03-Oct-24: In Security News Today

Fraudsters Imprisoned For Scamming Apple Out Of 6,000 iPhones

Two Chinese nationals, Haotian Sun and Pengfei Xue, were sentenced to prison for a scam that involved exchanging over 6,000 counterfeit iPhones for authentic ones, exploiting Apple’s device replacement policy. They, along with co-conspirators, shipped fake iPhones with spoofed IMEI and serial numbers from Hong Kong to the U.S., submitted them for replacement, and sold the genuine devices overseas, causing over $2.5 million in losses. Sun and Xue were convicted of mail fraud and sentenced to over 4 years in prison, with restitution payments ordered to Apple.

Over 4,000 Adobe Commerce, Magento Shops Hacked In Cosmicsting Attacks

Over 4,000 Adobe Commerce and Magento sites have been compromised by multiple threat actors exploiting the CosmicSting vulnerability (CVE-2024-32102), in combination with another security flaw (CVE-2024-2961), to steal credit card and customer data through remote code execution. Despite warnings and available patches, many stores remain unprotected, including high-profile brands such as Ray-Ban, Whirlpool, and National Geographic. Security researchers have identified at least seven groups involved in these attacks, leveraging malicious scripts to inject payment skimmers and steal cryptographic keys from unpatched sites.

Microsoft And DOJ Disrupt Russian FSB Hackers’ Attack Infrastructure

Microsoft and the U.S. Department of Justice (DOJ) have disrupted over 100 domains used by the Russian ColdRiver hacking group, linked to Russia’s Federal Security Service (FSB), targeting U.S. government and nonprofit entities through spear-phishing attacks. This effort is part of a broader strategy to counter ColdRiver’s long-standing cyber-espionage campaigns, which have increasingly focused on defense and energy sectors since Russia’s invasion of Ukraine. By seizing attack infrastructure, Microsoft and DOJ aim to mitigate ongoing risks to sensitive information and critical U.S. assets.

Chrome, Firefox Updates Patch High-Severity Vulnerabilities

Google and Mozilla released updates for Chrome and Firefox, addressing 17 vulnerabilities, including 10 high-severity flaws. Chrome 129.0.6668.89 fixes issues like an integer overflow in Layout and insufficient data validation in Mojo, while Firefox 131 resolves bugs affecting Android users and cross-origin content access. Both companies encourage users to update their browsers and email clients, with no evidence of the vulnerabilities being exploited in the wild so far.

Dutch Police: ‘State Actor’ Likely Behind Recent Data Breach

The Dutch national police reported a significant data breach, suspected to be the work of a state actor, compromising contact details and other private information of police officers. The breach involved hacking a police account and exfiltrating work-related data, prompting the implementation of stricter security measures, including two-factor authentication and enhanced monitoring. While intelligence services point to a foreign government or affiliated group, the police are withholding detailed information to protect the ongoing investigation.

Google Adds New Pixel Security Features To Block 2G Exploits And Baseband Attacks

Google has introduced new security measures in its latest Pixel devices to combat baseband vulnerabilities and 2G network exploits, which are commonly targeted through false base stations and covert downgrade attacks. Android 14 now includes a feature allowing administrators to disable 2G networks, and Google has improved baseband security using Clang sanitizers to prevent remote code execution exploits. Additional defenses like stack canaries, control-flow integrity (CFI), and new alerts for unencrypted network connections help strengthen Pixel devices against advanced threats such as cell-site simulators and SMS blaster fraud.

Litespeed Cache Plugin Flaw Allows Xss Attack, Update Now

A vulnerability (CVE-2024-47374) in the LiteSpeed Cache plugin for WordPress, affecting over six million sites, enables unauthenticated attackers to inject malicious code via the plugin’s CSS queue generation process. The flaw, discovered by Patchstack, is an unauthenticated stored XSS issue that exploits the “Vary Group” functionality when certain CSS optimization settings are enabled. LiteSpeed has addressed the issue in version 6.5.1, and users are urged to update immediately to avoid privilege escalation or data theft.

CISA’s Platform Receives 2,400 Unique Vulnerability Disclosures, Researchers Paid $335K

CISA’s Vulnerability Disclosure Policy (VDP) Platform received over 12,000 submissions in its first two years, identifying over 2,400 unique vulnerabilities, of which nearly 2,000 were remediated. Bug bounty programs through the platform rewarded $335,000 for 229 vulnerabilities, with payouts averaging $1,463 per bug, incentivizing researchers to find critical issues, such as cross-site scripting (XSS) vulnerabilities. CISA estimates significant cost savings, with an estimated $4.45 million in remediation costs saved, while highlighting the potential catastrophic impact of unaddressed critical vulnerabilities.

North Korean Hackers Using New Veilshell Backdoor In Stealthy Cyber Attacks

North Korean hackers, linked to APT37, have launched a campaign called SHROUDED#SLEEP, employing a new backdoor trojan named VeilShell to target Cambodia and possibly other Southeast Asian nations. This stealthy malware, which utilizes a Windows shortcut file as a dropper to deploy PowerShell-based components, enables full access to compromised systems, facilitating data exfiltration and other malicious activities. Notably, the attack strategy incorporates advanced techniques like AppDomainManager injection to maintain persistence and evade detection, highlighting the group’s evolution in cyber espionage tactics.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.