Weekly overview of cybersecurity news vulnerabilities and cyber attacks

Our weekly cybersecurity news roundup provides information on the latest threats, vulnerabilities, innovations, attacks, dangers and stories in the space.

It also discusses possible future malicious tactics that can threaten the devices and force you to take timely defensive measures.

This is important because it allows us to take appropriate security measures in a timely manner and thus adopt a defensive stance.

Furthermore, this ongoing understanding of the situation promotes a comprehensive perception that ensures appropriate strengthening of the system in the face of constantly changing threat matrices and appropriate risk management.

Bondnet uses high-performance bots for C2 servers

Threat actors use powerful bots to carry out large-scale automated attacks. These bots can flood systems, steal information, and perform sophisticated cyber operations autonomously. Bondnet used these bots for C2 servers and configured reverse RDP environments on compromised system sources.

Discord-based malware attacks Linux systems in India

A Pakistan-based threat actor, UTA0137, has used the Discord-based malware DISGOMOJI to attack Linux systems in India. This malware uses emojis for command and control communication and exploits the DirtyPipe vulnerability in the BOSS Linux system source.

New Moonstone Snowfall: North Korean actor distributes malicious open source packages

Moonstone Sleet, a North Korean threat actor, is targeting the open source software supply chain by distributing malicious NPM packages. These packages are designed to execute their payload immediately after installation and attack both Windows and Linux system sources.

SmokeLoader’s modular malware features

SmokeLoader, a modular malware, has been observed with advanced capabilities including stealing credentials, gathering system information, and the ability to download additional payloads. This malware is used in various cyber espionage campaigns. Source.

Hackers abuse Windows search

Cybercriminals use Windows Search to distribute malware. By manipulating search results, they can trick users into downloading and executing malicious files, resulting in a system compromise source.

Black Basta actors exploited zero-day privilege escalation vulnerability in Windows

The Cardinal cybercrime group, which operates the Black Basta ransomware, exploited a Windows privilege escalation vulnerability (CVE-2024-26169) as a zero-day vulnerability. The vulnerability, which was patched on March 12, 2024, was found in the Windows Error Reporting Service. Analysis revealed that the exploit tool used in the recent attacks was compiled before the patch, indicating a potential zero-day exploit. The attackers used batch scripts disguised as software updates, although no ransomware payload was deployed in the attack source investigated.

Chinese hackers have compromised 20,000 FortiGate systems worldwide

Chinese state actors targeted FortiGate systems with the COATHANGER malware, compromising at least 20,000 systems worldwide, including government and defense networks. The attackers exploited the CVE-2022-42475 vulnerability, which they knew about about two months before it was disclosed. Despite security updates, the threat actors retained access to many systems, underscoring the need for robust defense strategies.

ValleyRAT password stealing techniques

Researchers at Zscaler have detailed the techniques of ValleyRAT, a remote access tool first observed in early 2023. The malware uses multi-stage payload delivery, DLL sideloading, and anti-AV evasion tactics. It uses XOR and RC4 encryption, process injection, and API resolution tricks to maintain stealth and persistence on infected system sources.

APT hackers abuse Google OneDrive

Advanced Persistent Threat (APT) groups are abusing Google OneDrive to host and distribute malware. This tactic allows them to bypass traditional security measures and send malicious payloads to target systems. The use of legitimate cloud services for malicious purposes highlights the evolving strategies of cyber threat actors.

MultiRDP malware attacks multiple systems simultaneously

The MultiRDP malware has been identified as a tool that allows attackers to control multiple Remote Desktop Protocol (RDP) sessions simultaneously. This ability enables widespread and coordinated attacks on multiple systems, increasing the potential impact and damage of such cyberattacks.

UNC5537 hijacks Snowflake

The UNC5537 threat group is associated with a major data breach at Snowflake, a cloud AI data platform. The attackers managed to infiltrate the platform, affecting multiple organizations and exposing sensitive data sources.

Hackers use OTP bots to bypass 2FA

Cybercriminals have developed OTP bots that can bypass two-factor authentication (2FA) mechanisms. These bots automate the interception and use of one-time passwords (OTPs), posing a significant threat to the security of online accounts and service sources.

Stay informed and vigilant to protect your systems from these evolving cybersecurity threats.

Data leaks

Data leak at Kulicke & Soffa

Kulicke & Soffa, a semiconductor equipment manufacturer, suffered a data theft. The theft exposed confidential information, including employee and customer data.

Investigation into the 23andMe hack

Genetic testing company 23andMe is investigating a data breach that may have exposed the personal information of millions of users. The breach has raised concerns about the security of the genetic data source.

Cyberattack on Japanese video sharing website

A popular video-sharing website in Japan was the target of a cyberattack that exposed user data. The attack highlights the vulnerabilities of online platforms and the need for robust security measures. Source.

Security vulnerabilities

FortiOS vulnerability allows unauthorized commands

A critical vulnerability in FortiOS allows attackers to execute unauthorized commands. This vulnerability poses a significant risk to organizations using Fortinet products.

Microsoft patch for RCE and privilege escalation

Microsoft has released patches that resolve remote code execution (RCE) and privilege escalation vulnerabilities. These patches are critical to maintaining the security of Windows system sources.

Chrome 126 released

Google has released Chrome 126, which includes several security fixes. Users are advised to update their browsers to protect themselves from potential exploits.

Security vulnerabilities in VLC Media Player

Several vulnerabilities have been discovered in VLC Media Player that could allow attackers to execute arbitrary code. Users should update to the latest version to mitigate these risks.

Microsoft Outlook Zero-Click RCE Error

A zero-click remote code execution flaw has been discovered in Microsoft Outlook. This security vulnerability allows attackers to compromise systems without user interaction.

Other news

Recall of Windows AI delayed

Technical issues have delayed the recall of a Windows AI feature. This delay affects users who rely on the feature for various applications.

CISA calls on administrators

The Cybersecurity and Infrastructure Security Agency (CISA) urges administrators to implement critical security updates to protect against new threats. This advisory underscores the importance of a timely patch management source.