Security News Headlines #115

Today’s news highlights newly exploited vulnerabilities added to CISA’s catalog, major patches from Apple, and advisory alerts to secure industrial control systems. We also explore a variety of cyber threats, from transitive access abuse in cloud environments to rising clipper malware targeting cryptocurrency exchanges. This collection emphasizes the need for prompt patching, secure design, and robust logging practices to stay ahead of the latest cybersecurity challenges.

CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has updated its Known Exploited Vulnerabilities Catalog with four new vulnerabilities that are actively targeted by attackers. Organizations are urged to prioritize patching these issues to minimize the risk of exploitation.

CISA Releases Three Industrial Control Systems Advisories
CISA has issued advisories for three vulnerabilities affecting industrial control systems (ICS). These advisories highlight the critical importance of securing operational technologies in industries handling essential services and infrastructure.

CISA and FBI Issue Alert on Eliminating Cross-Site Scripting Vulnerabilities
CISA and the FBI have released a joint alert focused on eliminating cross-site scripting (XSS) vulnerabilities. The advisory provides secure design recommendations for developers to help prevent XSS attacks that compromise web applications.

Apple Patches Major Security Flaws with iOS 18 Refresh
Apple has rolled out a significant iOS 18 update, addressing multiple security vulnerabilities that could be exploited for remote code execution. Users are strongly advised to update their devices to ensure protection from these critical flaws.

Cloud Logging Tips and Tricks for Enhanced Security
Wiz provides a comprehensive guide on best practices for cloud logging, offering tips to help organizations improve visibility and detect potential security incidents in cloud environments. Effective logging is critical for robust cloud security.

Transitive Access Abuse and Data Exfiltration via Document AI
Vectra AI highlights how attackers can exploit transitive access in cloud environments, particularly through document AI services, to exfiltrate sensitive data. This emerging threat underscores the need for securing cloud-based AI solutions.

Abusing Entra ID Administrative Units
Datadog researchers reveal how attackers can abuse Entra ID (formerly Azure AD) administrative units to elevate privileges and gain unauthorized access. The blog stresses the importance of monitoring administrative roles and permissions.

Google Warns Against Non-Actionable Findings in 3rd-Party Security Scanners
Google's Bug Hunters discuss the limitations of third-party security scanners, warning against false positives and non-actionable findings. Security teams are advised to focus on vulnerabilities that pose real threats to their environments.

Binance Warns of Rising Clipper Malware Threats
Binance has issued a warning about the increasing prevalence of clipper malware, which hijacks cryptocurrency transactions by altering clipboard data. Users and crypto exchanges are urged to implement strong anti-malware protections.

The Growing Residential Proxy Market and Its Implications
Intel471 explores the booming residential proxy market, which cybercriminals use to obfuscate malicious activities. This trend is complicating efforts to trace online attacks and poses new challenges for cybersecurity professionals.

Microsoft Zero-Day Spoofing Vulnerability Exposed
Microsoft has disclosed a zero-day vulnerability that allows attackers to spoof identities, bypassing security mechanisms. The flaw is actively exploited in the wild, and a patch is expected soon.

Secure Boot Vulnerability (PKFail) More Prevalent Than Expected
A widespread Secure Boot vulnerability, known as PKFail, is affecting more devices than initially believed. The flaw allows attackers to disable Secure Boot protections, leaving systems exposed to unauthorized modifications.

Void Banshee Exploits Second Microsoft Zero-Day
The Void Banshee group has exploited a second zero-day vulnerability in Microsoft software, demonstrating their sophisticated methods to compromise systems. This underscores the urgency for organizations to apply security updates promptly.

Emmenhtal Loader Facilitates Polygot Malware Delivery
OpenAnalysis reports on the Emmenhtal loader, a new malware tool designed to deliver multiple payloads using polygot techniques. This loader's versatility makes it a powerful tool for cybercriminals targeting a variety of platforms.

Qilin Ransomware Attack on Synnovis Impacts 900,000 Patients
A ransomware attack by the Qilin group on Synnovis, a healthcare services provider, has compromised the personal and medical data of 900,000 patients. The breach highlights the vulnerabilities in healthcare systems to cyber threats.

Deep Dive into CVE-2023-28324: A Critical Vulnerability
Horizon3.ai provides an in-depth analysis of CVE-2023-28324, a critical vulnerability that could allow attackers to execute arbitrary code on affected systems. The blog emphasizes the importance of patching to prevent exploitation.