Today’s Cybersecurity Threats and Trends - 09/13/2024

Android devices drowning in tsunami of attacks and the Forti-net has a hole in it.

Author

J.W. Croley
September 13, 2024

In partnership with

Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and easy-to-digest information regarding cybersecurity threats to non-tech and technical professionals alike. If this sounds like something that would help someone you know, please share the newsletter!

Finally, I would like to thank Oneleet for sponsoring today's newsletter! They are a premier cybersecurity services company and will have you SOC 2 compliant in no time!

Please check them out! It goes a long way in our quest to get everyone interested in cybersecurity.
(You don’t have to buy or fill anything out to support us, simply click the banner below!)

Want SOC 2 compliance without the Security Theater?

  • Get the all-in-one platform for SOC 2

  • Build real-world security 💪

  • Penetration testing, compliance software, 3rd party audit, & vCISO

1. TrickMo Trojan Targets Android

Primary Threat: The notorious TrickMo banking Trojan has evolved from intercepting one-time passwords (OTPs) to exfiltrating victims’ personal data, turning into a full-fledged data-stealing threat. This latest version targets Android users, leading to significant financial and identity theft risks. Cleafy’s research provides further insights into how TrickMo has advanced into a more dangerous threat.

  • MITRE Tactics: Credential Access, Exfiltration

  • Risk: High – With its dual threat to banking transactions and personal data, TrickMo represents a major risk for Android users worldwide.

2. Hadooken Malware Hammers WebLogic Systems

Primary Threat: A new malware strain named "Hadooken" is actively exploiting misconfigured or outdated Oracle WebLogic servers on Linux systems. This malware can gain unauthorized access and persist within the system, making it hard to detect and eliminate. Organizations using WebLogic are advised to immediately secure their systems. Aqua Security’s research offers a detailed look into this threat.

  • MITRE Tactics: Initial Access, Persistence

  • Risk: Medium – Targeting a widely used enterprise system, Hadooken can infiltrate and persist in vulnerable WebLogic servers.

Unlock your potential with our partner…

Whether you're a beginner or an expert, Hack The Box provides a dynamic and engaging environment to test your hacking mettle. Join me and thousands of other professionals in this thriving community and take your cybersecurity expertise to the next level.

Start your journey today!

3. GitLab Patches Critical Code Compromise

Primary Threat: GitLab has released a patch to fix a critical remote code execution (RCE) vulnerability (CVE-2024-6678) in its version 17.3.2. The flaw allows attackers to execute arbitrary code, putting projects and source code at risk. Administrators are urged to apply this patch as soon as possible. GitLab’s advisory outlines the necessary steps.

  • MITRE Tactics: Execution, Privilege Escalation

  • Risk: Critical – The RCE flaw poses a serious risk to GitLab projects, with the potential for system-wide compromise.

4. VO1D Virus Victimizes Millions

Primary Threat: A newly discovered malware, VO1D, has infected over 13 million Android-based streaming boxes that are running the Android Open Source Project (AOSP), hijacking them for various nefar purposes. The malware primarily targets devices with sideloaded or pirated apps, turning them into tools for cybercriminal activities. Dr. Web’s research provides an in-depth analysis of the attack.

  • MITRE Tactics: Execution, Impact

  • Risk: High – The large-scale infection of Android streaming boxes presents a widespread threat, affecting millions of users globally.

5. Fortinet Fiasco: Firm Faces 440GB File Theft

Primary Threat: Even cybersecurity firms are not immune, as Fortinet confirmed a breach where attackers stole 440GB of sensitive internal files. This breach could result in the exposure of critical company data, leading to reputational damage and potential further attacks. Fortinet’s notification details the breach and the company’s response.

  • MITRE Tactics: Exfiltration, Impact

  • Risk: High – The breach could lead to the leakage of sensitive information, harming both Fortinet’s reputation and its customers' security.

IN SUMMARY:

Today’s cybersecurity news highlights a broad spectrum of threats, from TrickMo’s evolved banking fraud to Fortinet’s significant data breach.

Malware campaigns like Hadooken and VO1D are taking advantage of unpatched systems, underscoring the importance of regular updates and vigilance.

Patch promptly and stay cautious to stay ahead of these threats.

And if you didn’t already know, ‘it’s better to be paranoid than to be pwnd!’

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)