Security News Headlines #114

Today's cybersecurity roundup covers the latest exploited vulnerabilities added to CISA's catalog, new defense plans for federal agencies, and multiple cyberattacks targeting software and cloud services. Key updates include hybrid ransomware threats, vulnerabilities in Microsoft VS Code, and Google’s latest threat analysis report. From socially-engineered attacks to malicious trojans on Android, these stories highlight the diverse and evolving nature of cyber threats.

CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two newly exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. Organizations are encouraged to prioritize patching these flaws to protect against potential cyberattacks, as both are actively targeted by threat actors.

CISA Unveils New Cyber Defense Plan for Federal Agencies
CISA has released a new plan to align federal agencies' cybersecurity strategies, focusing on unified defense measures and improving resilience against cyberattacks. This initiative aims to streamline cyber defenses across the federal landscape.

Microsoft VS Code Targeted in Asian Spy Attack
A recent cyber espionage campaign targeting developers exploited vulnerabilities in Microsoft VS Code. The attackers, believed to be state-sponsored actors from Asia, aimed to steal sensitive data, underlining the need for stronger software supply chain security.

Best Practices for Using Kernel ETW in Threat Detection
Elastic Security Labs explores the use of Kernel Event Tracing for Windows (ETW) in threat detection. This blog discusses the benefits of ETW for monitoring kernel-level activity and enhancing defensive capabilities against advanced threats.

Google TAG Bulletin for Q3 2024: New Threat Trends
Google’s Threat Analysis Group (TAG) releases its Q3 2024 bulletin, detailing emerging cyber threats, including state-sponsored attacks and vulnerabilities in widely used software. The report highlights ongoing efforts to combat global cyber threats.

Scattered Spider Uses Social Engineering to Trap Cloud Admins
Scattered Spider, a notorious threat group, is using sophisticated social engineering techniques to compromise cloud administrators. The group’s tactics highlight the growing need for cloud providers to reinforce security awareness and controls.

CrystalRansom: A New Hybrid Ransomware Threat
Outpost24 reports on a new hybrid ransomware variant, CrystalRansom, which combines encryption and extortion tactics. This ransomware targets both local systems and cloud environments, demanding ransoms while threatening data leaks.

New Chrome Features Boost Security and Privacy
Google Chrome has introduced new features designed to protect users from online threats while giving them more control over personal data. These updates aim to enhance browser security and improve user privacy management.

Exploiting Exchange PowerShell Vulnerabilities Post-ProxyNotShell
Researchers from the Zero Day Initiative detail how attackers can exploit Exchange PowerShell vulnerabilities even after the ProxyNotShell patches. The blog highlights the risks associated with misconfigured PowerShell settings.

Fake AppleCare Service Scams Hosted on GitHub
Scammers are using GitHub repositories to host fake AppleCare services, tricking users into paying for nonexistent tech support. Users are warned to be cautious of unsolicited offers for technical assistance on public platforms.

Using Generative AI for Security Observability with Amazon Security Lake
Amazon introduces the use of generative AI for enhanced security observability through its Security Lake and Amazon Q services. These tools allow for faster detection and analysis of security threats using AI-driven insights.

T-Mobile VM Logs Leaked in Capgemini Data Breach
T-Mobile customer virtual machine logs have allegedly been exposed in a Capgemini data breach. The 20GB data leak raises concerns about third-party security practices and the protection of sensitive corporate information.

SolarWinds Patches Critical RCE Vulnerability (CVE-2024-28991)
SolarWinds has issued a patch for a critical remote code execution vulnerability (CVE-2024-28991) that could allow attackers to fully compromise affected systems. Administrators are urged to apply the patch immediately to mitigate risk.

EchoStrike Malware Uses Reverse Shells for Process Injection
A new malware strain called EchoStrike has been identified, using reverse shells and process injection techniques to take over victim machines. This sophisticated malware targets high-value systems, requiring enhanced endpoint protection.

Windows Vulnerability Exploited with Braille Spaces in Zero-Day Attacks
A zero-day vulnerability in Windows, exploiting Braille spaces, has been used in attacks to bypass security filters. This obscure technique demonstrates the creativity of attackers in finding new ways to evade detection and infiltrate systems.

TrickMo Android Trojan Exploits Banking Apps
The TrickMo Android trojan, targeting banking apps, is being used to intercept two-factor authentication codes and gain unauthorized access to user accounts. Android users are advised to update their apps and enable additional security measures.