Cyber Bits · · 3 min read

Cyber Bits: August 12, 2024

This week’s roundup includes massive data breaches, new vulnerabilities, and significant threats in the cybersecurity landscape. Thankfully, no CrowdStrike this week!

Cyber Bits: August 12, 2024

This week’s roundup includes massive data breaches, new vulnerabilities, and significant threats in the cybersecurity landscape. Thankfully, no CrowdStrike this week!

Hackers Leak 2.7 Billion Data Records Containing Social Security Numbers

Link: Bleeping Computer

A massive data breach leaked nearly 2.7 billion personal records, including Social Security numbers, on a hacking forum. The data, allegedly from National Public Data, includes names, addresses, and potential aliases of U.S. residents. The breach was initially linked to a threat actor named USDoD, but the data was later leaked for free by another hacker. The records may include outdated or inaccurate information, and victims are advised to monitor their credit for fraud.

New AMD "SINKCLOSE" Flaw Helps Install Nearly Undetectable Malware

Link: Bleeping Computer

A newly discovered vulnerability in AMD processors, named “SQUIP” (Synchronized Queue Usage), allows attackers to install nearly undetectable malware on affected systems. This flaw exploits the speculative execution feature of AMD processors, bypassing traditional security measures. Attackers can use this to execute arbitrary code or leak sensitive information, making it a significant threat. While AMD has acknowledged the issue, they have yet to release a complete fix, urging users to follow best security practices in the meantime.

Malware Force-Installs Chrome Extensions on 300,000+ Browsers and Patches DLLs

Link: Bleeping Computer

A new malware campaign has infected 300,000 browsers by force-installing Chrome extensions and patching Windows DLL files. The malware, which targets Google Chrome, can alter browser settings, redirect users to malicious websites, and steal sensitive information. It achieves persistence by modifying system files, making it difficult to detect and remove. Users are advised to review their installed extensions and monitor their systems for unusual activity.

"0.0.0.0-Day" Flaw Puts Chrome, Firefox, and Mozilla Browsers at RCE Risk

Link: Dark Reading

A new vulnerability exploiting the "0.0.0.0" IP address has been discovered, affecting Google Chrome, Firefox, and Mozilla browsers, putting them at risk of remote code execution (RCE). This flaw allows attackers to execute arbitrary code on a victim’s system by exploiting the browsers’ JavaScript engines. The vulnerability is particularly concerning because it can be triggered just by visiting a malicious website, making it highly dangerous. Users are advised to update their browsers immediately to mitigate the risk.

FBI: BlackSuit Ransomware Behind Over $500 Million in Ransom Demands

Link: Bleeping Computer

The FBI has linked the BlackSuit ransomware group to over $500 million in ransom demands. This ransomware group primarily targets organizations and encrypts their data, demanding large sums for decryption. BlackSuit is a sophisticated threat that operates by exploiting vulnerabilities in victims’ networks. The FBI urges organizations to bolster their defenses and avoid paying ransoms, as this only funds further criminal activities.

Windows Update Downgrade Attack Unpatches Fully Updated Systems

Link: Bleeping Computer

A newly discovered “Windows Update Downgrade” attack allows attackers to revert fully updated Windows systems to older, vulnerable versions by exploiting the Windows Update process. This can unpatch critical vulnerabilities, leaving systems exposed to known threats. The attack is particularly dangerous because it can be carried out on fully updated systems, bypassing security measures. Microsoft is investigating the issue, and users are advised to monitor for updates and ensure their systems are protected against such attacks.

Read next

Cyber Bits: October 21
Cyber Bits ·

Cyber Bits: October 21

In this week's Cyber Bits, Internet Archive faces another breach, Microsoft sets up Azure tenant honeypots, ransomware attacks are using ESET's name, Microsoft may have lost some security logs, and North Korea is targeting companies looking for temporary IT workers.

Cyber Bits: October 14
Cyber Bits ·

Cyber Bits: October 14

In this weeks Cyber Bits, Microsoft deprecates VPN protocols, OpenAI confirms what everyone already knew about bad guys using ChatGPT for malware, SOC teams lament alert fatigue, qualified personnel gaps in cloud and cyber, and how to build cyber resilience for SMB's.