.png)
Welcome to the 8th edition Cyber Weekly Digest of 2024.
Â
New and noteworthy this week: Take a peek into Abnormal Security's H1 2024 Email Threat Report, uncovering the latest email attack trends, including a deep dive into QR attacks. You can read the full report here but some stats that stand out:
89.3% of QR attacks detected by Abnormal are 'credential phishing attacks'
C-suite receive 42% more QR attacks than the average employee
Organisations over 50,000 employees have a 98.9% chance of BEC weekly attack
Sticking with the superb cyber sec content machine Abnormal Security, we also highly rate their latest white paper - CISO Guide to Replacing Your SEG
Last but not least... Did you know you can discover and protect every cyber asset? Leveraging API feeds from your existing tools, validate your controls are correctly deployed and functioning across every cyber asset with ThreatAware. Want to know how? Request a demo here
Â
Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.
Â
This week we heard about the NCA's takedown of the LockBit Ransomware Operation, a worm even more malicious (and irritating) than Nokia's OG snake and why Avast are very much on the naughty step!
Â
Keep reading to stay up to date on the latest cyber security news.
Â
Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent. The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed by Apple on January 22, 2024, with the release of iOS 17.3, iPadOS 17.3, macOS Sonoma 14.3, and watchOS 10.3. "A shortcut may be able to use sensitive data with certain actions without prompting the user," the iPhone maker said in an advisory, stating it was fixed with "additional permissions checks."
The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes. The complaint says Avast violated millions of consumers' rights by collecting, storing, and selling their browsing data without their knowledge and consent while misleading them that the products used to harvest their data would block online tracking.
The U.K. National Crime Agency (NCA) on Tuesday confirmed that it obtained LockBit's source code as well as a wealth of intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos. "Some of the data on LockBit's systems belonged to victims who had paid a ransom to the threat actors, evidencing that even when a ransom is paid, it does not guarantee that data will be deleted, despite what the criminals have promised," the agency said. It also announced the arrest of two LockBit actors in Poland and Ukraine. Over 200 cryptocurrency accounts linked to the group have been frozen. Indictments and sanctions have also been unsealed in the U.S. against two other Russian nationals who are alleged to have carried out LockBit attacks.
A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig researcher Miguel Hernández said. "The worm automatically searches through known credential locations and shell history files to determine its next move." SSH-Snake was first released on GitHub in early January 2024, described by its developer as a "powerful tool" to carry out automatic network traversal using SSH private keys discovered on systems.
Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. The maximum severity CVE-2024-1709 auth bypass flaw has been under active exploitation since Tuesday, one day after ConnectWise released security updates and several cybersecurity companies published proof-of-concept exploits.
