Today’s Cybersecurity Threats and Trends - 09/17/2024

Clipper Malware snips your bitcoin and all that glitters isn't gold.

Author

J.W. Croley
September 17, 2024

In partnership with

Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and information regarding cybersecurity threats to the non-tech and technical professional alike. If this sounds like something that would help someone you know, please share the newsletter!

Finally, I would like to thank 1440 Media for sponsoring today's newsletter!

For Those Who Seek Unbiased News.

Be informed with 1440! Join 3.5 million readers who enjoy our daily, factual news updates. We compile insights from over 100 sources, offering a comprehensive look at politics, global events, business, and culture in just 5 minutes. Free from bias and political spin, get your news straight.

Please check them out! It goes a long way in our quest to get everyone interested in cybersecurity.
(You don’t have to buy anything or fill anything out to support us, just click the banner below!)

1. Binance Battles Booming Clipper Malware

Primary Threat: Binance has issued a warning about the increasing threat of clipper malware targeting cryptocurrency transactions. This malware intercepts clipboard data, replacing wallet addresses with those of the attacker. Binance's security bulletin provides guidance on recognizing clipper malware, emphasizing the importance of double-checking wallet addresses before making transactions and keeping software updated.

  • MITRE Tactics: Credential Access, Exfiltration

  • Risk: High – Clipper malware poses a severe risk to cryptocurrency users, leading to direct financial loss through hijacked transactions.

2. ServiceNow Exposes Sensitive Secrets

Primary Threat: Security researchers at AppOmni have discovered over 1,000 ServiceNow instances leaking sensitive corporate data due to misconfigurations. These instances expose internal knowledge base articles, which may include confidential information, system configurations, and other sensitive data. This widespread exposure highlights the risks associated with cloud misconfigurations and the need for proper access controls.

  • MITRE Tactics: Collection, Impact

  • Risk: Medium – Misconfigured cloud instances can lead to data exposure, resulting in unauthorized access to sensitive corporate information.

Unlock your potential with our partner…

Whether you're a beginner or an expert, Hack The Box provides a dynamic and engaging environment to test your hacking mettle. Join me and thousands of other professionals in this thriving community and take your cybersecurity expertise to the next level.

Start your journey today!

3. D-Link Remediates RCE’s in WiFi 6 Routers

Primary Threat: D-Link has released patches for critical vulnerabilities affecting its WiFi 6 routers, including remote code execution (RCE) and hardcoded password flaws. The most critical of these vulnerabilities (CVE-2024-45694 and CVE-2024-45695) could allow attackers to gain full control over the affected routers. D-Link urges users to update their devices immediately to mitigate these security risks.

  • MITRE Tactics: Execution, Privilege Escalation

  • Risk: Critical – These flaws can lead to unauthorized access and control over network devices, potentially compromising the entire network.

4. Chinese National Nabs NASA Secrets

Primary Threat: A Chinese national has been indicted for using spear-phishing campaigns to steal sensitive software from NASA and the U.S. military. The indictment, unsealed by the DOJ, alleges that the individual used spear-phishing emails to trick employees into providing access to proprietary software, raising concerns about intellectual property theft and national security.

  • MITRE Tactics: Initial Access, Exfiltration

  • Risk: High – This case highlights the persistent threat of cyber espionage targeting sensitive government and military information.

5. WhatsUp Gold Weaponised for Ransomware

Primary Threat: Multiple vulnerabilities in the network monitoring software WhatsUp Gold have potentially been exploited in recent ransomware attacks. Summoning Team's research revealed that these flaws, including an SQL injection vulnerability (CVE-2024-6670), could be used to gain unauthorized access and execute malicious code. Organizations using WhatsUp Gold are advised to apply the latest patches to safeguard their networks.

  • MITRE Tactics: Initial Access, Execution

  • Risk: High – Exploiting these vulnerabilities could result in network compromise and facilitate ransomware attacks.

IN SUMMARY:

Today's cybersecurity threats highlight the ongoing risks of clipper malware, cloud misconfigurations, and critical vulnerabilities in widely-used devices and software.

From ServiceNow data leaks to targeted spear-phishing attacks on NASA and military systems, attackers are exploiting every possible angle.

Ensure all systems are patched promptly, verify cloud configurations, maintain heightened vigilance against phishing campaigns and remember: its better to be paranoid than to be pwnd!

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)