By security practitioners, for security practitioners novacoast federal | Pillr | novacoast | about innovate
By security practitioners, for security practitioners

Weekly Top 10 – 02.19.2024- Critical Microsoft Exchange Vulnerability, North Korean APT Breached South Korean Presidential Staff, GoldPickaxe iOS Malware Captures Facial Recognition Data, and More.

WEEKLY TOP TEN: February 19, 2024, 15:00 GMT

Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The following top 10 stories were selected from the 40+ original ones we determined to be most significant during the course of the week, ranking by highest risk and using multiple sources when available:

  1. Bumblebee Malware Reappears After Four-Month Hibernation

    Bumblebee is a malware dropper and initial access broker, meaning compromised devices are sold to other threat actors for post-exploitation activities such as identity theft, addition to botnets, or ransomware deployments. In October 2023, there was a significant decline in the usage of Bumblebee, which continued for the past four months. Recently, however, it has returned in phishing campaigns posing as voicemail messages with links to OneDrive sites hosting the payload.
  2. Critical Microsoft Exchange Vulnerability

    A new zero-day vulnerability in Microsoft Exchange has been discovered and has reportedly been exploited as a zero-day prior to patches being released. This vulnerability allows privilege escalation by using an NTLM relay attack, which can lead to a complete server takeover. Patches have been released, and workarounds are present in Exchange Extended Protection.
  3. Linux Command Not Found Feature Used to Distribute Malware

    Ubuntu Linux has a feature that suggests packages to install if the user runs an unrecognized command. Researchers have discovered that this tool can be modified and abused to suggest the installation of malicious packages. The attacker would, however, need system access or a way to poison the commands not found in the database on the intended target.
  4. MrAgent Ransomware Tool Automates VMware ESXi Infection

    The RansomHouse cybercrime gang has developed a new tool they dubbed MrAgent, which automates the distribution of their ransomware to VMware ESXi hypervisors. These systems are often critical for originations and run important internal services and even workstations, making them a valuable target for threat actors.
  5. New TicTacToe Dropper Delivers Several Types of Malware to Infected Devices

    TicTacToe is a new strain of dropper malware that is used for initial infection. After a device has been compromised, TicTacToe Dropper can deliver a variety of payloads, depending on the attacker’s intent. Observed payloads include infamous malware such as AgentTesla, Remcos RAT, and LokiBot.
  6. North Korean APT Breached South Korean Presidential Staff

    The South Korean government has released a statement regarding a cybersecurity incident in which a member of the Presidential Office Staff had their personal email compromised. It is stated that the compromise occurred while the staff member was using the breached email for official governmental duties. This was attributed to the North Korean government and associated APTs.
  7. GoldPickaxe iOS Malware Captures Facial Recognition Data

    Researchers have found a new iOS-specific trojan. Dubbed GoldPickaxe, this malware steals sensitive information, such as banking details and facial recognition data. The stolen facial recognition data is likely used to create AI-generated deepfake videos of victims for social engineering or access to bank transfers.
  8. Russian-Backed APT Targeting Polish Organizations with New Malware

    Turla, aka Group 88, or Urobouros, is an APT attributed to the Russian FSB. Recently, it has come to light that this group is targeting Polish NGOs (non-governmental organizations) with a brand-new malware strain known as TinyTurla-NG. This malware mainly serves as a backdoor into infected devices, with modular features based on target or attacker intent.
  9. Critical Privilege Escalation Vulnerability in Zoom Has Been Patched

    A new critical vulnerability was discovered in Zoom Windows clients, allowing for unauthenticated privilege escalation. Zoom discovered this vulnerability internally, and it has since been patched. This comes with a wave of other low-to-medium-severity vulnerabilities being patched at the same time.
  10. US Government Dismantles Russian Botnet

    The US government has stated they have dismantled a Russian botnent built for home use and small business routers. This comes hot off the heels of the takedown of a similar Chinese botnet. The bot devices were infected with Mirai malware, and it was stated that over one thousand devices were compromised.
Previous Post

Cybersecurity Predictions in 2024 and Beyond

Next Post

Patch Now To Fix Critical RCE Vulnerability In ConnectWise ScreenConnect

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.