IT Security Newsletter - 10/22/2024
Cisco Disables DevHub Access After Security Breach
Cisco has disabled public access to one of its DevHub environments after threat actors downloaded some customer data from the site and put it up for sale on a cybercrime forum. The compromised data included source code, API tokens, hardcoded credentials, certificates, and other secrets belonging to some large companies, including Microsoft, Verizon, T-Mobile, AT&T, Barclays, and SAP. READ MORE...
Over 6,000 WordPress hacked to install plugins pushing infostealers
WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware. Over the past couple of years, information-stealing malware has become a scourge to security defenders worldwide as stolen credentials are used to breach networks and steal data. Since 2023, a malicious campaign called ClearFake has been used to display fake web browser update banners on compromised websites that distribute information-stealing malware. READ MORE...
Russia-Linked Hackers Attack Japan's Govt, Ports
Two Russian hacking groups leveled distributed denial-of-service (DDoS) attacks at Japanese logistics and shipbuilding firms - as well as government and political organizations - in what experts believe are attempts to pressure the Japanese government. The attacks came after lawmakers boosted the nation's defense budget, and its military conducted exercises with regional allies. READ MORE...
VMware fixes critical vCenter Server RCE bug - again! (CVE-2024-38812)
Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn't been fully addressed the first time and could allow attackers to achieve remote code execution. The vulnerabilities were privately reported by zbl & srs of team TZL - researchers who participated in the 2024 Matrix Cup in June 2024. Broadcom maintains that they are not currently aware of exploitation "in the wild." READ MORE...
ByteDance intern fired for planting malicious code in AI models
After rumors swirled that TikTok owner ByteDance had lost tens of millions after an intern sabotaged its AI models, ByteDance issued a statement this weekend hoping to silence all the social media chatter in China. In a social media post translated and reviewed by Ars, ByteDance clarified "facts" about "interns destroying large model training" and confirmed that one intern was fired in August. READ MORE...
Pixel perfect Ghostpulse malware loader hides inside PNG image files
The Ghostpulse malware strain now retrieves its main payload via a PNG image file's pixels. This development, security experts say, is "one of the most significant changes" made by the crooks behind it since launching in 2023. The image file format is popularly used for web graphics and is often picked in preference to a lossy compression JPG file because it is a lossless format and retains key details such as smooth text outlines. READ MORE...
Bumblebee malware returns after recent law enforcement disruption
The Bumblebee malware loader has been spotted in new attacks recently, more than four months after Europol disrupted it during 'Operation Endgame' in May. Believed to be the creation of TrickBot developers, the malware emerged in 2022 as a replacement for the BazarLoader backdoor to provide ransomware threat actors access to victim networks. Bumblebee typically achieves infection via phishing, malvertising, and SEO poisoning that promoted various software. READ MORE...
Google Warns of Samsung Zero-Day Exploited in the Wild
A zero-day vulnerability in Samsung's mobile processors has been leveraged as part of an exploit chain for arbitrary code execution, Google's Threat Analysis Group (TAG) warns. Tracked as CVE-2024-44068 (CVSS score of 8.1) and patched as part of Samsung's October 2024 set of security fixes, the issue is described as a use-after-free bug that could be abused to escalate privileges on a vulnerable Android device. READ MORE...
Debunking Hype: China Hasn't Broken Military Encryption With Quantum
Recent headlines have proclaimed that Chinese scientists have hacked "military-grade encryption" using quantum computers, sparking concern and speculation about the future of cybersecurity. The claims, largely stemming from a recent South China Morning Post article about a Chinese academic paper published in May, were picked up by many more serious publications. However, while Chinese researchers have made incremental advances in quantum computing, the news reports are a huge overstatement. READ MORE...
- ...in 1797, The first parachute jump is made by Andre-Jacques Garnerin from a hydrogen balloon 3,200 feet above Paris.
- ...in 1907, the Ringling Brothers' company buys Barnum & Bailey, running them as separate circuses before merging them in 1919.
- ...in 1962, actor and comedian Bob Odenkirk ("Mr. Show", "Better Call Saul") is born in Berwyn, IL.
- ...in 1962, President Kennedy tells Americans about the Cuban Missile Crisis and announces the blockade of Cuba.