Github accounts used for malware, CrowdStrike explains the reasons behind the global outage... all in this week's security news...
Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.
Vulnerabilities and Patches
Chrome 127 Patches 24 Vulnerabilities
Google recently released Chrome 127, which addresses 24 security vulnerabilities, including five rated as “high” severity. These vulnerabilities include several “use after free” issues in components like Downloads, Loader, and Dawn, as well as an out-of-bounds memory access issue in the ANGLE graphics library and an inappropriate implementation in the Canvas component.
Critical Docker Engine Vulnerability CVE-2024-41110: Authorization Bypass Exposed
A critical vulnerability in Docker Engine, tracked as CVE-2024-41110, allows attackers to bypass authorization plugins using a specific API request with Content-Length set to 0. This flaw, rated with a CVSS score of 10.0, affects several Docker Engine versions up to 27.1.0. The issue, a regression from a previous fix, has been patched in recent updates. Docker Desktop is also affected, but the likelihood of exploitation is limited. Users are advised to update to the latest versions to mitigate potential risks.
Cyber Attacks
Network of 3,000 GitHub Accounts Used for Malware Distribution
A threat actor known as Stargazer Goblin created over 3,000 fake GitHub accounts to distribute various types of malware, generating $100,000 in illicit profits. This network, called the “Stargazers Ghost Network,” uses these accounts to host repositories with malicious links and software, giving them a veneer of legitimacy by engaging in typical GitHub activities like forking and starring repositories. The operation is designed to be resilient against takedowns, continually updating and distributing malware like Atlantida Stealer, Lumma Stealer, and RedLine Stealer
KnowBe4 Hires Fake North Korean IT Worker, Catches New Employee Planting
KnowBe4, a cybersecurity training firm, recently experienced an incident where they unknowingly hired a North Korean operative posing as a software engineer. This individual managed to bypass multiple layers of background checks and interviews using a stolen US-based identity and AI-enhanced photo. Upon receiving a company-issued Mac workstation, the new hire immediately attempted to load malware, which was quickly detected by KnowBe4’s EDR software. The SOC intervened, and further investigation revealed that the employee was part of a larger scheme where North Korean operatives pose as IT workers to infiltrate companies and funnel earnings back to the regime. KnowBe4 has since contained the threat and shared their findings with Mandiant and the FBI
In Other News...
CrowdStrike Explains Why Bad Update Was Not Properly Tested
CrowdStrike experienced a major incident where a faulty update to its Falcon sensor product caused widespread system crashes, affecting around 8.5 million Windows devices globally. This issue arose from a problematic content template that wasn’t caught by the company’s automated validation tools, leading to Blue Screen of Death (BSOD) errors and boot loops. The incident impacted critical sectors including airlines, financial institutions, and healthcare. CrowdStrike has isolated the issue, deployed a fix, and is assisting affected customers in remediation
UK Minister Warns of Severe Vulnerabilities to Cyber Threats and Pandemics
A UK minister recently emphasized the country’s significant vulnerabilities to cyber threats and pandemics, urging for enhanced preparedness and resilience. The minister highlighted the interconnected nature of modern systems, where disruptions in digital supply chains can have widespread impacts across various sectors, including aviation, banking, and healthcare. This call to action follows recent global IT outages, underscoring the critical need for robust cybersecurity measures and strategic planning to mitigate risks and ensure rapid recovery from such incidents