WEEKLY TOP TEN: September 30, 2024, 16:00 GMT
- Critical Unauthenticated RCE Discovered in Linux
A new unauthenticated remote-code execution vulnerability has been discovered in the Linux CUPS (Common Unix Printing System) daemon. Under certain conditions, this can be exploited to permit comma injection running as the CUPS service account. This flaw is due to improper handling of network communication when searching for new printers. - Microsoft Claims New Windows Recall Feature Is Now More Secure
Microsoft had to cancel the release of the Windows Recall feature after it received harsh criticism from privacy and security advocates. Now, Microsoft has published statements claiming that the feature will “be more secure” and users will have the option to remove it if desired. Recall is an AI-assisted tool that periodically takes screenshots of a Windows device and puts them together in a timeline, similar to browser history, but for the entire OS. Privacy and security experts expressed concerns that the tool could be used by bad actors to reveal sensitive information. - Meta Fined 91 million Euros for Insecure Password Storage
The Irish Data Protection Commission just issued Meta a 91 million euro fine due to the discovery of insecure password storage. Specifically, they discovered that the tech giant has stored passwords in plain text, a seriously grave security mistake and a direct violation of Europe’s GDPR. - The TOR Project and Tails Merge for a New Age of Privacy
The TOR Project is the organization behind maintaining and developing the TOR browser, as well as the underlying protocol. Tails is a Linux distribution that is designed to be run from a USB drive and is amnesiac, meaning that unless encrypted storage is set up, the operating system will reset to defaults every time it is used. It also uses the TOR network to route all the system traffic, making it a very secure and private operating system, used by journalists and high-risk individuals across the globe. Recently, the two organizations have announced that they will be merging to provide an efficient and streamlined development pipeline, ensuring that the TOR Project and Tails stay in constant sync and provide the best possible privacy toolset. - Iranians Charged for the Hack of the Trump 2024 Campaign
The US DOJ has filed charges against three Iranian nationals for the ‘hack-and-leak’ of the Trump 2024 campaign. The indictment contains 18 counts, which accuse the three men of crimes including wire fraud, conspiracy to provide material to a terrorist organization, and identity theft. - Kia Vehicles Vulnerable to Remote Attacks via Smart License Plate
Researchers have discovered a vulnerability in modern Kia vehicles, specifically the smart license plate. This issue allows attackers to control the vehicle using the license plate information. Similar vulnerabilities have been found in several different models from multiple manufacturers over the years, including Honda, Mercedes, and BMW. - Windows Vulnerable to Privilege Escalation Attack
Attackers have discovered a new attack vector, which allows attackers to bypass Windows User Account Control, leading to privilege escalation. This is done by remapping the root drive of a target system, to one with incorrect permissions, allowing for full system level access. Microsoft acknowledged this discovery but has stated that they do not consider this to be a vulnerability due to the fact that moving from admin to system “does not cross a security boundary.” - New ‘RomCom’ Malware Variant Used for Data Theft
A variant of the RomCom malware, which has been dubbed SnipBot, has been observed in the wild and is being used to steal data from target systems. RomCom was originally created as a backdoor to deliver ransomware, however, this new attack expands on its capabilities. This variant has been seen targeting organizations across many sectors including IT, Agriculture and Legal. - Android Crypto Drainer Responsible for $70K in Theft
Crypto Drainers are malware which look for cryptocurrency wallets on infected devices if one is found all of the crypto stored there will be transferred back to the attacker’s wallet. A malicious app was discovered on the Google Play Store, which had these exact capabilities, researchers estimate at least seventy-thousand dollars’ worth of various cryptocurrencies was stolen. - Deepfake of Ukrainian Official Used to Target US Senator
The US Foreign Relations Committee has stated that a US Senator was recently targeted with a Deepfake of a Ukrainian official, in what was said to be an attempt at election interference. The attack was targeted at Democratic Senator, Ben Cardin of Maryland. The threat actor claimed to be Dmytro Kuleba, the Ukrainian Minister of Foreign Affairs. Senator Cardin was asked ‘politically charged’ questions in an attempt to get him to comment on political candidates.
Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The following top 10 stories were selected from the 40+ original ones we determined to be most significant during the course of the week, ranking by highest risk and using multiple sources when available:
