15-Feb-24: In Security News Today

FBI Neutralizes APT28-Controlled Router Botnet

The FBI dismantled a botnet comprising hundreds of Ubiquiti Edge OS routers controlled by APT28, a Russian cyberespionage group, by leveraging the Moobot malware. This operation blocked the group’s remote access and collected routing information to counter their espionage efforts. This action highlights the ongoing battle against state-sponsored cyber threats and the importance of securing network devices against unauthorized access​​.

Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks

A Chinese-speaking cybercrime group known as GoldFactory has been identified as the developer of sophisticated banking trojans, including a new iOS malware called GoldPickaxe. GoldPickaxe is capable of harvesting identity documents, facial recognition data, and intercepting SMS messages. The malware uses deepfake technology to create fake videos for confirmation purposes. The group is also responsible for other Android-based banking malware, such as GoldDigger and GoldDiggerPlus.

ESET Mitigates Privilege Escalation Vulnerability

ESET has addressed a high-severity vulnerability (CVE-2024-0353) across its Windows security products, which could potentially allow low-privileged attackers to delete files with System privileges. Identified in the real-time file system protection feature, this flaw was disclosed by Trend Micro’s Zero Day Initiative, prompting ESET to release patches for a wide range of its antivirus, endpoint, and server products. Users are advised to apply these patches promptly to safeguard against potential exploitation​​.

Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries

A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed that the software is using an 11-year-old version of Linux that hasn’t been supported since November 2020. The outdated software and libraries have left the devices vulnerable to numerous weaknesses, including active exploitation by threat actors. The findings highlight the importance of visibility into digital supply chains and the need for vendors to provide software bill of materials (SBOMs) to customers.

Geopolitical Motivations Amplify DDoS Hacktivism

DDoS hacktivism has evolved into a tool for geopolitical vengeance, dominating recent attacks with a notable shift in targets and motivations. This trend is evident from StormWall’s analysis for Q4 2023, highlighting an increase in attacks against critical infrastructure sectors by geopolitical actors. The data indicates a strategic move to inflict economic and operational damage on nations, underlining the necessity for enhanced cybersecurity measures and international cooperation to mitigate these threats. For a deeper understanding, visit SecurityWeek’s article on this topic​​.

Wi-Fi Authentication Bypass Vulnerabilities Exposed

Newly discovered Wi-Fi authentication bypass vulnerabilities in Wpa_supplicant and Intel’s IWD software pose risks to both enterprise and home networks. These flaws, identified by researchers, could allow attackers to intercept network traffic or gain unauthorized network access without user interaction. Patching efforts are underway, with fixes released for affected platforms, highlighting the critical importance of verifying authentication server certificates and updating systems to protect against potential exploits​​.

Critical Exchange Server Vulnerability With A CVSS Score of 9.8

Microsoft has updated its advisory to report that a critical Exchange Server vulnerability, CVE-2024-21410, has been actively exploited, allowing attackers to conduct pass-the-hash attacks for unauthorized authentication. This flaw, leading to a CVSS score of 9.8, is particularly concerning due to the potential for privilege escalation and was resolved with the release of Exchange Server 2019 Cumulative Update 14. The update addresses the lack of default NTLM credential relay protection, among other improvements, highlighting the necessity for administrators to apply the patch promptly to mitigate risks​​.

Turla’s Evolving Cyberespionage Tactics

Russian APT group Turla targets Polish NGOs supporting Ukraine with “TinyTurla-NG,” a novel, modular backdoor malware, marking a strategic evolution in cyberespionage tactics. This campaign, active since December, leverages both new and traditional methods, including compromised WordPress sites for command-and-control, and introduces a PowerShell-based implant “TurlaPower-NG” for credential theft. Cisco Talos emphasizes the need for a layered defense strategy against such sophisticated threats, highlighting Turla’s adaptability and the ongoing risk to organizations.

Prudential Financial Discloses Cybersecurity Breach

Prudential Financial has disclosed a cybersecurity breach involving unauthorized access to certain company systems. The breach exposed administrative and user data, but there is no evidence of customer or client data compromise. Prudential activated its incident response protocol and is working with external experts to investigate and mitigate the incident.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.