September 13, 2024 at 09:33AM
Summary:
SecurityWeek’s cybersecurity news roundup compiles noteworthy stories each week, including an Adobe Reader zero-day vulnerability, .mobi TLD TLS undermining, Scattered Spider ransomware targeting the insurance and financial sectors, macOS HZ RAT malware, WhatsApp View Once feature bypass, dismantling of card-cloning gangs, Google’s actions against influence operations, Windows MSI installer vulnerability details, and FBI’s report on cryptocurrency fraud.
From the meeting notes, the following are the key takeaways:
1. Adobe Reader Vulnerability: A potential zero-day vulnerability in Adobe Reader (CVE-2024-41869) has been reported, and there are concerns that it may have been exploited in the wild. The exploit was discovered by Haifei Li and reported to Adobe, but it is unclear whether it has been actively exploited.
2. .mobi TLD Security Concerns: Researchers acquired a legacy WHOIS server domain associated with the .mobi TLD and found communications from over 135,000 systems, raising concerns about the undermining of the TLS/SSL process for the entire .mobi TLD.
3. Scattered Spider Ransomware: The Scattered Spider ransomware is targeting the insurance and financial sectors, using tactics such as phishing campaigns aimed at cloud services, credential stealers, and initial access brokers.
4. macOS Malware: A new macOS version of the HZ RAT malware has emerged, giving attackers complete control over infected devices.
5. WhatsApp View Once Bypass: The View Once feature in WhatsApp, designed to make content disappear after being viewed, has been found to be bypassed by threat actors in the wild.
6. Card-Cloning Criminal Organizations Dismantled: Law enforcement agencies in the US and Romania dismantled criminal organizations involved in POS and ATM skimming, stealing credit and debit card data, and using cloned cards to withdraw funds.
7. Google’s Actions Against Influence Operations: Google has taken action against influence operations conducted by various countries, terminating YouTube channels and blocking domains linked to influence operations.
8. Windows MSI Installer Vulnerability: Details of a privilege escalation vulnerability in Windows MSI installers (CVE-2024-38014) have been disclosed. This vulnerability is being actively exploited in the wild.
9. FBI Cryptocurrency Fraud Report: The FBI received over 69,000 complaints of financial fraud involving cryptocurrency in 2023, with estimated losses exceeding $5.6 billion, mainly related to investment scams.
These takeaways provide a comprehensive overview of the cybersecurity landscape for the week and highlight various threats, vulnerabilities, and law enforcement actions.