08-Mar-24: In Security News Today

Cisco Patches High-Severity VPN Hijacking Bug in Secure Client

Cisco has released patches to address a high-severity vulnerability (CVE-2024-20337) in its Secure Client software, allowing an unauthenticated attacker to conduct a CRLF injection attack and potentially execute arbitrary script code. The flaw could lead to VPN session hijacking and access to sensitive information. Additionally, Cisco fixed another high-severity flaw (CVE-2024-20338) in Secure Client for Linux, enabling a local attacker to elevate privileges on the affected device.

State Attorney Generals Send Letter to Meta Asking It to Take ‘Immediate Action’ on User Account Takeovers

Forty state attorneys general have urged Meta to improve defenses against account takeovers on Facebook and Instagram, highlighting a surge in consumer complaints. They request immediate action to increase mitigation tactics and better response to affected users, underlining the serious financial and personal risks to users, especially those running businesses linked to their social media accounts. Meta’s response highlights ongoing adaptations against scammers and their investment in enforcement teams and detection tools.

Unpatched Sceiner Smart Lock Vulnerabilities Allow Hackers to Open Doors

Aleph Research has identified multiple vulnerabilities in Sceiner smart lock firmware that could allow attackers to unlock doors. The flaws relate to encryption weaknesses and insecure communication protocols, enabling several attack vectors including man-in-the-middle (MitM) attacks. Despite notifying vendors in November 2023, no fixes have been provided, underscoring the urgent need for users to consider disabling certain lock functions to mitigate risk.

Bifrost Trojan Linux Variants Evade Detection via Typosquatting

Security researchers have identified new Linux variants of the Bifrost Trojan that impersonate legitimate VMware domains using typosquatting to avoid detection. The malware, active since 2004, gathers sensitive information from compromised systems and has seen a recent spike in instances, raising concerns among experts. To safeguard sensitive data and prevent unauthorized access, researchers recommend using next-generation firewall products and cloud-specific security services.

Analysis of New EU App Stores for iPhones

The article discusses the introduction of the first two third-party European app stores for iPhones, exploring new business models in light of Apple’s recent requirement to open up to third-party app stores and payment systems. One store, Mobivention, offers a white-label service for enterprise app distribution, while the other, SetApp, provides a subscription-based model for accessing a curated collection of apps. The author expresses skepticism about the future of third-party app stores, predicting security concerns and rapid industry changes, but acknowledges the potential for innovative business models to emerge.

Atlassian Confluence Exploits and In-Memory Web Shells

Proof-of-concept exploits for Atlassian Confluence are being used to execute arbitrary code in-memory without file system access, posing a significant risk. Attackers are leveraging the CVE-2023-22527 vulnerability to deploy web shells like Godzilla for remote control and malicious activities. The use of in-memory payloads makes detection challenging, emphasizing the need for network-based detection and evolving security measures to mitigate advanced threats.

Resurgence of USBs as a Nation-State Cyber Threat

Nation-state cyber threat groups like Russia’s Gamaredon and China’s Camaro Dragon are utilizing USBs to target highly guarded government organizations and critical infrastructure facilities, bypassing security measures. USB attacks have resurfaced as an effective infection vector, spreading malware like Camaro Dragon and Raspberry Robin globally. Organizations are advised to implement measures like separating personal and work devices, enforcing strict removable device policies, and increasing security layers to mitigate the risks posed by USB-based cyberattacks.

China-Linked Cyber Spies Targeting Asia with Watering Hole and Supply Chain Attacks

The article discusses a nation-state group linked to China that compromised a Tibetan festival website and a software application to target user systems in Asia. The cyber spies utilized a blend of watering hole and supply chain attacks to infiltrate their targets, showcasing sophisticated tactics in their operations.

CISA Outlines Efforts to Secure Open Source Software

CISA detailed its initiatives to secure open-source software (OSS) following a summit with community leaders, focusing on promoting security principles for package repositories and enhancing vulnerability and incident response practices. Efforts include collaborations with the Rust and Python Software Foundations to improve infrastructure security, and requiring multi-factor authentication for npm project maintainers. These actions demonstrate a significant commitment to bolstering the OSS ecosystem’s resilience against cyber threats.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.