11-Mar-24: In Security News Today

PoC Exploit Released for Progress Software OpenEdge Authentication Bypass Vulnerability

A critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer has a PoC exploit available, impacting versions 11.7.18 and earlier, 12.2.13 and earlier, and 12.8.0. Tracked as CVE-2024-1403 with a severity rating of 10.0, the vulnerability allows unauthorized access due to incorrect handling of usernames and passwords, but has been patched in versions 11.7.19, 12.2.14, and 12.8.1.

Hackers leveraging JetBrains TeamCity flaws to propagate BianLian ransomware attacks

BianLian ransomware threat actors are leveraging vulnerabilities in JetBrains TeamCity software to carry out extortion-based attacks, as reported by GuidePoint Security. The attackers exploit CVE-2024-27198 or CVE-2023-42793 to gain initial access, deploy a PowerShell implementation of the BianLian backdoor, and conduct post-exploitation activities. Additionally, VulnCheck highlighted a critical flaw in Atlassian Confluence software (CVE-2023-22527) being exploited to deploy ransomware, miners, and trojans, emphasizing the importance of patching to prevent such attacks.

Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks

A severe XSS flaw identified in the Ultimate Member plugin, labeled CVE-2024-2123, could allow attackers to inject malicious scripts into WordPress sites, impacting over 100,000 installations. The vulnerability arises from inadequate input sanitization and output escaping, particularly within the plugin’s members directory list functionality, allowing even unauthenticated users to exploit this flaw potentially to gain administrative access. Developers have issued a patch in version 2.8.4 following its disclosure through the Wordfence bug bounty program, urging users to update promptly.

Fake DocuSign Emails Designed to Deliver CHAVECLOAK Android Banking Malware

A new banking trojan called CHAVECLOAK is targeting users in Brazil through phishing emails with PDF attachments. The malware uses DLL side-loading techniques to execute and steal sensitive information, focusing on financial institutions in Brazil. Additionally, there is an ongoing mobile banking fraud campaign in the U.K., Spain, and Italy using Android malware called Copybara, managed through a C2 panel named JOKER RAT, to perform unauthorized banking transfers.

Fake Leather wallet app on Apple App Store is a crypto drainer

Developers of the Leather cryptocurrency wallet are cautioning users about a fake app on the Apple App Store that is draining digital assets. This fake wallet app is a wallet drainer, tricking users into revealing secret passphrases and enabling attackers to steal all digital assets. Despite warnings, the malicious app remains on the App Store, emphasizing the importance of verifying app authenticity through official websites before downloading.

Russia-Sponsored Cyberattackers Infiltrate Microsoft’s Code Base

The Russian state-sponsored advanced persistent threat group Midnight Blizzard has accessed Microsoft’s source code through internal repositories and systems, part of a sustained cyber campaign since January. Microsoft notes the attackers are using stolen email secrets to gain unauthorized access and are increasing password-spraying attempts. The breach could lead to zero-day vulnerability exploitation, emphasizing the critical nature of source code security in the digital age.

NY-based securities lending platform Equilend warns employees their data was stolen by ransomware gang

Equilend Holdings confirmed that their employees’ data was stolen in a ransomware attack in January, leading to a breach of payroll and human resources information. While client-facing services are back online with no evidence of client data access, Equilend is providing affected employees with identity theft protection services. The ransomware gang responsible for the attack has not been confirmed, but Equilend is taking steps to mitigate potential identity theft or fraud risks.

Critical Vulnerability Allows Access to QNAP NAS Devices

QNAP has patched a critical vulnerability (CVE-2024-21899) with a CVSS score of 9.8, affecting its QTS, QuTS hero, and QuTScloud products, allowing unauthenticated network access to NAS devices. This improper authentication issue was resolved in recent software updates alongside two other medium-severity vulnerabilities that required authentication for exploitation. Users are urged to apply these updates promptly to protect their devices from potential unauthorized access and ensure system security.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.