Today’s Cybersecurity Threats and Trends - 09/16/2024

Kawasaki gets exposed and your creds are flushed down the drain.

Author

J.W. Croley
September 16, 2024

Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and information regarding cybersecurity threats to the non-tech and technical professional alike. If this sounds like something that would help someone you know, please share the newsletter!

Please check out our partners! It goes a long way in our quest to get everyone interested in cybersecurity.
(You don’t have to buy anything or fill anything out to support us!)

1. Hackers Hijack HTTP Refresh Headers

Primary Threat: Cybercriminals are now using HTTP headers, specifically the "Refresh" header, to deliver sophisticated phishing pages. This tactic allows attackers to evade traditional security measures like email filters and sandbox environments, making their campaigns harder to detect. Unit 42’s research reveals that this method redirects users to malicious websites disguised as legitimate pages. By exploiting the HTTP headers, attackers can bypass security controls and trick users into providing sensitive information.

  • MITRE Tactics: Initial Access, Defense Evasion

  • Risk: High – This novel evasion technique increases the likelihood of successful phishing attacks and potential data theft.

2. Braille Spaces Zero-Day Bypasses Barriers

Primary Threat: A new zero-day spoofing vulnerability in MSHTML (CVE-2024-43461) has been discovered, using "Braille spaces" to obscure malicious URLs. Attackers leverage this flaw to hide harmful links in emails or documents, leading users to malicious websites without suspicion. This vulnerability allows attackers to disguise URLs and bypass security checks, making it a critical concern. Microsoft has provided an official advisory with mitigation steps.

  • MITRE Tactics: Defense Evasion, Execution

  • Risk: Critical – This zero-day exploit allows attackers to deliver malware through seemingly safe URLs, compromising user systems.

Unlock your potential with our partner…

Whether you're a beginner or an expert, Hack The Box provides a dynamic and engaging environment to test your hacking mettle. Join me and thousands of other professionals in this thriving community and take your cybersecurity expertise to the next level.

Start your journey today!

3. Cred Flusher Captures Credentials

Primary Threat: A new strain of malware dubbed "Cred Flusher" locks a user's browser in kiosk mode, coercing them into providing their Google credentials. Once in kiosk mode, users are unable to exit the browser until they enter their credentials, which are then sent to the attacker's server. 0ALABS research provides an analysis of how this malware operates and its impact on user security.

  • MITRE Tactics: Credential Access, Collection

  • Risk: High – This technique makes it extremely difficult for users to avoid phishing traps, potentially compromising their accounts and data.

4. Kawasaki Compromised: Looted and Leaked Data

Primary Threat: Kawasaki Motors has reportedly suffered a ransomware attack, resulting in the theft and leak of sensitive data. The company confirmed the incident after RansomHub published 487 gigabytes of data allegedly stolen from Kawasaki Motors, stating that the European HQ was targeted and experienced operational disruptions. The attackers leaked the stolen data after Kawasaki allegedly refused to pay the ransom. Kawasaki’s advisory provides some insights into the nature of the attack and Kawasaki's recovery efforts.

  • MITRE Tactics: Impact, Exfiltration

  • Risk: High – The leak of internal data can lead to reputational damage and potential follow-up attacks on both the company and its partners.

5. SolarWinds Prompt Security Patching

Primary Threat: SolarWinds has patched a critical vulnerability (CVE-2024-28991) in its Access Rights Manager, which could have allowed unauthorized access to sensitive data. This flaw enables attackers to bypass access controls, potentially leading to data breaches. SolarWinds advises all users to apply the patch immediately to mitigate the risk of exploitation. Details about the vulnerability and mitigation steps can be found in the SolarWinds advisory.

  • MITRE Tactics: Privilege Escalation, Impact

  • Risk: Critical – Exploiting this vulnerability could result in unauthorized access to sensitive data, making it imperative to apply patches swiftly.

IN SUMMARY:

Today's threats include sophisticated phishing tactics, zero-day vulnerabilities, and ransomware attacks affecting major corporations like Kawasaki.

With new exploits such as the "Braille spaces" vulnerability and the Cred Flusher malware, the landscape is growing increasingly complex.

It’s a reminder to stay vigilant, apply patches promptly, and monitor network traffic for signs of compromise. Because…

… Its better to be paranoid than to be pwnd!

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)