SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Recent Adobe Reader vulnerability possibly a zero-day
One of the Adobe Reader vulnerabilities patched this week, CVE-2024-41869, may be a zero-day and it may have been exploited in the wild. The remote code execution vulnerability was reported to Adobe by Haifei Li, of the EXPMON sandbox system and Check Point, after in June he came across a PDF proof-of-concept that attempted to exploit the flaw. The PoC was not a fully working exploit so it’s unclear whether someone had been working on a malicious zero-day exploit or they were conducting good-faith testing. Adobe has not shared any information on possible exploitation.
$20 to become admin of .mobi TLD and undermine TLS
WatchTowr has published a blog post describing the impact of their researchers spending $20 to acquire a legacy WHOIS server domain associated with the .mobi TLD. After acquiring the domain, the researchers saw communications from over 135,000 systems and over 2.5 million queries, including cybersecurity tools and mail servers for government, military and university entities. They also reached the conclusion that they had undermined the TLS/SSL process for the entire .mobi TLD, which is known to be a target of nation states.
Advertisement. Scroll to continue reading.
Scattered Spider targeting insurance and financial industries
EclecticIQ has conducted an analysis of Scattered Spider ransomware attacks on the insurance and financial sectors. A blog post describes how the hackers target cloud infrastructure, their phishing campaigns aimed at cloud services and privileged accounts, and the use of credential stealers and initial access brokers.
New macOS malware HZ RAT
Intego has analyzed the macOS version of HZ RAT, a piece of malware that gives attackers complete control over an infected device. The Windows version of HZ RAT has been around since 2022, but a Mac version also emerged recently.
WhatsApp View Once bypass exploited in the wild
Zengo is warning users that the View Once feature in WhatsApp, which makes content disappear from a chat after it has been viewed by the recipient, can be easily bypassed. Meta is reportedly still working on a patch, but Zengo decided to disclose the issue after learning that it has already been exploited in the wild.
Card-cloning gangs dismantled in the US and Romania
Law enforcement agencies in Romania and the US dismantled two criminal organizations that used POS and ATM skimmers to steal credit and debit card data and clone the compromised cards to withdraw funds from the victims’ accounts. Operating in California, between 2021 and September 2024, the miscreants stole over $1 million, Romanian authorities reveal. They used the proceeds to make purchases in the US and Mexico, but also transferred some of the funds to Romania.
Google targets more influence operations
Google has described the actions it has taken against influence operations in the third quarter of 2024. The tech giant said it has terminated thousands of YouTube channels and blocked dozens of domains linked to influence operations conducted by China, Azerbaijan, Russia, and Ecuador. An operation linked to entities in the United States has also been targeted.
Details disclosed for Windows MSI installer vulnerability exploited in the wild
SEC Consult has disclosed the details of CVE-2024-38014, a recently patched privilege escalation vulnerability in Windows MSI installers that Microsoft has flagged as being exploited in the wild. The security firm has also released an open source tool that can analyze Windows *.msi installer files and find potential vulnerabilities.
FBI cryptocurrency fraud report
A report published by the FBI shows that the agency received over 69,000 complaints of financial fraud involving cryptocurrency in 2023. Estimated losses exceed $5.6 billion. The exploitation of cryptocurrency was most pervasive in investment scams, where losses accounted for almost 71% of all losses related to cryptocurrency.