Cybersecurity Digest #89: 06/02/2024 – 20/02/2024

Cybersecurity News

  • Google is testing a new feature to prevent malicious public websites from pivoting through a user’s browser to attack devices and services on internal, private networks.
  • Threat hunters have identified a new variant of Android malware called MoqHao. It automatically executes on infected devices without requiring any user interaction.
  • Fortinet has patched a critical vulnerability that enables unauthenticated remote code execution. The FortiOS and FortiProxy vulnerability tracked as CVE-2024-21762 has a CVSS score of 9.6.
  • LastPass has warned that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users’ credentials.
  • Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions.
  • The first security vulnerability known as a kernel exploit has been discovered in Apple’s visionOS software. It targets the device’s operating system and could potentially be used to create malware, provide unauthorized access or jailbreak the headset so that anyone could use it.
  • Threat actors are leveraging bogus job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer.

Cybersecurity Blog Posts

  • Mick Baccio, Security Specialist at Splunk SURGe, has shared his thoughts on the future of cybersecurity, emphasizing the importance of data analytics and automation in combating evolving threats. He has also pointed out the changes in threat tactics and the significance of automation in reducing human error.
  • Yaron Edan, CISO a tREE Automotive, has discussed the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles. Edan has highlighted the challenges of technological advancements and outlined strategies for automakers to address cyber threats effectively.
  • Isaac Evans, CEO at Semgrep, has explained the balance between speed and thoroughness in CI/CD pipeline security scanning. Evans has also discussed the impact of a developer-first approach, the significance of minimizing false positives, and the potential of modern security tools, particularly those integrating AI and secure code development guardrails.

Research and Analytics

  • Cybersecurity spending is predicted to be cut by 41% of SMEs over the coming year amid the challenging economic environment, according to new research by JumpCloud. This reflects a global trend towards budget revisions in times of economic uncertainty.
  • PDF threats are on the rise with cybercriminals spreading malware, including WikiLoader, Ursnif and DarkGate, through PDFs, a new report by HP Wolf Security has found. The company’s analysis saw a 7% rise in PDF threats in Q4 2023, compared to Q1 of the same year.
  • Malware-as-a-Service infections were the biggest threat to organizations in the second half of 2023, according to Darktrace Threat Report. The report highlights the cross-functional adaption of many of the malware strains, which malware loaders like remote access trojans being combined with information-stealing malware.
  • Acronis Cyberthreats Report highlights the rise of generative AI systems to create malware and orchestrate attacks. AI-enhanced phishing affected over 90% of organizations and contributed to a 222% surge in email attacks in 2023 as compared to the second half of 2022.
  • Abnormal Security H1 2024 Email Threat Report provides valuable insights into the latest email threat trends, including the increasing risk posed by QR code phishing attacks. Researchers have discovered that about 89% of phishing attacks that used fake QR codes have been aimed at stealing credentials from managers and employees of various organizations.
  • The latest Nozomi Networks Labs OT & IoT Security Report finds that network anomalies and attacks were the most prevalent threat to OT and IoT environments in 2023. Vulnerabilities within critical manufacturing also surged 230%.
  • Delinea has published its annual Ransomware Pulse Report: What to Expect in 2024. Researchers highlighted the rise in ransomware attacks and the shift in strategy among cybercriminals to focus more on stealing data rather than encrypting the networks under attack.

Major Cyber Incidents

  • The LockBit ransomware gang has breached the Fulton County’s systems, causing widespread IT outages that impact phone, court, and tax systems. Hackers has threatened to publish confidential documents if a ransom is not paid.
  • Battery maker VARTA AG has been targeted by a cyberattack that forced it to shut down its IT systems, causing production to stop at its plants.
  • A threat actor has leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other information about users of a popular marketplace.
  • More than 100 Romanian health care facilities had been knocked offline due to a ransomware attack on their third-party healthcare management system.
  • 33 million French citizens have had their data exposed in a massive security breach affecting two companies, Viamedis and Almerys, which manage third-party payments for health insurance organizations.
  • Hyundai Motor Europe has suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen 3 terabytes of corporate data.
  • A cyber attack has forced Lurie Children’s Hospital in Chicago to take its IT systems offline with a severe impact on its operations.