Weekly Cybersecurity Digest: Top 5 News Stories in the Digital Sphere
1. U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown
In a significant joint effort, the U.S. Department of Justice and Microsoft have seized 107 domains used by Russian state-sponsored cyber actors. The domains were part of phishing campaigns, primarily attributed to the COLDRIVER (aka Star Blizzard) group, aiming to steal sensitive information from U.S. government and civil society entities. These cybercriminals targeted NGOs, think tanks, and intelligence officials, particularly those aligned with Ukraine and NATO interests. This action follows a series of sanctions against two key members of the group by the U.K., U.S., and the European Council.
Key Points:
2. WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
A critical stored cross-site scripting (XSS) vulnerability has been identified in the widely used LiteSpeed Cache plugin for WordPress, affecting all versions up to 6.5.0.2. This flaw, tracked as CVE-2024-47374 with a CVSS score of 7.2, could allow attackers to execute arbitrary JavaScript code. The vulnerability stems from improper sanitization of the "X-LSCACHE-VARY-VALUE" HTTP header, which could lead to privilege escalation, data theft, or even a complete website takeover if exploited. The issue was resolved with an update in version 6.5.1.
Key Points:
3. Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit
A new vulnerability dubbed CosmicSting (CVE-2024-34102, CVSS score: 9.8) has been discovered, affecting 5% of Adobe Commerce and Magento stores globally. This critical flaw, caused by improper restriction of XML external entity references (XXE vulnerability), can lead to remote code execution. Despite a patch being released in June 2024, many sites remain vulnerable, and exploitation has escalated, with attacks happening at a rate of 3-5 per hour. The flaw has also been chained with other vulnerabilities like CNEXT to enhance the attack’s impact.
Key Points:
Recommended by LinkedIn
4. New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking
A new stealthy malware dubbed Perfctl has been discovered, primarily targeting Linux servers for cryptocurrency mining and proxyjacking. This malware uses advanced techniques to evade detection, including staying dormant when users are active and deleting its binaries after execution to avoid traceability. It exploits the Polkit vulnerability (CVE-2021-4043) to escalate privileges, enabling it to install a cryptominer (perfcc) and occasionally deploy proxyjacking software.
Key Points:
5. Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors
Cloudflare has successfully mitigated a record-breaking 3.8 Tbps Distributed Denial-of-Service (DDoS) attack that lasted for 65 seconds. The attack, which targeted multiple industries including financial services, telecommunications, and internet sectors, was part of a broader wave of hyper-volumetric attacks in September 2024. This campaign utilized a botnet of compromised devices, including ASUS home routers exploited through CVE-2024-3080. The goal of the attack was to overwhelm the target’s network bandwidth and CPU resources, rendering services inaccessible.
Key Points:
Stay ahead of the curve!🚀 Follow us on LinkedIn and Subscribe to our newsletter 📩 for the latest cyber security updates, insightful articles, and exclusive content to help you navigate the ever-changing threat landscape. Don't forget to check out our Website 🌐 to make your cyberspace safe and secure 🔒, and join our growing community on Instagram 📸 for bite-sized cyber security tips and trends. 💻 🔍