Today’s Cybersecurity Threats and Trends - 09/10/2024

NoName, Blind Eagle, and PixHell: Cyber threats or the lineup for Warped Tour 2004?

Author

J.W. Croley
September 10, 2024

Before we dive in, I would like to thank all of you for supporting us with your subscription! If you are a newsletter fan and want to help keep everyone informed, please share the newsletter.

Also, don’t forget to show us support by checking out our sponsors and partners!

1. PIXHELL Poaches Pixel Emissions

Primary Threat: The same researchers behind the RAMBo attack have now discovered a novel side-channel attack named "PixHell." This attack exploits electromagnetic emissions from high-resolution screens to capture sensitive on-screen information, such as passwords or private communications, without needing direct access to the device. According to their research paper, attackers can use this method to remotely exfiltrate data from isolated environments.

  • MITRE Tactics: Collection, Exfiltration

  • Risk: High – While challenging to execute, PixHell poses a serious threat to air-gapped systems in secure environments.

2. The Blind Eagle and BlotchyQuasar in Bogota

Primary Threat: The Blind Eagle hacking group has been launching spear-phishing campaigns against Colombia’s insurance sector, using the BlotchyQuasar malware to steal sensitive data. As detailed in Zscaler’s research, the malware enables remote access and data exfiltration from compromised systems. The group, which has a history of targeting South American entities, appears to be expanding its focus on financial data.

  • MITRE Tactics: Initial Access, Collection

  • Risk: High – Targeted attacks on financial institutions pose significant risks to customer data and the integrity of national insurance systems.

Unlock your potential with our partner…

Whether you're a beginner or an expert, Hack The Box provides a dynamic and engaging environment to test your hacking mettle. Join me and thousands of other professionals in this thriving community and take your cybersecurity expertise to the next level.

Start your journey today!

3. NoName Nefariously Replays RansomHub Hits

Primary Threat: The NoName ransomware group has been deploying RansomHub malware in a series of attacks targeting both small and large organizations. In a recent ESET report, the ScRansom variant of the RansomHub malware has been linked to escalating ransomware attacks, involving data encryption and extortion demands. These attacks have been noted for their high levels of persistence and sophistication.

  • MITRE Tactics: Execution, Impact

  • Risk: Critical – With an increasing number of high-profile attacks, this ransomware campaign threatens to disrupt organizations across industries.

4. SonicWall’s SSLVPN Security Setback

Primary Threat: SonicWall’s SSLVPN vulnerability (CVE-2024-40766) has expanded in scope, now being actively exploited in targeted ransomware attacks. While this vulnerability was initially discovered in SonicWall firewalls, its exploitation has now moved to SSLVPN services, allowing attackers to bypass access controls and launch ransomware campaigns. SonicWall has issued an advisory and patches, but organizations are still urged to act quickly.

  • MITRE Tactics: Initial Access, Execution

  • Risk: Critical – The widespread use of SonicWall devices means that a large number of organizations could be vulnerable to ransomware attacks.

5. Avis Admits Accounts Compromised

Primary Threat: Avis has confirmed a data breach affecting over 300,000 individuals, exposing personal information such as driver’s licenses and payment data. According to the report filed with the state of Maine, the breach occurred earlier this year and has impacted a significant number of Avis’s customers. Avis is offering affected individuals identity monitoring services and has bolstered its internal security protocols.

  • MITRE Tactics: Exfiltration, Impact

  • Risk: High – The exposure of personal and financial information puts customers at risk of identity theft and fraud.

IN SUMMARY:

Today’s cybersecurity news presents a troubling mix of sophisticated ransomware campaigns, critical vulnerabilities, and large-scale data breaches.

The PixHell attack adds a new dimension to the risks of electromagnetic emissions, while SonicWall’s expanding vulnerability is fueling ransomware incidents.

Organizations must stay vigilant, patch critical vulnerabilities, and continue monitoring for threats.

Always stay proactive, patch as soon as possible, and remember: its better to be paranoid than to be pwnd!

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)