23-Feb-24: In Security News Today

Apple Shortcuts Vulnerability Allows Silent Data Theft

A critical vulnerability (CVE-2024-23204) in Apple’s Shortcuts app allows attackers to access sensitive data without user permission, bypassing Apple’s security framework. The bug affects macOS and iOS devices and has a high CVSS score of 7.5. Apple has released a patch, urging users to update their Shortcuts software and exercise caution when executing shortcuts from untrusted sources.

Breach at Aussie Telecom Tangerine Affects 232000 Customers

A breach at Australian telecom company Tangerine exposed personal information of 232,000 customers due to a third-party contractor’s compromised credentials. The breach included names, birthdates, mobile numbers, email addresses, and more, but not financial or password data. Tangerine, which uses MFA for customer accounts, took immediate action to secure the network and database, while the Australian government is considering stricter cybersecurity regulations for the telecommunications industry.

Nation-State Cyberattack Causes Pharmacy Delays in the US

Change Healthcare, a technology services provider for pharmacies, experienced a cyberattack from a suspected nation-state threat actor, leading to widespread delays in prescription refills across the US. The breach, limited to Change Healthcare, has raised concerns about potential exposure of patient data. The incident highlights the vulnerability of the healthcare sector to cyberattacks and emphasizes the need for proactive cybersecurity measures to protect sensitive information.

Critical Flaw in WordPress Bricks Theme Exploited by Threat Actors

A critical security flaw in the Bricks theme for WordPress, tracked as CVE-2024-25600 with a CVSS score of 9.8, is actively being exploited by threat actors to execute arbitrary PHP code on vulnerable sites. The vulnerability affects all versions of Bricks up to 1.9.6, but has been patched in version released on February 13, 2024. Attack attempts have been detected by security companies like Wordfence, with exploitation starting on February 14, 2024.

Chinese Government Agencies Using APT for Espionage

The Chinese government is utilizing an Advanced Persistent Threat (APT) group, disguised as a legitimate company, to conduct espionage on both foreign and domestic targets of political significance. This revelation sheds light on China’s foreign hacking activities and highlights the need for increased cybersecurity measures to counter such threats.

ConnectWise ScreenConnect Vulnerabilities and Threats

ConnectWise ScreenConnect is facing mass exploitation due to critical vulnerabilities, including an authentication bypass (CVE-2024-1709) and a path-traversal issue (CVE-2024-1708), leading to potential ransomware attacks. Initial access brokers are leveraging these bugs to gain access to thousands of servers and endpoints, with the US being a prime target. Organizations are advised to apply patches, monitor for indicators of compromise, and be cautious of unauthorized code execution in the ScreenConnect application’s folders.

Cyberattack on Malawi Immigration Department

Malawi Immigration Department has suspended passport services due to a cyberattack. The President of Malawi has stated that ransom will not be paid to the attackers in order to deter criminal activities.

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware

A dormant package named django-log-tracker on PyPI was updated after two years to distribute Nova Sentinel malware, indicating a likely compromise of the developer’s PyPI account. The malicious update stripped the package of its original content, leaving behind only an __init__.py and example.py file, which fetched and launched an executable containing the Nova Sentinel malware. This incident highlights the risk of supply chain attacks through compromised PyPI accounts, potentially impacting projects using the infected package as a dependency.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.