Security News Headlines #91

Today's edition covers significant vulnerabilities, advanced threats, and insights on securing cloud and remote access infrastructures. As cyber threats evolve, they continue to target popular platforms and critical infrastructure, from WordPress plugins to industrial tools. Meanwhile, the cybersecurity community provides new tools and strategies for defending against these emerging risks.

Cloud Computing Risks: A Growing Concern
Security concerns in cloud computing are intensifying as businesses increasingly migrate to cloud environments. Key issues include data breaches, compliance challenges, and the complexities of managing multi-cloud infrastructures. Experts urge companies to enhance their cloud security strategies to mitigate these risks.

AWS Accounts Compromised via Shadow Resources
A new method called "Bucket Monopoly" allows attackers to breach AWS accounts by exploiting shadow resources—those not managed by traditional cloud security controls. This attack vector emphasizes the importance of comprehensive visibility and management of all cloud resources.

5,000 WordPress Sites Vulnerable to Remote Code Execution
A critical vulnerability in the JS Help Desk WordPress plugin exposes over 5,000 websites to unauthenticated remote code execution attacks. This flaw allows attackers to take full control of affected sites, highlighting the need for immediate updates and patching.

Unpatched Microsoft Office Flaw Exposes NTLM Hashes
Microsoft has disclosed an unpatched vulnerability in Office that can expose NTLM hashes when users open malicious documents. This flaw poses a significant risk as attackers could use the hashes for network infiltration. Users are advised to employ strong security practices and monitor for updates.

Securing GitHub Actions Workflows
A new analysis reveals vulnerabilities in the building blocks of GitHub Actions workflows. These flaws can lead to compromised workflows, enabling attackers to insert malicious code or exfiltrate data. Developers are encouraged to adopt best practices and implement security controls to safeguard their CI/CD pipelines.

Ewon Cosy Industrial Tool Vulnerability
A critical vulnerability in the Ewon Cosy industrial remote access tool could allow attackers to gain control of industrial systems. The flaw underscores the need for robust security measures in industrial IoT devices, particularly those involved in critical infrastructure.

North Korean APT Group Onyx Sleet Targets Intelligence Gathering
The Onyx Sleet group, linked to North Korea, has been identified using a range of malware tools to gather intelligence. Their operations are focused on government and military entities, with a strong emphasis on avoiding detection. The report highlights the sophistication of state-sponsored cyber espionage activities.

Scout Suite: A New Tool for Cloud Security Auditing
Scout Suite is an open-source tool designed for auditing cloud security across multiple platforms, including AWS, Azure, and Google Cloud. This tool offers comprehensive assessments to identify misconfigurations and vulnerabilities, aiding organizations in strengthening their cloud defenses.

Russian Government Hit by EastWind Cyberattack
A new cyberattack by the EastWind group has targeted Russian government entities, leading to significant data breaches. This attack adds to the growing list of sophisticated cyber espionage operations, with geopolitical implications.

Zero-Day Vulnerabilities in SMB IP Phones
Two zero-day vulnerabilities have been discovered in popular small business IP phones, allowing attackers to gain remote access and potentially intercept communications. These flaws emphasize the importance of securing even seemingly mundane office equipment.

Cybersecurity Advocate Pushes for 'Secure by Design' at Black Hat
At Black Hat, CISA Director Jen Easterly called for software to be built with security at its core, emphasizing a "secure by design" approach. This push aims to reduce vulnerabilities by encouraging developers to prioritize security throughout the software development lifecycle.

Exploiting Localhost APIs via Web Browsers
A novel exploit method targets localhost APIs through web browsers, potentially allowing attackers to bypass security controls and access sensitive information. This technique underlines the need for stronger security measures in web applications and browser APIs.

Ransomware Attacks Repeat Victims Multiple Times
A study reveals that 74% of ransomware victims experienced multiple attacks within a year, often from the same threat actors. The findings suggest that once targeted, organizations remain at high risk unless they significantly improve their defenses.

Threat Actors' Toolkit: Sliver, PoshC2, and Batch Scripts
New insights into threat actors’ toolkits reveal the use of Sliver, PoshC2, and batch scripts to conduct sophisticated cyberattacks. These tools are increasingly favored for their flexibility and effectiveness in bypassing traditional security measures.

Massive Data Leak Exposes 27 Billion Records
Hackers have leaked over 27 billion data records, including Social Security numbers, in one of the largest breaches to date. The leak raises serious concerns about data protection and the long-term consequences of such vast amounts of sensitive information being exposed.

Preparing Data for Secure AI Adoption
Microsoft's new whitepaper outlines best practices for preparing data for secure AI adoption. It emphasizes the need for robust data governance, privacy measures, and security controls to ensure AI systems are both effective and secure.

Decoding AWS VPC Flow Logs
Understanding AWS VPC Flow Logs is crucial for maintaining cloud security. This guide helps security teams decode these logs to detect potential threats and misconfigurations within their cloud environments.

TrailShark: Analyzing AWS API and Service Interactions
TrailShark is a new tool designed to analyze AWS API and service interactions, providing detailed insights into cloud activities. It aims to help security teams identify unusual patterns and potential security risks.

OpenVPN Vulnerability Allows RCE and LPE Attacks
A recently discovered vulnerability in OpenVPN could allow remote code execution (RCE) and local privilege escalation (LPE) attacks. Users are advised to update their installations promptly to protect against these critical threats.

New AMD 'SINKCLOSE' Flaw Allows Undetectable Malware Installation
A new vulnerability in AMD processors, dubbed "SINKCLOSE," could enable attackers to install nearly undetectable malware. This flaw highlights the ongoing risks associated with hardware vulnerabilities and the need for vigilant security monitoring.

Ransomware Targets ESXi Hypervisor for Mass Encryption
Ransomware operators are exploiting a vulnerability in the ESXi hypervisor to conduct mass encryption attacks. These attacks can cripple entire virtual environments, making it crucial for organizations to apply patches and harden their defenses.

Future Outlook

As attackers continue to refine their techniques and target high-value infrastructure, the importance of proactive security measures cannot be overstated. Organizations must prioritize vulnerability management, continuous monitoring, and adopting security by design to stay ahead of evolving threats. The rise in state-sponsored cyber espionage and the increasing frequency of repeated ransomware attacks signal a need for a stronger global cybersecurity collaboration and response strategy.