Today’s Cybersecurity Threats and Trends - 09/27/2024

Kia chaos, CUPS, and container calamities.

Author

J.W. Croley
September 27, 2024

Before we dive in, I would like to thank all of you for supporting us with your subscription! My goal is to bring both actionable insights and information regarding cybersecurity threats to non-tech and technical professionals alike. If this sounds like something that would help someone you know, please share the newsletter!

1. CUPS Exposes Command Execution Risk

Primary Threat: Multiple severe vulnerabilities were identified in the CUPS printing system used in many UNIX-like systems. The vulnerabilities (CVE-2024-47176, CVE-2024-47175, CVE-2024-47177) can be exploited for remote code execution by malicious actors, making the flaws particularly dangerous for public and internal networks. Simone Margaritelli's research describes how attackers can inject malicious printer attributes and exploit the foomatic-rip filter to execute arbitrary commands.

  • MITRE Tactics: Initial Access, Execution

  • Risk: High – The widespread use of CUPS in enterprise environments makes this vulnerability particularly concerning.

2. Storm-0501 Targets Cloud

Primary Threat: Storm-0501, which is known for deploying Sabbath(54bb47h) ransomware to targets, is a ransomware group expanding into hybrid cloud environments. According to Microsoft’s Threat Intelligence Report, the group exploits vulnerabilities to gain access to on-premises systems and pivot into cloud environments. They are using a mix of ransomware payloads like Sabbath and Embargo, focusing on credential theft and lateral movement.

  • MITRE Tactics: Impact, Lateral Movement

  • Risk: High – Their focus on hybrid cloud environments presents a significant challenge to organizations with mixed infrastructures.

Did you know?

The CUPS printing system—used in almost every Linux and Unix-like OS—has been around since 1999 and is responsible for managing your everyday print jobs. But with today's critical vulnerabilities, a printer isn't just printing anymore; hackers can exploit it for remote code execution! So, while you might think your printer is harmless, it's now a potential entry point for attackers unless patched properly. Time to give your office printer some cybersecurity love!

3. HTML Files Hide Cyber Threats

Primary Threat: A sophisticated HTML smuggling campaign is distributing dCRat (DarkCrystal RAT) malware, primarily targeting Russian-speaking users. Netskope’s research reveals that the malware is delivered via malicious HTML files embedded in phishing emails, allowing attackers to bypass network security defenses. Once executed, the malware enables remote access to the victim’s system, capable of logging keystrokes, exfiltrating files, and running shell commands.

  • MITRE Tactics: Defense Evasion, Initial Access

  • Risk: High – The use of legitimate security tools to disable EDR adds complexity to these ransomware attacks, making them harder to detect and mitigate.

4. Nvidia’s Critical Container Compromise

Primary Threat: A critical flaw in the Nvidia Container Toolkit (CVE-2024-0132) has been discovered by Wiz Research, which allows attackers to perform container escapes, gaining full access to the underlying host system. This vulnerability impacts AI workloads, particularly in shared environments like Kubernetes, and poses serious risks to sensitive data. Nvidia has issued a patch to address this issue.

  • MITRE Tactics: Privilege Escalation, Execution

  • Risk: High – The flaw directly affects AI operations and multi-tenant environments, requiring immediate patching.

5. Kia’s Vehicle Vulnerabilities

Primary Threat: A critical flaw in the Kia Dealer Portal could allow hackers to remotely control Kia vehicles by exploiting vulnerabilities in its system. Sam Curry's research reveals how attackers can use just a license plate number to gain remote access, potentially unlocking doors, starting engines, and even tracking vehicle locations. The vulnerability affects millions of Kia vehicles globally, and the flaw has since been patched by Kia.

  • MITRE Tactics: Persistence, Exfiltration

  • Risk: High – Predator’s return signifies a renewed threat from state-sponsored cyber espionage operations, particularly against high-value targets.

IN SUMMARY:

From Kia chaos to container calamities, today’s lineup is packed with high-octane threats.

The CUPS printing flaw could turn your printer into a hacker’s playground, while the Storm-0501 ransomware gang keeps tightening its grip on hybrid clouds.

Meanwhile, HTML smuggling isn’t just for smugglers—it's delivering malware straight to your inbox…

… And let’s not forget about the Nvidia AI flaw or the terrifying prospect of someone controlling your Kia with just a license plate.

Remember to patch up, stay sharp, and never trust a printer!

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)