THN Cybersecurity Update: Key Threats, Tools, and News (October 2021)

Published:

Cybersecurity Weekly Recap: The Latest Threats and Developments (Oct 28, 2024)

Cybersecurity news can sometimes feel like a never-ending horror movie, can’t it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don’t worry, we’re here to break it all down in plain English and arm you with the knowledge you need to stay safe. So grab your popcorn (and maybe a firewall), and let’s dive into the latest cybersecurity drama!

⚡ Threat of the Week

Critical Fortinet Flaw Comes Under Exploitation

Fortinet has revealed a critical security flaw impacting its FortiManager product (CVE-2024-47575, CVSS score: 9.8). This vulnerability allows for unauthenticated remote code execution, making it a prime target for attackers. Currently, the identity of the threat actors exploiting this flaw remains unknown, but Google-owned Mandiant is tracking the activity under the name UNC5820. Organizations using FortiManager are urged to apply patches immediately to mitigate the risk.

🔥 Trending CVEs

This week, several vulnerabilities have caught the attention of cybersecurity experts:

  • CVE-2024-41992: A command injection vulnerability that could allow attackers to execute arbitrary commands.
  • CVE-2024-20481, CVE-2024-20412, CVE-2024-20424, CVE-2024-20329: Multiple vulnerabilities in Cisco ASA and FTD devices that require urgent fixes.
  • CVE-2024-38094: Actively exploited flaw that organizations should address promptly.
  • CVE-2024-8260: A security flaw in Styras OPA that exposes sensitive data.
  • CVE-2024-38812: A vulnerability in VMware’s vCenter Server that has been patched.
  • CVE-2024-9537: A newly identified vulnerability in ScienceLogic SL1.
  • CVE-2024-48904: A critical flaw that requires immediate attention.

🔔 Top News

Severe Cryptographic Flaws in Cloud Storage Providers

Cybersecurity researchers have uncovered severe cryptographic issues in end-to-end encrypted (E2EE) cloud storage platforms, including Sync, pCloud, Icedrive, Seafile, and Tresorit. These vulnerabilities could allow attackers to inject files, tamper with file data, and even gain access to plaintext data. However, successful exploitation requires the attacker to gain access to a server.

Lazarus Exploits Chrome Flaw

The notorious North Korean threat actor group, Lazarus, has been linked to the exploitation of a zero-day vulnerability in Google Chrome (CVE-2024-4947). This flaw allowed attackers to seize control of infected devices. The campaign involved tricking users into visiting a malicious website disguised as a multiplayer online battle arena game. The vulnerability was patched by Google in May 2024, but the attack highlights the ongoing threat posed by advanced persistent threats (APTs).

AWS Cloud Development Kit (CDK) Account Takeover Flaw Fixed

A recently patched security flaw in the AWS Cloud Development Kit (CDK) could have allowed attackers to gain administrative access to AWS accounts, leading to potential account takeovers. Amazon addressed this issue in CDK version 2.149.0, released in July 2024, following responsible disclosure.

SEC Fines Companies for Misleading SolarWinds Disclosures

The U.S. Securities and Exchange Commission (SEC) has charged four public companies—Avaya, Check Point, Mimecast, and Unisys—for making materially misleading disclosures related to the SolarWinds cyberattack in 2020. The SEC accused these companies of downplaying the severity of the breach in their public statements.

4 REvil Members Sentenced in Russia

Four members of the now-defunct REvil ransomware operation have been sentenced to several years in prison in Russia. Their arrests followed a law enforcement operation in January 2022, marking a significant step in the fight against ransomware.

📰 Around the Cyber World

Delta Air Lines Sues CrowdStrike

Delta Air Lines has filed a lawsuit against CrowdStrike, accusing the cybersecurity vendor of breach of contract and negligence following a major outage in July that resulted in 7,000 flight cancellations and over $500 million in losses. Delta claims that CrowdStrike’s failure to properly test a software update led to the outage.

Meta Announces Secure Way to Store WhatsApp Contacts

Meta has introduced a new encrypted storage system for WhatsApp contacts called Identity Proof Linked Storage (IPLS). This system allows users to create and save contacts directly within the messaging platform, enhancing privacy and security.

CISA, FBI Investigating Salt Typhoon Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are investigating unauthorized access to commercial telecommunications infrastructure by threat actors linked to China. The Salt Typhoon hacking group has reportedly breached the networks of major telecommunications companies, raising concerns about the potential compromise of sensitive information.

Fraudulent IT Worker Scheme Becomes a Bigger Problem

A new report from identity security company HYPR highlights the growing issue of fraudulent IT worker schemes. While North Korean actors have been in the spotlight, the report indicates that this problem extends beyond borders, with individuals misrepresenting their identities to gain employment in Western companies.

Novel Attacks on AI Tools

Researchers have uncovered vulnerabilities in AI tools, including the ability to manipulate digital watermarks generated by AWS Bedrock Titan Image Generator. This development raises concerns about the security of AI-generated content and the potential for misuse.

🔥 Resources & Insights

🎥 Infosec Expert Webinar

Join our upcoming webinar on Mastering Data Security in the Cloud with DSPM. Learn how Global-e improved their data security posture and gain actionable insights on implementing DSPM to reduce risk and optimize cloud costs.

🛡️ Ask the Expert

Q: What is the most overlooked vulnerability in enterprise systems that attackers tend to exploit?

A: Common overlooked vulnerabilities include IAM misconfigurations, over-permissioned accounts, and poorly secured APIs. Implementing tools like Azure PIM and using adaptive MFA can significantly enhance security.

🔒 Tip of the Week

Level Up Your DNS Security: Enhance your DNS security by using a privacy-focused resolver, blocking malicious sites, and enabling DNSSEC to verify the authenticity of DNS records.

Conclusion

And there you have it – another week’s worth of cybersecurity challenges to ponder. Remember, in this digital age, vigilance is key. Stay informed, stay alert, and stay safe in the ever-evolving cyber world. We’ll be back next Monday with more news and insights to help you navigate the digital landscape.


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related articles

Recent articles