- The Cybersecurity Digest Newsletter
- Posts
- Midweek Cybersecurity Digest: 28 Aug 2024
Midweek Cybersecurity Digest: 28 Aug 2024
Versa Director Vulnerability, Critical WPML Flaw, BlackSuit Ransomware, and More!
Greg
August 28, 2024
The Cybersecurity Digest Newsletter
Date: 28 Aug 2024
Happy Wednesday and welcome to the Cybersecurity Digest! We are halfway through the week!
Thank you to everyone who has subscribed to the newsletter so far! If you enjoy the content, I ask that you please share it with someone you know who would benefit from the information that this Newsletter provides! The more subscribers the newsletter gets the easier it will be to continue to provide this FREE resource! If you have any feedback comments are open on the website for subscribers!
In addition to this newsletter, we have a weekly podcast which will be published on Mondays that recaps the top 10 stories from the previous week.
**Please note that Blue Article Titles and words in sections are links directing to source material. Additionally, if the background is too dark for text on mobile, try turning off your phones dark mode.
Upcoming In Today's Issue
Notable News
SecurityWeek reports that malware hunters at Lumen Technologies have identified Chinese APT Volt Typhoon exploiting a zero-day vulnerability in Versa Director servers, tracked as CVE-2024-39717. This high-severity flaw allows attackers to hijack credentials and infiltrate downstream networks, primarily affecting ISPs and MSPs. The vulnerability, added to CISA’s must-patch list, has been actively exploited since at least June 2024, with Volt Typhoon targeting several US victims. Versa Networks attributes the exploitation to misconfiguration errors by customers. The Black Lotus Labs team at Lumen Technologies linked the exploitation to Volt Typhoon, a Chinese government-backed hacking group known for targeting critical infrastructure.
BleepingComputer reports that Google has patched its tenth zero-day vulnerability of 2024, tracked as CVE-2024-7965, which was reported by a security researcher known as TheDog. This high-severity flaw in Chrome’s V8 JavaScript engine could allow remote attackers to exploit heap corruption via a crafted HTML page. Alongside CVE-2024-7971, another high-severity zero-day, both vulnerabilities have been fixed in Chrome version 128.0.6613.84/.85 for Windows/macOS and Linux. Google has acknowledged that these vulnerabilities have been exploited in the wild but has not yet provided detailed information about the attacks. Users are advised to update their Chrome browsers to the latest version to ensure protection.
In the aftermath of the outage last month from the CrowdStrike channel update, Microsoft is hosting a summit with CrowdStrike and other EDR vendors to discuss a path forward.
The DarkReading article discusses the rise of Greasy Opal, a sophisticated cyberattack enablement tool used for volumetric bot attacks, particularly targeting CAPTCHA systems. It highlights how Storm-1152, a Vietnam-based threat actor group, used Greasy Opal to create 750 million fake Microsoft accounts.
HackRead looks at a Massive Data Exposure at ServiceBridge: 2.68 TB of Sensitive Records Leaked. A major cloud misconfiguration has exposed over 31 million records, including personal and financial information, highlighting the critical need for robust data security measures.
SecurityAffairs discusses a critical flaw in the WPML WordPress plugin, installed on over 1 million websites, could allow authenticated users to execute remote code, potentially compromising affected sites. This vulnerability, tracked as CVE-2024-6386, has a high severity score of 9.9.
SecurityAffairs talks about the Dutch Data Protection Authority has fined Uber a record €290 million for failing to adequately protect user data and obstructing drivers’ rights to access their personal information. This penalty highlights significant privacy violations, including insufficient transparency about data retention and sharing practices.
BleepingComputer reports that the Pidgin messaging app removed the ScreenShareOTR plugin from its official repository after discovering it was used to install keyloggers, information stealers, and other malware. This malicious plugin, which posed as a screen-sharing tool, infected users with DarkGate malware, a threat commonly used to breach corporate networks.
TheHackerNews reports that Microsoft has patched a vulnerability in Microsoft 365 Copilot that allowed attackers to steal sensitive user information using a technique called ASCII smuggling. This flaw exploited special Unicode characters that mimic ASCII but remain invisible in the user interface, enabling data theft.\
BleepingComputer reports that the BlackSuit ransomware attack on Young Consulting exposed the data of 954,177 individuals, prompting the company to issue breach notifications.
The Hacker News discusses a macOS version of the HZ RAT backdoor has been discovered, targeting users of Chinese messaging apps like DingTalk and WeChat.
Recent Research
The team at SlashNext have discovered malicious actors using unicode characters to create a QR Code. Truly terrifying and worth a read!
In this report The DFIR report takes a deeper look at the BlackSuit Ransomware.
An article that looks at some research from the folks over at ANY.RUN and their recent discovery of abuse in the PythonAnywere cloud platform.
NetSkope looks at and discusses increases in Sway being used to deliver Quishing messages.
I was informed I had missed this. It is a fascinating look from the JFrog research team looking at the attack surface Machine Learning can present. Definitely a fascinating read.
Prevalent Patches
Gitlab resolved 13 vulnerabilities with their updated versions of GitLab Community Edition (CE) and Enterprise Edition (EE) released:
17.2.2
17.1.4
17.0.6
CISA Corner
Since our last newsletter, CISA has added two more CVEs to it’s Known Exploited Vulenrability Catalog
CVE-2024-7971 Google Chromium V8 Type Confusion Vulnerability
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-38856 Apache OFBiz Incorrect Authorization Vulnerability
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).
The advisory highlights a Dangerous File Type Upload Vulnerability. If you use this product you should patch ASAP as exploitation in the wild has been observed (In Monday’s KEV Addition)
Conclusion:
Thank you for reading this edition of the Cybersecurity Digest Newsletter. If you enjoyed this newsletter please share with someone you know who would benefit from this information.
For previous newsletters, announcements, and links please check out our full website. As a reminder we had a podcast episode come out Monday that looked at the top stories from the past week. If interested you can check it out.
Before you go here is your Dad Joke:
Where do people go to fight in a shopping mall?
The feud court!
Until next time, Stay Secure!
Reply