Let’s begin with another contribution from the Black Hat event. Cybersecurity experts have discovered critical zero-day vulnerabilities in popular cryptographic Multi-Party Computation (MPC) protocols, such as GG-18, GG-20, and Lindell 17, enabling potential attackers to rapidly drain funds from millions of retail and institutional customers' wallets. Thankfully, none were exploited in the wild. Speaking of bugs, a compromised access control vulnerability was addressed in Spring Security in the latest update. This may have a severe impact on Spring WebFlux applications utilizing Spring Security for authentication and access control.

In a routine web monitoring, cybersecurity analysts stumbled upon an address that unveiled a series of “hack waves" centered around WordPress. The attack campaign has been attributed to the operators of the Balada Injector malware.

Top Breaches Reported in the Last 24 Hours

Missouri DSS notifies about MOVEit breach

The Missouri Department of Social Services (DSS) urged residents to safeguard their personal information, following a data security breach that originated from the attack on MOVEit Transfer software. The breach potentially exposed the identities of numerous Medicaid participants. While DSS systems remained unaffected, data belonging to the agency was compromised. The accessed files include individual names, department client numbers, dates of birth, benefit eligibility status, coverage, and medical claims information.

Pro-Russian hackers strike websites in Europe

Pro-Russian hacking group NoName057(16) claimed responsibility for recent cyberattacks on government and public services websites in France and the Netherlands. These attacks follow similar actions targeting Spanish, Italian, and Dutch organizations with distributed denial-of-service (DDoS) attacks. While Dutch authorities note the limited impact of these recent DDoS incidents, the group has historically targeted Ukraine and its allies.

**Multi-nation campaign by Chinese hackers **

Hackers tied to China's Ministry of State Security, identified as the RedHotel intrusion set, have been involved in cyberattacks across 17 countries in Asia, Europe, and North America since 2021. The group has targeted various sectors such as academia, aerospace, government, and more. Known by aliases like Aquatic Panda, Bronze University, and Charcoal Typhoon, RedHotel appears to be on an espionage mission to gather intelligence.

Top Malware Reported in the Last 24 Hours

Balada Injector exploits WordPress

In a routine web monitoring operation, the spatialreality[.]com address led security experts to a WordPress-based site distributing Balada Injector malware. The malware infection involves injecting of malicious PHP code that grants remote access and controls malvertising schemes. The injected code is buried within layers of legitimate code, allowing it to execute before the actual site content. The malware's evasion tactics include domain changes and obfuscated attack waves.

Rust-Based injector and SYK Crypter unveiled

FortiGuard Labs has uncovered a new injector coded in Rust, a rapidly emerging programming language, used to introduce the XWorm malware. Rust's adoption in malware creation has grown since 2019, with campaigns like Buer loader and Hive. Injector activity surged in May 2023, employing Base64-encoded shellcode and encryption algorithms (AES, RC4, LZMA) for antivirus evasion. The investigation further exposed the involvement of SYK Crypter in loading Remcos RAT for device control.

Top Vulnerabilities Reported in the Last 24 Hours

Zero-day in cryptographic MPC protocols

Researchers from Fireblocks Cryptography Research Team have identified multiple zero-day flaws in widely used cryptographic Multi-Party Computation (MPC) protocols. The flaws could potentially allow attackers to steal cryptocurrency funds from the wallets of millions of retail and institutional customers. The vulnerabilities, dubbed BitForge, were discovered in protocols such as GG-18, GG-20, and implementations of Lindell 17, affecting popular wallet providers, including Coinbase WaaS, Zengo, and Binance.

High-severity bug in Spring Framework

A security vulnerability, identified as CVE-2023-34034, has been discovered in recent versions of Spring Security, a critical component of the Java-based Spring Framework. Researchers at JFrog conducted an investigation into the flaw, revealing a filter bypass issue within the Spring WebFlux framework, which could grant unauthorized access to sensitive sections of applications. Not all Spring applications are impacted by it.

Millions of users at risk

Cybersecurity firm Claroty unveiled critical vulnerabilities in Western Digital (WD) and Synology network-attached storage (NAS) products, leaving millions of users' files exposed. Demonstrated at Pwn2Own Toronto, the vulnerabilities allowed attackers to remotely access files, execute code, and gain full control over cloud-connected devices. WD's flaw involved impersonating devices and leveraging cloud tunnels, while Synology's weakness redirected users to attacker-controlled devices via QuickConnect.

Intel addresses 80 vulnerabilities

Intel has issued 46 new security advisories detailing 80 vulnerabilities affecting its firmware and software. Among the most severe are 18 high-severity flaws allowing privilege escalation or denial-of-service attacks. These vulnerabilities impact a range of products, including processors, chipset firmware, software suites, and more. Medium-severity issues have also been addressed, covering various components like RealSense SDKs, Ethernet controllers, and system firmware.

Google releases Android security updates

Google issues its August 2023 security updates for Android, fixing over 40 vulnerabilities. The most severe is CVE-2023-21273, a critical remote code execution flaw in the System component affecting Android 11, 12, 12L, and 13. Other critical vulnerabilities include remote code execution in the Media Framework (CVE-2023-21282), kernel privilege escalation (CVE-2023-21264), and memory corruption in Qualcomm closed-source components (CVE-2022-40510). Dozens of high-severity vulnerabilities were also patched.

Top Scams Reported in the Last 24 Hours

EvilProxy campaign targets Microsoft 365 users

The EvilProxy campaign has targeted over 100 organizations worldwide, with a focus on high-ranking executives, sending 120,000 phishing emails to steal Microsoft 365 accounts. This advanced threat utilizes a reverse proxy architecture to bypass multi-factor authentication (MFA) and compromise victims' sessions. Researchers observed a rising trend in successful cloud account compromises despite MFA adoption.