Today, cybersecurity is of utmost concern for not only the most significant multinational conglomerates but also for us, regular consumers of technology. The following news headlines from the cyber realm highlight the latest attack trends that stakeholders must be abreast of to keep their information assets from falling into the hands of cyber adversaries.
Intel Releases Multiple Patches
Intel employees could discover multiple vulnerabilities in their hardware and software products which finally have patches available. The high-severity vulnerabilities include a privilege escalation and a denial-of-service (DoS) flaw in the Intel Solid State Drive (SSD) Toolbox and XMM 7360 Cell Modem, respectively. A total of 24 vulnerabilities were patched, which included flaws in Server System and Compute Modules, Server Board, and Baseboard Management Controller (BMC) products.
Since these vulnerabilities could enable adversaries to launch DoS attacks or steal information, Intel released patches for all security bugs. The Memory and Storage (MAS) tool is now used in place of the SSD Toolbox to stop the privilege escalation flaw from being exploited. Patches have been updated for the Ethernet I210 Controller series network adapters, RealSense Depth Camera Manager (DCM), 722 Ethernet controllers, and Trace Analyzer and Collector among others. Intel product users must get the patches immediately to stay safe from cybersecurity incidents.
Nine Vulnerabilities In IoT Devices Discovered
The latest discovery by cybersecurity researchers at Forescout proves why it is essential to pay attention to details. They have found nine vulnerabilities in several Internet of Things (IoT) and operational technology (OT) devices that enable adversaries to manipulate and intercept data. This discovery is a part of Project Memoria that aims to locate and mitigate flaws in TCP/IP stacks. The vulnerabilities exist in the Initial Sequence Number (ISN) of devices. The random nature of ISNs ideally ensures the security of information shared between two connected devices. However, the pattern of ISNs can be predicted, making them prone to attacks.
Predicting a TCP connection enables the attackers to launch a DoS attack, hijack into systems, inject malware, intercept data or redirect victims to malicious sites. Forescout researchers found vulnerabilities in the Texas Instruments’ NDKTCPIP, Siemens’ Nucleus NET, and Microchip’s MPLAB Net. However, the good thing is that most of the vendors have patched the vulnerabilities to ensure protection from ransomware and other such threats. Past attacks should be a lesson to prevent future attacks, and this discovery by Forescout serves as a lesson for all to never take cybersecurity basics for granted.
Fifty Vulnerabilities Now Fixed In Adobe Products
Adobe products are widely used for a range of activities. Hence their security is essential to ensure that users do not face any cybersecurity incident. A total of 50 security flaws have been found and fixed by Adobe in its Acrobat, Photoshop, Magento, Illustrator, Animate, and Dreamweaver products. Seventeen flaws among the 23 CVEs detected in Adobe reader are marked as Critical. The anonymously reported CVE-2021-21017 flaw, in particular, can lead to code execution on the target device and has been exploited to target Windows users.
In addition, 18 flaws have been fixed in Magento out of which seven were marked Critical. Two Out-Of-Bounds (OOB) write vulnerabilities in Illustrator, and one OOB in Animate are patched. Dreamweaver is free from a severe info disclosure issue, and five critical flaws in Photoshop have also been fixed.
Hellokitty Attacks CD Project
The CD Project was recently attacked by the ransomware gang going by the name of HelloKitty. The adversaries have encrypted their devices and stolen all unencrypted files stored on their network.
A CD Project statement revealed that the adversaries got into their internal system and compromised data from the CD PROJEKT capital group. They left a ransom note which the organization also posted. As cybersecurity tools get deployed to investigate the breach, CD Project rebuilds its infrastructure from backup.
HelloKitty is known since November last year and has attacked several large organizations since its inception. While it is unsure whether past victims have succumbed to ransom demands, there is no known weakness in the encryption at the moment which lets victims retrieve their data for free.
Newest Toy For Cyber Adversaries: Phishing Kits
Phishing attacks have a high success rate as people fall for them quite often. But over the years, hackers have evolved their level of sophistication. They now deploy phishing kits which facilitate a hasslefree creation of phishing pages, thus accelerating the process of launching phishing scams. LogoKit is a new phishing kit which allows real-time manipulation of logos and content on a phishing page. The adversaries have created over 300 domains in a week and 700 websites in a month using this malicious phishing kit. The resultant phishing page includes the login pages of OneDrive, SharePoint, Office 365, Adobe Document Cloud, etc.
Another phishing kit called Office365 V4 has been targeting the high-level executives (Directors, CEOs, Owners, Founders) of enterprises and was found in the inbox of over 40 such executives. US-based CEOs and financial firms continue to be the most targeted by these phishing kits. As the use of such phishing kits will only increase in the future, it is recommended for users to rely on robust email security services for protection against such cyber threats.
New Facebook Malware Sends Malicious Ads
Facebook in India is the latest target of an old malware campaign that used a combination of browser injections, Windows trojan, and clever scripting to attack users back in 2016. The malware strain has infected over 600 users in India (highest) followed by Brazil (255 incidents) and Indonesia (221 incidents). The hacker group SilentFade ran this Facebook Malware Campaign in 2016, and now the Frank rootkit is in charge.
So far, the campaign has successfully stolen over $4 million from Facebook users. The amount is used to post malicious Facebook ads which users are likely to click on. While SilentFade wanted to infect user devices and steal passwords, this new variant is making money using Facebook ads. These kinds of cybersecurity incidents can prove to be a costly affair for the end-users; it’s high time for people to monitor their social presence.