The weekly cybersecurity news summary highlights the recent threats, vulnerabilities, innovations, and emerging attack vectors. This ongoing awareness facilitates a comprehensive understanding of the threat landscape that is evolving at a rapid pace. This enables timely implementation of appropriate security measures and ensures robust system protection against constantly emerging security threats.
Cyber Attacks
TeamViewer Hacked
TeamViewer recently announced that attackers had compromised its internal corporate IT environment.
An “irregularity” was detected by the security team of the company and they initiated incident response procedures that drew external professionals to investigate and remedy the breach.
The investigation is still ongoing even though TeamViewer has said there is no evidence about the impact on customer data or its product.
Major technology providers are grappling with cybersecurity issues as indicated by an Advanced Persistent Threat (APT) group being behind this attack.
There is a need for users of TeamViewer to watch any updates from the institution about possible impacts or mandatory actions.
Vulnerability
Juniper Session Smart Router Flaw
Juniper Networks has announced a crucial vulnerability (CVE-2024-2973) that affects its Session Smart Router (SSR) and Session Smart Conductor products, enabling network-based attackers to evade authentication and take over the whole device within highly accessible redundant configurations.
The flaw threatens the security of SSRs and Conductors in duplicative peer setups.
To fix this bug, Juniper Networks has released new versions of software, consequently, it is recommended that all High-Availability clusters be upgraded to SSR-6.1.9 or SSR-6.2.5 as soon as possible.
It’s an undisturbed fix for the production traffic except for a short period when web-based management and APIs will not be available.
All affected users are advised by Juniper Networks to upgrade their systems promptly to mitigate the risk associated with this flaw.
Apple AirPods Bluetooth Vulnerability
A major Bluetooth vulnerability tracked as CVE-2024-27867 has led to the release of important firmware updates by Apple for its AirPods and Beats headphones.
Security researcher Jonas Drebler came across this issue, which if exploited can allow attackers who are within a Bluetooth range to initiate connection request spoofing and eventually gain unauthorized access to those earphones.
This could be dangerous as it may lead to probable breaches in privacy or unauthorized collection of information.
To update their headphones, users need the latest firmware version, which is automatically downloaded when they connect them to an iPhone, iPad, or Mac computer. Users can navigate to Bluetooth settings on their devices in order to check the firmware version.
WordPress XSS and Path Traversal Flaws
The reason why WordPress had to release an urgent security update, version 6.5.5, is that it had a couple of dangerous security vulnerabilities that could put at risk the millions of websites it powers.
This update addresses three main security issues, Cross-Site Scripting (XSS) vulnerability in HTML API, XSS vulnerability in Template Part Block, and Path Traversal on Windows-hosted sites.
As a result, all administrators of WordPress sites are urged to keep their installations up to date as this will ensure that they do not fall victim to possible attacks and consequently suffer data loss and unauthorized access.
Afterward, Version 6.5.5 of WordPress follows another short one before the next major version is out on July 16th, 2024. It is said that the next version, which is expected by then to have numerous improvements and new features will be named WordPress 6.6 or maybe it will not even have any name at all but only numbers like the previous versions had.
Windows Bluetooth Service RCE Vulnerability
Windows Bluetooth service had a Remote Code Execution (RCE) vulnerability in March 2023.
On an arbitrary system, the unauthorized threat actor could exploit this vulnerability to run any code, but it can only be done if there is access to the same network as that of the victim system.
It was a buffer overflow problem in Bluetooth Low Energy (BLE) advertising data parsing functions that resulted in this vulnerability.
Microsoft has issued patches for this vulnerability, however, users of affected Windows versions are advised to update their systems to avoid falling prey to attackers.
Data Breach
VMware ESXi Vulnerability
Three critical vulnerabilities in ESXi hypervisor have been disclosed by VMware, which allows hackers to bypass authentication mechanisms.
CVE-2024-37085, CVE-2024-37086, and CVE-2024-37087 are the CVE IDs given to these bugs and they pose significant risks to organizations deploying VMware ESXi.
In this case, successful exploitation of these vulnerabilities would enable an attacker to completely gain administrative access to the ESXi host without proper authentication leading to unauthorized control over virtual machines, data breaches, and potential disruption of services.
To address these vulnerabilities, VMware has provided patches that should be applied immediately by administrators, or else the risks will remain high.
BSNL Data Breach
A massive data leak has occurred at Bharat Sanchar Nigam Limited (BSNL), India’s state-owned telecom provider, in which 278GB of sensitive information like IMSI numbers, SIM card details, and security keys were exposed.
This breach was perpetrated by “kiberphant0m,” which may now result into millions of subscribers being vulnerable to identity theft, financial fraud, and sim card cloning. The stolen data is up for sale on the dark web for $5,000 which conveys volumes about its sensitivity to highly skilled cyber attackers targeting both BSNL itself and other connected network systems.
This is the second such case in the last six months caused by BSNL, making it more concerned about its users’ safety and national protection against cyber threats.
Experts are urging BSNL to urgently investigate, contain this breach, and strengthen its capacity to protect users as well as critical infrastructure.
Other news
$10 Million Reward For Russian Hacker
The U.S. Department of Justice has announced a reward worth $10 million for any information leading to the capture of Amin Timovich Stigal, aged 22, who is charged with conspiracy to hack into and destroy computer systems and their data.
Stigal and co-GRU members allegedly deployed WhisperGate malware to target Ukrainian government systems in January 2022 with the aim of destroying them together with their related data before the Russian invasion.
Moreover, it claims that in August 2022 the same conspirators hacked into the transportation infrastructure of a Central European country supporting Ukraine and probed Maryland-based federal government agency-owned computers.
1 Million Geisinger Patient’s Personal Data Stolen
A data breach occurred at Geisinger Health System affecting personal details of more than one million patients, occuring through an ex-Nuance Communications Inc. employee.
This data was accessed by the former employee within two days of being fired and could have included names, dates of birth, addresses, medical record numbers, and phone numbers that were sensitive in nature.
The police were involved in the matter which led to the apprehension and subsequent charges on the part of the ex-employee. Patients who it affected are being contacted by Geisinger Health Systems requesting that they go through their given details and use a special support line for enquires.
Comments