Cybersecurity Weekly: Cisco VPN flaws, Chrome zero-day fix, new DDoS botnet
Critical flaws are reported in Cisco VPN routers for businesses. Google fixes Chrome zero-day actively exploited in the wild. The new Matryosh DDoS botnet has been targeting Android-based devices. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Critical flaws reported in Cisco VPN routers for businesses
Cisco rolled out fixes for multiple critical vulnerabilities in the web-based management interface of small business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The flaws impact routers running a firmware release earlier than Release 1.0.01.02.
2. Google fixes Chrome zero-day actively exploited in the wild
Google addressed an actively exploited Chrome zero-day vulnerability in Windows, Mac and Linux operating systems. The zero-day is described as a heap buffer overflow bug in Google's open-source WebAssembly and JavaScript engine. It can be exploited by attackers to execute arbitrary code on systems running vulnerable software.
3. New Matryosh DDoS botnet targeting Android-based devices
A new malware campaign is co-opting Android devices into a botnet with the primary purpose of carrying out distributed denial-of-service attacks. The threat has been reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge interfaces to infect Android devices and ensnare them into its network.
4. Critical bugs found in Realtek Wi-Fi module for embedded devices
Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device's wireless communications. The flaws concern a mix of stack overflow and out-of-bounds reads that stem from the device’s authentication process.
5. Eletrobras, Copel energy companies hit by ransomware attacks
Two major electric utilities companies in Brazil suffered ransomware attacks over the past week. Operations at the two plants are disconnected from the administrative network, for obvious security reasons, so the electricity supply to the National Interconnected System remained unaffected.
6. Hackers steal StormShield firewall source code in data breach
StormShield disclosed that their systems were hacked, allowing a threat actor to access the company's support ticket system and steal source code for Stormshield Network Security firewall software. The company’s investigations do not indicate that the source code has been modified.
7. Hacking group used an IE zero-day against security researchers
Last month, Google disclosed that the hacking group known as Lazarus was conducting social engineering attacks against security researchers. To perform their attacks, the threat actors created elaborate online security researcher personas that would then use social media to contact well-known security researchers to collaborate on vulnerability and exploit development.
8. Plex Media servers actively abused to amplify DDoS attacks
Plex Media Server systems are actively being abused by DDoS-for-hire services as a UDP reflection/amplification vector in distributed denial-of-service attacks. This junk traffic reflected onto victims' servers is sourced from Simple Service Discovery Protocol probes sent by Plex through the G’Day Mate protocol for local network service discovery.
9. Three more vulnerabilities found in SolarWinds products
Security researchers have discovered three more vulnerabilities in SolarWinds products, including a critical remote code execution bug. The most critical vulnerability relates to the legacy Microsoft Message Queue technology, which is set up on installation and could allow any remote unprivileged user to execute any arbitrary code with the highest privileges.
10. Social media platforms target resellers of hacked accounts
Last week, Facebook, Instagram, TikTok and Twitter all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames.
In this Series
- Cybersecurity Weekly: Cisco VPN flaws, Chrome zero-day fix, new DDoS botnet
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
