Several sensitive flaws have surfaced in the last 24 hours. One of Palo Alto Network’s platforms that supports its next-gen firewalls, was discovered containing a critical bug, CVE-2022-0028. An attacker could exploit it to conduct reflected and amplified TCP DoS attacks. Meanwhile, a list of vulnerabilities was exposed by the Bitdefender team in the asset management platform Device42. By abusing these, a hacker can claim control over the targeted systems and devices.
It’s rare but three separate ransomware actors have used the same entry point to attack a single organization. LockBit, Hive, and ALPHV/BlackCat operators targeted an automotive supplier within a span of two months.
Top Breaches Reported in the Last 24 Hours
Vishing hits Cisco, data stolen
Cisco confirmed suffering a data security incident that crippled its corporate IT infrastructure. Hackers may have pilfered nearly 2.8GB of data. The firm said that a third party hijacked an employee’s personal Google account through vishing (voice phishing) campaigns to obtain credentials. Cybercriminals impersonated various trusted organizations in those campaigns. Experts have linked the activity to the Yanluowang group.
Three ransomware attacks, one victim
Three ransomware gangs targeted an automotive supplier back to back following an initial breach allegedly by an initial access broker in December 2021. Three threat actors, namely LockBit, Hive, and ALPHV/BlackCat affiliates, targeted the victim's network on April 20, May 1, and May 15, respectively. Hive infiltrated two hours after Lockbit.
Top Malware Reported in the Last 24 Hours
Cuba activities linked to ROMCOM RAT
Palo Alto Networks' Unit 42 revealed that Cuba ransomware actors have been deploying the new ROMCOM RAT on compromised systems. The custom malware can start a reverse shell, gather user and system information, delete files, and transfer data to a remote server. The RAT is under active development as researchers found a second sample on the VirusTotal database.
Top Vulnerabilities Reported in the Last 24 Hours
Bug in Palo Alto Networks firewalls
A reflected amplification DoS flaw has been found affecting Palo Alto’s PAN-OS platform. Identified as CVE-2022-0028, the vulnerability is a misconfiguration in the PAN-OS URL filtering policy. A hacker can abuse susceptible firewalls from multiple vendors to pull off a DoS attack. Remove the URL filtering policy to stay protected, suggested the experts.
Multiple vulnerabilities in Device42 assets
Four security holes were reported on the asset management platform, Device42. Successful exploitation of these may let cybercriminals pose as authentic users, obtain admin-level access, or even fully access the files and database. The most critical bug is tracked as CVE-2022-1399, which makes it possible to run arbitrary commands with root permissions.
Bugs in NetModule routers
Researchers at Flashpoint uncovered two critical vulnerabilities in NetModule Router Software (NRSW). The security bugs can be abused by remote attackers to bypass authentication and access administrative functionality. Researchers warn that the continued use of vulnerable devices may have repercussions and pose threats to organizations.
Hardware bug in Intel CPUs
Intel's SGX memory encryption technology is flawed due to an architectural error in processors featuring Intel's Sunny Cove. This leads to the exposure of data stored in the memory-mapped registers of the local Advanced Programmable Interrupt Controller (APIC). Intel has recommended that operating systems and VMMs enable x2APIC mode.
Vulnerable AMD Ryzen chips
Researchers have located a new CPU vulnerability affecting AMD Zen-based Ryzen chips. It is a side channel vulnerability, dubbed SQUIP, found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3”. The vulnerability concerns the multi-scheduler queues in CPUs.