Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.
Vulnerabilities and Patches
Cisco Releases Advisories for Command Injection Vulnerabilities in Multiple Products
Cisco has released security advisories to address two command injection vulnerabilities in the Command Line Interface (CLI) of the Cisco Integrated Management Controller (IMC), both of which could lead to privilege escalation. The IMC is a baseboard management controller that provides embedded server management for Cisco UCS C-Series Rack Servers and Cisco UCS S-Series Storage Servers, enabling system management in the data centre and across distributed branch-office locations. Vulnerabilities CVE-2024-20295 and CVE-2024-20356 found in devices using Cisco Integrated Management Controller (IMC) could lead to privilege escalation. Affected organisations are encouraged to review the following two advisories and to apply any necessary security updates.
VMware Releases Security Updates for SD-WAN Edge and SD-WAN Orchestrator
VMware has released security updates to address multiple vulnerabilities in SD-WAN Edge and SD-WAN Orchestrator modules of the SD-WAN, which is a management software for wide area network deployments. The vulnerabilities CVE-2024-22246, CVE-2024-22247 and CVE-2024-22248 could allow an attacker to remotely execute code, access the BIOS configuration or redirect a victim to an attacker-controlled domain. Affected organisations are encouraged to review VMware Security Advisory VMSA-2024-0008 and apply any relevant updates.
Widely Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned the CVE identifier CVE-2024-31497, with the discovery credited to researchers Fabian Bäumer and Marcus Brinkmann from the Ruhr University Bochum. “The effect of the vulnerability is to compromise the private key,” the PuTTY project said in an advisory.
Cyber Attacks
Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor
A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. “The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby luring victims to visit these sites,” Zscaler ThreatLabz researchers Roy Tay and Sudeep Singh said. As many as 45 domains are said to have been registered between November 2023 and March 2024, with the sites masquerading as port scanning and IT management software such as Advanced IP Scanner, Angry IP Scanner, IP scanner PRTG, and ManageEngine.
‘Cyber incident’ at one of the UK’s biggest vet companies
One of the UK’s largest vet companies has been hit by a “cyber incident” with disruption caused across all operations and a risk of “malicious access” to personal information. An “ongoing operational impact” is likely, CVS Group said, due to increased security and monitoring of IT systems in the wake of the attack. The company, which owns vet practices as well as diagnostic laboratories and pet crematoriums, said it had “recently detected and intercepted a cyber incident” on Monday morning. In response, the company took its IT systems temporarily offline to stop wider unauthorised access. It said this was successful in stopping the hackers gaining further access to its systems but had a “considerable” impact on operations.
Articles
Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges
Shakeeb Ahmed, a former senior security engineer, was sentenced to three years in prison for hacking and defrauding two cryptocurrency exchanges. Ahmed, 34, of New York, New York, was arrested in July 2023, one year after the attacks occurred. He pleaded guilty in December. According to court documents, in early July 2022, Ahmed defrauded a decentralized cryptocurrency exchange of roughly $9 million. By exploiting a smart contract vulnerability, Ahmed faked price data and generated inflated fees that he then withdrew in the form of cryptocurrency. He then contacted the exchange and agreed to return all the funds, except for $1.5 million, which he would keep as a bounty.
Phishing Platform LabHost Shut Down by Law Enforcement
LabHost, one of the world’s largest phishing-as-a-service platforms, has been shut down by law enforcement as part of an operation involving agencies from 19 countries. According to Europol, which coordinated the years-long operation, LabHost infrastructure was compromised, and the law enforcement action culminated in several surface web sites being taken down and 37 individuals being arrested between April 14 and April 17. Investigators searched 70 addresses across the world. The list of arrested individuals includes four from the UK who are believed to have run the site, including LabHost’s original developer.