- Elevate Your Cybersecurity with NCSC’s Cyber Improvement Grant
- Critical Vulnerability in Palo Alto Networks’ Expedition Tool Exposes Admin Accounts to Takeover
- Microsoft Patch Tuesday for November 2024 Fixes 89 Vulnerabilities
- New Excel Malware Campaign Exploits .XLL Files for Stealthy Data Theft
- Clop Ransomware Exploits MOVEit Zero-Day Vulnerability
- Hackers Breach Schneider Electric, Expose Sensitive Corporate Data
- Growing Threat of SEO Poisoning and Malicious Ads in Google Search Results
- Google Vertex AI Vulnerabilities Expose Risks in Custom AI Model Deployment
- MOVEit Vulnerability Exposes Amazon Employee Data via Third-Party Breach
- Meta Faces €798 Million Fine in EU’s Largest Antitrust Action Yet
- Opera Browser Vulnerability Allows Exploits via Malicious Extensions
- Zoom Patches Critical Vulnerabilities Allowing Privilege Escalation and Data Leaks
- Misconfigured Microsoft Power Pages Sites Leave Millions of Records Exposed
Elevate Your Cybersecurity with NCSC’s Cyber Improvement Grant
The NCSC Cyber Improvement Grant, providing up to €60,000 in funding, helps businesses implement vital cybersecurity measures based on their initial Cyber Security Review.
Covering up to 80% of project costs, the grant allows organisations to strengthen defences, address specific vulnerabilities, and enhance security practices. Eligible projects include software upgrades, consultancy, staff training, and threat detection setup.
Applications are open until December 8, 2024, with project completion required by June 30, 2025.
View SourceCritical Vulnerability in Palo Alto Networks’ Expedition Tool Exposes Admin Accounts to Takeover
A severe vulnerability (CVE-2024-5910) in Palo Alto Networks’ Expedition tool could allow attackers with network access to take control of admin accounts.
This flaw, scoring 9.3 on the CVSS scale, stems from missing authentication for critical functions, risking exposure of sensitive data and control over security configurations.
Palo Alto Networks urges users to update to version 1.2.92 to patch this vulnerability and recommends limiting network access to Expedition and reviewing access controls to mitigate risks.
View SourceMicrosoft Patch Tuesday for November 2024 Fixes 89 Vulnerabilities
The November 2024 Patch Tuesday from Microsoft addresses 89 security vulnerabilities, including four zero-day flaws, two of which are actively exploited.
One actively targeted vulnerability, CVE-2024-43451, involves the disclosure of NTLMv2 hashes, enabling attackers to authenticate as legitimate users with minimal interaction required from the target.
A critical RCE vulnerability in Windows Kerberos, alongside other unexploited but known flaws, is also part of this update.
Notably, Microsoft’s shift to the Common Security Advisory Framework (CSAF) standard aims to streamline vulnerability disclosures and responses across platforms, a move welcomed by cybersecurity professionals.
View SourceNew Excel Malware Campaign Exploits .XLL Files for Stealthy Data Theft
Cybercriminals are now deploying a new malware tactic using malicious Excel add-ins (.XLL files) to target organisations and infiltrate systems, a strategy attributed to the well-known Russian cybercrime group FIN7. By disguising .XLL files as legitimate Excel attachments, attackers send these files via email to unsuspecting users.
Once opened, the files activate a remote access trojan (RAT) that not only exfiltrates sensitive data but also avoids detection by cybersecurity defences. This variant of the RAT uses updated evasion techniques, such as renaming functions and splitting strings, making it highly resilient against traditional antivirus scans.
Security experts recommend companies disable .XLL files in their networks and educate employees about the dangers of opening unexpected Excel add-ins.
View SourceClop Ransomware Exploits MOVEit Zero-Day Vulnerability
Cybersecurity companies have confirmed that the Clop ransomware group exploited a zero-day vulnerability in the MOVEit Transfer software, impacting over 100 organisations worldwide.
The attack, attributed to the CVE-2023-34362 vulnerability, enabled Clop to steal personal employee data from prominent organisations, including Gen Digital (parent to Norton and Avast) and various government entities. Affected data includes names, addresses, and birth dates of employees.
Though Gen Digital swiftly applied patches and confirmed no customer or partner data exposure, the attack underscores the risk of vulnerabilities in managed file transfer (MFT) software.
Clop’s tactics with MOVEit mimic its previous exploits of other MFT software, where it obtained similar sensitive data for ransom and public shaming.
Progress Software, MOVEit’s developer, continues to release updates to prevent further exploitation.
View SourceHackers Breach Schneider Electric, Expose Sensitive Corporate Data
Schneider Electric recently suffered a cyberattack attributed to the HellCat ransomware group, resulting in a breach of 40GB of sensitive data, including user data, project details, and internal plugins.
The attackers posted on the dark web, demanding a $125,000 ransom, threatening to release the data if the demand isn’t met.
This is Schneider’s second major cyber incident within nine months, following an earlier attack by the Cactus group. Schneider has informed affected clients while securing its systems against further breaches.
View SourceGrowing Threat of SEO Poisoning and Malicious Ads in Google Search Results
Cybercriminals are increasingly exploiting niche search engine terms and Google ads to lure users into malware traps.
Sophos recently reported a new SEO-poisoning attack that targets users with specific search queries—such as “Are Bengal cats legal in Australia”—and directs them to seemingly legitimate websites infected with GootLoader malware.
This approach is especially effective with niche or specific search terms, allowing threat actors to hijack top search results and infect users through malicious .zip files.
Moreover, Trend Micro highlighted that similar tactics are used in e-commerce fraud schemes, with cybercriminals creating fake shopping sites that use SEO-poisoning techniques to attract users, as well as malicious Google Ads masquerading as legitimate brands.
Malwarebytes warns of a related campaign using Google Ads to distribute malware like FakeBat, specifically targeting searches for trusted applications like Notion.
View SourceMOVEit Vulnerability Exposes Amazon Employee Data via Third-Party Breach
Amazon recently confirmed a breach of employee data through a third-party vendor’s MOVEit file transfer software, which exposed emails, phone numbers, and building details.
Although Amazon’s systems remain uncompromised, the breach exemplifies the escalating risk in supply chain security as third- and fourth-party vulnerabilities extend across thousands of organisations.
The MOVEit flaw has reportedly impacted over 2,700 entities, with cybercrime intelligence companies noting its role in significant corporate data leaks and supply chain disruption across sectors.
View SourceMeta Faces €798 Million Fine in EU’s Largest Antitrust Action Yet
European regulators have fined Meta €798 million ($841 million) for alleged antitrust violations related to its integration of Facebook Marketplace with its social media platform.
This is Meta’s largest antitrust fine in Europe, reflecting increased scrutiny of the company’s data practices and its market dominance.
EU regulators claim that the integration unfairly boosted Facebook Marketplace by leveraging its vast user base, while Meta argues the decision hampers global digital economies and has stated it will appeal the ruling.
View SourceOpera Browser Vulnerability Allows Exploits via Malicious Extensions
A recent vulnerability in the Opera browser, now patched, exposed users to potential data theft through malicious extensions.
Security researchers from Guardio Labs demonstrated the exploit, which could be used by hackers to access Opera’s private APIs. This access risked sensitive actions, including account hijacking, DNS manipulation, and data theft.
The vulnerability primarily affects extensions installed from third-party sources. Opera’s latest update resolves the issue, and the company advises users to download extensions exclusively from Opera’s official Add-ons Store.
View SourceZoom Patches Critical Vulnerabilities Allowing Privilege Escalation and Data Leaks
Zoom has addressed six security vulnerabilities in its platform, including two high-severity issues that could allow remote attackers to escalate privileges or access sensitive information.
The high-severity flaws, CVE-2024-45421 and CVE-2024-45419, each carry a CVSS score of 8.5. CVE-2024-45421 is a buffer overflow vulnerability, which an authenticated attacker could exploit to gain elevated privileges.
CVE-2024-45419, an improper input validation issue, allows unauthenticated users to potentially disclose information via remote access. These vulnerabilities affect several Zoom products, including Workplace App, Rooms Client, and SDKs across desktop and mobile platforms.
Four additional medium-severity flaws were also patched, addressing issues like denial of service and symbolic link vulnerabilities, particularly affecting macOS systems.
Zoom recommends users update to the latest versions to mitigate these risks.
View SourceMisconfigured Microsoft Power Pages Sites Leave Millions of Records Exposed
A recent investigation found that Microsoft Power Pages, a low-code platform, has left millions of sensitive records accessible due to widespread misconfigurations.
Despite built-in role-based and column-level access controls, many Power Pages sites expose vast amounts of data publicly, sometimes even to anonymous users.
Researchers discovered that even basic security warnings are often ignored by site administrators, leading to significant data leaks across sectors.
This highlights the need for better security awareness among users of low-code platforms, where ease-of-use may obscure access control risks.
View SourceIf you would like to discover how Secora Consulting can assist you in keeping your business secure, please get in touch by filling out the form below 👇.
