Cyber Security News Weekly Round-Up: Vulnerabilities, Cyber Attacks, Threats, and New Stories
Weekly Cyber Security News Round-Up
Overview
The recent weekly cyber security newsletter highlights the latest threats, vulnerabilities, and cyber attacks, providing essential updates for organizations and individuals to enhance their security measures.
Key Threats
- Fake regreSSHion Exploit: A malicious archive posing as an exploit for CVE-2024-6387 is targeting cybersecurity researchers through social media.
- Information-Stealing Malware: AI tools and Chrome extensions are being used to spread malware like Rilide Stealer and Vidar info stealer, targeting the gaming community and stealing personal information.
- Kimsuky Hackers: North Korean group Kimsuky is using .exe and .docx files in spear-phishing campaigns.
- FIN7 Phishing Campaigns: Cybercrime group FIN7 is mimicking brand domains to conduct phishing attacks.
- SharePoint Phishing Attack: Vulnerabilities in SharePoint servers are being exploited for phishing attacks.
Cyber Attack Highlights
- STORMOUS Ransomware Group: Claimed a breach of HITC Telecom, exfiltrating sensitive data.
- Zero-day Exploits in Shortcut Files: Hackers are using zero-day exploits in shortcut files to attack Windows systems.
- AT&T Data Breach: A massive breach affecting millions of customers, involving sensitive customer information.
- FishXProxy: A new tool used to enhance phishing attacks.
Vulnerabilities
- Cisco regreSSHion RCE: A critical vulnerability affecting multiple Cisco products.
- Microsoft SmartScreen Exploits: Hackers exploiting patched vulnerabilities to deploy malware.
- OpenSSH Vulnerabilities: New vulnerabilities affecting OpenSSH servers.
- Splunk Enterprise: Local file inclusion vulnerability.
- Outlook Zero-Click RCE: Allows remote code execution without user interaction.
- Citrix NetScaler Vulnerability: Authentication bypass vulnerability.
Data Breach Updates
- Twitter Data Leak: 9.4GB of data including 200 million user records exposed.
- NSA Data Leak: 1.4GB of classified information leaked online.
- Nokia Database Breach: Threat actors claim to have breached Nokia’s database.
- Truecaller Data Leak: 273 million users’ information exposed.
Other News
- DoNex Ransomware Decryption: Researchers have decrypted DoNex ransomware and its variants.
- Microsoft Bans Android Devices in China: Employees must use iPhones due to security concerns.
- Notepad Update: Introduction of spell check in Notepad.
- PDF Rendering in Browsers: Improved efficiency and security in handling PDF documents.
- Wireshark 4.2.6 Released: New features and performance improvements in the network protocol analyzer.
This comprehensive summary helps stay informed about the evolving cyber threat landscape and the necessary precautions to mitigate risks.