Today’s Cybersecurity Threats and Trends - 08/21/2024

Todo Swift's new hit single and WordPress worries.

Author

J.W. Croley
August 21, 2024

1. ‘TodoSwift’ Takes on MacOS

Primary Threat: A newly identified macOS malware named ‘TodoSwift’ has been linked to the North Korean APT group, Lazarus. This malware is part of a broader campaign targeting macOS users, particularly those involved in cryptocurrency and financial sectors. TodoSwift is designed to establish persistence on infected devices, enabling remote access and exfiltration of sensitive data. This discovery highlights the increasing focus of North Korean threat actors on macOS platforms, expanding their attack vectors beyond traditional Windows-based operations.

  • MITRE Tactics: Persistence, Exfiltration, Command and Control

  • Risk: High – The ability to remotely control infected devices and steal sensitive information makes this a significant threat to targeted industries, particularly finance and cryptocurrency.

2. Vicious Vermin Campaign against Ukraine

Primary Threat: The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about a new phishing campaign linked to the ‘Vermin’ threat group. This campaign is targeting government entities and other organizations in Ukraine. The phishing emails contain malicious attachments designed to deploy the Vermin RAT (Remote Access Trojan), which allows attackers to gain control over infected systems, steal data, and spy on communications. This campaign is part of ongoing cyber-espionage activities attributed to Russian state-sponsored actors.

  • MITRE Tactics: Initial Access, Credential Access, Exfiltration

  • Risk: High – Given the geopolitical context and the targeting of government entities, this campaign poses significant risks to national security and sensitive information.

3. GiveWP Gives Away Donor Data

Primary Threat: A critical vulnerability has been discovered in the GiveWP WordPress plugin, widely used by nonprofits to collect donations. This flaw, identified as CVE-2024-5932, allows unauthenticated attackers to exploit the plugin and gain access to donor information, including names, emails, and payment details. The vulnerability stems from improper input validation, leading to potential SQL injection attacks. Organizations using this plugin are urged to apply the latest updates to mitigate the risk.

  • MITRE Tactics: Initial Access, Credential Access, Exfiltration

  • Risk: Medium – The exposure of donor data not only compromises privacy but also risks the reputation of nonprofit organizations, which rely on public trust.

4. CannonDesign Compromised by AvosLocker Attack

Primary Threat: CannonDesign, a global architecture and engineering firm, has confirmed a data breach following a ransomware attack by the AvosLocker group. The attackers exfiltrated sensitive data before encrypting files, demanding a ransom for the decryption key. The stolen data, which includes employee records, client contracts, and proprietary project details, has been leaked on a dark web forum. CannonDesign is working with cybersecurity experts and law enforcement to assess the breach’s impact and secure their systems.

  • MITRE Tactics: Exfiltration, Impact, Command and Control

  • Risk: High – The exposure of sensitive business data can lead to financial losses, legal liabilities, and damage to client trust.

5. RFID Card Cloning Crisis

Primary Threat: Security researchers have uncovered a significant vulnerability in millions of RFID cards used for access control in businesses and secure facilities. This backdoor, which has been present in RFID cards for years, allows attackers to instantly clone the cards using inexpensive hardware. The vulnerability could lead to unauthorized access to secure areas, posing severe risks to physical security. Affected organizations are advised to replace or update their RFID systems to prevent exploitation.

  • MITRE Tactics: Initial Access, Credential Access

  • Risk: Critical – The ability to clone RFID cards could lead to unauthorized access to secure facilities, putting sensitive assets and personnel at risk.

IN SUMMARY:

From North Korean malware lurking in your macOS to a backdoor in your RFID cards, every corner of your security landscape is under siege.

Whether it’s your WordPress plugins or your company’s data, there’s no safe haven from the relentless march of cyber threats.

So, stay secure, stay patched, and vigilant!

And as always and forever… Remember: It’s always better to be paranoid than pwned.

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)

Are you looking for reliable server hosting? Check out my favorite GODLIKE host! Click the banner below and get 30% off and up to 7 days free with promo code: DEALSPOTR

Take control of your computer’s security with SentryPC, the all-in-one solution for monitoring, managing, and protecting your devices.
Click the banner below to get started with SentryPC today and ensure your digital environment is safe and secure!