Welcome to our weekly roundup of cybersecurity news. Each week, we highlight the latest cyber threats, vulnerabilities, and notable stories that are shaping the cybersecurity landscape.
From advanced malware attacks to innovative phishing scams, we cover the critical updates you need to stay informed and protected.
threat
Notepad++ plugin compromised by hackers
Hackers targeted the widely used Notepad++ plugin 'mimeTools.dll' and injected malicious code that compromised users' systems when run. The attack, discovered by AhnLab Security Intelligence Center, leverages DLL hijacking to execute encrypted malicious shell code, making it difficult for programmers who rely on Notepad++ for its versatility and plugin support. poses a serious threat to writers. read more.
Weaponized PDF files deliver white pill malware
Fortinet cybersecurity researchers have discovered a new attack vector related to weaponized PDF files used to deliver multifunctional white pill malware. Hackers can exploit the reliability and popularity of PDFs to infiltrate systems through malicious code embedded in seemingly innocuous documents, raising awareness and the need to protect such files. is highlighted.
Fake electronic shopping attack targeting bank account information
A sophisticated fake e-shop fraud campaign targets users in Southeast Asia and hijacks their banking credentials through phishing emails and malicious APKs. Attackers are expanding their operations by leveraging screen sharing and abusing accessibility services to gain more control over victims' devices. This campaign highlights the evolving tactics of cybercriminals seeking to steal sensitive information.
Rhadamanthys stealer targets oil and gas sector
The oil and gas sector is the latest target of Rhadamanthys Stealer malware delivered through weaponized PDF files. This attack highlights the continuing threats to critical infrastructure sectors and the importance of robust cybersecurity measures to protect against such advanced threats.
Ransomware exploits unpatched vulnerabilities
Recent reports highlight an increasing trend in ransomware attacks that exploit unpatched vulnerabilities. Cybercriminals continue to exploit known weaknesses in systems to deploy ransomware, highlighting the critical need for timely updates and patches to prevent such attacks.
Android RATs available on the dark web
An Android remote access trojan (RAT) has been discovered for sale on the dark web, giving cybercriminals the ability to remotely control infected devices. This development poses a serious threat to Android users and highlights the importance of downloading apps carefully and using reliable sources.
Facebook page was hijacked
A new scheme involving the hijacking of Facebook pages has been uncovered, with attackers using compromised accounts to gain administrative access and spread malicious content. This tactic highlights the vulnerabilities that exist within social media platforms and the need for stronger security measures.
Winnti Group's latest campaign: Unapimon and Unhook
The notorious Winnti Group has launched a new campaign targeting organizations around the world using the Unapimon and Unhook malware. This campaign demonstrates the group's continued evolution and sophistication in its cyber espionage efforts.
AI package hallucinations: the new threat
Researchers have identified a new threat called “AI Package Hallucination,” in which attackers manipulate AI systems to generate malicious code. This innovative attack vector poses unique challenges for AI-driven security solutions and requires advanced detection and mitigation strategies.
Agent Tesla attacker revealed
Detailed analysis reveals the tactics and techniques used by attackers to deploy Agent Tesla malware. This insight into cybercriminal activities provides valuable information to defend against such threats.
Hacker hijacks YouTube channel
An increasing number of YouTube channels are being hijacked by cybercriminals, who are using these platforms to promote scams and malicious content. This trend highlights the need for increased security measures and awareness among content creators and viewers alike.
Vulnerability
Ivanti Connect Secure VPN targeted by Chinese hacking group
Multiple Chinese Nexus spy groups are exploiting critical vulnerabilities in Ivanti Connect Secure VPN appliances. Mandiant's investigation identified his CVE-2023-46805 and CVE-2024-21887 as exploited vulnerabilities that allowed an attacker to compromise her Active Directory system and perform lateral movement. Masu. This attack is concentrated under the activities of groups UNC5325 and UNC5337, deploying custom malware and new TTPs.
Backdoor injection in Magento e-commerce platform
An advanced vulnerability, CVE-2024-20720, has been discovered in the Magento e-commerce platform that allows attackers to insert a persistent backdoor. This vulnerability allows manipulation of Magento's layout template system and injection of malicious XML code. As one of his payloads, a fake Stripe payment skimmer designed to steal payment information from customers has been observed.
Apache HTTP server vulnerabilities
Apache has released an update that addresses a vulnerability in the Apache HTTP server that could allow an attacker to launch an HTTP/2 DoS attack and inject malicious headers. Vulnerabilities such as CVE-2024-24795 and CVE-2023-43622 can cause server crashes and severe performance degradation. To alleviate these issues, we recommend upgrading to version 2.4.59.
Google Pixel Phone zero-day exploit
Google has issued a patch for a zero-day vulnerability being exploited in the wild against Google Pixel smartphones. Users are encouraged to update their devices immediately to protect against potential breaches.
YubiKey Manager Privilege Escalation
An elevation of privilege vulnerability has been discovered in YubiKey Manager that could allow an attacker to gain elevated privileges on the host machine. Users are advised to update to the latest version of the software.
Flowmon vulnerability progress
A vulnerability in Progress Flowmon could allow an attacker to execute arbitrary code on an affected installation. Patches have been released and users should apply them without delay.
Federal Government Addresses Year-Old SS7 Vulnerability in Telephone Networks
Federal agencies have finally patched a years-old SS7 vulnerability that affected telephone networks. This vulnerability is known to allow attackers to intercept phone calls and messages.
VMware SD-WAN vulnerabilities
VMware has patched a vulnerability in its SD-WAN appliance that could allow an attacker to disrupt services or execute commands. We recommend that customers apply updates provided by VMware.
Chrome zero-day exploit patch released
A zero-day exploit affecting the Chrome browser has been patched by Google. This vulnerability could allow remote code execution and users should immediately update their browsers.
HTTP/2 continuous attack
A new attack technique called CONTINUATION Flood targets HTTP/2 protocol implementations and causes a denial of service. Apache has addressed this issue in its latest update.
WordPress plugin SQL injection
A SQL injection vulnerability has been discovered in a popular WordPress plugin. This flaw could allow an attacker to access sensitive information in the database. Users should ensure that their plugins are updated to the latest version.
Stay vigilant and ensure all systems are up to date with the latest patches and security measures. Until next week, keep your data and network safe.
data leak
XpressBees data breach: 95,000 users affected
Hackers claimed there was a major data breach at logistics and supply chain company XpressBees, which may have exposed the personal information of around 95,000 users. The breach was announced on a hacking forum by a user named “IntelBroker” who posted the XpressBees database for public download. The leaked data could include names, addresses, email addresses, phone numbers, and even financial details, raising concerns about identity theft and financial fraud. XpressBees has not yet issued an official statement regarding this breach.
HOYA Corporation Business disruption due to cyber attack
HOYA Corporation, the world's second largest lens manufacturer, suffered a cyberattack, disrupting its IT systems and operations. The Tokyo-based company detected unauthorized access at one of its overseas offices and took immediate steps to isolate the compromised server. This attack has affected several production plants and product ordering systems, and HOYA is working hard to resume normal operations and minimize the inconvenience to our customers.
Dating app “Hornet” releases user location information
Check Point Research (CPR) has identified a vulnerability in Hornet, a popular gay dating app that has been downloaded over 10 million times. A security flaw in this app could reveal a user's exact location despite efforts to disable distance display. Although the CPR method achieved location accuracy within 10 meters, it introduced significant privacy risks. Hornet has since lowered its location accuracy to 50 meters, but the possibility of accurate location remains a concern.
new story
Chrome device-bound session credentials
In a recent update, Google Chrome introduced device-bound session credentials for increased security. This new feature is intended to prevent session hijacking by reliably binding session cookies to users' devices and making it more difficult for attackers to exploit stolen cookies. This development is part of Google's ongoing efforts to improve browser security and protect user data.
AI tools using Azure AI
Microsoft is making strides in artificial intelligence with Azure AI. The company has introduced a suite of AI tools designed to help businesses and developers build intelligent applications. These tools leverage the power of machine learning and AI to provide advanced capabilities such as natural language processing, computer vision, and predictive analytics.
Microsoft announces Copilot
Another exciting development is Copilot, announced by Microsoft. This is a new AI-powered tool that helps users with various tasks. Copilot is integrated into Microsoft's suite of products and uses AI to help users write, analyze data, and more. This innovative tool is part of Microsoft's broader efforts to embed AI into everyday work processes to improve productivity and efficiency.
Stay informed and stay safe. Until next week, protect your data and keep your systems safe. Follow Cybersecurity News for the latest in cybersecurity news, whitepapers, and infographics.
