Today’s Cybersecurity Threats and Trends - 09/04/2024

Router woes and PyPi pwned.

Author

J.W. Croley
September 04, 2024

Before we begin, I want to remind you to sign up for our giveaway! It is a little token of our appreciation! Please share it with family and friends!

Finally, I would like to thank our partners for sponsoring today's newsletter!

Please check them out!

1. Global Protect Gets Gamed by Hackers

Primary Threat: A sophisticated malware campaign is using fake versions of Palo Alto Networks' GlobalProtect VPN software to distribute a new variant of WikiLoader. Unit 42 researchers identified that attackers employ SEO poisoning to create fake download pages that appear legitimate. Once downloaded, the software sideloads a malicious DLL to execute the WikiLoader backdoor, allowing for persistent access and additional payload deployment.

  • MITRE Tactics: Initial Access, Execution, Persistence

  • Risk: High –The exploitation of trusted software to deliver malware poses significant risks to enterprise environments, potentially allowing for broad network access and data exfiltration.

2. Zyxel Zaps Zero-Day With Patch

Primary Threat: Zyxel has patched a critical OS command injection vulnerability, CVE-2024-7261, that affects several access points and security routers. This flaw, which has a CVSS score of 9.8, allows unauthenticated attackers to execute arbitrary commands on vulnerable devices. Zyxel's advisory urges users to update their devices immediately to protect against potential exploitation.

  • MITRE Tactics: Execution, Privilege Escalation

  • Risk: High – The ability to remotely execute commands on network devices can lead to network compromise and unauthorized access.

Unlock your potential with our partner…

Whether you're a beginner or an expert, Hack The Box provides a dynamic and engaging environment to test your hacking mettle. Join me and thousands of other professionals in this thriving community and take your cybersecurity expertise to the next level.

Start your journey today!

3. PyPi Pwned by Repo Pirates

Primary Threat: In a new supply chain attack called "Revival Hijack," attackers have taken control of over 22,000 removed PyPI packages and republished them with malicious code. JFrog Security Researchers discovered that these packages, once re-registered, can compromise developers who inadvertently download them, spreading malware and compromising software development processes.

  • MITRE Tactics: Initial Access, Persistence

  • Risk: Medium – Hijacked packages in software repositories can lead to widespread distribution of malware and significant risks to software supply chains.

4. YubiKey Yields to Key Cloning

Primary Threat: A new cryptographic vulnerability in YubiKey security keys allows attackers to clone the keys using a side-channel attack called "Eucleak." The NinjaLab research reveals that this attack requires physical access to the device to measure electromagnetic signals and extract cryptographic keys. Yubico's advisory advises affected users to update their keys and provides steps to mitigate risks.

  • MITRE Tactics: Credential Access, Exfiltration

  • Risk: High – The cloning of security keys can lead to unauthorized access to sensitive systems and data, posing a significant threat to organizations relying on these keys for secure authentication.

Primary Threat: D-Link has announced multiple remote code execution vulnerabilities in its discontinued DIR-846 router model, including CVE-2024-41622, CVE-2024-44340, CVE-2024-44341, and CVE-2024-44342. These flaws allow attackers to execute arbitrary code remotely. Since the router is discontinued, no patches will be issued, and users are advised to replace affected devices with newer models. Further details are provided in the D-Link advisory.

  • MITRE Tactics: Execution, Impact

  • Risk: High – The presence of unpatched vulnerabilities in discontinued devices poses a significant risk, especially if the devices are still in use in sensitive environments.

IN SUMMARY:

Today’s cybersecurity landscape highlights a diverse range of threats, from exploited software vulnerabilities to sophisticated malware campaigns targeting trusted platforms.

Regular updates, vigilance against phishing, and careful scrutiny of third-party software remain critical defenses in an ever-evolving threat environment.

Stay secure, stay vigilant, and remember: It’s better to be paranoid than pwnd!

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)

Are you looking for reliable server hosting? Check out my favorite GODLIKE host! Click the banner below and get 30% off and up to 7 days free with promo code: DEALSPOTR

Take control of your computer’s security with SentryPC, the all-in-one solution for monitoring, managing, and protecting your devices.
Click the banner below to get started with SentryPC today and ensure your digital environment is safe and secure!