Today’s Cybersecurity Threats and Trends - 08/22/2024

Postgre PGMem, PWA Phishing, and Googles call for prompt patching.

Author

J.W. Croley
August 22, 2024

1. GitHub’s Glaring Security Slip-up

Primary Threat: GitHub has released patches to address a critical security flaw (CVE-2024-6800) that could allow attackers to exploit vulnerabilities in repositories. This flaw, identified by GitHub’s bounty program, affects repository configurations and could lead to unauthorized access, data manipulation, or even repository takeover. Developers and organizations using GitHub are strongly urged to update their repositories and review their security settings to mitigate this risk.

  • MITRE Tactics: Initial Access, Privilege Escalation

  • Risk: High – The potential for unauthorized access and manipulation of code repositories could have significant implications for software integrity and security.

2. PGMem Penetrates PostgreSQL

Primary Threat: A newly discovered malware named ‘PGMem’ is actively targeting PostgreSQL databases. This malware hides it processes very efficiently, making it difficult to detect using traditional methods. Once it gains access, PGMem can execute arbitrary commands and exfiltrate sensitive data from the affected databases. This threat highlights the need for robust database security measures, including regular monitoring and updates to PostgreSQL instances.

  • MITRE Tactics: Execution, Persistence, Exfiltration

  • Risk: High – The ability of PGMem to operate stealthily inside of processes and access critical data makes it a significant threat to organizations relying on PostgreSQL databases.

3. Google Urges Prompt Patching

Primary Threat: Google has patched a high-severity vulnerability in its Chrome browser, tracked as CVE-2024-7971. The flaw, which affects the browser’s WebAssembly component, could be exploited by attackers to execute arbitrary code on vulnerable systems. Google issued a statement regarding multiple fixes urging users to update their Chrome browsers immediately to avoid potential exploitation.

  • MITRE Tactics: Execution, Privilege Escalation

  • Risk: Medium – Although Google has quickly addressed the issue, the widespread use of Chrome makes this vulnerability particularly concerning.

4. UULoader Sneaks Past Virtualization Security

Primary Threat: Chinese threat actors, identified by Cyberint as leveraging MSI (Microsoft Installer) files to bypass Windows Virtualization-Based Security (VT) detection. This technique allows them to deploy malware without triggering typical security defenses, making their attacks more stealthy and effective. The malware, dubbed UULoader, uses file header stripping to evade static detection scans. The campaign is particularly concerning for organizations relying on VT detection as a primary line of defense against malware.

  • MITRE Tactics: Defense Evasion, Execution

  • Risk: High – The sophistication of this attack method and its ability to bypass standard security measures make it a significant threat, particularly for organizations in sensitive sectors.

5. PWA Phishing Captures Mobile Devices

Primary Threat: Security researchers at ESET have identified a new phishing technique that uses Progressive Web Applications (PWA) in order to bypass built-in security features on iOS and Android devices. This technique involves creating fake banking apps or overlays that trick users into entering their login details. The stolen credentials are then used to access victims' bank accounts. Users are advised to be cautious when downloading apps and to verify the authenticity of any banking-related communications.

  • MITRE Tactics: Credential Access, Initial Access

  • Risk: High – The ability to bypass mobile security features and steal sensitive banking information makes this a critical threat, particularly given the widespread use of mobile banking apps.

IN SUMMARY:

From stealthy database malware to phishing campaigns that sneak past your smartphone’s defenses, the threats never stop evolving.

Whether it's the repositories you code in, the browsers you browse with, or the devices you bank on, there's always a new vulnerability lurking in the shadows.

Stay patched, stay vigilant, and remember: it's better to be paranoid than pwned.

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)

Are you looking for reliable server hosting?
Check out my favorite GODLIKE host! Click the banner below and get 30% off and up to 7 days free with promo code: DEALSPOTR

Take control of your computer’s security with SentryPC, the all-in-one solution for monitoring, managing, and protecting your devices.
Click the banner below to get started with SentryPC today and ensure your digital environment is safe and secure! (Enterprize Solutions available!)