13-Feb-24: In Security News Today

Microsoft’s Critical Security Updates and Active Exploits Alert

Microsoft has released a significant batch of security updates addressing 72 vulnerabilities within the Windows ecosystem, highlighting the urgent need to mitigate risks associated with remote code execution, security feature bypass, information disclosure, and privilege escalation attacks. The company emphasized the active exploitation of three specific vulnerabilities, notably CVE-2021-43890 linked to Emotet/Trickbot/Bazaloader malware, and two security feature bypass vulnerabilities, CVE-2024-21412 and CVE-2024-21351, urging immediate attention from Windows administrators. Furthermore, an additional critical patch was issued for a Microsoft Office remote code execution vulnerability (CVE-2024-21413) with a high severity score of 9.8, underlining the potential for attackers to bypass protective measures and launch targeted phishing and spoofing campaigns against Windows users.

Apple Ramps Up Protection Against Malware with Increased Updates to XProtect

Apple is updating its fundamental Mac protection, XProtect, at a faster pace than ever before, introducing 11 new rules to the service in just six weeks. The frequency of updates suggests that Apple is aware of new attacks and is working to protect users. IT decision makers should take note and ensure their own perimeter and edge security is agile and robust.

Adobe’s Critical Security Patch Update

Adobe issued patches for 30 security vulnerabilities across multiple products, including Adobe Acrobat, Reader, Commerce, Magento Open Source, and others, addressing risks such as code execution and denial-of-service attacks. Urgent updates were highlighted for Acrobat and Reader, with critical flaws posing risks to Windows and macOS users. No exploits have been reported for these vulnerabilities in the wild, emphasizing the importance of timely updates to mitigate potential threats.

Bank of America Customers at Risk After Data Breach

Bank of America disclosed a data breach affecting approximately 57,028 customers, due to unauthorized access at Infosys McCamish Systems in November 2023. Personal and financial information, including social security numbers and account details, was exposed. The breach, claimed by the LockBit ransomware gang, highlights the importance of advanced cybersecurity measures for financial institutions to protect sensitive data and combat real-time threats.

Ransomware Disrupts Romanian Healthcare

A ransomware attack targeting Romania’s Hipocrate Information System forced hospitals to revert to manual record-keeping, impacting 26 facilities nationwide. The Backmydata ransomware, part of the Phobos family, encrypted data and demanded a 3.5 Bitcoin ransom. Despite the disruptions, most hospitals have backups for system restoration, highlighting the critical importance of cybersecurity measures and preparedness in healthcare infrastructure.

Emergence of Hunter-Killer Malware Tactics

An analysis of over 600,000 malware samples in 2023 has identified a significant rise in ‘hunter-killer’ malware tactics, resembling the stealth and attack strategy of modern submarines. This approach, focusing on evading detection and disabling cybersecurity defenses before delivering a malicious payload, has seen the most prevalent use of specific MITRE ATT&CK techniques like process injection and command scripting. The trend underscores the evolving sophistication of cyber threats, necessitating advanced defense mechanisms and continuous monitoring to protect against these ultra-evasive attacks.

CISA Adds Roundcube XSS Vulnerability to KEV Catalog

CISA has included a Roundcube webmail XSS vulnerability (CVE-2023-43770) in its exploited vulnerabilities catalog, urging updates due to potential arbitrary code execution risks. Despite the absence of public attack data, the flaw’s exploitation could lead to credential theft, session hijacking, and phishing, highlighting its significance for cyberespionage. This move follows the inclusion of four other Roundcube vulnerabilities linked to Russian threat actors, underscoring the ongoing security challenges with internet-exposed Roundcube servers.

Record Ransomware Losses in 2023

Ransomware actors hit a new high in 2023, amassing over $1 billion in extortion payments, a figure that’s seen as conservative by Chainalysis. This surge reflects an escalation in attack frequency and scope, with ransomware groups diversifying their tactics, including big-game hunting and ransomware-as-a-service models. Efforts to disrupt these activities, like the Hive ransomware group infiltration, demonstrate potential strategies for combating this growing cybercrime threat.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.