Weekly Security News – 13th May 2024

Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly. 

Vulnerabilities and Patches

Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability

Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024. Use-after-free bugs, which arise when a program references a memory location after it has been deallocated, can lead to any number of consequences, ranging from a crash to arbitrary code execution.

F5 Releases Quarterly Security Notification (May 2024) Affecting BIG-IP Products

F5 has released an overview of vulnerabilities for some of their networking products, including BIG-IP and BIG-IP Next Central Manager. The security advisory addresses seven vulnerabilities rated as high impact, six rated as medium impact and three security exposures. An attacker could exploit some of these vulnerabilities to execute malicious SQL statements, conduct a man-in-the-middle attack, carry out cross-site scripting (XSS) attacks, or create a denial-of-service (DoS) condition. Affected organisations are strongly encouraged to review K000139404: Quarterly Security Notification (May 2024) and apply any relevant updates or mitigation.

Cyber Attacks

Dell Says Customer Names, Addresses Stolen in Database Breach

Dell Technologies has sent notices to millions of customers warning that data including full names and physical addresses was stolen during a security incident. The US technology giant did not provide any details on the breach beyond a brief statement mentioning “an incident involving a Dell portal, which contains a database with limited types of customer information. A brief notice sent to customers said the hacked database contained very basic customer data related to purchases from Dell. Dell said an investigation has confirmed that data accessed include customer names, physical mailing addresses and information on Dell hardware and order information.

Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing

Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users’ credentials from compromised devices. “This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices,” the SonicWall Capture Labs threat research team said in a recent report. The distribution vector for the campaign is currently unclear. However, once the app is installed on the users’ phones, it requests them to grant it permissions to the accessibility services and the device administrator API, a now-deprecated feature that provides device administration features at the system level.

Articles

What’s the Right EDR for You?

Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints. This is why endpoint detection and response (EDR) solutions now serve as critical weapons in the fight, empowering you and your organization to detect known and unknown threats, respond to them quickly, and extend the cybersecurity fight across all phases of an attack. With the growing need to defend your devices from today’s cyber threats, however, choosing the right EDR solution can be a daunting task. There are so many options and features to choose from, and not all EDR solutions are made with everyday businesses and IT teams in mind. So how do you pick the best solution for your needs?

500,000 Impacted by Ohio Lottery Ransomware Attack

The Ohio Lottery cyberattack conducted last year by a ransomware group has impacted more than half a million individuals, the lottery said this week. The incident came to light in late December 2023, after the Ohio Lottery announced shutting down some systems to contain the breach.  At around the same time, a seemingly new ransomware group named DragonForce took credit for the attack. The hackers have since made available more than 90 Gb of files (in .bak backup format) allegedly stolen from the Ohio Lottery. They claim to have obtained more than 1.5 million records of employee and player information, including names, email and postal addresses, winnings, dates of birth, and social security numbers.