WEEKLY TOP TEN: December 23, 2024, 16:00 GMT
- Android Malware Delivered via the Amazon Appstore
A malicious Android application named “BMI CalculationVsn” was discovered for download on the Amazon AppStore. This application primarily uses Amazon Fire devices, such as tablets and TV add-ons. This malicious software uses the “casting” permission to record all activity on the infected device. - TP-Link Network Devices Under Investigation by the US DoJ
TP-Link is a Chinese owned home networking brand providing cheap routers and other network appliances to home users. TP-Link routers make up 80% of the market share, being by far the most used brand of SoHo routers in the US. These devices have long been plagued by an unusual number of vulnerabilities, causing the US DoJ to open an investigation into possible espionage from the Chinese government. Along with the espionage investigation, TP-Link is also being investigated for anti-trust issues, with some officials believing these devices are being sold at a price that is less than the manufacturing cost, which is illegal in the US. - Sophos Firewalls Vulnerable to Remote Code Execution
Sophos has released patches for three vulnerabilities in its firewall, allowing for SQL Injection, privileged access via SSH, and remote code execution. Sophos has claimed that the SQLi vulnerability impacts less than 0.5% of firewall devices; however, the SSH and RCE vulnerabilities are widely exploitable. - Popular NPM Packages Compromised to Serve Malicious Code
Three popular packages in the JavaScript package manager, NPM, have had malicious code injected into them via stolen keys. These packages are rspack/core, re\\spack/cli, and Vant. The compromised packages were used to deliver XMRig, a Monero crypto miner. The Rspack utilities combined account for over half a million weekly downloads. The repositories containing the compromised code have been cleaned up, and new non-malicious versions have been released. - US Authorities Unseal Indictment Against LockBit Ransomware Developer
The US authorities have unsealed charges against a dual Russian-Israeli national for their work on the infamous LockBit ransomware. The individual, Rostislav Panev, was arrested in Israel in August and is pending extradition to the US, where he will face trial for charges related to creating and distributing ransomware. - Juniper Networks Warns of Mirai Botnet Attacks on Session Smart Routers
The Session Smart router is a product from Juniper Networks that handles SD-WAN traffic. Recently, Juniper put out an alert stating that they have observed scanners that check the Session Smart routers for default credentials and, if successful, infect the device with the Mirai botnet. - Play Ransomware Group Takes Credit for Attack on Krispy Kreme
Recently, the massive doughnut chain Krispy Kreme was the victim of a ransomware attack, impacting online orders and other business operations. Now, the company has been placed on the Play ransomware group’s darknet site with a countdown to data publication. - Ascension Healthcare Breach Impacts Nearly Six Million Individuals
Ascension Healthcare is one of the largest healthcare providers in the US. In May, the Black Basta ransomware group attacked Ascension. The impacted data contains everything from medical records to financial information of patients and staff. - Vulnerabilities in Rockwell’s PowerMonitor Could Impact Critical Infrastructure
Rockwell’s PowerMonitor 1000 is a meter for power allocation and monitoring. Recently, vulnerabilities in these systems can lead to total device takeover. It is strongly urged that administrators of these systems patch immediately to prevent remote takeover of such a sensitive device. - Raccoon Stealer Developer Ordered to Pay Nearly One Million in Restitution
The developer of the infamous Racoon Stealer malware, Mark Sokolovsky, a Ukrainian national, has been sentenced to five years in prison and ordered to pay nearly one million dollars in restitution and damages.
Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The following top 10 stories were selected from the 40+ original ones we determined to be most significant during the course of the week, ranking by highest risk and using multiple sources when available: