Share Blog Post
Apple device users are at risk of losing their iCloud accounts as scammers launch a new MFA bombarding attack that tricks them into resetting their Apple IDs. Hence, it is recommended to avoid clicking on any incoming notifications or messages that ask to perform password resets. Besides, taxpayers are targeted by WarzoneRAT via a variety of email phishing attacks that use ZIP archives, DLL sideloading, and LNK files to bypass security checks.
In the realm of vulnerabilities, a decade-old Linux WallEscape flaw has received a security patch as it was reported that the flaw can be exploited to steal passwords or change the victim's clipboard.
Top Breaches Reported in the Last 24 Hours
Harvard Pilgrim updates on data breach
Havard Pilgram Heath Care revealed that nearly 2.9 million people were affected in the April 2023 ransomware attack, which is an increase of about 12% from the one million originally stated. The attackers were in the systems from March 28, 2023, to April 17, 2023, during which they stole personal and protected health information of current and former subscribers and dependents, as well as current contracted providers.
OTrack leaks a trove of students’ data
A misconfigured database belonging to OTrack, a school tracking software provider, had exposed records, including names, grades, academic achievements, enrolled subjects, and indications of learning disabilities, of millions of students in the U.K. Besides, the database also contained approximately 214,000 unique images of students. These records contained data from 2017 to 2023.
Hot Topic hit by credential stuffing attacks
Hot Topic disclosed that the personal information and partial payment details of its customers were compromised in a series of credential-stuffing attacks that took place in November 2023. As per the breach notification, the attackers used login information obtained from an unknown source to target Hot Topic Rewards accounts. This enabled them to steal information such as names, email addresses, order histories, phone numbers, mailing addresses, and dates of birth of customers.
Apple users targeted by MFA bombing attacks
Attackers targeted Apple iPhone users with a rash of MFA bombing attacks that used a relentless series of legitimate password-reset notification alerts in an attempt to take over their iCloud accounts. While the attack was primarily carried out through push notifications, many reported receiving vishing phone calls purporting to be from Apple support staff. It is believed that the attackers used a bug in Apple’s password reset feature to send several prompts to users.
Top Malware Reported in the Last 24 Hours
WarzoneRAT distributed in tax-themed attacks
WarzoneRAT was observed in a series of tax-themed phishing attacks that leveraged several techniques to evade detection. In one instance, the infection chain used a ZIP archive to conceal a malicious LNK file that ultimately led to the deployment of the malware. In another attack, the attackers leveraged the ZIP archive to hide a legitimate EXE file, a malicious DLL, and a PDF document, which ultimately propagated the Warzone RAT in the final stage.
Over 100 malicious packages detected
Researchers detected over 100 malicious packages targeting the PyPi registry. Among those libraries are Pytorch, Matplotlib, and Selenium. The attack involves a typosquatting technique designed to trick developers into downloading malicious versions of those packages—for example, “Matplotltib”, “selennim”, and “PyToich.”
Top Vulnerabilities Reported in the Last 24 Hours
WallEscape flaw
A security vulnerability dubbed WallEscape, in the wall command of the util-Linux package, can allow an unprivileged attacker to steal passwords or change the victim’s clipboard. Tracked as CVE-2024-28085, the flaw has existed in every version of the package released in the past 11 years. As per the PoC exploit code, the flaw can be exploited if the ‘mesg’ utility is active and the wall command has ‘setgid’ permission. Users are advised to upgrade to linux-utils v2.40 to address the vulnerability.
JetBrains patches 26 flaws
JetBrains issued patches for 26 security flaws in its TeamCity build management and continuous server. Three of these vulnerabilities are related to cross-site scripting flaws that can allow attackers to execute arbitrary code by tricking victims into clicking on a specially crafted link. Another eight flaws can be abused to bypass two-factor authentication by sending a specially crafted URL parameter.
Splunk issues patches for two flaws
Splunk announced security patches for several security flaws, including two high-severity vulnerabilities, impacting its Enterprise product. One of the high-severity flaws (CVE-2024-29946) exists in the Dashboard Examples Hub in the Splunk Dashboard Studio app that lacks protection for risky SPL commands. The second flaw (CVE-2024-29945) is related to the potential exposure of authentication tokens during the token validation process and impacts versions below 9.2.1, 9.1.4, and 9.0.9.
Tags
Posted on: March 29, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
