08-Jul-24: In Security News Today

Cisco Warns regreSSHion Vulnerability Impacts Multiple Products

Cisco has issued an advisory warning customers of the critical OpenSSH ‘regreSSHion’ vulnerability affecting 42 products across various areas like network security, routing, and wireless devices. Updates for four products have been scheduled, while 51 others are under investigation. The vulnerability, CVE-2024-6387, poses a risk of full system compromise, with Qualys identifying over 14 million potentially vulnerable OpenSSH server instances exposed to the internet.

Apple Removes VPN Apps from Russian App Store Amid Government Pressure

Apple removed multiple VPN apps from the Russian App Store following a request by Russia’s state communications watchdog. This action was criticized by VPN providers as supporting an authoritarian regime and violating civil society. The move is part of Russia’s ongoing efforts to control internet access and content, with VPN services now included in the list of prohibited internet resources.

New APT CloudSorcerer Malware Hits Russian Targets

Kaspersky has identified a new advanced persistent threat (APT) named CloudSorcerer targeting Russian government entities, utilizing cloud services like Microsoft Graph, Yandex Cloud, and Dropbox for command and control. The malware operates through separate modules for communication and data collection, adapting its behavior based on the process it is running in. CloudSorcerer’s infrastructure, use of complex inter-process communication, and dynamic adaptation indicate a sophisticated cyber espionage campaign, distinct from the previously reported CloudWizard APT.

RCE Bug in Widely Used Ghostscript Library Exploited in Attacks

A remote code execution vulnerability (CVE-2024-29510) in the widely used Ghostscript library is being actively exploited in attacks, allowing attackers to bypass the -dSAFER sandbox and execute high-risk operations. Codean Labs has warned that web applications and services utilizing Ghostscript for document conversion are at significant risk and should update to the latest version. Attackers are already leveraging this vulnerability by disguising EPS files as JPG files to gain shell access to vulnerable systems, emphasizing the importance of updating to Ghostscript v10.03.1 or applying patches provided by distributions like Debian, Ubuntu, and Fedora.

OVHcloud Hit with Record 840 Million PPS DDoS Attack Using MikroTik Routers

OVHcloud faced a record-breaking DDoS attack with a packet rate of 840 million packets per second in April 2024, surpassing the previous record. The attack combined a TCP ACK flood from 5,000 source IPs and a DNS reflection attack using 15,000 DNS servers. The use of compromised MikroTik routers, susceptible to known vulnerabilities, highlights the increasing threat of packet rate attacks and the potential for adversaries to launch layer 7 attacks at a massive scale.

Russia Forces Apple to Remove Dozens of VPN Apps from App Store

Russia’s telecommunications watchdog, Roskomnadzor, requested Apple to remove 25 VPN apps from the Russian App Store, including popular ones like NordVPN and Proton VPN, due to illegal content access. Apple notified affected vendors, advising them to contact Roskomnadzor for more information. This action is part of Russia’s ongoing efforts to block VPN services, with previous bans on various providers like ProtonVPN and VyprVPN.

Cyber-Insurance Prices Plummet as Market Competition Grows

The cyber-insurance market is experiencing a decline in premium rates due to increased competition, making it more affordable for organizations to acquire coverage for ransomware and security incidents. Factors contributing to the lower rates include a more competitive marketplace, improved cyber hygiene among insured organizations, and better evaluation of cyber risks by insurance companies. Despite an increase in cybersecurity-related claims, the market is expected to remain stable with ample capacity and a buyer-friendly environment, with future growth predicted to come from outside the US.

Ransomware Attacks Really Increase Mortality Rates at Hospitals

A study by the University of Minnesota’s medical school reveals that ransomware attacks on hospitals lead to a significant increase in patient mortality rates, with a rise of 20% overall and up to 73% for patients of color. The research highlights that patients already hospitalized during an attack are most affected due to the sudden unavailability of IT systems. The severity of the attack exacerbates the situation, causing higher mortality rates, particularly in hospitals facing the most severe breaches.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Leave a Reply

Your email address will not be published. Required fields are marked *