21-Aug-24: In Security News Today

Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data

Microsoft patched a critical vulnerability in its Copilot Studio, tracked as CVE-2024-38206, which could allow authenticated attackers to exploit a Server-Side Request Forgery (SSRF) flaw to leak sensitive information. This bug, with a CVSS score of 8.5, could potentially grant access to Microsoft’s internal infrastructure, including the Instance Metadata Service and Cosmos DB instances, though cross-tenant data access was not possible. Users are advised to review and apply the latest updates to mitigate this risk.

Litespeed Cache Bug Exposes Millions of WordPress Sites to Takeover Attacks

A critical vulnerability in the LiteSpeed Cache WordPress plugin, affecting over 5 million sites, allows unauthenticated attackers to escalate privileges and gain admin access, potentially leading to full site takeover. The flaw, present in versions up to 6.3.0.1, was patched in version 6.4, but many sites remain vulnerable due to slow adoption of the update. Immediate action to update to the latest version is strongly advised as active exploitation is anticipated.

Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue

A critical configuration issue in AWS Application Load Balancer (ALB) could expose up to 15,000 applications to ALBeast attacks. These attacks exploit a misconfiguration that allows threat actors to forge tokens and bypass authentication and authorization, potentially leading to unauthorized access and data exfiltration. AWS has updated its documentation and added new security measures, but applications using ALB should verify token signers and restrict traffic to mitigate this risk.

New macOS Malware TodoSwift Linked to North Korean Hacking Groups

A newly discovered macOS malware strain named TodoSwift has been linked to North Korean hacking groups, specifically BlueNoroff, a subgroup of Lazarus. The malware is distributed via a SwiftUI-based dropper application that deploys a malicious payload after displaying a Bitcoin-related PDF, a method similar to past DPRK malware like RustBucket. The primary targets are in the cryptocurrency industry, aiming to steal funds to evade international sanctions.

Microchip suffers cyberattack, impacting manufacturing operations

Microchip Technology has suffered a cyberattack that has impacted its manufacturing operations, highlighting the vulnerability of supply chains to cyber threats. The attack led to disruptions in production, emphasizing the need for robust cybersecurity measures to protect critical infrastructure. Cybersecurity professionals are advised to focus on strengthening defenses against such attacks to ensure operational resilience and continuity. 

Donating to your political party could cost you, cyber experts warn

A recent investigation has revealed that many US political donation websites are vulnerable to cyberattacks, posing significant risks to donor information and campaign integrity. These vulnerabilities could be exploited by cybercriminals to steal sensitive data or manipulate donation processes, highlighting a critical need for enhanced security measures. Cybersecurity professionals are urged to assess and fortify these platforms to protect against potential breaches and ensure the security of political contributions.

CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about a new phishing campaign linked to the Vermin malware, which is targeting Ukrainian organizations. This campaign utilizes malicious attachments to distribute the malware, aiming to compromise sensitive information and disrupt operations. Cybersecurity professionals are advised to implement stringent email security measures and conduct regular training to defend against such phishing threats.

North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign

North Korean hackers have developed and deployed a new strain of malware designed to infiltrate and exfiltrate data from targeted systems, posing significant threats to global cybersecurity. This advanced malware uses sophisticated evasion techniques to bypass traditional security measures, making detection and mitigation challenging. Cybersecurity professionals are urged to enhance monitoring capabilities and update defense strategies to counteract these evolving threats effectively.