'Perfctl' Malware Infiltrates Thousands of Linux Servers

Aqua Security researchers have identified a new malware family that targets Linux systems, aiming to gain persistent access and exploit resources for cryptocurrency mining.

Firefox 131 Update Fixes Critical Zero-Day Exploit

Mozilla released a Firefox update to fix a zero-day vulnerability that was being actively exploited for remote code execution.

SAP Patches Critical Flaw in BusinessObjects

SAP has issued six new security notes addressing various vulnerabilities, including a critical flaw in its BusinessObjects Business Intelligence product line.

Adobe Issues Fixes for Critical Flaws in Commerce and Magento Products

Adobe has released urgent patches to address security vulnerabilities across multiple product lines, warning of potential code execution risks on both Windows and macOS platforms.

Microsoft Confirms Zero-Day Exploit in Windows Management Console

Microsoft has issued an warning about an exploited code execution vulnerability in the Windows Management Console, a component used for system configuration and monitoring.

Palo Alto Patches for Firewall Security Flaws

Palo Alto Networks released patches to address multiple critical vulnerabilities in its Expedition customer migration tool, warning that attackers could easily exploit these flaws to take over firewall administrator accounts.

OpenAI Reveals Iranian Hackers Exploited ChatGPT to Orchestrate ICS Attacks

A recent report from OpenAI reveals that the company has disrupted over 20 cyber and covert influence operations this year, including those conducted by Iranian and Chinese state-sponsored hackers.

Qualcomm Warned of Potential Zero-Day Exploited in Targeted Attacks

Qualcomm released a security advisory, detailing patches for 20 vulnerabilities in its products, including a zero-day flaw that has been actively exploited.

Marriott International has agreed to a $52 million settlement and will implement enhanced data security measures to resolve state and federal claims stemming from major data breaches that impacted over 300 million customers globally.

Massive Data Breach at Internet Archive Impacts 31 Million Users

The Internet Archive has confirmed a data breach that has compromised the personal information of 31 million users.

MoneyGram Confirms Personal Data Theft in Recent Cyberattack

MoneyGram announced that a September 2024 cyberattack resulted in the theft of personal information and caused a global service outage.

Patelco Credit Union Data Breach Affects Over 1 Million Customers

Patelco Credit Union has reported a ransomware attack that resulted in the theft of personal information belonging to over 1 million individuals.

Ransomware Attack on Access Sports Affects 88,000 Users in Data Breach

Access Sports Medicine & Orthopaedics is notifying over 88,000 individuals that their personal information, including names, Social Security numbers, dates of birth, financial details, medical records, and health insurance information, was compromised in a recent cyberattack.

Hackers Demand $6 Million Ransom for Stolen Files from Seattle Airport Operator

Hackers are demanding $6 million in bitcoin from the Seattle-Tacoma International Airport operator after stealing and posting documents on the dark web.

National Public Data Files After Breach Exposes Billions of Records

The breach may have affected hundreds of millions of people, prompting state prosecutors across the US to demand civil penalties. National Public Data, the company responsible for the massive leak of Social Security numbers, has filed for bankruptcy.

The compromised data includes Social Security numbers, full names, addresses, phone numbers, and other personal information, totaling 277GB and containing 2.7 billion records.

CreditRiskMonitor Data Breach Exposes Employee Information

CreditRiskMonitor, a provider of intelligence and analytics for credit and supply chain professionals, has disclosed a data breach that may have exposed the personal information of employees and independent contractors.

'Perfctl' Malware Infiltrates Thousands of Linux Servers

The perfctl malware has been exploiting vulnerabilities and misconfigurations in millions of Linux systems, potentially infecting thousands. Aqua Security found that perfctl focuses on evasion and persistence by using a rootkit to conceal itself on compromised systems. It operates in the background as a service, activates only when the machine is idle, communicates via a Unix socket and Tor, creates a backdoor on the infected server, and attempts to escalate privileges.

The attack chain starts with the exploitation of a vulnerability or misconfiguration, followed by the deployment and execution of the payload from a remote HTTP server. The malware then copies itself to the temp directory, terminates the original process, deletes the initial binary, and runs from the new location. The payload includes an exploit for CVE-2021-4043, a medium-severity null pointer dereference bug in the open-source multimedia framework Gpac, which it uses to try to gain root privileges.

Firefox 131 Update Fixes Critical Zero-Day Exploit

Mozilla has released Firefox 131.0.2 to address CVE-2024-9680, a high-severity code execution vulnerability actively exploited as a zero-day. This use-after-free issue in the browser’s Animation timeline allows attackers to execute code in the content process. Security updates are also available for Firefox ESR versions 128.3.1 and 115.16.1. These updates come just a week after Mozilla’s release of Firefox 131 and Firefox ESR versions 128.3 and 115.16, which included patches for multiple vulnerabilities.

SAP Patches Critical Flaw in BusinessObjects

SAP has issued 12 new and updated security notes for October 2024, including a critical fix for a vulnerability in BusinessObjects. The critical-severity flaw, CVE-2024-41730, involves a missing authorization check in the BusinessObjects Business Intelligence suite.

Additionally, SAP has addressed four high-severity vulnerabilities in Enterprise Project Connection, identified in the Spring framework (CVE-2024-22259, CVE-2024-38809, CVE-2024-38808) and Log4j (CVE-2022-23302) open-source libraries.

Users are strongly advised to apply these patches and mitigations as outlined in SAP’s security notes immediately.

Adobe Issues Fixes for Critical Flaws in Commerce and Magento Products

Adobe has issued a critical-severity bulletin detailing 25 vulnerabilities in Adobe Commerce, which could lead to code execution, privilege escalation, and security feature bypass attacks. Two of these vulnerabilities have a CVSS severity score of 9.8/10.

Affected versions include Adobe Commerce 2.4.7-p2 and earlier, as well as Magento Open Source 2.4.7-p2 and earlier.

Additionally, a separate bulletin highlights at least 10 flaws in Adobe Animate that could result in code execution and memory leaks. Adobe has also identified critical security issues in Adobe Lightroom, Adobe InCopy, Adobe InDesign, Adobe Substance 3D Stager, and Adobe FrameMaker.

Microsoft Confirms Zero-Day Exploit in Windows Management Console

Microsoft has issued a warning about attackers exploiting Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems.

The zero-day vulnerability, CVE-2024-43572, is a remote code execution flaw in the Microsoft Management Console (MMC), a frequently targeted Windows component. With a CVSS severity score of 7.8/10, this vulnerability is part of a significant patch rollout addressing at least 119 documented vulnerabilities across the Windows ecosystem.

Additionally, Microsoft has released patches for several known issues, including a Winlogon privilege escalation flaw (CVE-2024-43583), a Windows Hyper-V security feature bypass bug (CVE-2024-20659), and a code execution vulnerability in the Windows cURL implementation.

Palo Alto Patches for Firewall Security Flaws

Palo Alto Networks has identified critical vulnerabilities in PAN-OS firewalls, affecting Expedition versions before 1.2.96. These flaws, discovered by Horizon3.ai, could expose sensitive data like usernames, passwords, and API keys.

Key vulnerabilities include:

• CVE-2024-9463 (CVSS 9.9): Unauthenticated OS command injection, exposing sensitive data.

• CVE-2024-9464 (CVSS 9.3): Authenticated OS command injection, similar exposure as CVE-2024-9463.

• CVE-2024-9465 (CVSS 9.2): SQL injection, accessing database contents and arbitrary files.

• CVE-2024-9466 (CVSS 8.2): Cleartext storage of sensitive information.

• CVE-2024-9467 (CVSS 7.0): Reflected XSS, enabling malicious JavaScript execution.

Updating to the latest version is crucial to mitigate these risks.

OpenAI Reveals Iranian Hackers Exploited ChatGPT to Orchestrate ICS Attacks

OpenAI has successfully disrupted 20 cyber and influence operations this year, including activities by Iranian and Chinese state-sponsored hackers. Among these threat actors is CyberAv3ngers, a group linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), known for its attacks on the water sector.

The report also highlights the activities of another Iranian hacker group, Storm-0817, which attempted to use ChatGPT for developing malware to steal information from Android devices. Additionally, they sought assistance from the AI service to create an Instagram scraper and translate LinkedIn profiles into Persian.

Furthermore, OpenAI summarized the activities of the China-linked threat actor SweetSpectre. This group utilized ChatGPT for reconnaissance, vulnerability research, malware development, and social engineering. They also attempted to send malware-laden emails to OpenAI employees, which were successfully blocked before reaching the targeted inboxes.

Qualcomm Warned of Potential Zero-Day Exploited in Targeted Attacks

Google and Amnesty International have discovered that the Qualcomm chipset vulnerability, identified as CVE-2024-43047, is being actively exploited. This vulnerability impacts over 60 Qualcomm chipsets, including those in the FastConnect, QCA, QCS, Video Collaboration, SA, SD, SG, Snapdragon, SW, SXR, WCD, WCN, and WSA series. Although Qualcomm was informed of the flaw in late July and has since developed a patch, it will take a significant amount of time for the update to reach end-user devices. Additionally, many systems that do not receive regular updates may never be patched.

Marriott to Pay $52 Million and Strengthen Data Security After Data Breach Probes

Marriott has agreed to pay $52 million and implement enhanced data security measures to settle claims related to significant data breaches that impacted over 300 million customers. According to the FTC’s proposed complaint, these breaches allowed “malicious actors” to obtain passport information, payment card numbers, loyalty numbers, dates of birth, email addresses, and other personal information from hundreds of millions of consumers.

Massive Data Breach at Internet Archive Impacts 31 Million Users

The Internet Archive has been hacked and subjected to a significant DDoS attack, affecting 31 million users. Over 31 million compromised records have been added to Have I Been Pwned (HIBP), including email addresses, usernames, and password hashes generated with the Bcrypt algorithm. It’s important to note that the difficulty of cracking Bcrypt-hashed passwords depends on their strength—weak passwords can be cracked within minutes.

Additionally, the Internet Archive website was defaced with a message announcing the breach and has experienced multiple outages in the past few days due to the DDoS attack.

MoneyGram Confirms Personal Data Theft in Recent Cyberattack

Hackers infiltrated MoneyGram’s systems during a three-day attack in September 2024, compromising personal information. The breach affected names, addresses, phone numbers, email addresses, dates of birth, national ID numbers, copies of government-issued IDs, other identification documents, bank account numbers, transaction information, MoneyGram Plus Rewards numbers, and criminal investigation information. In response, MoneyGram is offering affected individuals two years of free identity monitoring services, which include free credit monitoring for US customers.

Patelco Credit Union Data Breach Affects Over 1 Million Customers

Patelco Credit Union has reported to authorities that a ransomware attack this summer resulted in the theft of data belonging to over 1 million individuals. The compromised information includes names, dates of birth, driver’s license numbers, Social Security numbers, and email addresses, although the specific data varies by individual. While Patelco did not disclose the responsible ransomware group, the RansomHub gang listed the union on its Tor-based leak site in mid-August, stating that negotiations had failed and that the stolen data was being auctioned. RansomHub also claimed that the stolen data included additional information such as gender, addresses, phone numbers, passwords, and credit ratings.