August 16, 2024 at 10:33AM
SecurityWeek’s cybersecurity news roundup presents a collection of significant stories that may have gone unnoticed. This week’s articles include the expansion of CVE Numbering Authorities, transitive vulnerabilities in application security, a new variant of the Gafgyt botnet, and various cyberattacks targeting companies and governments. Notable insights from the series are highlighted.
From the meeting notes, I have generated the following key takeaways and summaries of the cybersecurity stories covered:
1. 400 organizations named a CVE Numbering Authority
– The number of CVE Numbering Authorities has reached 400, but not all are actively publishing advisories.
– An analysis shows which CNAs provide the most complete vulnerability information in their reports.
2. Transitive vulnerabilities in application security
– OX Security analyzed transitive vulnerabilities, identifying security holes introduced by transitive dependencies in software components.
– The analysis assessed the likelihood of exploitation of different vulnerability classes and ways to reduce risks.
3. New variant of Gafgyt botnet exploits GPU power and cloud native environments
– Aqua Security discovered a new variant of the Gafgyt DDoS botnet that mines cryptocurrency with GPU power, targeting cloud native environments and devices with weak SSH passwords.
4. Ransomware group uses EDR killer
– Sophos reported cybercriminals delivering RansomHub ransomware have been using a tool designed to kill endpoint detection and response (EDR) systems on compromised devices, named EDRKillShifter.
5. Crash reports can be an invaluable source of information
– Apple device security expert Patrick Wardle demonstrated at a recent conference that crash reports, often overlooked, can provide useful information about bugs and even malware.
6. Schlatter cyberattack
– Swiss industrial welding and weaving machine manufacturer Schlatter Group was targeted in a cyberattack involving malware, with cybercriminals attempting to blackmail the company.
7. Russian government and firms targeted in CloudSorcerer attacks
– Kaspersky reported that a threat actor tracked as CloudSorcerer targeted Russian government organizations and IT companies in a campaign named EastWind, with links found to tools previously tied to Chinese threat groups.
8. ValleyRAT campaign targeting Chinese speakers
– Fortinet published details of an ongoing ValleyRAT campaign targeting Chinese speakers attributed to an APT group named Silver Fox, enabling threat actors to monitor victim’s activities and deliver other malware and plugins.
9. States secure $4.5 million from biotech company following ransomware attack
– Biotech company Enzo Biochem has agreed to pay $4.5 million to the attorneys general of New York, New Jersey and Connecticut following a ransomware attack in 2023 that breached the company’s systems and stole data on 2.4 million individuals. The AGs claimed poor data security practices.
10. NetSuite issue can expose sensitive data
– AppOmni reported a common Oracle NetSuite misconfiguration that can lead to the exposure of sensitive data, impacting thousands of SuiteCommerce websites.
Please let me know if you need any further information or summaries of other related stories.