Ivanti Warns of Active Exploits Targeting New Cloud Service Appliance Vulnerabilities

Ivanti has identified three new security vulnerabilities (CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381) in its Cloud Service Appliance (CSA), which are actively being exploited.

These flaws, found in CSA versions before 5.0.2, involve SQL injection, OS command injection, and path traversal attacks, all of which can be used by remote authenticated attackers with admin privileges. Threat actors are combining these vulnerabilities with a previously disclosed zero-day (CVE-2024-8963) to carry out sophisticated attacks.

Ivanti urges users to upgrade to version 5.0.2 and review systems for signs of compromise. The company also advises using Endpoint Detection and Response (EDR) tools and monitoring for modified administrative users. Ivanti has no evidence of exploitation in CSA 5.0 or later.

Internet Archive Breach Exposes 31 Million User Records Amid DDoS Attack Threats

The Internet Archive’s “Wayback Machine” has been breached, with a hacker stealing a database containing authentication details for 31 million users.

The stolen data includes email addresses, bcrypt-hashed passwords, and other internal information.

The breach, disclosed by security expert Troy Hunt, was confirmed as legitimate. Although Hunt contacted the Internet Archive to begin a disclosure process, he has not received a response.

Compounding the issue, the site also suffered a DDoS attack, claimed by the BlackMeta hacktivist group, who has threatened further disruptions. The breach occurred on September 28, 2024.

EU Council Adopts Cyber Resilience Act to Strengthen Digital Product Security

The EU Council has adopted the Cyber Resilience Act, a new regulation establishing cybersecurity requirements for products with digital components, including IoT devices like connected home cameras, fridges, and toys.

The law aims to ensure that these products are secure throughout their lifecycle by harmonising cybersecurity standards across the EU and avoiding overlaps with existing legislation. Products will bear the CE marking to indicate compliance.

While certain products like medical devices and cars are exempt, the regulation will empower consumers to make informed decisions about cybersecurity when purchasing digital products.

The Cyber Resilience Act will take full effect 36 months after its official publication.

Microsoft Patches 118 Vulnerabilities, Including Two Actively Exploited Zero-Days

Microsoft has released security updates addressing 118 vulnerabilities across its software, including two zero-day flaws (CVE-2024-43572 and CVE-2024-43573) that are under active exploitation.

The vulnerabilities affect various products, with five flaws publicly known at the time of release. Critical issues include a remote code execution flaw in Microsoft Configuration Manager (CVE-2024-43468) with a CVSS score of 9.8.

Qualcomm Confirms Zero-Day Exploit in Chipsets Found in Millions of Android Devices

Qualcomm has confirmed that hackers exploited a zero-day vulnerability, CVE-2024-43047, in dozens of its chipsets, which are used in popular Android devices like those from Motorola, Samsung, and Xiaomi.

Google’s Threat Analysis Group and Amnesty International have found evidence of “limited, targeted exploitation” of the flaw, though the specifics of the targets remain unknown.

Qualcomm has released fixes to its customers, but it is now up to Android device makers to distribute patches to users.

Microsoft Office Remote Code Execution Vulnerability Requires Immediate Patch

Microsoft has disclosed CVE-2024-38124, a vulnerability in Microsoft Office that could enable remote code execution if an attacker convinces a user to open a specially crafted file. This issue is marked as “Important,” and exploitation requires user interaction. To safeguard systems, Microsoft recommends applying the latest security updates. The flaw primarily affects versions of Office that have not yet received the necessary patches.

Hackers Steal Employee Data in Cyberattack on CreditRiskMonitor

CreditRiskMonitor, a SaaS company providing trade credit and supply chain risk monitoring, revealed in an SEC filing that hackers stole sensitive employee and contractor data between July 9 and July 17, 2024.

While customer data was not compromised, the breach included personally identifiable information (PII) of staff.

The company detected unusual activity on July 19, but stated the hack has not materially impacted operations.

CreditRiskMonitor is offering affected individuals 24 months of free credit monitoring and continues to assess any potential financial impact from the breach. The perpetrators of the attack remain unidentified.

Microsoft Warns of Phishing Campaigns Exploiting Trusted File Hosting Services for Cyber Attacks

Microsoft has identified cyber attack campaigns that abuse legitimate file hosting services like SharePoint, OneDrive, and Dropbox to evade security defenses and conduct phishing attacks. These attacks, often dubbed “living-off-trusted-sites” (LOTS), use trusted platforms to deliver malware and bypass email security systems.

Since mid-April 2024, phishing campaigns have exploited these services to send view-only files that prompt users to authenticate, eventually redirecting them to phishing pages that steal login credentials and two-factor authentication tokens. The compromised accounts are then used for business email compromise (BEC), financial fraud, and further attacks.

Microsoft noted the growing sophistication of these tactics, which include tools like the Mamba 2FA phishing kit, sold as a phishing-as-a-service (PhaaS) offering.

Comcast Reports Data Breach Impacting Over 230,000 Customers Due to Third-Party Ransomware Attack

Comcast has disclosed that personal data from over 230,000 customers was stolen during a ransomware attack on Financial Business and Consumer Solutions (FBCS), a third-party debt collection provider.

The breach, which occurred between February 14 and 26, 2024, exposed customer names, addresses, Social Security numbers, and Comcast account information. Initially, FBCS reported no customer data was affected, but later confirmed the compromise in July.

Comcast, which stopped using FBCS in 2020, is among several organisations impacted by the breach, with other entities like Truist Bank and CF Medical also affected by the ransomware attack.

Microsoft Warns of Storm-0501: Cybercriminals Targeting Hybrid Cloud Environments with Ransomware

Microsoft has uncovered a new cybercriminal group, Storm-0501, that is exploiting hybrid cloud environments across multiple sectors in the U.S., including government, manufacturing, and law enforcement. The group, active since 2021, initially targeted U.S. school districts but has since expanded to perform ransomware operations.

Storm-0501 uses stolen credentials to gain access to on-premises environments, then moves laterally to cloud systems, enabling data theft, ransomware deployment, and persistent backdoor access.

Microsoft noted that this financially motivated group often operates ransomware-as-a-service, using tools from major ransomware actors like LockBit and BlackCat.

New Gorilla Botnet Targets Global Sectors with 300,000 DDoS Attacks in Just Three Weeks

Cybersecurity researchers at NSFOCUS have identified a new botnet malware family, Gorilla (also known as GorillaBot), based on the leaked Mirai botnet code.

Between September 4 and September 27, 2024, Gorilla executed over 300,000 attack commands, averaging 20,000 DDoS commands per day.

The botnet targeted over 100 countries, including China, the U.S., Canada, and Germany, with victims ranging from universities to government websites and banks.

Gorilla uses a variety of DDoS techniques, exploits an Apache Hadoop vulnerability for remote code execution, and employs sophisticated persistence methods to maintain long-term control over compromised devices.

Mozilla Patches Critical Firefox Vulnerability Exploited in the Wild

Mozilla has patched a critical vulnerability, CVE-2024-9680, impacting Firefox and Firefox Extended Support Release (ESR) versions. The flaw, a use-after-free bug in the Animation timeline component, has been actively exploited in the wild, allowing attackers to execute code remotely.

Mozilla addressed the issue in Firefox 131.0.2 and ESR versions 128.3.1 and 115.16.1.

While details on the specific exploits are unavailable, the flaw could be weaponised in watering hole attacks or drive-by downloads. Users are urged to update to the latest versions for protection.

If you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇