Weekly Security News – 6th May 2024

Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly. 

Vulnerabilities and Patches

Cisco Releases Security Advisory for Cisco IP Phones

Cisco has released a security advisory to address three vulnerabilities in four IP Phone product lines. The vulnerability known as CVE-2024-20376 has a CVSSv3 score of 7.5 and is in the web-based management interface of the IP Phone firmware. The vulnerability known as CVE-2024-20378 has a CVSSv3 score of 7.5 and is in the web-based management interface of the IP Phone firmware. The vulnerability known as CVE-2024-20357 has a CVSSv3 score of 5.3 and is in the Extensible Markup Language (XML) service of the IP Phone firmware. Affected organisations are encouraged to review the Cisco advisory cisco-sa-ipphone-multi-vulns-cXAhCvS and apply the relevant updates.

HPE Aruba Networking Releases Critical Security Updates For ArubaOS

Hewlett Packard Enterprise (HPE) Aruba Networking has issued an advisory that addresses 10 vulnerabilities that affect product lines that use ArubaOS, including Mobility Conductor (formerly Mobility Master), Mobility Controllers, WLAN Gateways, and SD-WAN Gateways (managed by Aruba Central). ArubaOS is a network operating system for WLAN access points and gateways. Four critical buffer overflow vulnerabilities that have CVSSv3 scores of 9.8 could be exploited by an unauthenticated, remote attacker via a specially crafted packet to achieve remote code execution (RCE). Successful exploitation could lead to the ability to execute arbitrary code on the underlying operating system. The other six vulnerabilities could lead to unauthenticated denial-of-service (DoS).

Cyber Attacks

New Cuttlefish malware infects routers to monitor traffic for credentials

A new malware called Cuttlefish is targeting small office and home office (SOHO) routers with the goal of stealthily monitoring all traffic through the devices and gather authentication data from HTTP GET and POST requests. “This malware is modular, designed primarily to steal authentication material found in web requests that transit the router from the adjacent local area network (LAN),” the Black Lotus Labs team at Lumen Technologies said in a report published today. “A secondary function gives it the capacity to perform both DNS and HTTP hijacking for connections to private IP space, associated with communications on an internal network.”

US warns of North Korean hackers using email security flaws for phishing attacks

The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors’ attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State. “The DPRK [Democratic People’s Republic of Korea] leverages these spear-phishing campaigns to collect intelligence on geopolitical events, adversary foreign policy strategies, and any information affecting DPRK interests by gaining illicit access to targets’ private documents, research, and communications,” NSA said.

Articles

Former NSA Employee Sentenced to Over 21 Years in Prison for Attempted Espionage

A former employee of the U.S. National Security Agency (NSA) has been sentenced to nearly 22 years (262 months) in prison for attempting to transfer classified documents to Russia. “This sentence should serve as a stark warning to all those entrusted with protecting national defense information that there are consequences to betraying that trust,” said FBI Director Christopher Wray. Jareh Sebastian Dalke, 32, of Colorado Springs was employed as an Information Systems Security Designer between June 6 to July 1, 2022, during which time he had access to sensitive information.

Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million

A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims. Yaroslav Vasinskyi (aka Rabotnik), 24, along with his co-conspirators part of the REvil ransomware group orchestrated more than 2,500 ransomware attacks and demanded ransom payments in cryptocurrency totalling more than $700 million. “The co-conspirators demanded ransom payments in cryptocurrency and used cryptocurrency exchangers and mixing services to hide their ill-gotten gains,” the U.S. Department of Justice (DoJ) said.