Welcome to this week’s Threat Intelligence Roundup! Each week we’ll cover the latest on emerging threats, trends, and top security practices. Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
North Korean Hackers Exploiting Weak DMARC Settings The U.S. government has warned that a North Korean hacking group, known as Kimsuky, is exploiting vulnerabilities in email security protocols (DMARC settings) to conduct disguised spear-phishing attacks. These weak DMARC settings allow the hackers to send emails that appear legitimate, thereby increasing the success rate of their phishing campaigns. We have a new finding in our pen tests as well as upcoming content addressing DMARC/DKIM/SPF settings as well as some remediation guidelines in the threat intelligence email blast.
This week’s roundup:
VPN TunnelVision Exploit Leaks Traffic A newly discovered attack technique called TunnelVision can expose VPN traffic, regardless of the VPN system used. This method exploits weaknesses in how VPNs handle encrypted traffic, potentially allowing malicious actors to intercept and decipher this data. The vulnerability poses a significant risk as it affects a broad range of VPN technologies, undermining their primary function of safeguarding user privacy and data security. You should be getting an email blast about this soon! This week’s roundup:
WordPress Plugin Litespeed Cache XSS Vulnerability Exploited The LiteSpeed Cache plugin for WordPress, widely used with over 4 million installations, has been identified as having a severe security flaw. This unauthenticated site-wide stored cross-site scripting (XSS) vulnerability, indexed as CVE-2023-40000, allows attackers to inject malicious scripts into websites, posing a significant risk to both site integrity and user safety. This is a major issue, and we recommend removal of the LiteSpeed plugin from any of your WordPress sites, immediately.
Tinyproxy Flaw Opens Hosts to Remote Code Execution A critical vulnerability in the Tinyproxy software potentially exposes over 50,000 hosts to remote code execution. This flaw allows attackers to execute arbitrary code on affected systems remotely, significantly compromising the security of these systems. Tinyproxy is a lightweight HTTP/HTTPS proxy daemon used in various environments, making this vulnerability particularly concerning due to its widespread deployment. If you or any of your clients utilize Tinyproxy, be sure to implement the fix detailed in the article above.
macOS Spyware “Cuckoo” Targeting Intel and ARM Macs Cybersecurity experts have discovered a new type of spyware called Cuckoo, which targets macOS devices and is particularly difficult to detect and remove due to its persistent nature. This spyware infiltrates the system deeply, making traditional antivirus approaches less effective against it. It’s designed to spy on users by logging keystrokes, capturing screenshots, and stealing files, posing significant privacy and security risks.
BetterHelp to pay $7.8 million in Data Sharing Settlement BetterHelp has agreed to a $7.8 million settlement with the Federal Trade Commission (FTC) after it was found that the online counseling service improperly shared sensitive mental health data of its users with advertisers, including large platforms like Facebook and Snapchat.
Dell Reports Data Breach Impacting 49 Million Customers Dell recently confirmed a significant data breach impacting approximately 49 million customers. The breach involved unauthorized access to data including customer names, physical address, and Dell hardware and order information, including service tag, item description, date of order, and related warranty information.