๐ What’s happening in cybersecurity today?
Windows Defender Flaws, SafeBreach, Black Hat Asia, Forminator Plugin, WordPress Sites, JPCERT, Rootkit-Like Powers, CrushFTP Flaw, Citrixโs uberAgent Risks, MITRE Corporation Breached, Ivanti VPN Flaws, SYNLAB Italia, The Malaysian Industrial Development Finance, New Straits Times, Indiana’s Knox City Council, Singapore, Schools Data Leak, The Straits Times, AI Surge Power Demand, Chicago, Bloomberg, US Warrantless Surveillance to 2026, The White House, U.S. Marine Transportation in 2023, US Coast Guard, U.S. Department of Homeland Security, Record Low Ransom Payments, Coveware, Apple Removes, Messaging Apps, China, Reuters
๐จย Cyber Alerts
Cybersecurity specialists at SafeBreach unveiled critical vulnerabilities in Windows Defender, exposing risks of unauthorized remote file deletions which could destabilize systems and cause data loss. Revealed at the Black Hat conference by Tomer Bar and Shmuel Cohen, these weaknesses stem from a flaw identified as CVE-2023-24860. Despite Microsoft’s partial fix, further research indicated additional vulnerabilities, leaving systems vulnerable to new attack vectors and manipulation techniques.
Japan’s CERT has issued an alert about a critical vulnerability in the Forminator WordPress plugin, which allows unrestricted file uploads by attackers. Tracked as CVE-2024-28890 with a high severity score of 9.8, this flaw can enable attackers to upload malicious code to over 200,000 WordPress sites that have not updated the plugin. Alongside this, other significant vulnerabilities include SQL injection and cross-site scripting issues, further compromising website security.
Recent research unveils how threat actors exploit DOS-to-NT path conversions for rootkit-like capabilities, as revealed by SafeBreach’s analysis at Black Hat Asia. These “MagicDot” paths allow users to execute malicious actions without admin privileges, including hiding files, affecting prefetch file analysis, and masquerading malware as legitimate Microsoft executables. Despite Microsoft addressing some security flaws, this underscores broader software vulnerability implications beyond Windows, urging vigilance from all software vendors.
The latest versions of CrushFTP software require immediate updating following the discovery of a security vulnerability actively exploited in targeted attacks, particularly against U.S. entities. Versions below CrushFTP v11.1 are susceptible, allowing users unauthorized access to download system files, a flaw now patched in v11.1.0. Amidst these security concerns, cybersecurity firm CrowdStrike has observed exploitation attempts believed to be politically motivated, emphasizing the need for users to patch their systems promptly and monitor further updates from CrushFTP.
Citrix’s monitoring tool, uberAgent, widely used to boost performance and security across Citrix platforms, has been found to have a critical vulnerability, identified as CVE-2024-3902, which allows privilege escalation. This flaw affects versions prior to 7.1.2 and occurs under certain configurations involving CitrixADC metrics and a PowerShell-based WmiProvider, permitting attackers with network access to execute elevated commands. Citrix has responded by advising users to urgently update their software to version 7.1.2 or later and has provided steps for interim mitigation for those unable to update immediately.
๐ฅ Cyber Incidents
In January 2024, MITRE Corporation experienced a sophisticated cyberattack carried out by state-sponsored hackers who exploited two zero-day vulnerabilities in Ivanti VPN solutions. The breach was initially detected through suspicious activities within MITRE’s unclassified NERVE network, a critical R&D platform, although it did not extend to the core enterprise network or affect partner systems. The attack involved advanced tactics, including session hijacking to bypass multi-factor authentication and deploying webshells for sustained access, highlighting significant vulnerabilities even in highly secure environments.
SYNLAB, a leading diagnostic and laboratory testing service in Italy, faced a cyberattack on its computer and telephone systems early on April 18. The company quickly deactivated all IT systems across Italy as per their security protocol and established a task force of internal and external experts to mitigate impact and restore operations. As part of the recovery, SYNLAB ensured the safety of biological samples and gradually resumed services like outpatient visits and physiotherapy, while also liaising with law enforcement and data protection authorities.
The Malaysian Industrial Development Finance Bhd (MIDF) has confirmed a recent cyber security incident and swiftly implemented corrective measures to minimize potential impact. MIDF emphasizes its commitment to customer privacy and security, stating that it has isolated the incident, informed affected customers, and bolstered security measures to prevent future occurrences. Despite the incident, MIDF reassures customers of minimal service disruption and reaffirms its dedication to strengthening data security frameworks and processes.
The Knox City Council in Indiana has reported a cybersecurity breach at OracleCMS, the service provider handling their out-of-hours customer calls. An unauthorized third party accessed and published a subset of OracleCMS’s data, which may include names, phone numbers, and property addresses of Knox City Council customers. The council is taking preventive measures, halting the collection of customer information by OracleCMS, and plans to contact affected individuals directly with advice on securing their data.
The Ministry of Education (MOE) in Singapore revealed a cybersecurity breach, affecting parents and teachers of 127 primary and secondary schools. The breach occurred through Mobile Guardian’s user management portal, compromising names and email addresses. MOE assured affected individuals would be notified and urged vigilance against potential phishing attempts.
๐ข Cyber News
President Biden has signed a measure extending warrantless spying powers until 2026, which includes modest changes to the Foreign Intelligence Surveillance Act’s Section 702. Despite controversies over privacy infringements, the statute remains crucial for countering espionage, terror threats, and responding to cyberattacks, according to national security leaders. The bill’s passage faced opposition from privacy-minded Democrats and libertarian Republicans, highlighting ongoing debates surrounding surveillance and civil liberties.
The 2023 Cyber Trends and Insights in the Marine Environment (CTIME) report, released by Coast Guard Cyber, highlights a significant increase in cyber threats against the U.S. Marine Transportation System (MTS). Notably, sophisticated nation-state actors, including the China-sponsored group Volt Typhoon, have intensified efforts to compromise critical infrastructure through advanced network-facing devices. The report underscores the urgency of enhanced cybersecurity measures, as these threats not only disrupt operations but could have dire consequences on global supply chains and economies.
In the first quarter of 2024, only 28% of targeted companies opted to pay ransom, a historic low as reported by cybersecurity firm Coveware. This trend, coupled with the rising sophistication of defensive measures and legal pressures, has discouraged payments, despite ransomware gangs intensifying their attacks and increasing demand amounts. However, the total amount paid to ransomware actors reached a staggering $1.1 billion last year, indicating that while fewer are paying, those who do are paying more.
In response to directives from the Chinese government, Apple Inc. has removed several major messaging apps, including WhatsApp and Threads by Meta Platforms, from its App Store in China, citing national security concerns raised by the Cyberspace Administration of China (CAC). This action underscores the ongoing tension between international tech companies and China’s stringent regulatory environment aimed at controlling digital services. The removal of these apps, which also includes other popular platforms like Telegram and Signal, marks a significant moment for Apple and highlights the broader implications for global digital communications and privacy.
US energy giant Exelon predicts a ninefold increase in electricity demand from datacenters in the Chicago area due to the rising adoption of AI, with 25 planned projects consuming an estimated 5 GW of power. CEO Calvin Butler highlighted at the S&P Global Power Markets Conference that while 80% of these projects are expected to complete, initially, this demand will be met using the grid’s excess capacity and imported electricity. This trend underscores a global surge in datacenter expansions driven by AI, pressuring electricity grids and prompting some countries to limit new datacenter constructions.
Copyright ยฉ 2024 CyberMaterial. All Rights Reserved.