Security News Headlines #109

Security News Headlines for today bring critical updates on newly discovered vulnerabilities, state-sponsored cyber threats, and emerging malware tactics. These developments highlight the growing sophistication of cyberattacks across various industries, from critical infrastructure to e-commerce. Here’s what you need to know:

CISA has added three newly exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. These include critical flaws that threat actors are actively targeting in the wild. Organizations are urged to prioritize patching these vulnerabilities to avoid exploitation.

Sailors on a US warship installed an unauthorized Starlink device, potentially compromising security protocols. The crew lied about the installation, raising concerns about unauthorized equipment use in sensitive military operations. The incident underscores the need for stricter control over communication systems in the military.

A critical unpatched vulnerability in the TI WooCommerce Wishlist plugin has been discovered. This flaw affects over 70,000 WordPress websites and could allow attackers to exploit weaknesses in e-commerce platforms. WordPress site owners using this plugin should monitor for updates and apply security measures.

Progress Software has issued an emergency patch for a critical vulnerability in its LoadMaster product. If exploited, this flaw could allow remote attackers to compromise systems. All users are advised to update their systems immediately to mitigate this risk.

The Loki agent, a new addition to the Mythic malware framework, is gaining attention for its advanced capabilities in espionage and cyber-attack campaigns. This highly customizable tool targets a wide range of systems, making it a significant threat in the hands of cybercriminals.

The Peach Sandstorm threat group, linked to Iran, has been deploying custom-built ‘Tickler’ malware in its intelligence-gathering operations. This malware targets both government and private organizations, with sophisticated techniques designed to evade detection.

Researchers have uncovered a novel attack dubbed "RAMBO," which steals data from air-gapped computers using RAM to exfiltrate sensitive information. This technique bypasses traditional security measures by leveraging subtle electromagnetic signals, posing a new challenge for highly secure environments.

OpenZiti has launched a secure open-source networking platform designed to enhance security for distributed systems. The platform focuses on providing encrypted, zero-trust networking solutions for developers and enterprises looking to secure their applications without relying on traditional VPNs.

Datadog has released the fifth part of its Kubernetes security series, offering insights into the secure management of Kubernetes environments. This edition emphasizes best practices for container orchestration and securing workloads in cloud-native infrastructure.

Elastic has introduced DebMM, a new tool designed to help mitigate malware by analyzing and identifying potentially malicious Debian packages. This tool enhances the ability to detect and block threats in Linux-based systems, further strengthening the security landscape for open-source users.

Cisco has issued patches for critical vulnerabilities in its Smart Licensing Utility, which could have allowed attackers to bypass licensing checks and potentially take control of systems. Users of Cisco products are encouraged to apply the updates to avoid security breaches.

A North Korean-linked threat actor, dubbed Citrine Sleet, has been exploiting a zero-day vulnerability in Chromium-based browsers. The zero-day allows for remote code execution, giving attackers control over affected systems. Chromium users are urged to update their browsers.

Researchers have demonstrated how to exploit Exchange PowerShell vulnerabilities post-ProxyNotShell. This technique involves abusing multi-valued properties to gain unauthorized access. Exchange administrators are advised to review and strengthen their configurations.

Lowe’s employees were targeted in a phishing campaign using malicious Google Ads to trick them into providing login credentials. This attack highlights the growing trend of using legitimate platforms to distribute phishing links. Employees are urged to verify URLs before clicking.

Reply

or to participate.