.png)
👋 Welcome to the 14th edition Cyber Weekly Digest of 2024.
Long weekend over and a few chocolate bunnies heavier, here we go again... countdown to early May Bank Holiday activated!
New and noteworthy this week:
🟣 Whether you're an Automox customer or not (yet), a worklet automation script is now available for you to check your Linux endpoints for the exploited xz/liblzma package and mitigate if the system is determined vulnerable to CVE-2024-3094. Full blog available here
🟣 Heading to UK Cyber Week on 17-18th April at Olympia London? Catch CultureAI at stand C9 for a live demo of their Human Risk Management Platform. Gain real-time visibility of your workplace security risks, deliver targeted coaching and automate fixes. Can't wait until then... you can request a demo here
🟣 Lost in cybersecurity jargon? We loved this blog post by SentinelOne demystifying EDR, SIEM, SOAR, & XDR.
Last but not least...
🟣 Did you know you can proactively, predictively protect billions of #API calls per day with Cequence's end-to-end #APIProtection platform? Cequence are giving us a tour of their platform. First stop #attacksurface discovery. Check it out here
Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.
This week the Oil & Gas industry were under attack from new phishing campaigns, we heard about a confirmed cyber attack on a UK hotel and new security warnings for both Android and MacOS users
Keep reading to stay up to date on the latest cyber security news.
An updated version of an information-stealing malware called Rhadamanthys is being used in phishing campaigns targeting the oil and gas sector. "The phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident," Cofense researcher Dylan Duncan said. The email message comes with a malicious link that leverages an open redirect flaw to take the recipients to a link hosting a supposed PDF document, but, in reality, is an image that, upon clicking, downloads a ZIP archive with the stealer payload. Written in C++, Rhadamanthys is designed to establish connections with a command-and-control (C2) server in order to harvest sensitive data from the compromised hosts.
Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows:
CVE-2024-29745 - An information disclosure flaw in the bootloader component
CVE-2024-29748 - A privilege escalation flaw in the firmware component
"There are indications that the [vulnerabilities] may be under limited, targeted exploitation," Google said in an advisory published April 2, 2024. While the tech giant did not reveal any other information about the nature of the attacks exploiting these shortcomings, the maintainers of GrapheneOS said they "are being actively exploited in the wild by forensic companies."
Omni Hotels & Resorts has confirmed a cyberattack caused a nationwide IT outage that is still affecting its locations. In response to this incident, Omni took down impacted systems, and it's IT teams are now working on restoring and bringing them back online.
"Since Friday, March 29, Omni Hotels & Resorts has been responding to a cyberattack on its systems. Upon learning of this issue, Omni immediately took steps to shut down its systems to protect and contain its data," the hotel chain told BleepingComputer.
The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor. Acuity, the company purportedly breached to steal this information, is a technology consulting firm with almost 400 employees and a $100+ million annual revenue. It provides DevSecOps, IT operations and modernization, cyber security, data analytics, and operations support services to federal civilian national security customers.
Malicious ads and bogus websites are acting as a conduit to deliver two different stealer malware, including Atomic Stealer, targeting Apple macOS users. The ongoing infostealer attacks targeting macOS users may have adopted different methods to compromise victims' Macs, but operate with the end goal of stealing sensitive data, Jamf Threat Labs said in a report published Friday. One such attack chain targets users searching for Arc Browser on search engines like Google to serve bogus ads that redirect users to look-alike sites ("airci[.]net") that serve the malware.
