Cybersecurity Awareness Month, Pokémon and Oracle's CPU

Notable news for the week of Oct 13^th – 19^th ,  2024. This week, your editor is Lior from F5 Security Incident Response Team.  This month is security awareness month which is always a good opportunity to understand if we are in the right direction and improving security. The CiSA cyber security awareness month page includes a report “Cybersecurity Awareness Month 2024 Guide” that provides some insights on the above question. The good news:   84% of people considered online safety a priority.   69% of people express confidence in their ability to identify phishing attempts . But: Only 38% of people use unique passwords for all their accounts. Only 36% of people always install software updates when they become available. So, are we getting better? Yes, we are, but we always have ways to improve, so we hope to improve, until next time, keep it safe. Lior.

 

Iranian hackers now exploit Windows flaw to elevate privileges

The Iranian hacking group APT34 (OilRig) is exploiting a Windows flaw (CVE-2024-30088) to elevate privileges during cyberattacks targeting critical infrastructure in the UAE and Gulf region. The attackers use this vulnerability to gain SYSTEM-level control, deploy backdoors, and steal credentials from Microsoft Exchange servers. They also intercept passwords and use stealthy tools like ngrok to facilitate exfiltration. The attacks are highly sophisticated and could have serious consequences for the affected energy sector. For more details, visit BleepingComputer.

 

 Jetpack fixes critical information disclosure flaw existing since 2016

The WordPress plugin Jetpack patched a critical information disclosure vulnerability that existed since 2016. This flaw allowed logged-in users to access data from forms submitted by other site visitors. The issue, affecting all versions of Jetpack since version 3.9.9, was discovered during an internal audit. Though no evidence suggests exploitation in the wild, Jetpack advises users to update to the latest version to prevent potential future attacks. For more details, visit BleepingComputer.

 

Oracle Patches Over 200 Vulnerabilities With October 2024 CPU

Oracle's October 2024 Critical Patch Update (CPU) addressed over 200 vulnerabilities, including 334 security patches for various products. Of these, 186 fixes involved flaws that could be exploited remotely without authentication. Products like Oracle Communications, MySQL, Fusion Middleware, and E-Business Suite received the most patches. Oracle emphasizes the importance of timely patching, as threat actors have previously exploited known vulnerabilities in Oracle software.

For more details, visit SecurityWeek.

 

Pokemon dev Game Freak confirms breach after stolen data leaks online

Game Freak, the developer behind Pokémon, confirmed a data breach in August 2024 after source code and game designs for unreleased titles were leaked online. While the leak's full extent isn't confirmed, Game Freak acknowledged that personal information of employees, contractors, and former staff was exposed. There is no evidence that player data was impacted. The company has since enhanced security measures and is working to prevent similar incidents.

For more details, visit BleepingComputer.

 

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

A critical vulnerability (CVE-2024-28987) in SolarWinds Web Help Desk software, recently added to CISA’s Known Exploited Vulnerabilities list. The flaw involves hardcoded credentials that can be exploited remotely to access and modify sensitive data, including help desk tickets. Due to active exploitation, federal agencies are mandated to apply updates by November 5, 2024, to mitigate the risk. For more details, visit The Hacker News.

 

Malicious ads exploited Internet Explorer zero day to drop malware

North Korean hacking group ScarCruft exploited a zero-day vulnerability in Internet Explorer (CVE-2024-38178) via malicious ads to distribute RokRAT malware. The attack used "toast" pop-up ads in compromised software, allowing malware to execute without user interaction. The malware exfiltrates sensitive data, logs keystrokes, and takes screenshots, targeting South Korean users. Although Microsoft patched the flaw in August 2024, the persistence of outdated components in software increases the risk for further exploitation.  For more details, visit BleepingComputer.

 

From Misuse to Abuse: AI Risks and Attacks

Let’s discuss the risks and real-world attacks related to AI misuse and abuse in cybercrime. While AI threats are often sensationalized, attackers are still learning to harness AI effectively. Currently, AI is used for tasks like writing phishing emails and generating malicious code. A significant risk lies in abusing customizable GPTs, exposing sensitive data or proprietary information. The article also highlights specific vulnerabilities in AI systems, such as prompt injections, data leakage, and infrastructure manipulation. For more details, visit The Hacker News.