In other news: Malware delivered by ISPs, Temu spying, Critical Dataverse vulnerability

https://www.securityweek.com/wp-content/uploads/2023/10/cybersecurity-news-1024x576.jpg

SecurityWeek’s cybersecurity news roundup is a concise compilation that highlights stories that may have slipped through the cracks.

We provide a valuable overview of stories that do not require an entire article but are still important to a complete understanding of the cybersecurity landscape.

curates and presents a collection of notable developments each week, from the latest vulnerabilities discoveries and emerging attack methods to significant policy and industry reports.

This week’s news:

Microsoft patches critical Dataverse vulnerabilities

Microsoft has informed its customers that a critical remote-code-execution vulnerability has been patched. The Dataverse product is designed to securely store and manage data used by business apps. The vulnerability was assigned CVE-2024-35680 even though users do not need to take action. Microsoft used the opportunity to reveal CVEs in order to increase transparency.

Levi Strauss credential stuffing attack

Clothing company Levi Strauss informs 72,000 customers of a password reset after detecting a credential stuffing on their accounts. Attackers could have gotten information like name, email address and order history. They may also have gotten partial payment card details.


Advertisement. Continue reading by scrolling.

Ventura County Credit Union data breach resulting from email hack

A hack of an email account has led to a breach at Ventura County Credit Union. The incident happened in late January. The hacked email account contained personal information, such as name, Social Security Number, and financial account details. Nearly 45,000 people are affected by the incident. In 2022, this same credit union suffered from a data breach that affected 82,000 customers and staff.

South Korean ISP delivers malware to 600,000 Users

South Korean ISP KT is accused of delivering malicious to 600.000 customers in an effort to interfere with BitTorrent traffic. The company likely wanted to reduce the load on its network caused by torrent traffic and save money.

Ollama AI affected by remote code-execution vulnerability

Ollama is a popular open-source project for running AI models. It has a remote code-execution vulnerability. The flaw has been tracked as CVE-202437032 and is dubbed Probllama. The project’s developers are working to fix the problem, but many vulnerable instances have been exposed on the internet.

Health sector warns of social engineering and phishing attack

The FBI, CISA, and the HHS issued a Joint Security Advisory in order to warn healthcare and public-health organizations about attacks that involve social engineering and phishing. Social engineering tactics included phoning the IT help desk of the targeted organization and posing as a legitimate employee. The goal is to gain online account access and divert ACH payments into bank accounts controlled by cybercriminals.

New Snowblind Android Malware

Promon has performed an analysis of a newly discovered Android banking trojan called Snowblind. Snowblind attacks Android apps using a novel attack technique based on Linux kernel features. This malware appears to be the very first to use this attack vector.

Chinese shopping application Temu is allegedly used to spy

Arkansas Attorney General has filed suit against the company behind the Chinese app Temu. The lawsuit, which calls the application ‘dangerous’ malware, claims that Temu can collect data from devices it is installed on and warns of the risks of giving information to a Chinese firm. Temu responded by denying the accusations, and claiming that the lawsuit was based on inaccurate data. The company will defend against the allegations.

Thermoscan IP and Sensor Net Connect vulnerabilities

Nozomi Networks Labs warns of seven vulnerabilities that exist in the healthcare-specific Sensor Net Connect device, as well as the Thermoscan IP desktop software. These vulnerabilities could be exploited by hackers to manipulate system settings and install malware. They could also be used to exfiltrate sensitive data and disrupt healthcare services. The vendor has been informed, but does not appear to be releasing any patches.

Apple patches AirPods Bluetooth vulnerability

Apple has released AirPods Firmware Updates in order to fix a Bluetooth vulnerability that could allow attackers access to headphones when they are trying to connect to previously paired devices.

Google updates Chrome Root Store policies

Google announced Thursday that it would be changing its Chrome Root Store policy to no longer trust TLS server authentication certificate validating to Entrust roots whose earliest Signed Certificate Timestamp (SCT), dated after October 31st 2024. Google says that recent patterns of concern have eroded trust in Entrust.

Related In other news: Fuxnet ICS Malware (Google User Tracking), CISA Employee Scams

Related In other news: Microsoft Email Spoofing. Snowflake Hack Ransoms. LogoFail follow-up

<<<- Go Back