17-Sep-24: In Security News Today

Void Banshee’ Exploits Second Microsoft Zero-Day

Void Banshee, an advanced persistent threat group, has been exploiting two similar zero-day vulnerabilities in Microsoft’s MSHTML platform, identified as CVE-2024-43461 and CVE-2024-38112. These flaws allow attackers to execute arbitrary code by spoofing the appearance of malicious files, tricking users into visiting harmful websites or downloading compromised files disguised as PDFs. Security experts recommend immediate patching of these vulnerabilities, as organizations lacking robust endpoint protection and patch management remain highly exposed to malware such as ransomware and backdoors.

Ransomware Gangs Now Abuse Microsoft Azure Tool For Data Theft

Ransomware gangs like BianLian and Rhysida are leveraging Microsoft’s Azure Storage Explorer and AzCopy tools to steal and store data in Azure Blob storage during network breaches. These tools help attackers exfiltrate large amounts of data, taking advantage of Azure’s trusted status in enterprise environments, which can bypass security defenses. To defend against such attacks, organizations should monitor for AzCopy execution, track outbound traffic to Azure Blob endpoints, and enforce automatic sign-out to prevent session hijacking.

Hezbollah Members Among Hundreds Wounded After Pagers Explode In Lebanon And Syria, Officials Say

Hundreds of pagers exploded nearly simultaneously across Lebanon and parts of Syria, injuring Hezbollah members and Iran’s ambassador, in what officials suspect to be an Israeli cyber operation. The attacks, likely caused by remotely triggered malware, occurred during a period of heightened tensions between Hezbollah and Israel, with ongoing clashes near the Lebanon-Israel border. The incident highlights the risks of cyberwarfare, as compromised devices, possibly via lithium battery vulnerabilities, were weaponized to inflict significant harm.

DOJ: Chinese Man Used Spear-Phishing To Obtain Software From Nasa, Military

Chinese national Song Wu, an employee of AVIC, has been charged for orchestrating a spear-phishing campaign targeting employees at NASA, the US Air Force, Navy, Army, FAA, and major research universities from 2017 to 2021. Wu allegedly used fake email accounts to solicit restricted aerospace software and source code. The DOJ indictment includes additional charges against other individuals for illicit export and smuggling activities related to military technology.

Apple Abandons Spyware Suit To Avoid Sharing Cyber Secrets

Apple has abandoned its lawsuit against the NSO Group to avoid disclosing sensitive threat intelligence that could compromise its cybersecurity measures. The decision reflects the growing risks of sharing proprietary defense strategies in a rapidly evolving and decentralized spyware market. Despite international sanctions, the commercial spyware industry remains resilient, prompting Apple to focus on enhancing its internal defenses rather than engaging in further legal battles.

CloudImposer’ Flaw In Google Cloud Affected Millions Of Servers

A significant vulnerability, dubbed “CloudImposer,” in Google Cloud Platform’s Cloud Composer, App Engine, and Cloud Functions could have allowed attackers to exploit a dependency confusion flaw through a single malicious Python package. This flaw, discovered by Tenable, leveraged risky guidance from Google on using the –extra-index-url argument, which could inadvertently pull malicious packages from public repositories. Google has since patched the issue, revised its documentation, and advised users to review their package management practices to avoid similar vulnerabilities.

Ukraine, Gaza Wars Inspire DDoS Surge Against Finservs

Geopolitical conflicts in Gaza and Ukraine have driven a significant increase in DDoS attacks on financial services organizations, with these attacks almost doubling compared to other industries. The attacks are becoming both larger and more persistent, often involving sophisticated methods like UDP flooding and DNS reflection, and are frequently politically motivated. The rise in DDoS activity is also attributed to vulnerabilities introduced by open APIs under regulations like PSD2, which expand potential attack vectors.

AT&T Pays $13 Million Fcc Settlement Over 2023 Data Breach

AT&T has agreed to a $13 million settlement with the FCC over a 2023 data breach involving a vendor’s compromised cloud environment, which exposed customer data from approximately 9 million wireless accounts. The FCC’s investigation revealed that AT&T’s lax oversight of the vendor’s data handling and its own cybersecurity practices contributed to the breach. As part of the settlement, AT&T will implement enhanced data protection measures, including improved data inventory processes, stricter vendor compliance, and annual audits to prevent future incidents.

Construction Firms Breached In Brute Force Attacks On Accounting Software

Construction firms are experiencing breaches due to brute-force attacks on exposed Foundation accounting software servers. Attackers exploit open ports and default or weak passwords for Microsoft SQL Server accounts, leading to unauthorized access and command execution via SQL queries. Huntress identified these vulnerabilities, urging admins to secure credentials and restrict public access to mitigate risks.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.