Today’s Cybersecurity Threats and Trends - 08/28/2024

Never ending nefarious actors.

1. Apache OFBiz Under Fire Again

Primary Threat: Just weeks after the initial vulnerability in Apache OFBiz, a new flaw, CVE-2024-38856, has been exploited in active attacks. This Incorrect Authorization vulnerability allows remote attackers to execute arbitrary code on affected systems, jeopardizing business-critical applications. Threat actors are using this new weakness to escalate privileges and potentially compromise entire networks. (Refer to our previous coverage on for more context on other OFBiz attacks).

  • MITRE Tactics: Privilege Escalation, Execution

  • Risk: High – Unrestricted remote access and potential full system compromise.

2. BlackByte Ransomware and BYOVD

Primary Threat: The BlackByte ransomware group has begun exploiting CVE-2024-37085 in VMware environments to bypass authentication. The attacks are multi faceted, utilizing several techniques, including a method known as "Bring Your Own Vulnerable Driver" (BYOVD) to bypass security measures and gain unauthorized access. This method involves attackers exploiting a vulnerable driver to disable security software, enabling ransomware deployment with impunity. Organizations relying on VMware are particularly at risk and need to patch urgently to prevent exploitation.

  • MITRE Tactics: Defense Evasion, Persistence, Execution

  • Risk: Critical – Potential for complete system encryption and data loss without effective mitigation.

3. Lookalike Login Pages: Sneaky QR Code Phishing

Primary Threat: A new QR code phishing campaign, targeting Microsoft 365 accounts, is leveraging adversary-in-the-middle (AitM) techniques (including transparent phishing methods) to siphon credentials and 2FA codes from victims. The attack involves users scanning a QR code that directs them to a lookalike login page. While users enter their credentials, the attacker simultaneously logs into the actual service, capturing the authentication information in real-time. Currently, the attacks appear to be aimed at technology, manufacturing, and finance sectors in Asia and North America.

  • MITRE Tactics: Credential Access, Collection

  • Risk: Medium – High risk of credential theft and unauthorized access to sensitive accounts.

4. Park ‘N Fly’s Disastrous Data Breach

Primary Threat: Park 'N Fly, the airport parking service, has been hit by a data breach affecting over 1 million customers. Cybercriminals accessed a trove of sensitive customer information, including names and addresses. However, to the relief of customers, no payment details appear to have been exposed. The attackers stolen VPN credentials to gain access to their databases, highlighting the risks of lax security practices in the digital era.

  • MITRE Tactics: Initial Access, Collection, Exfiltration

  • Risk: Medium – Potential for identity theft and financial fraud.

5. WPS Office Zero-Day Chaos

Primary Threat: Researchers from ESET have uncovered multiple zero-day vulnerabilities for WPS Office, CVE-2024-7263 and CVE-2024-7262, which are currently being exploited in the wild. These flaws allow attackers to execute arbitrary code remotely, potentially leading to full control over the victim's system. Cybercriminals are leveraging these weaknesses to deploy malware and carry out espionage activities, underscoring the critical need for users to update their software immediately to protect against these threats.

  • MITRE Tactics: Execution, Privilege Escalation, Persistence

  • Risk: High – Unauthorized access and leading to data breaches or system compromise.

IN SUMMARY:

Another day, another digital disaster: from QR codes to ransomware, no corner of the cyber world is safe.

BlackByte’s sneaky tactics turn your security into Swiss cheese, while QR code phishing schemes steal your keys to the digital kingdom.

Meanwhile, Park ‘N Fly leaves a million customers out in the cold, and WPS Office vulnerabilities open doors for cyber snoops everywhere.

Remember, in the world of cybersecurity, if you’re not paranoid, you’re not paying attention—because it’s better to be safe than sorry, and definitely better to be paranoid than pwned.

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)

Are you looking for reliable server hosting? Check out my favorite GODLIKE host! Click the banner below and get 30% off and up to 7 days free with promo code: DEALSPOTR

Take control of your computer’s security with SentryPC, the all-in-one solution for monitoring, managing, and protecting your devices.
Click the banner below to get started with SentryPC today and ensure your digital environment is safe and secure!