- Security News Headlines
- Posts
- Security News Headlines #103
Security News Headlines #103
Ian Bishop
August 30, 2024
Today's cybersecurity news highlights the discovery of critical vulnerabilities in industrial systems and widely-used software, along with sophisticated cyber campaigns by nation-state actors.
There's a growing focus on digital deception, emerging ransomware threats, and the evolving tactics of threat actors targeting government and private sector entities. These developments emphasize the urgent need for proactive security measures across all sectors.
CISA has issued three new advisories concerning vulnerabilities in industrial control systems (ICS). These advisories highlight critical flaws that could be exploited to disrupt operations or gain unauthorized access, underscoring the importance of timely updates and strict access controls in ICS environments.
CISA, along with international partners, has released an advisory on the RansomHub ransomware, which is targeting organizations across various sectors. The advisory provides detailed guidance on detection, mitigation, and response strategies to combat this growing ransomware threat.
BlackBerry's latest blog discusses the rising threat of deepfakes and digital deception, highlighting how these technologies are being weaponized to manipulate public perception and compromise security. The post explores the implications for both individuals and organizations, stressing the need for advanced detection tools.
Attackers are actively exploiting a recent vulnerability in Apache OFBiz, an open-source enterprise resource planning (ERP) system. This flaw allows for remote code execution, making it crucial for users to apply patches immediately to protect their systems from potential breaches.
North Korean cyber actors are continuing their campaign to target developers through malicious NPM packages. These attacks are designed to compromise software supply chains, emphasizing the need for heightened security awareness and stringent vetting of third-party code among developers.
Brian Krebs discusses the potential for phishing risks disguised as get-out-the-vote efforts. As election-related activities ramp up, cybercriminals may exploit the situation to conduct phishing attacks, making it essential for voters to remain cautious and verify the legitimacy of such communications.
Praetorian has identified a local privilege escalation vulnerability in the 3CX Phone System, which could allow attackers to gain elevated access on affected systems. Users are advised to apply patches promptly to prevent exploitation of this flaw.
A critical unpatchable zero-day vulnerability in certain surveillance cameras is being exploited to install Mirai botnet malware. This flaw cannot be fixed through traditional updates, raising significant concerns about the security of connected surveillance devices.
Oligo Security has uncovered multiple vulnerabilities in the PyTorch Model Server, collectively dubbed "ShellTorch." These flaws could allow attackers to execute arbitrary code, making it imperative for users to update their systems to secure their machine learning environments.
The U.S. government has issued a warning about cyberattacks carried out by the Iran-based group UNC757. These attacks target critical infrastructure and government entities, with the goal of disrupting operations and gathering intelligence.
APT33, an Iranian hacking group, has developed a new malware variant called Tickler, which is being used to backdoor U.S. government and defense organizations. The malware is designed to maintain persistent access and facilitate data exfiltration.
Attackers are exploiting a critical flaw in Atlassian Confluence to deploy cryptojacking malware. This vulnerability allows malicious actors to hijack system resources for cryptocurrency mining, impacting performance and potentially leading to broader security breaches.
Google has raised its bug bounty for Chrome vulnerabilities to $250,000, reflecting the increasing importance of securing web browsers. This substantial reward aims to incentivize researchers to discover and responsibly disclose critical security issues in Chrome.
The Iranian cyber espionage group Pioneer Kitten is targeting U.S. critical infrastructure, aiming to disrupt operations and gather intelligence. This ongoing campaign highlights the persistent threat posed by state-sponsored actors against vital national assets.
The Poortry Windows driver has evolved into a sophisticated tool capable of wiping endpoint detection and response (EDR) systems, making it a formidable threat. This development signifies a growing trend in attackers targeting defensive security tools.
A new integer underflow vulnerability (CVE-2024-37079) in VMware vCenter Server has been discovered, which could allow attackers to execute arbitrary code. This flaw poses a significant risk to organizations using VMware for their virtualization needs, and immediate patching is recommended.
Reply