Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Cyber Security Weekly Briefing, 7 - 13 December
Microsoft's December Patch Tuesday includes an actively exploited 0-day
Microsoft has published its December Patch Tuesday advisory, which includes security updates for 71 bugs, highlighting an actively exploited 0-day vulnerability. Specifically, the flaw has been reported as CVE-2024-49138, CVSSv3 of 7.8 according to Microsoft, and is an elevation of privilege vulnerability in the Windows common registry file system driver that can be exploited by malicious actors to gain SYSTEM privileges on Windows devices.
It should be noted that no information on how the flaw was exploited in the attacks has been released at this time, although as it is believed to have been discovered by CrowdStrike's advanced research team, it is likely that information on its exploitation will be released in the near future.
Apple patches a critical vulnerability in iOS
On the occasion of Patch Tuesday in December, Apple has released new security patches to fix bugs found in iOS, iPadOS and macOS devices. One of the most prominent vulnerabilities is CVE-2024-45490, CVSSv3 9.8 according to CISA, which allows a remote attacker to cause unexpected application termination or arbitrary code execution. Also, the new updated version released by Apple for iOS, specifically 18.2, fixes a couple of flaws in AppleMobileFileIntegrity that allow malicious apps to bypass protections and access sensitive user data.
These bugs are reportedly named CVE-2024-54526 and CVE-2024-54527, and have not yet received a CVSS score. On the other hand, in the macOS update bulletin Apple patched dozens of bugs in the operating system.
ShinyHunters and Nemesis linked to large-scale credential theft operation
An investigation for vpnMentor identified a large-scale hacking operation linked to threat actors ShinyHunters and Nemesis. They exploited vulnerabilities in millions of websites and exploited configuration errors to gain access to sensitive information, acting from a French-speaking country.
The attackers used various scripting languages along with specialized tools, such as ffuf and httpx, to automate the exploitation process. They also made use of Shodan and publicly available AWS IP address ranges to find and exploit millions of targets in different regions. The breach resulted in the theft of more than 2TB of data, which included AWS customer keys and secrets that, in turn, allowed access to AWS services.
They also obtained Git credentials that exposed sensitive source code and databases, SMTP and SMS credentials that facilitated the sending of phishing and spam emails, cryptocurrency wallet and trading platform credentials, as well as access to social media and email accounts.
Meeten: campaign against Web3 professionals
The team of researchers at Cado Security Labs has published an investigation in which they report the discovery of a malware campaign targeting people working at Web3, which they have dubbed Meeten. Specifically, according to the experts, malicious actors are tricking their victims by sending them fake professional meeting requests that require them to access malicious websites pretending to be legitimate in order to download an application to connect to it.
However, both the downloaded software, which is the Realst malware, as well as the websites hosting JavaScript, are aimed at stealing cryptocurrency wallets. It should be noted that this campaign has been running since last September and targets both Windows and macOS systems.
New 0-day vulnerability gets unofficial patch
Researchers at 0patch Team have discovered a new 0-day vulnerability that would allow an attacker to capture NTLM credentials by tricking victims into opening a malicious file in Windows Explorer. Although no further details have been released about the vulnerability, which has not yet been assigned a CVE, researchers have reportedly confirmed that it would allow a malicious actor to steal NTLM hashes when the user opens a specially crafted file from a shared folder, a USB drive or the downloads folder.
The researchers have reported the flaw to Microsoft, as it would affect all versions of Windows from Windows 7 and Server 2008 R2 to the latest Windows 11 24H2 and Server 2022. Although Microsoft has not yet released any security fix, the 0patch Team has offered its users a micro-patch for the bug, at least until the release of official patches.
◾ This newsletter is one of the deliverables of our Operational and Strategic Intelligence service. If you are interested in knowing the rest of the Operational and Strategic Intelligence contents included in the service, please contact us →
