Today’s Cybersecurity Threats and Trends - 08/23/2024

Velvet Ants, Chrome, and Cthulhu.

Author

J.W. Croley
August 23, 2024

1. Researchers Reveal Chinese Cisco Crack

Primary Threat: Researchers at Sygnia have uncovered how state-sponsored hackers from the Velvet Ant group exploited a critical zero-day vulnerability in Cisco’s Web UI, tracked as CVE-2024-20399. The flaw allows an attacker with valid administrator credentials to the Switch management console to escape the NX-OS command line interface (CLI) and execute arbitrary commands on the Linux underlying operating system. The attackers leveraged this vulnerability to gain unauthorized access to sensitive networks, showcasing their ability to exploit overlooked flaws in widely used infrastructure. This breach highlights the need for immediate patching and the critical importance of network security monitoring.​

  • MITRE Tactics: Initial Access, Execution

  • Risk: High – Unauthorized access and potential full network compromise.

2. Credential Catastrophe: Hardcoded Horror

Primary Threat: A severe vulnerability, tracked as CVE-2024-28987, has been uncovered in Web Help Desk (WHD) systems with hard-coded credentials. This flaw allows attackers to gain admin-level access to these systems remotely, posing a significant risk to critical infrastructure. The hardcoded credentials cannot be changed by users, making the vulnerability particularly dangerous as it grants attackers near-instant access to affected devices once they locate them.

  • MITRE Tactics: Credential Access, Privilege Escalation

  • Risk: High – This flaw allows a remote unauthenticated user to access internal functionality and modify data.

3. Chrome Creds Caught by Qilin

Primary Threat: The Qilin Ransomware Group, notorious for its ability to infiltrate and encrypt victim systems, has evolved to include a custom info stealer allowing credential theft from Google Chrome browsers. Discovered by researchers at Sophos this enhancement allows the ransomware to steal saved usernames and passwords from Chrome before fully compromising networks. This also gives attackers the ability to carry out secondary attacks or sell the stolen data on dark web forums. This multi-faceted threat amplifies the potential damage, as 4they leverage multiple vectors to compromise systems.

  • MITRE Tactics: Credential Access, Impact

  • Risk: High – Increased threat from combined data theft and encryption.

4. Nasty NFC Nuisance

Primary Threat: A newly identified malware, called NGate, is targeting Android devices by intercepting NFC (Near Field Communication) traffic, primarily focusing on stealing banking information. As we have covered before, the malware is distributed through malicious apps and silently monitors NFC transactions and extracts sensitive financial data, including contactless payment details. As mobile payments grow in popularity, such specialized threats pose a significant risk to personal and financial security, requiring increased vigilance from users and security teams alike.

  • MITRE Tactics: Collection, Credential Access

  • Risk: High – Unauthorized access to financial data and potential for fraudulent transactions.

5. Cthulhu’s Menacing Manifestation

Primary Threat: Researchers at Cato Security have uncovered a new macOS malware dubbed the Cthulhu Stealer. This malware is designed to steal sensitive information, such as credentials and financial data, from macOS devices. It infiltrates systems through phishing and software vulnerabilities, then quietly exfiltrates data to command-and-control servers. This discovery underscores the expanding threat landscape for macOS users, who have long been considered less vulnerable to malware compared to other platforms.

  • MITRE Tactics: Collection, Exfiltration

  • Risk: Medium – Persistent theft of sensitive information from macOS devices.

IN SUMMARY:

This week’s cyber villains have truly outdone themselves… from Chinese hackers squeezing through Cisco’s weak points to the Cthulhu Stealer creeping through the macOS abyss.

We've got Qilin ransomware doubling down on disaster, nabbing your credentials before encrypting your data, and Android NFC-stealers making a meal of your banking details.

And if that’s not enough to keep you up at night, SolarWinds just handed attackers the keys to the kingdom with hardcoded credentials.

It’s a wild world out there!

Remember, in cybersecurity, it’s always better to be paranoid than pwned!

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)

Are you looking for reliable server hosting? Check out my favorite GODLIKE host! Click the banner below and get 30% off and up to 7 days free with promo code: DEALSPOTR

Take control of your computer’s security with SentryPC, the all-in-one solution for monitoring, managing, and protecting your devices.
Click the banner below to get started with SentryPC today and ensure your digital environment is safe and secure!