Our weekly summary of cybersecurity news provides information on the latest threats, vulnerabilities, innovations, attacks, dangers and stories in the field.
It also explains possible upcoming malicious tactics that can threaten your device and encourages you to take timely defensive measures.
This is important as it allows you to implement the right security measures in time and thus become defensible.
Moreover, this continuous situational awareness fosters comprehensive awareness that ensures appropriate system enhancements to the ever-changing threat matrix and risk management.
Bondnet uses high-performance bots for its C2 servers
Threat actors are utilizing sophisticated bots to carry out large-scale automated attacks. These bots are capable of flooding systems, stealing information, and autonomously executing sophisticated cyber operations. Bondnet uses these bots for its C2 servers and configures a reverse RDP environment to source compromised systems.
Discord-based malware attacks Linux systems in India
Pakistan-based threat actor UTA0137 is targeting Linux systems in India with Discord-based malware DISGOMOJI, which uses emojis for command and control communications and exploits the DirtyPipe vulnerability in BOSS Linux system sources.
New Moonstone Sleet: North Korean actors deploy malicious open source packages
North Korean threat actor Moonstone Sleet is targeting the open source software supply chain by distributing malicious NPM packages that are designed to execute payloads immediately upon installation, targeting both Windows and Linux system sources.
SmokeLoader modular malware functionality
SmokeLoader is a modular malware that has been observed to have enhanced functionality, including the ability to steal credentials, gather system information, and download additional payloads. The malware has been used in a variety of cyber espionage campaigns.
Hackers exploit Windows Search
Cybercriminals are abusing Windows Search to distribute malware, manipulating search results to trick users into downloading and running malicious files that can compromise their systems.
Black Basta Attackers Exploit Zero-Day Privilege Escalation Vulnerability in Windows
The Cardinal cybercrime group, which operates the Black Basta ransomware, exploited a Windows privilege escalation vulnerability (CVE-2024-26169) as a zero-day attack. The vulnerability, which was patched on March 12, 2024, was discovered in the Windows Error Reporting service. Analysis revealed that the exploit tool used in the recent attacks was compiled before the patch was applied, indicating a possible zero-day attack. The attackers used batch scripts disguised as software updates, but the investigated attack sources did not deploy ransomware payloads.
Chinese hackers compromise 20,000 FortiGate systems worldwide
Chinese nation-state actors have used COATHANGER malware to target FortiGate systems, compromising at least 20,000 systems worldwide, including government and defense industry networks. Attackers exploited the CVE-2022-42475 vulnerability, which they learned about approximately two months before it was made public. Despite security updates, threat actors have maintained access to many systems, highlighting the need for strong mitigation strategies.
ValleyRAT password stealing techniques
Zscaler researchers have detailed the techniques used by ValleyRAT, a remote access tool first seen in early 2023. The malware employs multi-stage payload delivery, DLL sideloading, and anti-AV evasion tactics. It uses XOR and RC4 encryption, process injection, and API resolution tricks to maintain stealth and persistence on infected system sources.
APT hackers exploit Google OneDrive
Advanced persistent threat (APT) groups are abusing Google OneDrive to host and distribute malware, a tactic that allows them to evade traditional security measures and deliver malicious payloads to targeted systems. The use of legitimate cloud services for malicious purposes highlights the evolving strategies of cyber threat actors.
MultiRDP malware attacks multiple systems simultaneously
MultiRDP malware has been identified as a tool that allows attackers to control multiple Remote Desktop Protocol (RDP) sessions simultaneously. This capability enables widespread and coordinated attacks against multiple systems, increasing the potential impact and damage of such cyber attacks.
UNC5537 hijacks Snowflake
The UNC5537 threat group has been linked to a significant data breach involving Snowflake, a cloud AI data platform. Attackers successfully compromised the platform, impacting multiple organizations and exposing sensitive data sources.
Hackers use OTP bots to bypass 2FA
Cybercriminals have developed OTP bots that can circumvent two-factor authentication (2FA) mechanisms. These bots automate the process of intercepting and using one-time passwords (OTPs), posing a significant threat to the security of online accounts and service sources.
Stay informed and vigilant to protect your systems against evolving cybersecurity threats.
Data Breach
Kulicke & Soffa data breach
Semiconductor equipment manufacturer Kulicke & Soffa suffered a data breach that exposed sensitive information, including employee and customer data sources.
23andMe Hack Investigation
Genetic testing company 23andMe is investigating a data breach that may have exposed the personal information of millions of users, raising concerns about the security of genetic data sources.
Cyber attack on Japanese video sharing site
A popular Japanese video-sharing website has been targeted in a cyber attack that has exposed user data, highlighting the vulnerability of online platforms and the need for strong security measures.
Vulnerability
FortiOS vulnerability allows unauthorized command execution
A critical vulnerability in FortiOS could allow attackers to execute unauthorized commands. This vulnerability poses a significant risk to organizations using Fortinet product sources.
Microsoft patches for RCE and privilege escalation
Microsoft has released patches to address remote code execution (RCE) and privilege escalation vulnerabilities, and these patches are essential to maintaining the security of Windows system sources.
Chrome 126 released
Google has released Chrome 126 with several security fixes and encourages users to update their browsers to protect against potential vulnerabilities.
VLC Media Player Vulnerability
Multiple vulnerabilities have been discovered in VLC Media Player that could allow attackers to execute arbitrary code. To mitigate these risks, users should update to the latest version.
Microsoft Outlook Zero-Click RCE Vulnerability
A zero-click remote code execution vulnerability has been discovered in Microsoft Outlook that could allow an attacker to compromise a system without user interaction.
In other news
Windows AI Recall Postponed
A technical issue has delayed the recall of the Windows AI feature. This delay will affect users who rely on this feature across a variety of applications.
CISA requests administrators
The Cybersecurity and Infrastructure Security Agency (CISA) is urging administrators to implement critical security updates to protect against emerging threats, and the advisory emphasizes the importance of a timely patch management source.