Today’s Cybersecurity Threats and Trends - 09/30/2024

Crypto drainers, data breaches, and Microsoft's many maladies.

Author

J.W. Croley
September 30, 2024

1. Crypto Scam App Captures Currency

Primary Threat: A fake crypto wallet app posing as WalletConnect has stolen over $70,000 in cryptocurrency in a five-month scam campaign. Checkpoint's research reveals that the app tricked users into signing malicious transactions, transferring their funds to the attackers' wallets. Although no longer available, the app was promoted using fake reviews and high rankings in Google Play search results.

  • MITRE Tactics: Initial Access, Execution

  • Risk: High – Users’ cryptocurrency wallets were drained with minimal user action required.

2. Attackers Bypass UAC Boundaries

Primary Threat: A recently discovered vulnerability (CVE-2024-6769) in Windows allows attackers to bypass User Account Control (UAC) via DLL hijacking and escalate privileges from medium to high integrity. The Fortra research highlights how drive remapping and poisoning the activation cache enables attackers to execute code without requiring UAC prompts. This issue impacts Windows 10, 11, and various server versions, making it a high priority flaw for enterprises to patch immediately.

  • MITRE Tactics: Execution, Initial Access

  • Risk: High – Exploiting UAC bypass vulnerabilities allows attackers to gain elevated privileges on a compromised system.

Did you know… ?

The first AI system that could perform natural language processing was ELIZA, developed in the 1960s. While it was a basic chatbot mimicking conversation, it paved the way for modern AI tools like Google Gemini, which can now generate complex responses, analyze emails, and even fall victim to prompt injection attacks. The leap from simple conversation bots to today's sophisticated AI systems highlights how far we've come—and how far attackers are willing to go to exploit these advancements

3. WMDDH Accounting Firm Attacked

Primary Threat: Accounting firm WMDDH disclosed a data breach impacting over 127,000 individuals. Personal information such as names, Social Security numbers, financial data, and medical information was compromised. The breach occurred in July 2023, but it took months for the firm to notify those affected. The firm is offering credit monitoring and identity theft protection.

  • MITRE Tactics: Collection, Exfiltration

  • Risk: High – Sensitive personal and financial information was compromised, increasing the risk of identity theft.

4. Google Gemini Glitch

Primary Threat: A vulnerability in Google's Gemini for Workspace allows attackers to launch indirect prompt injections via Gmail, Google Slides, and Google Drive. Hidden Layer researchers demonstrated how these attacks can modify AI-generated responses, leading to phishing attempts and compromised documents. The vulnerability affects several Google Workspace applications, allowing third-party attackers to manipulate content and users' workflows.

  • MITRE Tactics: Initial Access, Defense Evasion

  • Risk: Medium – Attackers can alter AI responses to create phishing campaigns.

5. BUS Breakdown Causes Crashes

Primary Threat: A denial-of-service vulnerability (CVE-2024-45383) in Microsoft’s High-Definition Audio Bus Driver, discovered by Cisco Talos, can lead to system crashes through mishandling of IRP requests. Attackers could trigger a Blue Screen of Death (BSoD) by sending multiple malicious requests to the driver, resulting in significant disruption. Microsoft has patched the vulnerability.

  • MITRE Tactics: Denial of Service

  • Risk: Medium – While the flaw causes crashes, its potential for disruption is considerable.

IN SUMMARY:

Today’s newsletter covers a diverse range of cybersecurity issues. A crypto scam app is stealing cryptocurrency from users disguised as WalletConnect, while a Windows UAC bypass exploit chain exposes systems to privilege escalation.

The WMDDH data breach compromised over 127,000 individuals' sensitive information, and a vulnerability in Google’s Gemini for Workspace enables AI-based phishing attacks.

Lastly, a denial-of-service vulnerability in Microsoft’s Audio Bus driver highlights the risks of crashing critical systems.

Stay sharp, patch quickly, and keep your defenses tight… because ‘its better to be paranoid than to be pwnd!’

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)