InfoSec News 20241024

  • Publicado: Qui, 24/10/2024 - 15:09

Top News

  • New Malware WarmCookie Targets Users with Malicious Links

"A new malware family named WarmCookie, also known as BadSpace, has been actively distributed through malspam and malvertising campaigns since April 2024."

Link

TLP1 : Green

  • Mandiant says new Fortinet flaw has been exploited since June

"A new Fortinet FortiManager flaw dubbed "FortiJump" and tracked as CVE-2024-47575 has been exploited since June 2024 in zero-day attacks on over 50 servers, according to a new report by Mandiant."

Link

TLP1 : Green

  • Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign

"Cisco has released patches for multiple vulnerabilities in ASA, FMC, and FTD products, including an exploited flaw."

Link

TLP1 : Green

Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism

  • Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day

"The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space."

Link

TLP1 : Green

  • Russian Trolls Pose as Reputable Media to Sow US Election Chaos

"Operation Overload pushes dressed up Russian state propaganda with the aim of flooding the US with election disinformation."

Link

TLP1 : Green

Breaches: Data Breaches and Hacks

  • Insurance Firm Johnson & Johnson Discloses Data Breach

"Johnson & Johnson has disclosed a data breach impacting the personal information of thousands of people."

Link

TLP1 : Green

Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits

  • Chrome Patches Multi Vulnerabilities in Latest Stable Release

"Google has rolled out a crucial update to its Chrome browser, addressing three high-severity security flaws that could be exploited by attackers. The update, versions 130.0.6723.69/.70 for Windows and Mac, and 130.0.6723.69 for Linux, is being progressively released to users over the coming days and weeks."

Link

TLP1 : Green

  • Red Hat Warns of Privilege Escalation Flaw CVE-2024-9050 in NetworkManager-libreswan

"A newly discovered vulnerability in the libreswan client plugin for NetworkManager could allow attackers to gain root access on Red Hat Enterprise Linux 9 systems."

Link

TLP1 : Green

Incident Response: Infrastructure, Training, SIEM and Incident Handling

  • Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland

"On the first day of Pwn2Own Ireland, participants demonstrated 52 zero-day vulnerabilities across a range of devices, earning a total of $486,250 in cash prizes."

Link

TLP1 : Green

Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography

  • Trojanized Ethers Forks on npm Attempting to Steal Ethereum Private Keys

"Phylum’s automated risk detection platform recently flagged several suspicious packages published to npm. Upon investigation, we found these packages attempting to exfiltrate Ethereum private keys and gain SSH access to the victim’s machine by writing the attacker’s SSH public key in the root user’s authorized_keys file."

Link

TLP1 : Green

 

 

1Traffic Light Protocol (TLP) [1] for information sharing:

 

 

  • Red:Not for disclosure, restricted to participants only.
  • Amber: Limited disclosure, restricted to participants organizations.
  • Green: Limited disclosure, restricted to the community.

 

[1]https://www.first.org/tlp

Infosec News