Apple MacOS vulnerability exploited, major flaw in Kubernetes, Log4j instances still in use and Microsoft loses some data...
Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.
Vulnerabilities and Patches
North Korean Hackers Target ATMs with New Linux Malware
North Korean hackers have deployed newly discovered Linux malware to raid ATMs, bypassing security and extracting cash remotely. The malware, named “Cardhop,” exploits weaknesses in ATM networks, allowing attackers to manipulate transactions without leaving a trace. Security researchers emphasize the growing sophistication of North Korean cyber operations, and recommend stronger security practices for financial institutions to safeguard against similar attacks.
Microsoft Warns of macOS Vulnerability Exploited in Adware Attacks
A recently patched macOS vulnerability (CVE-2024-44133) is potentially being exploited by the Adload adware family. This flaw allows attackers to bypass macOS’s Transparency, Consent, and Control (TCC) system, granting unauthorized access to user data. Exploits target the Safari browser to access sensitive information like camera feeds and location. Apple has addressed the issue in Sequoia 15, and only MDM-managed devices are affected.
Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access
A major flaw (CVE-2024-9486) in Kubernetes’ Image Builder has been uncovered, potentially allowing attackers to gain root access. This issue arises when default credentials are enabled during the image build process, particularly affecting VMs created with the Proxmox provider. The vulnerability has been addressed in version 0.1.38, which introduces a random password and disables the builder account after the build process.
Cyber Attacks
Russian RomCom Attacks Target Ukrainian Government with New RAT Variant
Russian hacker group RomCom has launched attacks on Ukrainian government agencies, deploying a new version of the RomCom Remote Access Trojan (RAT) called SingleCamper. The malware conducts activities like network reconnaissance, lateral movement, and data exfiltration. The campaign is believed to be part of a long-term espionage strategy, with the potential for future ransomware deployment.
New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT
Cybercriminals are using the PureCrypter malware loader to distribute DarkVision RAT, a potent remote access trojan with capabilities like keylogging, password theft, and remote shell access. The campaign, spotted by Zscaler, employs a multi-stage infection process and leverages the Donut loader to deploy DarkVision, which offers extensive malicious features. This RAT’s low cost and ease of use make it appealing for attackers seeking to exploit vulnerable systems.
In Other News...
Vulnerable Log4j Instances Still in Use Nearly Three Years After Discovery
Despite the critical Log4Shell vulnerability being identified in late 2021, new research from Sonatype shows that 13% of active Log4j installations still run vulnerable versions. This figure highlights how hard it is to fully eliminate Log4j from systems, as it is deeply embedded in many enterprise applications. Even though patched versions are widely available, many organizations continue to struggle with vulnerability management and dependency updates.
Cisco Probes Alleged Data Breach, Hackers Claim Access to Sensitive Files
Cisco has confirmed an ongoing investigation into a possible data breach after hackers, including IntelBroker, boasted about selling sensitive Cisco data. The criminals claimed to have accessed and offered files such as source code, credentials, and customer information. While Cisco stated it found no evidence yet of its systems being impacted, the company is working with law enforcement and will notify customers if their data has been compromised.
Industry Group Pushes to Replace Passwords with Passkeys
A consortium of tech companies is advocating for the widespread adoption of passkeys, a more secure and user-friendly alternative to traditional passwords. Passkeys, tied to biometric authentication methods like fingerprints or facial recognition, aim to eliminate the weaknesses of password-based security, such as phishing and credential theft. Industry leaders argue that this technology will significantly improve online security while simplifying the user experience.
Microsoft Warns It Lost Some Customers' Security Logs for a Month
Microsoft revealed that a logging bug caused security data loss for some customers between September 2 and October 3, 2024. Critical logs, essential for detecting unauthorized activity, were not consistently collected. Impacted services include Microsoft Entra, Azure Logic Apps, and Microsoft Sentinel, which may have gaps in their security-related logs. The issue was caused by a deadlock condition in the telemetry upload service, now resolved.