06-Mar-24: In Security News Today

Rising Trend of Cybersecurity Professionals Moonlighting as Cybercriminals

A study by the Chartered Institute of Information Security (CIISec) found that cybersecurity professionals are increasingly turning to cybercrime to supplement their incomes. The research analyzed dark web forum job adverts and identified experienced professionals, newcomers to the field, and individuals from non-IT industries offering their services for malicious purposes. CIISec warned that low salaries and high-stress levels in the industry are driving skilled individuals towards cybercrime, emphasizing the need for the cybersecurity sector to improve working conditions and retain talent to prevent further professionals from engaging in criminal activities.

BlackCat Ransomware Group Vanishes After $22 Million Payout

The BlackCat ransomware group disappeared after receiving a $22 million ransom payment and refusing to share it with an affiliate. Security researchers suspect an exit scam as the group shut down its darknet website and uploaded a fake law enforcement seizure banner. Speculations arise that BlackCat might rebrand itself in the future, while other ransomware groups like LockBit and RA World continue their malicious activities despite law enforcement actions.

CISA Adds Pixel Phone Vulnerability to Known Exploited Vulnerability Catalog

CISA has added a critical vulnerability affecting Pixel phones, CVE-2023-21237, to its Known Exploited Vulnerabilities catalog, signaling active exploitation. This flaw, patched by Google in June 2023, could allow attackers to obtain sensitive information without extra privileges or user interaction, indicating it might be used in an exploit chain by commercial spyware vendors. The advisory highlights the urgent need for patching and vigilance among organizations to mitigate potential risks from this vulnerability.

Apple Warns Against Critical Memory-Corrupting Attacks

Apple has issued a warning about two critical zero-day vulnerabilities that are being exploited to carry out memory-corruption attacks on Apple devices, allowing attackers to bypass kernel memory protections. The vulnerabilities, tracked as CVE-2024-23225 and CVE-2024-23296, have been patched in the latest software updates for iPhones and iPads with releases iOS 17.4 and iPadOS 17.4. In addition to these vulnerabilities, the updates also addressed privacy bugs that could allow access to a user’s private data, emphasizing the importance of immediate patching to prevent exploitation.

Threat Actor Distributing RATs via Online Meeting Lures

A threat actor has been distributing Android and Windows remote access Trojans (RATs) through fake online meeting sites impersonating popular brands like Skype and Google Meet. The campaign, ongoing since December 2023, involves the distribution of SpyNote RAT for Android and NjRAT and DCRat for Windows. By clicking on buttons on the fake sites, users unwittingly download malicious APK and BAT files that lead to the installation of RAT payloads capable of stealing data and logging keystrokes.

New APT Group ‘Lotus Bane’ Targeting Financial Entities in Vietnam

Lotus Bane, a new advanced persistent threat group, has been targeting financial entities in Vietnam since at least 2022, using techniques like DLL side-loading and named pipes for lateral movement. The group’s methods overlap with OceanLotus, but they target different industries, indicating possible connections or inspirations. The presence of Lotus Bane and UNC1945 in the APAC region emphasizes the importance of maintaining strong cybersecurity measures against financial cyber threats.

Joint Ransomware Attacks by GhostSec and Stormous

GhostSec and Stormous, two ransomware groups, have joined forces to conduct double extortion ransomware attacks in over 15 countries, targeting various business sectors. They have launched a new ransomware-as-a-service program called STMX_GhostLocker, offering different options for affiliates. The groups have also introduced GhostLocker 2.0, a Golang-based ransomware with enhanced encryption capabilities, and tools like GhostSec Deep Scan and GhostPresser to compromise legitimate websites and WordPress sites.

Critical Vulnerabilities Patched in Android’s March 2024 Update

The March 2024 Android security update patches 38 vulnerabilities, including two critical flaws in the System component that pose risks of remote code execution and elevation of privilege across Android versions 12, 12L, 13, and 14. These patches also extend to Automotive OS, Wear OS, and Pixel Watch, enhancing protection against a wide array of security threats. Google has not reported active exploitation of these vulnerabilities but advises users to update their devices promptly to safeguard against potential attacks.

EU Agrees on Cyber Solidarity Act and Certification Schemes for Improved Cyber Resiliency

The European Union has approved new rules known as the ‘Cyber Solidarity Act’ to enhance cyber incident response and recovery among member states, including the establishment of an EU-wide cybersecurity alert system and a cybersecurity emergency mechanism. Additionally, the EU has agreed on creating European certification schemes for managed security services to improve quality and comparability, aiming to prevent market fragmentation. These measures aim to strengthen Europe’s cyber resilience and response capabilities against large-scale cyber threats or incidents.

Linux Malware Campaign Targets Misconfigured Hadoop, Confluence, Docker, and Redis servers

A Linux malware campaign targets misconfigured Apache Hadoop, Confluence, Docker, and Redis servers, using new Golang payloads for automated exploitation and maintaining stealth with user-mode rootkits. The attackers deploy various techniques, including reverse shells and SSH key insertion, to ensure persistence and spread the malware further. This campaign highlights the critical importance of proper cloud server configuration and the evolving sophistication of attackers targeting cloud and Linux environments.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.