In a series of alarming developments, cybersecurity experts have uncovered multiple threats targeting various sectors and technologies. Here's a roundup of the most pressing cybersecurity news:
North Korean Hackers Collaborate with Ransomware Group
Security researchers at Palo Alto Networks' Unit42 have discovered that North Korean state-sponsored hackers, known as Jumpy Pisces (also called Andariel), are likely collaborating with the Play ransomware group. This marks the first observed instance of North Korean actors using existing ransomware infrastructure, potentially acting as initial access brokers or affiliates. The attack, identified in September 2024, involved compromising a user account in May, followed by lateral movement and the deployment of Play ransomware in September.
Chinese Botnet Targets Global Organizations
Microsoft has revealed that a Chinese threat actor, Storm-0940, is leveraging a botnet called Quad7 (aka CovertNetwork-1658) to conduct highly evasive password spray attacks. The attacks aim to steal credentials from Microsoft customers, which are then used for network infiltration and post-exploitation activities. Targets include think tanks, government organizations, and defense industrial bases.
Critical Vulnerability in Opera Browser Patched
A serious security flaw in the Opera web browser, dubbed "CrossBarking," has been discovered and patched. The vulnerability could have allowed malicious extensions to gain unauthorized access to private APIs, potentially enabling attackers to capture screenshots, modify browser settings, and hijack accounts. Opera users are urged to update their browsers immediately to version 113.0.5230.132.
Windows Downgrade Attack Poses Severe Threat
A proof-of-concept exploit has been released for two critical zero-day vulnerabilities in Microsoft Windows, enabling a novel "downgrade attack". The flaws, tracked as CVE-2024-38202 and CVE-2024-21302, allow attackers to manipulate the Windows Update process, reverting fully patched systems to vulnerable states. This effectively turns previously fixed security holes into exploitable zero-day vulnerabilities again.
IoT Cameras Under Attack
GreyNoise Intelligence has detected attempts to exploit critical vulnerabilities (CVE-2024-8956 and CVE-2024-8957) in live streaming IoT cameras widely deployed in healthcare, industrial operations, and government facilities. The flaws could allow attackers to seize control of the cameras, manipulate video feeds, and potentially enlist the devices into botnets for denial-of-service attacks.
These developments underscore the ever-evolving nature of cyber threats and the critical importance of maintaining up-to-date security measures across all digital platforms and devices.
Sources:
Comments