Security News Headlines #105

Today's edition covers critical updates from CISA, new tactics in extortion scams, and significant vulnerabilities affecting popular platforms like WordPress. Additionally, we highlight recent advancements in malware research, security comparisons between AWS and Azure, and sophisticated cybercriminal tactics targeting businesses and government agencies.

CISA Releases One Industrial Control Systems Advisory
CISA has issued an advisory for an industrial control system (ICS) vulnerability that could potentially be exploited to disrupt critical infrastructure operations. This advisory urges organizations to apply recommended patches and mitigations to safeguard against potential threats.

CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities catalog. These vulnerabilities are actively exploited in the wild, and CISA advises organizations to prioritize their remediation to reduce the risk of cyberattacks.

Sextortion Scams Now Include Photos of Your Home
A new twist in sextortion scams involves cybercriminals sending photos of victims' homes to increase fear and coercion. This escalation in tactics underscores the growing boldness of scammers, making it crucial for individuals to be aware and protect their personal information.

6,000+ WordPress Sites Affected by Unauthenticated Critical Vulnerability in WP Job Portal Plugin
Over 6,000 WordPress sites are at risk due to a critical vulnerability in the WP Job Portal plugin. The flaw allows unauthenticated attackers to exploit sites, highlighting the importance of keeping plugins updated and securing WordPress installations.

Zharkbot Configuration Analysis and Techniques
Security researchers have dissected Zharkbot, revealing its configuration and attack methods. The analysis sheds light on the malware’s tactics, providing insights for defenders on how to detect and mitigate its impact on infected systems.

Preventing Risk of Request Collapsing in Web Caching
Wiz researchers discuss strategies to prevent request collapsing in web caching systems, which can lead to performance issues and potential vulnerabilities. Implementing these best practices can enhance the security and efficiency of web applications.

EmansRepo Stealer: Multi-Vector Attack Chains
Fortinet has uncovered the EmansRepo Stealer, a malware that uses multi-vector attack chains to steal sensitive data. This stealer targets a wide range of victims, emphasizing the need for comprehensive endpoint protection.

Developing Metasploit Python Modules the Easy Way
Huntr's blog post guides developers on how to create Metasploit Python modules easily. This resource can be valuable for security professionals looking to expand their penetration testing toolkit with custom scripts.

AWS vs. Azure: A Secure-by-Default Comparison
A comparison between AWS and Azure’s default security features reveals key differences that could influence an organization's cloud security strategy. The analysis helps businesses choose the platform that best aligns with their security requirements.

Advanced CyberChef Techniques: Defeating Nanocore Obfuscation with Math and Flow Control
Researchers demonstrate how to use advanced CyberChef techniques to defeat Nanocore's obfuscation tactics. By applying math and flow control, defenders can better analyze and neutralize this persistent malware.

OTP Agency Operators Plead Guilty
Operators of the OTP Agency, a cybercrime service that provided one-time password interception, have pleaded guilty. Their conviction highlights law enforcement's ongoing efforts to dismantle cybercrime networks targeting financial institutions.

New Flaws in Microsoft and macOS Apps Could Lead to Serious Exploits
Newly discovered vulnerabilities in Microsoft and macOS applications could allow attackers to execute arbitrary code. These flaws underscore the importance of timely updates and patches to protect against potential exploits.

Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader
Praetorian introduces Goffloader, a new tool written in Go for loading executable code directly into memory. This advanced capability is significant for penetration testers and malware analysts working on evasion techniques.

GlobalProtect VPN Spoof Distributes WikiLoader
Palo Alto Networks reveals that cybercriminals are spoofing GlobalProtect VPN to distribute WikiLoader malware. This tactic highlights the need for vigilance and robust security measures to protect VPN infrastructures from being compromised.

Analysis of Two Arbitrary Code Execution Vulnerabilities Affecting WPS Office
ESET researchers have uncovered two vulnerabilities in WPS Office that allow arbitrary code execution. These flaws pose a serious risk to users and organizations relying on WPS Office, emphasizing the need for immediate patching.

How Microsoft Entra ID Supports US Government Agencies in Meeting Identity Security Requirements
Microsoft Entra ID helps US government agencies comply with identity security mandates, offering tools for robust identity management. This support is crucial as agencies seek to enhance their cybersecurity postures in line with federal standards.

Business Services Giant CBIZ Discloses Customer Data Breach
CBIZ, a major provider of business services, has disclosed a data breach affecting customer information. The breach highlights the ongoing threat to large organizations and the need for comprehensive data protection strategies.