Cisco has warned of multiple critical vulnerabilities in its Smart Licensing Utility, potentially enabling unauthenticated, remote attackers to collect sensitive information or gain administrative control over the software. The vulnerabilities, identified as CVE-2024-20439 and CVE-2024-20440, can be found in several versions of the software. Both have been rated a critical severity score of 9.8 on the CVSS scale, meaning exploitation of the flaw could result in a full system or data compromise. The company has released software updates to address these issues but emphasized that there are no workarounds available for the vulnerabilities. It also said that, to date, it…
ISB Staff Reporter
Phishing remains the most common cyber threat, representing 37% of incidents in Q3 2024. However, incidents of credential exposure have increased to almost 89%, raising concerns about data security risks across industries, according to the latest report by ReliaQuest on quarterly attacker trends analysis. Between May 1 and July 31, 2024, ReliaQuest analyzed customer incident data and cybercriminal forums to identify common cyber threats. While phishing still leads the list of threats, its impact has slightly diminished from previous years. On the other hand, exposed credentials are skyrocketing, now making up a substantial portion of security alerts—a jump of 29%…
A sophisticated cyber campaign, dubbed SLOW#TEMPEST, has been uncovered by the Securonix Threat Research team, targeting Chinese-speaking users. The attack, characterized by the deployment of Cobalt Strike payloads, managed to evade detection for over two weeks, demonstrating the malicious actors’ ability to establish persistence and move laterally within compromised systems. SLOW#TEMPEST primarily targets victims in China, with evidence suggesting that the attack leverages phishing emails to deliver malicious ZIP files. The lure files and the command-and-control (C2) infrastructure are predominantly written in Chinese, reinforcing the likelihood that Chinese users are the primary targets. The C2 infrastructure is hosted by Shenzhen…
Cybersecurity researchers discovered a vulnerability in the Known Crewmember (KCM) system, a TSA program that allows airline pilots and flight attendants to bypass security screening. The flaw, which could potentially compromise the safety of millions of air travelers, was found by researchers Ian Carroll and Sam Curry in a system operated by FlyCASS – a service used by smaller airlines to manage KCM and Cockpit Access Security System (CASS) authorizations. Gaining Administrative Access KCM and CASS are crucial security programs that streamline airport security checks for airline personnel. KCM enables pilots and flight attendants to bypass regular security lines by…
A North Korean threat actor has been found exploiting a zero-day vulnerability in Chromium, now designated as CVE-2024-7971. The exploit, which enables remote code execution (RCE), is being attributed with high confidence to a North Korean group known as Citrine Sleet. The actor primarily targets the cryptocurrency sector for financial gain. Microsoft’s ongoing analysis has linked the observed exploitation of CVE-2024-7971 to Citrine Sleet. The threat actor has previously been associated with other North Korean groups, including Diamond Sleet, which shares tools and infrastructure with Citrine Sleet. The FudModule rootkit, which has been deployed in this attack, has also been…
RansomHub, previously known as Cyclops and Knight, has quickly gained traction, targeting over 210 victims across US critical infrastructure sectors. This ransomware-as-a-service (RaaS) model has been active since February 2024. These include water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors. This was revealed in a new joint Cybersecurity Advisory that was issued by the FBI, CISA, MS-ISAC, and the Department of Health and Human Services. This advisory is part of the broader #StopRansomware campaign, which aims to protect…
Users in the Middle East are being targeted by sophisticated threat actors deploying malware disguised as the Palo Alto GlobalProtect tool, Trend Micro has revealed. The malware employs a two-stage infection process, leveraging advanced command-and-control (C&C) infrastructure to evade detection and maintain persistent access to compromised systems. The infection begins with a malicious setup.exe file, which initiates contact with specific hostnames to report infection progress and collect victim data. The malware uses the Interactsh project, a tool originally intended for penetration testing for beaconing purposes. This allows the attackers to monitor which targets advance through the infection chain, further enhancing…
The FBI needs to improve its handling of electronic media designated for destruction at its facilities, according to a scathing audit from the Justice Department’s Inspector General, released publicly last week. . The memo, issued by DOJ Inspector General Michael Horowitz, highlights that the bureau is failing to properly label and track internal hard drives containing sensitive and top-secret national security information once they are removed from computers and servers. Storage devices containing sensitive information, including national security data, Foreign Intelligence Surveillance Act (FISA) material, and documents classified as Secret, were often improperly labeled or not labeled at all, heightening…
In June 2024, cybersecurity researchers from Kaspersky identified a new macOS version of the HZ Rat backdoor, marking the first time this malware has been observed targeting macOS users. The backdoor was found attacking users of the enterprise messaging platform DingTalk and the popular social network WeChat. This development follows previous discoveries of the HZ Rat backdoor targeting Windows systems. First detected in late 2022 by DCSO researchers, the HZ Rat backdoor is known for receiving commands from attackers, initially via PowerShell scripts on Windows. The newly discovered macOS variant behaves similarly but receives payloads as shell scripts from a…
The number of successful cyber attacks on UK law firms has soared by 77% over the past year, rising from 538 incidents to 954, according to a recent study. The increase is attributed to the lucrative nature of law firms as targets for cybercriminals, particularly for ransomware attacks and blackmail attempts. Malefactors will often demand a blackmail payment from law firms or threaten to post that sensitive data on the internet. In some instances, bad actors also lock firms out of their data until a ransom is paid Lubbock Fine partner Mark Turner emphasized the appeal of law firms to…