- Security News Headlines
- Posts
- Security News Headlines #107
Security News Headlines #107
Ian Bishop
September 06, 2024
Security News Headlines for today cover a broad range of critical updates, from industrial control system advisories to new malware exploits. As vulnerabilities in both hardware and software continue to emerge, attackers are evolving their techniques, targeting individuals, enterprises, and even national infrastructure. Here are today’s essential cybersecurity headlines:
CISA has issued four new advisories for industrial control systems, addressing vulnerabilities in widely used products. These advisories highlight critical security flaws that could be exploited by attackers to disrupt industrial operations. Organizations are urged to apply the recommended patches.
A deep dive into malware crypting services reveals how cybercriminals use these tools to obfuscate their malicious code, making it harder to detect. The report explains how crypting services function and their growing role in malware distribution, allowing for more widespread and resilient attacks.
Google has patched a critical Android vulnerability (CVE-2024-32896) that was being actively exploited in the wild. The flaw allowed attackers to execute code remotely on targeted devices, putting millions of users at risk. Android users are strongly encouraged to update their devices immediately.
Cisco has addressed two critical vulnerabilities in its Smart Software Manager, both of which could allow remote code execution. The flaws were rated high-severity, and attackers exploiting them could potentially take full control of affected systems. Patching is strongly recommended for all users.
Threat actors are actively exploiting a vulnerability in GeoServer (CVE-2024-36401), an open-source server for sharing geospatial data. The flaw allows attackers to execute arbitrary code and compromise critical systems. Organizations using GeoServer are advised to patch immediately.
Zyxel has issued warnings regarding several vulnerabilities across its product range, including firewalls and routers. If exploited, these vulnerabilities could allow attackers to gain control over affected devices. Users are urged to follow Zyxel’s guidance and apply security updates.
A new campaign by North Korean hackers is targeting job applicants with sophisticated phishing attacks. The campaign aims to gather personal and financial information by luring victims with fake job offers. Individuals seeking employment are advised to remain vigilant and verify the authenticity of job offers.
Researchers have uncovered a new backdoor malware linked to a Chinese state-sponsored group. This malware allows attackers to maintain persistent access to compromised networks, enabling long-term espionage activities. Organizations are encouraged to bolster defenses against such advanced threats.
Cybercriminals are leveraging MacroPack, a tool for crafting malicious Office macros, to deliver malware payloads in phishing campaigns. The tool simplifies the process of embedding malicious macros into documents, which are then used to compromise targets' systems. Users are urged to disable macros and exercise caution with email attachments.
The Mallox ransomware has been observed exploiting vulnerabilities in the SMB protocol to spread across networks. Once inside, the ransomware encrypts files and demands a ransom. Businesses are advised to review their SMB configurations and enhance network security to prevent infections.
A new quishing (QR code phishing) attack targets electric car owners, tricking them into scanning malicious QR codes at charging stations. These QR codes redirect victims to phishing sites designed to steal personal information. Electric vehicle owners should be cautious when scanning QR codes.
A new report details how bots and AI are increasingly being used to amplify disinformation campaigns. These technologies help bad actors spread false narratives faster and more effectively across social media platforms. The report calls for stronger detection and prevention measures to combat this growing threat.
AWS has outlined a method for building a mobile driver’s license (mDL) solution using its services, including Private CA and KMS. This solution is based on the ISO/IEC 18013-5 standard and provides a secure, digital way to manage identity verification. Organizations looking to adopt mDL should follow these best practices.
A recent OpenSSF survey reveals that financial institutions are prioritizing security in open-source software. The survey highlights the growing importance of securing open-source components in the financial sector, emphasizing the need for enhanced collaboration and security practices to mitigate risks.
A new malware campaign has been found hiding malicious code inside legitimate-sounding PyPi package names. Attackers use revival hijacking techniques to exploit abandoned packages, spreading malware to unsuspecting users. Developers are urged to verify their dependencies regularly to avoid such threats.
Microchip Technology has confirmed a data breach that resulted in the theft of sensitive data. The cyberattack exposed proprietary information, though the full scope of the incident is still being assessed. The company is taking measures to mitigate further damage and enhance security.
Two critical code execution flaws have been discovered in D-Link DIR-846 routers. These vulnerabilities could allow attackers to remotely execute malicious code on the devices, compromising the network. D-Link users are strongly advised to update their router firmware to address these issues.
Reply