The HighPoint Security Hub – Dec 1, 2023

Navigating the ever-evolving landscape of cyber threats is a constant challenge. “The Security Hub” is here to make it easier, offering a succinct overview of the most pressing developments from the past two weeks.

This week, cybercriminals delivered Infostealers to Mac users, SAP issued a critical security patch and new malware targets MacOS.

Global Developments

1. Mac users are under threat as cybercriminals employ fake browser update tactics to deliver an Infostealer. Experts say this could be the first time they’ve observed a dominant social engineering scam previously aimed specifically at Windows make the shift to macOS. Vigilance is crucial, and users are advised to only download updates from official sources to avoid falling victim to this deceptive campaign. Read more.
2. Security researchers uncover the BLUFFS attack, enabling attackers to hijack Bluetooth connections. These attacks break the secrecy of Bluetooth connections, allowing for device impersonation and man-in-the-middle attacks. Users are urged to stay informed and update their devices promptly to mitigate the risk of exploitation. Read more.
3. A critical vulnerability in the ownCloud file-sharing app puts user security at risk by exposing admin passwords. The flaw can be used to steal credentials and configuration information in containerized deployments, impacting all environment variables of the webserver. Users and administrators are advised to apply the latest patches and updates to secure their ownCloud installations against potential unauthorized access. Read more.

Commonly Used Tools and Gadgets

1. Microsoft addressed a known issue caused by October updates, restoring functionality to Windows Server virtual machines. The issue was causing blue screens and boot failures in Windows Server 2022 VMs. The fixes aim to resolve disruptions experienced by users after applying the earlier updates. Read more.
2. SAP issues a critical security patch for its Business One product, addressing a vulnerability that could expose users to potential cyber threats. The most important of SAP’s updated security notes addresses a critical-severity missing authorization check flaw in CommonCryptoLib, which impacts multiple products from the software maker. The patch is crucial for maintaining the security of SAP Business One installations. Read more.
3. Microsoft releases a patch for a sensitive information disclosure vulnerability found in Azure Command-Line Interface (CLI). The bug existed because certain Azure CLI functions would inadvertently expose secrets through CI/CD logs. Users are urged to update promptly to safeguard sensitive information when utilizing Azure CLI. Read more.
4. Google Chrome faces an active attack exploiting a newly discovered vulnerability. The high-severity vulnerability has been described as an integer overflow bug in Skia, an open source 2D graphics library. Users are advised to stay vigilant and update their browsers promptly to mitigate the risk of potential security breaches. Read more.

Malware and Ransomware

1. A new threat, Atomic Stealer malware, targets macOS by disguising itself in fake browser updates. The ClearFake campaign started in July this year to target Windows users with fake Chrome update prompts that appear on breached sites via JavaScript injections. Users are warned to be cautious and verify updates from official sources to avoid falling victim to this deceptive malware campaign. Read more.
2. LockBit ransomware leverages a critical Citrix vulnerability for unauthorized access. Multiple threat actors are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments. Security alerts highlight the urgency of patching systems to prevent potential LockBit ransomware attacks exploiting this vulnerability. Read more.
3. The LummaC2 malware introduces an advanced anti-sandbox technique based on trigonometry. The technique leverages the mathematical principle of trigonometry to evade detection and exfiltrate valuable information from infected hosts. Security experts advise heightened vigilance as this innovative evasion method poses challenges for traditional sandbox detection. Read more.
4. A newly discovered botnet malware exploits two zero-day vulnerabilities to compromise Network Video Recorders (NVRs) and routers. The malware hijacks the devices to make them part of its DDoS (distributed denial of service) swarm, presumably rented for profit. Users are urged to apply security patches promptly to protect their devices from potential exploitation by this sophisticated malware. Read more.