In Today’s Security News – TechKranti

‘Void Banshee’ Exploits Second Microsoft Zero-Day

Void Banshee, an advanced persistent threat group, has exploited two similar zero-day vulnerabilities in Microsoft’s MSHTML platform, identified as CVE-2024-43461 and CVE-2024-38112. These flaws allow attackers to execute arbitrary code by spoofing the appearance of malicious files, tricking users into visiting malicious websites or downloading compromised files disguised as PDFs. Security experts recommend patching these vulnerabilities immediately, as organizations that lack robust endpoint protection and patch management are still highly vulnerable to malware such as ransomware and backdoors.

Ransomware gangs now abusing Microsoft Azure tool for data theft

Ransomware gangs like BianLian and Rhysida leverage Microsoft’s Azure Storage Explorer and AzCopy tools to steal data and store it in Azure Blob storage during network breaches. These tools help attackers exfiltrate large amounts of data, taking advantage of Azure’s trusted status in enterprise environments, which can bypass security defenses. To defend against such attacks, organizations should monitor AzCopy execution, track outbound traffic to Azure Blob endpoints, and enforce automatic logout to prevent session hijacking.

Hezbollah members among hundreds injured after pager explosions in Lebanon and Syria, officials say

Hundreds of pagers exploded almost simultaneously in Lebanon and parts of Syria, wounding Hezbollah members and Iran’s ambassador, in what officials suspect was an Israeli cyber operation. The attacks, likely caused by remotely activated malware, came during a period of heightened tensions between Hezbollah and Israel, with ongoing clashes near the Lebanon-Israel border. The incident highlights the risks of cyber warfare, as compromised devices, possibly via vulnerabilities in lithium batteries, were used as weapons to inflict significant damage.

DOJ: Chinese man used spearphishing to obtain NASA, military software

Chinese national Song Wu, an employee of AVIC, has been charged with orchestrating a spear-phishing campaign targeting employees at NASA, the U.S. Air Force, Navy, Army, FAA, and major research universities from 2017 to 2021. Wu allegedly used fake email accounts to solicit restricted aerospace software and source code. The DOJ’s indictment includes additional charges against other individuals for illegal export and smuggling activities involving military technology.

Apple drops spyware lawsuit to avoid sharing cyber secrets

Apple has dropped its lawsuit against NSO Group to avoid disclosing sensitive threat information that could compromise its cybersecurity measures. The decision reflects the growing risks of sharing proprietary defense strategies in a rapidly evolving and decentralized spyware market. Despite international sanctions, the commercial spyware industry remains resilient, leading Apple to focus on improving its internal defenses rather than pursuing further legal battles.

CloudImposer’s Google Cloud bug impacted millions of servers

A significant vulnerability, dubbed “CloudImposer,” in Google Cloud Platform’s Cloud Composer, App Engine, and Cloud Functions could have allowed attackers to exploit a dependency confusion flaw via a single malicious Python package. The flaw, discovered by Tenable, leveraged risky Google guidelines regarding the use of the –extra-index-url argument, which could have inadvertently pulled malicious packages from public repositories. Google has since patched the issue, revised its documentation, and advised users to review their package management practices to avoid similar vulnerabilities.

Ukraine and Gaza wars inspire DDoS wave against financial services firms

Geopolitical conflicts in Gaza and Ukraine have led to a significant increase in DDoS attacks on financial services, with these attacks almost doubling compared to other sectors. The attacks are becoming both larger and more persistent, often using advanced methods such as UDP flooding and DNS reflection, and are often politically motivated. The increase in DDoS activity has also been attributed to vulnerabilities introduced by open APIs under regulations such as PSD2, which expand potential attack vectors.

AT&T to Pay $13 Million in FCC Settlement for 2023 Data Breach

AT&T has agreed to a $13 million settlement with the FCC over a 2023 data breach involving a vendor’s compromised cloud environment that exposed customer data from approximately 9 million wireless accounts. The FCC’s investigation found that AT&T’s lax oversight of the vendor’s data processing and its own cybersecurity practices contributed to the breach. As part of the settlement, AT&T will implement enhanced data protection measures, including improved data inventory processes, stricter vendor compliance and annual audits, to prevent future incidents.

Construction companies victim of brute force attacks on accounting software

Construction companies are experiencing breaches due to brute-force attacks on exposed Foundation accounting software servers. Attackers are abusing open ports and default or weak passwords for Microsoft SQL Server accounts, leading to unauthorized access and command execution via SQL queries. Huntress identified these vulnerabilities and urged administrators to secure credentials and restrict public access to mitigate risk.

Disclaimer: Titles and summaries are AI generated. Please refer to linked content for more details.