From the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here's a look back from the week
The spyware vendor was shut down after Google's disclosure
According to reports, there is a problem with the Spanish-based spyware vendor Vriston, whose vulnerability was discovered and made public by Google. TechCrunch has learned from former employees that several employees have left Vriston following Google's disclosure, claiming that the company is now closed.
Wyze Camera Security Incident
Wyze, a smart home camera company, informed customers that 13,000 users received thumbnails from cameras that didn't belong to them. More than 1,500 users clicked on the thumbnails, and some of them were able to view the record. The company says less than 03% of accounts were affected by the incident and blamed it on a third-party cache client library.
The 8220 gang returns to cryptocurrency mining
The 8220 gang has been observed to launch new attacks on Windows and Linux-based cloud infrastructure for cryptocurrency mining. The group's latest campaign, which lasted about a year, revealed the use of PowerShell for fileless execution, DLL sideloading, and bypass UAC and event tracking mechanisms.
The Lucifer DDoS botnet targets Apache tools
Aqua Security discovered that the Lucifer DDoS malware targeted Apache Hadoop and Apache Druid instances, tricking them into a botnet capable of mining cryptocurrency. Over the past month, more than 3,000 attacks have been identified against these solutions.
pypi packaging sideloads malware
ReversingLabs reported that two packages in the PYPI package manager were found to rely on typos to trick unsuspecting users into installing them, and used DLL sideloading to load second-stage malware.
The two packages appear to be part of a broader campaign to abuse the software chain for malware infection.
A ransomware attack on the Washington, D.C. school system affected 100,000 people
Prince George's County Public Schools (PGCPS) notified the Maine Attorney General's Office that the personal information of nearly 100,000 people was compromised in an August 2023 ransomware attack. Names, financial account information, and social security numbers can be accessed or compromised during an attack.
Freenom resolves Meta lawsuits
Domain registrar Freenom has announced that it has reached a settlement with Meta in a lawsuit filed last year by social media giant Meta over Freenom for ignoring phishing** complaints. Freenom stopped allowing new domain registrations in March last year, and the number of phishing domains dropped significantly in a matter of months. Freenom said it has decided to exit the domain name business.
OT Environmental Risk Management Survey
A new survey from the Ponemon Institute and Cyolo shows that only half of organizations are effective in mitigating the risk and security threats of OT. However, the majority of the 1,056 security professionals surveyed in the U.S. and EMEA said they did not have an accurate inventory of OT assets, and half of them did not re-evaluate the remote access tools they adopted during the pandemic.
CrowdStrike Report: More Threat Actors, More Victims
Crowdstrike's 2024 Global Threat Report shows that the number of threat actors tracked by Crowdstrike reached 232 in 2023, with a 76% increase in the number of victims listed on the leak**. The report also shows that attacks against cloud environments have also increased, and that most of the intrusions are related to cybercrime.
United States**Partnered with Microsoft to expand logging capabilities
For the past six months, U.S. cybersecurity agencies CISA, OMB, and ONCD have been working with Microsoft to roll out expanded logging capabilities to a group of U.S.** organizations, and are now making it available to all organizations using Microsoft Purview Audit. This will help agencies use logs more effectively for cyber threat detection and remediation.
Patches
Autodesk has released patches for 19 vulnerabilities in AutoCAD that could allow an attacker to crash an application, disclose data, or execute arbitrary**. VMware warns of a critical flaw in the deprecated Enhanced Authentication Plug-in (EAP), and Joomla has patched five bugs, including an XSS vulnerability that led to remote execution.