users in Southeast Asia, hijacking banking credentials through phishing emails and malicious APKs. The attackers have expanded their operations, utilizing screen-sharing and exploiting accessibility services to gain more control over victims’ devices. This campaign underscores the evolving tactics of cybercriminals in their efforts to steal sensitive information.

Rhadamanthys Stealer Targets Oil and Gas Sector

The oil and gas sector has become the latest target of the Rhadamanthys Stealer malware, delivered through weaponized PDF files. This attack emphasizes the ongoing threat to critical infrastructure sectors and the importance of robust cybersecurity measures to protect against such sophisticated threats.

Ransomware Exploits Unpatched Vulnerabilities

A recent report highlights the increasing trend of ransomware attacks exploiting unpatched vulnerabilities. Cybercriminals continue to leverage known weaknesses in systems to deploy ransomware, underscoring the critical need for timely updates and patches to prevent such attacks.

Android RAT Available on the Dark Web

An Android Remote Access Trojan (RAT) has been spotted for sale on the dark web, offering cybercriminals the ability to control infected devices remotely. This development poses a significant threat to Android users, emphasizing the importance of cautious app downloads and the use of reputable sources.

Facebook Pages Hijacked

A new scheme involving the hijacking of Facebook pages has come to light, with attackers using compromised accounts to gain administrative access and spread malicious content. This tactic highlights the ongoing vulnerabilities within social media platforms and the need for enhanced security measures.

Winnti Group’s Latest Campaign: Unapimon and Unhook

The notorious Winnti Group has launched a new campaign utilizing the Unapimon and Unhook malware to target organizations worldwide. This campaign demonstrates the group’s continued evolution and sophistication in cyber espionage activities.

AI Package Hallucination: A New Threat

Researchers have identified a new threat dubbed “AI Package Hallucination,” where attackers manipulate AI systems to generate malicious code. This innovative attack vector presents a unique challenge to AI-driven security solutions, calling for advanced detection and mitigation strategies.

Agent Tesla Attackers Unveiled

A detailed analysis has revealed the tactics and techniques used by attackers deploying the Agent Tesla malware. This insight into the operation of cybercriminals provides valuable information for defending against such threats.

Hackers Hijacking YouTube Channels

Cybercriminals are stealing an increasing number of YouTube channels, and they then use these platforms to spread scams and harmful content. This trend underscores the need for stronger security measures and awareness among content creators and viewers alike.

Secure your emails in a heartbeat! To find your ideal email security vendor,Take a Free 30-second Assessment.

Vulnerabilities

Ivanti Connect Secure VPN Targeted by Chinese Hacking Groups

Multiple Chinese nexus espionage groups have been exploiting critical vulnerabilities in Ivanti Connect Secure VPN appliances. Mandiant’s investigations have identified CVE-2023-46805 and CVE-2024-21887 as the exploited vulnerabilities, allowing attackers to compromise Active Directory systems and perform lateral movements. The attacks have been clustered under the activities of groups UNC5325 and UNC5337, with the deployment of custom malware and new TTPs.

Magento E-commerce Platform Backdoor Injection

A sophisticated vulnerability, CVE-2024-20720, has been discovered in the Magento e-commerce platform, enabling attackers to inject a persistent backdoor. This vulnerability allows for the manipulation of Magento’s layout template system and the insertion of malicious XML code. A fake Stripe payment skimmer has been observed as one of the payloads, designed to steal payment information from customers.

Apache HTTP Server Vulnerabilities

Apache has released updates to address vulnerabilities in the Apache HTTP server that could allow attackers to launch HTTP/2 DoS attacks and insert malicious headers. The vulnerabilities, including CVE-2024-24795 and CVE-2023-43622, can lead to server crashes or severe performance declines. Users are recommended to upgrade to version 2.4.59 to mitigate these issues.

Google Pixel Phone Zero-Days Exploited

Google has issued patches for zero-day vulnerabilities that have been exploited in the wild against Google Pixel phones. Users are urged to update their devices immediately to protect against potential compromise.

YubiKey Manager Privilege Escalation

A privilege escalation vulnerability has been found in YubiKey Manager, which could allow attackers to gain elevated privileges on the host machine. Users are advised to update to the latest version of the software.

Progress Flowmon Vulnerability

A vulnerability in Progress Flowmon could allow attackers to execute arbitrary code on affected installations. Patches have been released, and users should apply them without delay.

Feds Addressing Years-Old SS7 Vulnerability in Phone Networks

Federal agencies are finally patching a years-old SS7 vulnerability that affects phone networks. This vulnerability has been known to allow attackers to intercept calls and messages.

VMware SD-WAN Vulnerabilities

VMware has patched vulnerabilities in its SD-WAN appliances that could allow attackers to disrupt service or execute commands. Customers are encouraged to apply the updates provided by VMware.

Chrome Zero-Day Exploit Patch Released

A zero-day exploit affecting the Chrome browser has been patched by Google. The vulnerability could allow for remote code execution, and users should update their browsers immediately.

HTTP/2 Continuation Attack

A new attack method called CONTINUATION Flood targets HTTP/2 protocol implementations, causing denial of service. Apache has addressed this issue in their latest update.

WordPress Plugin SQL Injection

A SQL injection vulnerability has been found in a popular WordPress plugin. This flaw could allow attackers to access sensitive database information. Users should ensure their plugins are updated to the latest versions.

Stay vigilant and ensure that all your systems are up-to-date with the latest patches and security measures. Until next week, keep your data safe and your networks secure!

Document
Stop Advanced Phishing Attack With AI

AI-Powered Protection for Your Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

Data Leak

XpressBees Data Breach: 95K Users Affected

Hackers have claimed a significant data leak at XpressBees, a logistics and supply chain company, potentially exposing the personal information of approximately 95,000 users. The breach was announced on a hacking forum by a user named “IntelBroker,” who posted the XpressBees database for public download. The leaked data may include names, addresses, email addresses, phone numbers, and possibly financial details, raising concerns over identity theft and financial fraud. XpressBees has yet to issue a formal statement regarding the breach.

HOYA CORPORATION Cyber Attack Disrupts Operations

The world’s second-largest lens manufacturer, HOYA CORPORATION, has suffered a cyber attack that disrupted its IT systems and operations. The Tokyo-based company detected unauthorized access in one of its overseas offices and took immediate action to isolate the compromised servers. The attack has impacted several production plants and product ordering systems, and HOYA is working diligently to resume normal operations and minimize customer inconvenience.

Dating App “Hornet” Exposes User Locations

Check Point Research (CPR) has identified vulnerabilities in the popular gay dating app “Hornet,” which has over 10 million downloads. The app’s security flaws could reveal the exact locations of its users despite efforts to disable the display of distances. CPR’s method achieved location accuracy within 10 meters, posing a substantial privacy risk. Hornet has since reduced location accuracy to 50 meters, but the potential for precise location determination remains a concern.

New Stories

Chrome’s Device-Bound Session Credentials

In a recent update, Google Chrome has introduced device-bound session credentials to enhance security. This new feature aims to prevent session hijacking by ensuring that session cookies are bound to the user’s device, making it more difficult for attackers to exploit stolen cookies. This development is part of Google’s ongoing efforts to improve the security of its browser and protect user data.

AI Tools with Azure AI

Microsoft has been making strides in the field of artificial intelligence with Azure AI. The company has introduced a suite of AI tools designed to empower businesses and developers to build intelligent applications. These tools leverage the power of machine learning and AI to provide advanced capabilities such as natural language processing, computer vision, and predictive analytics.

Microsoft Unveils Copilot

Another exciting development is Microsoft’s unveiled Copilot, a new AI-powered tool that assists users in various tasks. Copilot is integrated into Microsoft’s suite of products and uses AI to help users with writing, data analysis, and more. This innovative tool is part of Microsoft’s broader initiative to incorporate AI into everyday work processes, enhancing productivity and efficiency.

Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.