03-Apr-24: In Security News Today

Zero-Day Flaws in Google Pixel Phones Actively Exploited by Forensic Companies

Google has disclosed two high-severity zero-day vulnerabilities in Pixel smartphones – CVE-2024-29745 impacting the bootloader component and CVE-2024-29748 affecting the firmware component, which have been exploited by forensic companies. The vulnerabilities are being actively exploited to extract data by rebooting devices into fastboot mode. Google has been urged to introduce an auto-reboot feature to mitigate the exploitation of firmware flaws.

U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers

The U.S. Cyber Safety Review Board (CSRB) has condemned Microsoft for security lapses that allowed a breach by China-based hackers affecting multiple companies in Europe and the U.S. The breach was attributed to a series of avoidable errors by Microsoft, including a failure to prioritize security investments and detect the compromise independently. Recommendations include implementing modern control mechanisms, enhancing incident disclosure practices, and updating federal authorization frameworks to address high-impact situations.

AT&T Faces Lawsuits Over Data Breach Affecting 73 Million Customers

AT&T is facing multiple class-action lawsuits after admitting to a data breach affecting 73 million customers, exposing sensitive information. The breach, initially reported by threat actors, led to the exposure of names, addresses, Social Security Numbers, and more. Lawsuits allege negligence, breach of contract, and seek compensatory damages, credit monitoring, and improved data security protocols.

Critical Flaw in LayerSlider WordPress Plugin Impacts 1 Million Sites

A critical flaw in the LayerSlider WordPress plugin, impacting over one million sites, has been discovered by researcher AmrAwad. The vulnerability, tracked as CVE-2024-2879, allows unauthenticated SQL injection, potentially leading to data breaches and complete site takeovers. The plugin’s developer, Kreatura Team, has released a security update (version 7.10.1) to address the issue, emphasizing the importance of keeping plugins updated and following security best practices for WordPress site admins.

Infostealers Prevalent in Retail Sector Cybercrime Trends

Netskope Threat Labs identified infostealers, IoT botnets, and remote access tools as primary weapons used by cyber-attackers against retail organizations. The research report reveals a shift towards Microsoft apps like Outlook in the retail sector, with a notable increase in OneDrive usage. Mirai botnet variants are increasingly targeting network devices in retail, emphasizing the importance of securing IoT devices. Retail enterprises are advised to enhance security measures by inspecting downloads, scrutinizing file types, and implementing intrusion prevention systems and remote browser isolation technology.

Prudential Financial Notifies 36,000 Individuals of Data Breach

Prudential Financial disclosed a data breach affecting over 36,000 individuals, with the Alphv/BlackCat ransomware group claiming responsibility. The breach involved unauthorized access to company systems containing personal information. The incident highlights the importance of rapid disclosure and the impact of cyber attacks on organizations.

Group of Attackers Claim to Behind Breach That Leaked US Federal Employee Data

Attackers claim to have breached Acuity, a tech consulting firm serving US national security, leaking data they say includes sensitive information from the Five Eyes Intelligence Group. The data’s authenticity and scale are questioned by researchers, noting potential formatting issues and outdated entries up to 2016. The breach, attributed to a trio including a known attacker, reportedly involves classified communications and personal details of federal employees, though the exact nature and sensitivity of the leaked documents remain unverified.

Ivanti Fixes VPN Gateway Vulnerability Allowing RCE, DoS Attacks

Ivanti has released patches to address multiple security vulnerabilities in its Connect Secure and Policy Secure gateways, including a high-severity flaw (CVE-2024-21894) that could lead to remote code execution and denial of service attacks. Unauthenticated attackers can exploit these vulnerabilities, and while Ivanti has not reported any customer exploitation, the U.S. CISA issued an emergency directive for federal agencies to secure their Ivanti systems against potential attacks using these zero-day flaws.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *