Cyber Bits · · 4 min read

Cyber Bits: September 30

This week’s summary covers new malware threats, critical security flaws, insider trading hacks, and significant corporate settlements.

Cyber Bits: September 30

In this week's Cyber Bits, we cover critical malware threats, severe vulnerabilities, insider trading cases, and corporate settlements. A rise in sophisticated attacks targeting Linux systems, insider breaches for profit, and data leaks from major corporations show how complex and varied the threat landscape has become. Security flaws across widely used software and hardware, including Microsoft, NVIDIA, and T-Mobile, further highlight the pressing need for robust defensive strategies.

Sophisticated Linux Malware Targets Apache2 Web Servers

Link: Cybersecurity News

A newly identified sophisticated Linux malware is actively exploiting vulnerabilities in Apache2 web servers. The malware utilizes advanced persistence techniques, allowing attackers to control infected servers and steal sensitive data. By specifically targeting high-traffic web servers, this malware can infiltrate larger systems and potentially cause significant harm to businesses that rely on Apache2. To mitigate the risks, immediate patching and proactive monitoring are advised.

Critical Linux CUPS Printing System Vulnerability

Link: The Hacker News

A critical vulnerability has been discovered in the Linux CUPS printing system, affecting numerous Linux-based systems. This flaw could allow remote code execution, enabling attackers to take control of systems without any direct interaction. Due to the widespread use of CUPS in enterprise environments, this vulnerability poses a significant risk to businesses relying on Linux infrastructure for their printing services. System administrators are urged to apply available patches to minimize the attack surface.

Western Digital My Cloud Flaw Discovered

Link: Cybersecurity News

A security flaw in Western Digital My Cloud storage devices has been found, exposing users to potential unauthorized access. The vulnerability allows attackers to bypass security protections and gain access to files stored on affected devices. Western Digital recommends updating device firmware to secure stored data and prevent unauthorized entry.

Hacker Charged for Insider Trading Using Corporate Breaches

Link: Bleeping Computer

A hacker has been charged with breaching five companies to steal sensitive insider information for use in stock market trades. The stolen data gave the hacker an unfair advantage, allowing them to profit from market movements based on corporate earnings and other non-public information.

Microsoft Introduces New Security Features with Windows Recall

Links: Cybersecurity News Ars Technica

Microsoft’s upcoming "Windows Recall" update will feature a significant security overhaul aimed at improving user privacy and system protection. Among the new features are enhanced encryption options, automatic data backups, and stricter access controls. These changes are designed to address rising concerns over data privacy and security vulnerabilities within the Windows ecosystem. The security enhancements will be particularly useful for enterprises seeking to meet compliance standards and protect sensitive business data.

T-Mobile Pays $315 Million in FCC Settlement Over Data Breaches

Link: Bleeping Computer

T-Mobile has agreed to pay a $315 million settlement to the FCC following four major data breaches that exposed the personal information of millions of customers. The settlement covers fines for the inadequate security measures that allowed the breaches to occur, as well as funds to improve T-Mobile's cybersecurity infrastructure.

Windows Event Logs Targeted by Ransomware

Link: Cybersecurity News

Ransomware attackers are increasingly targeting Windows Event Logs as part of their strategy to cover their tracks. By manipulating or erasing event logs, attackers can make it more difficult for forensic teams to identify the origin and scope of the attack. This tactic is gaining popularity among ransomware groups looking to hinder incident response efforts, making it crucial for organizations to implement advanced logging and monitoring solutions.

Critical Flaw in NVIDIA Toolkit Allows Full Host Takeover

Link: Bleeping Computer

A critical vulnerability in NVIDIA's container toolkit has been discovered, allowing attackers to gain full control over host machines. This flaw affects systems that use the NVIDIA toolkit for containerized applications, commonly found in environments leveraging AI and machine learning technologies. By exploiting this vulnerability, attackers can escalate privileges and execute arbitrary commands on the host machine. Organizations using the toolkit should apply patches immediately to prevent unauthorized access.

Shadow AI Increases Workplace Sensitive Data Exposure

Link: Dark Reading

The growing use of unregulated AI tools in the workplace is leading to an increase in sensitive data exposure. Employees using AI-powered chatbots without proper oversight are unknowingly sharing confidential information, which can be exploited by cybercriminals. Known as "Shadow AI," organizations should implement stringent policies around the use of AI technologies to mitigate the risk of data leakage.

Critical Ivanti VTM Auth Bypass Bug Now Exploited in Attacks

Link: Bleeping Computer

A critical authentication bypass vulnerability in Ivanti's Virtual Traffic Manager (VTM) software is being actively exploited in the wild. Attackers can use this flaw to bypass security controls and gain unauthorized access to sensitive data. Organizations using Ivanti VTM are advised to patch their systems immediately to prevent exploitation and mitigate potential risks to their networks.

Read next

Cyber Bits: November 25
Cyber Bits ·

Cyber Bits: November 25

Welcome to this week's edition of Cyber Bits, where we cover the latest in malware campaigns, advanced persistent threats, data breaches, vulnerabilities in enterprise systems from Fortinet and Palo Alto, and the economic impact of cyberattacks. Here's what you need to know this week:

Cyber Bits: October 21
Cyber Bits ·

Cyber Bits: October 21

In this week's Cyber Bits, Internet Archive faces another breach, Microsoft sets up Azure tenant honeypots, ransomware attacks are using ESET's name, Microsoft may have lost some security logs, and North Korea is targeting companies looking for temporary IT workers.

Cyber Bits: October 14
Cyber Bits ·

Cyber Bits: October 14

In this weeks Cyber Bits, Microsoft deprecates VPN protocols, OpenAI confirms what everyone already knew about bad guys using ChatGPT for malware, SOC teams lament alert fatigue, qualified personnel gaps in cloud and cyber, and how to build cyber resilience for SMB's.