Security News Headlines #117

Security News Headlines for today cover important updates on newly released security patches, cyber vulnerabilities, and threats, affecting both enterprises and individual users. Companies like VMware, Ivanti, and GitLab have issued patches for critical flaws, while new cyber threats, such as ransomware and malware, continue to target organizations. As the cybersecurity landscape evolves, staying informed about these developments is crucial to defending against emerging risks.

VMware Releases Security Advisory for Cloud Foundation and vCenter Server
VMware has issued a security advisory addressing vulnerabilities in VMware Cloud Foundation and vCenter Server. These vulnerabilities could lead to remote code execution and privilege escalation. Administrators are urged to update their systems immediately to prevent exploitation.

Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance
Ivanti has released a patch for a critical flaw in its Cloud Services Appliance, which allows attackers to bypass administrative controls. The vulnerability poses a significant risk if left unpatched, and organizations using Ivanti products should update their systems promptly.

CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added another exploited vulnerability to its Known Exploited Vulnerabilities Catalog. The flaw, currently being exploited in the wild, highlights the importance of keeping systems up to date to mitigate potential attacks.

CISA Releases Six Industrial Control Systems Advisories
CISA has issued six advisories related to vulnerabilities in Industrial Control Systems (ICS), covering several vendors. These vulnerabilities could allow unauthorized access, disrupt operations, or enable remote code execution, and users of these systems should apply patches as soon as possible.

IC3 Reports Surge in Fake Job Scams
The FBI’s IC3 has warned of an increase in fake job scams, where fraudsters create phony job postings to steal personal information and money from applicants. Victims are often asked to provide sensitive data or pay upfront fees. Job seekers are advised to research opportunities carefully before providing any information.

Apple’s Intelligence on Data Privacy and Security
Apple's latest report focuses on its advancements in data privacy and security. It highlights new features that prioritize user privacy and security, including enhanced encryption and stricter app data-sharing policies. Apple continues to set a high standard in protecting user information.

GreyNoise Reveals Internet Noise Storm and China Connection
GreyNoise has uncovered a mysterious surge in internet "noise," linked to China. This activity includes scans and probes of internet services, which may contain hidden messages and indicate state-sponsored cyber espionage. Organizations are urged to monitor unusual traffic patterns.

UNC2970 Uses Backdoor in Trojanized PDF Reader
A new threat actor, UNC2970, has been using a trojanized PDF reader to deploy backdoors in targeted systems. This tactic allows attackers to steal sensitive data and maintain persistence. Security teams are advised to scrutinize PDF readers for signs of tampering.

GitLab Patches Critical SAML Vulnerability
GitLab has patched a critical vulnerability in its Security Assertion Markup Language (SAML) integration, which could have allowed attackers to bypass authentication. Users are urged to update their GitLab installations immediately to protect against potential exploitation.

Uncovering the Infrastructure Behind the Emmental Loader
Researchers have discovered the infrastructure used to distribute the Emmental Loader, a tool used in sophisticated malware campaigns. The loader exploits WebDAV services for command and control, emphasizing the need for organizations to secure these services against abuse.

Antivirus Firm Dr.Web Suffers Cyberattack
Russian antivirus company Dr.Web has confirmed a cyberattack on its internal systems. The extent of the breach is still under investigation, but the attack has raised concerns about the security of security software providers themselves.

Black Basta Ransomware: What You Need to Know
Black Basta ransomware continues to evolve, using advanced encryption and obfuscation techniques to lock down systems and demand ransom. The ransomware has targeted various industries worldwide, and organizations are encouraged to strengthen their defenses and prepare for potential attacks.

Shining a Light on Shadow Vulnerabilities
Shadow vulnerabilities—unnoticed or unpatched flaws in software—pose a growing threat to organizations. A new report highlights the need to identify and address these hidden risks, as they can be easily exploited by cybercriminals. Continuous monitoring and patching are crucial for reducing exposure.

Red Canary's Midyear Threat Detection Report
Red Canary's midyear report reveals an increase in cyber threats targeting organizations, particularly through phishing and ransomware. The report emphasizes the importance of proactive threat detection and response strategies to stay ahead of cybercriminals.

How Hackers Use Legitimate Tools to Distribute Phishing Links
Cybercriminals are increasingly using legitimate services, such as Google Docs or Dropbox, to distribute phishing links. This method helps evade detection by security tools, making it harder to identify and block malicious content. Users are advised to be cautious when clicking on links, even from trusted platforms.

Microsoft Warns of New INC Ransomware
Microsoft has issued an alert about a new ransomware strain, INC, that targets corporate networks. The malware uses sophisticated encryption techniques to lock systems and demands high ransoms for decryption. Organizations are urged to implement strong backup and recovery plans to mitigate ransomware risks.