27-Feb-24: In Security News Today

Patches issued for Zyxel firewall product vulnerabilities

Zyxel has released patches to address four vulnerabilities in their firewall and access point offerings, including null pointer deference, post-authentication command injection, and format string security issues. Threat actors could exploit these vulnerabilities to cause denial-of-service conditions, enable operating system command execution, and achieve unauthenticated remote code execution. Zyxel highlighted the complexity involved in exploiting one of the format string bugs, emphasizing the need for extensive knowledge of device configuration and memory layout.

Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks

A vulnerability in the Hugging Face Safetensors conversion service allows attackers to compromise models submitted by users, leading to supply chain attacks. Malicious actors can hijack the service to send malicious pull requests and tamper with models, potentially implanting neural backdoors. This vulnerability poses a significant supply chain risk by allowing attackers to compromise widely used models and datasets on the Hugging Face platform.

APT29’s Evolving Cloud Attack Tactics Exposed by Five Eyes Agencies

Five Eyes agencies have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor APT29, also known as BlueBravo, Cloaked Ursa, Cozy Bear, and others. APT29 has shifted towards targeting cloud infrastructure, using tactics like brute-force attacks, password spraying, token access, and leveraging residential proxies to conceal their origins. Organizations are advised to protect against APT29’s tactics for initial access and be wary of sophisticated post-compromise capabilities like MagicWeb.

U-Haul Data Breach Impacts 67,000 Customers

U-Haul disclosed a data breach affecting around 67,000 customers in the U.S. and Canada, where an unauthorized party accessed a system used by U-Haul dealers to track reservations and view customer records. The breached data included driver’s license numbers and other identification card numbers, but not the payment system. U-Haul is working with a cybersecurity company to investigate the incident, offering free credit-monitoring services to victims, and enhancing security measures to prevent future breaches.
Royal Canadian Mounted Police targeted in ‘alarming’ cyberattack

The Royal Canadian Mounted Police (RCMP) was targeted in an alarming cyberattack, prompting a criminal investigation into the breach. Despite the breach, there is no known impact on safety and security operations. The RCMP is working with Canadian government partners to assess the breach and hold those responsible accountable, highlighting the growing threats of cyberattacks on critical infrastructure and government operations.

Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub

Xeno RAT, an intricately designed remote access trojan, has surfaced on GitHub, offering a comprehensive set of features for remote system management. Developed in C#, it is compatible with Windows 10 and 11, includes a SOCKS5 reverse proxy, real-time audio recording, and a hidden virtual network computing module. The malware’s developer, moom825, also created DiscordRAT 2.0, highlighting the rise of affordable and freely available malware driving an increase in RAT campaigns.

Most Commercial Code Contains High-Risk Open Source Bugs

A study by Synopsys revealed that 74% of commercial codebases contain high-risk open source vulnerabilities, with a significant increase from 48% in 2022. Industries like computer hardware, semiconductor, manufacturing, and AI are particularly affected. The surge in high-risk bugs is attributed to limited vendor resources for patching, outdated components, and the growing number of organizations being compromised through such vulnerabilities.

Four Million WordPress Sites Vulnerable to LiteSpeed Plugin Flaw

A significant vulnerability in the LiteSpeed Cache plugin for WordPress, affecting over 4 million active installations, has been discovered by cybersecurity researchers. The flaw allows for unauthenticated site-wide stored XSS, potentially leading to unauthorized access to sensitive information or privilege escalation. Users are advised to update to version of the plugin to mitigate the risk, highlighting the importance of proactive security measures in WordPress plugin development.

I-Soon Leak: What Cyber Experts Learned About Chinese Cyber Espionage

Leaked documents from a Chinese security company, I-Soon, have provided valuable insights into China’s commercial cyber espionage industry, offering a significant opportunity for cyber threat intelligence researchers. The leaked data revealed details about the company’s operations, including its involvement in cyber espionage activities targeting various countries and industries. Despite the legitimacy of the documents being questioned, the leak has shed light on the complex Chinese threat landscape and the outsourcing of intelligence gathering by Chinese government agencies to commercial vendors.

eBay, VMware, McAfee Sites Hijacked in Sprawling Phishing Operation

A phishing campaign named Operation SubdoMailing has compromised over 8,000 subdomains of well-known brands like eBay, VMware, and McAfee, sending millions of malicious emails daily. The campaign bypasses industry-standard email security measures and appears to come from trusted domains. Guardio Labs uncovered the operation, linking it to a threat actor named ResurrecAds who manipulates hijacked subdomains to exploit legitimate services for profit.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.