Mar 30, 2024

In the latest cybersecurity news, it has been revealed that spyware vendors were responsible for 24 out of 97 zero-day exploits last year, with a clear focus on mobile platforms, particularly impacting Safari and iOS. This raises concerns about the security of mobile devices and the potential for surveillance and exploitation. Additionally, the NHS Scotland suffered a ransomware attack, highlighting the ongoing threat to critical infrastructure and healthcare systems. The SEC’s handling of the SolarWinds hack has also come under scrutiny, indicating the need for stronger cybersecurity measures in the face of sophisticated attacks.

Furthermore, the theft and subsequent return of $62 million worth of tokens from the crypto-gaming platform Munchables has raised questions about the security of cryptocurrency platforms. The creation of a domestic gaming industry and gaming consoles by the Kremlin, as well as the expectation of cyberattacks targeting the Paris Olympics, signals the need for heightened vigilance and cybersecurity measures on a global scale.

In addition to these incidents, the recent wave of attacks by the Brutus botnet targeting VPN servers and web apps using Active Directory for authentication poses a significant threat to organizations’ data security. The suspension of new project creation and user registration on the PyPI platform due to a malware upload campaign underscores the ongoing challenge of defending against malicious activities. These developments highlight the urgent need for robust cybersecurity strategies and proactive measures to mitigate the increasing risk of cyber threats.

Today, security researcher Ma4ter published a write-up on CVE-2024-20767, an arbitrary file system read vulnerability in Adobe ColdFusion. This comes after Adobe had already patched the bug earlier this month. Another vulnerability analysis was released by security researcher Jang on CVE-2023-38177, a SharePoint RCE that Microsoft patched last November. CISA also updated its KEV database with four vulnerabilities that are currently being exploited in the wild, including bugs in SharePoint, Fortinet, Ivanti, and Nice Linear. A critical vulnerability in Telerik Report Server, allowing for remote code execution attacks, was also patched by Progress Software. Another vulnerability discovered by security researcher Skyler Ferrante in the Linux utility Wall could allow unprivileged users to put malicious text on other users’ terminals, potentially prompting password collection or altering clipboard data. Cisco has released or updated 17 security advisories for various products, and there’s a privacy sandbox security audit conducted by the NCC Group on Google’s new Privacy Sandbox Chrome component.

In addition, there’s a concerning report from Chainguard indicating that end-of-life software accumulates an average of 218 CVEs every six months, with the majority of vulnerabilities accumulating within image components. On a positive note, new security tools have been open-sourced, including a shellcode obfuscation tool named Jigsaw, a tool for exploring attacks against Atlassian Confluence servers called SharpConflux, and a pen-testing tool for devices using the Health Level Seven (HL7) medical protocol named HL7Magic. However, with the emergence of a new Linux bug that could lead to user password leaks and clipboard hijackings, as well as the recent cyber attacks targeting various countries, it’s clear that there are ongoing cybersecurity threats that require immediate attention.

The Pentagon’s release of a cybersecurity strategy for the defense industrial base, along with a massachusetts health insurer disclosing a breach, highlights the ongoing cybersecurity challenges faced by organizations, especially those in critical infrastructure and healthcare sectors. There’s also a warning from Hot Topic about credential-stuffing attacks, indicating a growing concern about the security of user credentials and login information. Overall, it’s evident that the cybersecurity landscape is continuously evolving, and organizations need to remain vigilant in addressing potential vulnerabilities and threats.

The Pentagon has released a cybersecurity strategy to improve defense industrial base (DIB) cybersecurity. This strategy aims to enhance interagency collaboration and develop regulations governing the cybersecurity responsibilities of contractors and subcontractors. It also focuses on evaluating compliance with cybersecurity requirements, improving threat and intelligence information sharing with industry partners, and identifying vulnerabilities. The strategy covers fiscal years 2024 through 2027 and aims to bolster the DIB’s cybersecurity posture.

One immediate issue that requires attention is the disclosure of a major health insurer in Massachusetts, Point32Health, which suffered a ransomware attack resulting in the breach of personal information belonging to more than 2.8 million individuals. The breach affected customers of Point32Health’s Harvard Pilgrim Health Care brand and involved sensitive information such as names, addresses, birth dates, phone numbers, Social Security numbers, health insurance account information, financial account information, medical history, diagnoses, and treatment information. This breach highlights the urgent need for improved cybersecurity measures in the healthcare industry to protect personal and sensitive data.

Another concerning issue is the wave of credential-stuffing attacks targeting Hot Topic Rewards accounts. These attacks involved unauthorized parties launching automated attacks against the company’s website and mobile application using valid account credentials obtained from an unknown third-party source. This highlights the ongoing threat of credential-stuffing attacks and the need for robust authentication and security measures to protect user accounts and sensitive information.

Overall, the cybersecurity landscape continues to face significant challenges, and it is crucial for organizations to prioritize cybersecurity measures, threat intelligence, and information sharing to effectively protect against cyber threats and attacks.

Stay Well!