Today’s Cybersecurity Threats and Trends - 09/23/2024

Info Stealer targets gamers while PondRats play Marko Polo.

Author

J.W. Croley
September 23, 2024

Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and information regarding cybersecurity threats to the non-tech and technical professional alike. If this sounds like something that would help someone you know, please share the newsletter!

1. Zero-Click Chipset Compromise

Primary Threat: A critical vulnerability has been identified in MediaTek Wi-Fi chipsets, affecting devices such as routers and smartphones. The flaw allows for remote code execution without user interaction due to an out-of-bounds write issue. The vulnerability impacts a wide range of devices using the MediaTek SDK, including Ubiquiti, Xiaomi, and Netgear products. SonicWall research warns that the vulnerability (CVE-2024-20017) has a CVSS score of 9.8, making immediate patching essential.

  • MITRE Tactics: Initial Access, Execution

  • Risk: Critical – Zero-click exploits enable attackers to take control of devices without user action, making them particularly dangerous.

2. PondRat Swims Into Python Projects

Primary Threat: PondRat is a new malware targeting cryptocurrency users, hidden inside malicious Python installers. This malware is part of a broader campaign, including AppleJeus and PoolRat, designed to steal sensitive data by masquerading as legitimate software. Unit 42 uncovered this malicious campaign, which leverages popular cryptocurrency and gaming communities to infect users.

  • MITRE Tactics: Execution, Collection

  • Risk: High – Using legitimate-looking Python installers, PondRat can easily evade detection and compromise sensitive data.

Unlock your potential with our partner…

Whether you're a beginner or an expert, Hack The Box provides a dynamic and engaging environment to test your hacking mettle. Join me and thousands of other professionals in this thriving community and take your cybersecurity expertise to the next level.

Start your journey today!

3. Earth Baxia Besieges GeoServer

Primary Threat: The Chinese state-sponsored hacking group Earth Baxia has been launching spear-phishing campaigns against APAC organizations, exploiting vulnerabilities in GeoServer software. These attacks allow the group to collect sensitive geographic data. Trend Micro research details how this group uses phishing emails with malicious attachments as well as known vulnerabilities (CVE-2024-36401) to infiltrate networks.

  • MITRE Tactics: Initial Access, Collection

  • Risk: High – The exploitation of vulnerable GeoServer software makes this campaign especially dangerous for organizations dealing with sensitive geographic data.

4. Gamers Grifted by InfoStealing Invaders

Primary Threat: A global malware operation has been uncovered, attributed to a cybercriminal group named "Marko Polo", targeting cryptocurrency users and gamers to steal financial data and account credentials. This malware spreads through phishing campaigns and compromised websites, with attackers focusing on communities that regularly handle digital assets. Recorded Future’s Insikt research provides a detailed breakdown of this widespread malware operation.

  • MITRE Tactics: Credential Access, Collection

  • Risk: High – The global scope and target demographics make this operation particularly dangerous for individuals dealing in cryptocurrency and gaming.

5. ESET Elevation Exploits Eradicated

Primary Threat: ESET has patched multiple privilege escalation vulnerabilities affecting its security products for Windows and macOS. These flaws allowed attackers to gain elevated privileges during the removal of detected malicious files. ESET’s security bulletin advises users to update their systems immediately to avoid exploitation.

  • MITRE Tactics: Privilege Escalation

  • Risk: Medium – While privilege escalation vulnerabilities are less immediately harmful, they can lead to more severe attacks if left unpatched.

IN SUMMARY:

This week’s cybersecurity news highlights vulnerabilities in widely-used chipsets, new malware targeting Python users, and state-sponsored attacks focused on geographic data.

From MediaTek chipsets being vulnerable to zero-click exploits to global malware targeting cryptocurrency and gaming communities, vigilance is essential.

Patching is crucial, especially with new privilege escalation vulnerabilities affecting major platforms like ESET.

Stay sharp, ensure that all updates are applied promptly, and stay paranoid!

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)