Cyber crime victims in the UK being failed, Microsoft patches, Phishing-as-a-Service targeting Microsoft 365...
Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.
Vulnerabilities and Patches
UK Cybercrime Victims Failed by Justice System
The Cyber Helpline charity has highlighted a significant gap in justice for cybercrime victims in England and Wales. According to its report, The Funnel of Justice, cybercrime victims are seven times less likely to see perpetrators face charges or legal summons than victims of offline crimes. Alarmingly, 98% of cyber-enabled crimes result in no further action from law enforcement or the justice system, despite cybercrime constituting 40% of all crimes in the region.
Microsoft Fixes AI, Cloud, and ERP Flaws
Microsoft has patched four critical security vulnerabilities affecting AI, cloud, and enterprise platforms. These include CVE-2024-49035, a privilege escalation flaw in Microsoft Partner Center, actively exploited in the wild. Other issues involve vulnerabilities in Copilot Studio, Azure PolicyWatch, and Dynamics 365 Sales. The flaws enable privilege escalation, spoofing, and unauthorised access. Users are urged to update affected services, especially Dynamics 365 Sales apps, to mitigate risks.
Avast Anti-Rootkit Driver Abused to Take Over Systems in BYOVD Attack
A malicious campaign exploits an outdated Avast anti-rootkit driver, manipulating it to disable protective software and seize system control. This “bring-your-own-vulnerable-driver” (BYOVD) attack uses trusted components like kernel drivers, making detection challenging. The malware targets major security processes, bypassing defenses with kernel-level privileges. Experts recommend regular updates, blacklisting outdated drivers, and implementing robust vulnerability management programs to mitigate risks.
Cyber Attacks
Rockstar 2FA: Phishing-as-a-Service Targeting Microsoft 365 with Advanced MFA Bypass
Cybersecurity researchers have uncovered a phishing-as-a-service (PhaaS) platform called Rockstar 2FA, designed to target Microsoft 365 users. It uses advanced adversary-in-the-middle (AiTM) techniques to bypass multi-factor authentication by stealing credentials and session cookies. The toolkit, an evolution of the DadSec phishing kit, is sold as a subscription service, enabling even non-technical users to launch phishing campaigns. Features include 2FA bypass, cookie harvesting, and custom phishing page templates. Threat actors exploit trusted services like OneDrive and Google Docs to host phishing links.
Fake ChatGPT, Claude PyPI Packages Spread JarkaStealer Malware
Fake Python packages on PyPI, claiming to provide ChatGPT and Claude API access, were discovered to deliver the JarkaStealer malware. These packages, uploaded by a user named “Xeroline,” have been downloaded over 1,700 times. The malware steals sensitive data like system info, browser credentials, session tokens, and screenshots. It operates as malware-as-a-service (MaaS) and lacks persistence, activating only when executed. Users are advised to remove the malicious packages, reset compromised credentials, and strengthen dependency checks.
In Other News...
'Bootkitty' – First UEFI Bootkit Targeting Linux Kernels
Researchers have discovered Bootkitty, the first UEFI bootkit targeting Linux kernels. This proof-of-concept malware bypasses UEFI Secure Boot by disabling signature verification and loading malicious ELF binaries during the Linux boot process. It modifies key functions in the bootloader and kernel to ensure persistent access, revealing a shift in UEFI bootkit threats now extending beyond Windows systems