Nastiest Malware 2023
News, Announcements, Tech Discussions
September 5, 2024 By Efosa Udinmwen (Image credit: Shutterstock / song_about_summer) A new critical cybersecurity threat has been discovered by CYFIRMA Research, involving a severe remote code execution (RCE) vulnerability identified as CVE-2024-30078.This flaw affects the Wi-Fi drivers in multiple versions of Microsoft Windows, posing a potential risk to over 1.6 billion active devices worldwide.The vulnerability could allow malicious actors within the Wi-Fi range to execute unauthorized code on affected systems.How the exploit worksCVE-2024-30078 affects multiple versions of the Microsoft Windows operating system, including Windows 10, Windows 11, and several versions of Windows Server. The flaw resides in the Dot11Translate80211ToEthernetNdisPacket() function within the native Wi-Fi driver (nwifi.sys).The exploitation of CVE-2024-30078 has been reported in the wild in the United States, China, and parts of Europe. It poses significant risks to industries heavily reliant on Wi-Fi an
Feds post $10 million bounty for each of the six's whereabouts September 5, 2024 By Jessica Lyons The US today charged five Russian military intelligence officers and one civilian for their involvement with the data-wiping WhisperGate campaign conducted against Ukraine in January 2022 before the ground invasion began.In conjunction with the indictments, the feds also offered a $10 million bounty for information on each of the six men's whereabouts, and, along with nine other countries, released a 36-page cybersecurity advisory about the Russians' network intrusion efforts, which the government agencies claim have been ongoing since at least 2020.While none of the six named in the indictment are on American soil, so we're unlikely to see perp walks anytime soon, FBI Special Agent in Charge William DelBagno pledged, "there are steps that are going to be taken … to bring this indictment to fruition." >>Full Article<<
September 5, 2024 By Bill Toulas Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.The most severe of the problems addressed is CVE-2024-40711, a critical (CVSS v3.1 score: 9.8) remote code execution (RCE) vulnerability on Veeam Backup & Replication (VBR) that can be exploited without authentication.VBR is used to manage and secure backup infrastructure for enterprises, so it plays a critical role in data protection. As it can serve as a pivot point for lateral movement, it is considered a high-value target for ransomware operators.Ransomware actors target the service to steal backups for double-extortion and delete/encrypt backup sets, so victims are left without recovery options.In the past, the Cuba ransomware gang and FIN7, known to collaborate with Conti, REvil, Maze, Egregor, and BlackBasta,
A secretive Russian military unit, previously linked to assassinations and destabilization in Europe, is blamed for destructive wiper malware attacks in Ukraine. September 5, 2024 By Ryan Naraine A secretive Russian military intelligence unit, previously tied to foreign assassinations and destabilizing actions in Europe, has now been linked to cyberespionage and sabotage operations for the first time, according to a joint advisory from the US government and its allies.The military unit — identified as Russian GRU’s 161st Specialist Training Center (Unit 29155) — is being blamed for a series of aggressive cyber operations around the world, including the destructive WhisperGate malware that wiped the Master Boot Record (MBR) of computers in Ukraine.In the past, the investigative website Bellingcat found evidence linking Unit 29155 to the attempted assassinations of Bulgarian arms dealer Emilian Gebrev in April 2015 and the former GRU Colonel Sergei Skripal in March 2018.According to the
September 5, 2024 By Bill Toulas Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites.The flaw, tracked as CVE-2024-44000 and categorized as an unauthenticated account takeover issue, was discovered by Patchstack's Rafie Muhammad on August 22, 2024. A fix was made available yesterday with the release of LiteSpeed Cache version 6.5.0.1.Debug feature writes cookies to fileThe vulnerability is tied to the plugin's debug logging feature, which logs all HTTP response headers into a file, including the "Set-Cookie" header, when enabled. >>Full Article<<
By Cara Lin and Vincent Li | September 05, 2024 Affected Platforms: GeoServer prior to versions 2.23.6, 2.24.4, and 2.25.2Impacted Users: Any organizationImpact: Remote attackers gain control of the vulnerable systemsSeverity Level: Critical GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data. It is the reference implementation of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards. On July 1, the project maintainers released an advisory for the vulnerability CVE-2024-36401 (CVSS score: 9.8). Multiple OGC request parameters allow remote code execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The shortcoming has been addressed in versions 2.23.6, 2.24.4, and 2.25.2.On July 15, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a cri
RansomHub claims to have looted 93GB of data from the healthcare provider's Montana office and is threatening to leak the information. September 4, 2024 By Michael Kan (SAUL LOEB/AFP via Getty Images) A Planned Parenthood office suffered a cyberattack last week that may have led a ransomware group to steal data from the reproductive health provider. The attack targeted Planned Parenthood’s operations in Montana, which became aware of the incident on Wednesday, Aug. 28. “We immediately implemented our incident response protocols, including taking portions of our network offline as a proactive security measure,” Martha Fuller, CEO for the Montana office, told PCMag in a statement. News of the attack came from a ransomware group called RansomHub, which claims to have stolen 93GB of data from Planned Parenthood. It's threatening to leak the stolen data in a week. >>Full Article<<
September 4, 2024 By Sergiu Gatlan Cisco has fixed a command injection vulnerability with public exploit code that lets attackers escalate privileges to root on vulnerable systems.Tracked as CVE-2024-20469, the security flaw was found in Cisco's Identity Services Engine (ISE) solution, an identity-based network access control and policy enforcement software that enables network device administration and endpoint access control in enterprise environments.This OS command injection vulnerability is caused by insufficient validation of user-supplied input. Local attackers can exploit this weakness by submitting maliciously crafted CLI commands in low-complexity attacks that don't require user interaction.However, as Cisco explains, threat actors can only exploit this flaw successfully if they already have Administrator privileges on unpatched systems. >>Full Article<<
The White House has released a roadmap for addressing internet routing (BGP) security issues, mainly through RPKI adoption. September 4, 2024 By Eduard Kovacs The White House on Tuesday outlined a plan for addressing internet routing security issues, particularly vulnerabilities associated with the Border Gateway Protocol (BGP). BGP is the protocol used for exchanging routing information between autonomous systems (AS) on the internet. However, this critical component of the web was not created with security in mind and several potentially important vulnerabilities have come to light in the past years. They can enable threat actors to divert internet traffic, allowing them to cause disruption to critical infrastructure, obtain sensitive information, or conduct espionage. And the risks associated with BGP are not only theoretical. In the real world, BGP issues have caused disruptions and threat actors have been known to abuse BGP, including in profit-driven campaigns. >>Full Arti
September 4, 2024 By Lindsey O’Donnell-Welch Researchers have uncovered a new backdoor called KTLVdoor, which targets both Windows and Linux systems and is linked back to Chinese-speaking threat actor Earth Lusca.Earth Lusca is group that has been active since at least April 2019 and has targeted organizations from various sectors globally, including the U.S., France, Germany and more. The group was observed leveraging the new Go language-based KTLVdoor, which has the capabilities to run commands, manipulate (as well as download or upload) files, provide attackers with system and network data, scan remote ports and use proxies.“This previously unreported malware is more complex than the usual tools used by the threat actor,” said Cedric Pernet and Jaromir Horejsi with Trend Micro in a Wednesday analysis. “It is highly obfuscated and is being spread in the wild impersonating various system utilities names or similar tools, such as sshd, java, sqlite, bash, edr-agent, and more.” >>
September 4, 2024 By Pierluigi Paganini D-Link warns of multiple remote code execution vulnerabilities impacting its discontinued DIR-846 router series.Networking hardware vendor D-Link wars of multiple remote code execution (RCE) vulnerabilities in its discontinued DIR-846 router model.The vulnerabilities CVE-2024-44341 and CVE-2024-44342 (CVSS score of 9.8) are two OS command injection issues. A remote attacker could exploit them to execute arbitrary code on vulnerable devices.“D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability (CVE-2024-44341) via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request.” reads the advisory.“D-Link DIR-846W Firmware A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability (CVE-2024-44342) via the wl(0).(0)_ssid parameter.”The vendor also addressed a remote command execution (RCE) vulnerability, tracked as CVE-2024-41622 (CVSS score
September 4, 2024 By Ionut Ilascu Cisco’s site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout.Cisco’s site for selling company-themed merchandise is currently offline and under maintenance due to a compromise with JavaScript code that steals sensitive details provided at checkout.It is unclear how the malicious JavaScript landed on Cisco’s store but BleepingComputer has been told by researchers who wish to remain anonymous that it appears to be a CosmicSting attack (CVE-2024-34102).The Cisco Merchandise Store is a gift shop that provides Cisco-branded apparel and accessories (mugs, bottles, caps, powerbanks, bags, stickers, toys). At the time of writing, Cisco stores for U.S., Europe, and Asia Pacific, Japan and China (APJC) are unavailable. >>Full Article<<
DOJ reportedly seeks evidence of alleged unfair supply and pricing of AI chips. September 4, 2024 By Ashley Belanger The Department of Justice is reportedly deepening its probe into Nvidia. Officials have moved on from merely questioning competitors to subpoenaing Nvidia and other tech companies for evidence that could substantiate allegations that Nvidia is abusing its "dominant position in AI computing," Bloomberg reported.When news of the DOJ's probe into the trillion-dollar company was first reported in June, Fast Company reported that scrutiny was intensifying merely because Nvidia was estimated to control "as much as 90 percent of the market for chips" capable of powering AI models. Experts told Fast Company that the DOJ probe might even be good for Nvidia's business, noting that the market barely moved when the probe was first announced.But the market's confidence seemed to be shaken a little more on Tuesday, when Nvidia lost a "record-setting $279 billion" in market value foll