Today’s Cybersecurity Threats and Trends - 09/11/2024

The Predator returns to hunt your data...

Author

J.W. Croley
September 11, 2024

In partnership with

Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and information regarding cybersecurity threats to the non-tech and technical professional alike. If this sounds like something that would help someone you know, please share the newsletter!

Finally, I would like to thank Oneleet for sponsoring today's newsletter!

Please check them out! It goes a long way in our quest to get everyone interested in cybersecurity.
(You don’t have to buy anything or fill anything out to support us, just click the banner below!)

Want SOC 2 compliance without the Security Theater?

Question 🤔 does your SOC 2 program feel like Security Theater? Just checking pointless boxes, not actually building security?

In an industry filled with security theater vendors, Oneleet is the only security-first compliance platform that provides an “all in one” solution for SOC 2.

We’ll build you a real-world Security Program, perform the Penetration Test, integrate with a 3rd Party Auditor, and provide the Compliance Software … all within one platform.

1. Lazarus Groups Latest Lure

Primary Threat: The infamous North Korean APT group, Lazarus, has been using fake job recruiter coding tests to distribute malicious Python packages targeting software developers. According to Reversing Labs research, the group disguises the malware as coding tests from recruiters, embedding malicious code into Python packages. This tactic is particularly dangerous, as it targets developers who might unknowingly integrate infected packages into their projects.

  • MITRE Tactics: Initial Access, Execution

  • Risk: High – This approach can compromise both individual developers and the software supply chains they contribute to.

2. Microsoft’s Seventy-Nine Patch September

Primary Threat: Microsoft has issued patches for 79 vulnerabilities in its September Patch Tuesday update, with the most critical being a remote code execution (RCE) flaw in Microsoft Office (CVE-2024-43491). This vulnerability allows attackers to execute arbitrary code by tricking users into opening malicious Office documents.

  • MITRE Tactics: Execution, Initial Access

  • Risk: Critical – The RCE flaw in Microsoft Office poses significant risks, particularly for businesses that rely heavily on the software suite for daily operations.

Unlock your potential with our partner…

Whether you're a beginner or an expert, Hack The Box provides a dynamic and engaging environment to test your hacking mettle. Join me and thousands of other professionals in this thriving community and take your cybersecurity expertise to the next level.

Start your journey today!

3. RansomHub Repurposes Security Tools

Primary Threat: The RansomHub ransomware gang is using Kaspersky’s TDSSKiller, a legitimate tool designed to remove rootkits, to disable Endpoint Detection and Response (EDR) software during their attacks. The group also uses the LaZagne credential-dumping tool to extract sensitive login information from compromised systems. Malwarebytes reports that this new tactic adds another layer of sophistication to the ransomware group’s attacks.

  • MITRE Tactics: Defense Evasion, Credential Access

  • Risk: High – The use of legitimate security tools to disable EDR adds complexity to these ransomware attacks, making them harder to detect and mitigate.

4. Adobe Acts Against Critical Code Exploits

Primary Threat: Adobe has patched critical code execution vulnerabilities across several of its products, including Acrobat, Reader, and Illustrator. These flaws could allow attackers to execute arbitrary code on vulnerable systems. Organizations using Adobe products are urged to apply the latest patches immediately to avoid potential exploitation.

  • MITRE Tactics: Execution, Impact

  • Risk: Critical – These vulnerabilities could allow remote attackers to execute code on unpatched systems, leading to significant disruptions or data loss.

5. Predator Returns: Spyware Resurgence

Primary Threat: The Predator spyware, previously exposed by sanctions and research reports, has resurfaced with renewed infrastructure, according to Recorded Future. This spyware has been linked to state-sponsored actors and is known for its ability to monitor and exfiltrate data from infected systems, making it a dangerous tool for cyber espionage.

  • MITRE Tactics: Persistence, Exfiltration

  • Risk: High – Predator’s return signifies a renewed threat from state-sponsored cyber espionage operations, particularly against high-value targets.

IN SUMMARY:

Today’s cybersecurity landscape is rife with novel attacks, from Lazarus Group’s deceptive coding tests targeting developers to RansomHub abusing security tools to disable defenses.

Microsoft’s latest patches highlight the ever-present threat of remote code execution, and Predator spyware’s return underscores the persistent risk of state-sponsored espionage.

Organizations need to stay vigilant, patch systems, and remain alert to evolving attack strategies.

As is tradition: ‘its better to be paranoid than to be pwnd!’

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)