Welcome to the 5th edition Cyber Weekly Digest of 2024.
New and noteworthy this week: A global e-commerce titan known for its lightning-fast deliveries and vast product selection has chosen our vendor partner Cequence's Unified API Protection platform as their trusted shield against cyber threats. This isn't just a win for Cequence; it's a win for millions of consumers who deserve a secure and transparent online shopping experience! Need some help with your API security? Click HERE
The fact that we’re in 2024 and the most popular password is still ‘123456’ shows that people may still ignore advice, even when they know better. Human Risk Management Platforms can play a vital role in identifying employees using weak and compromised passwords which is why we are banging out demos with CultureAI! You can book yours HERE
We had to share the latest blog post from Abnormal Security - Designed to Deceive: 6 Common Look-alike Domain Tactics - they are shining a light on the shady world of look-alike domains. From crafty character swaps to subtle Unicode insertion, they reveal the tricks cybercriminals use to take you for a ride. You can read the blog HERE
Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.
This week we heard about hackers pushing USB malware payloads via news sites and hosting platforms, a web infrastructure company revealed that it was the target of a likely nation-state attack and Johnson Controls International confirming just how much a ransomware attack cost them in September last year!
Keep reading to stay up to date on the latest cyber security news.
The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country.
The exact impact of this widespread infection and whether it has affected state organisations or regular people's computers hasn't been determined, but the agency has shared detailed information on how to locate infections and remove the malware.
CISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday. This required action is part of a supplemental direction to this year's first emergency directive (ED 24-01) issued last week that mandates Federal Civilian Executive Branch (FCEB) agencies to urgently secure all ICS and IPS devices on their network against two zero-day flaws in response to extensive exploitation in the wild by multiple threat actors.
Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorised access to its Atlassian server and ultimately access some documentation and a limited amount of source code.
The intrusion, which took place between November 14 and 24, 2023, and detected on November 23, was carried out "with the goal of obtaining persistent and widespread access to Cloudflare's global network," the web infrastructure company said, describing the actor as "sophisticated" and one who "operated in a thoughtful and methodical manner."
A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content. The attackers hide these payloads in plain sight, placing them in forum user profiles on tech news sites or video descriptions on media hosting platforms. These payloads pose no risks to users visiting these web pages, as they are simply text strings. However, when integrated into the campaign's attack chain, they are pivotal in downloading and executing malware in attacks.
Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data. As first reported by BleepingComputer, Johnson Controls suffered a ransomware attack in September after the firm's Asia offices were initially breached, and the attackers spread throughout their network. The attack forced the firm to shut down large portions of its IT infrastructure, which affected customer-facing systems.
The threat actor behind a peer-to-peer (P2P) botnet known as FritzFrog has made a return with a new variant that leverages the Log4Shell vulnerability to propagate internally within an already compromised network. "The vulnerability is exploited in a brute-force manner that attempts to target as many vulnerable Java applications as possible," web infrastructure and security company Akamai said in a report shared with The Hacker News. FritzFrog, first documented by Guardicore (now part of Akamai) in August 2020, is a Golang-based malware that primarily targets internet-facing servers with weak SSH credentials. It's known to be active since January 2020.