Weekly Cybersecurity News

๐‚๐ฒ๐›๐ž๐ซ๐๐ฎ๐ฅ๐ฌ๐ž ๐„๐ฉ๐ข๐ฌ๐จ๐๐ž ๐Ÿ–

photo of ๐‚๐ฒ๐›๐ž๐ซ๐๐ฎ๐ฅ๐ฌ๐ž ๐„๐ฉ๐ข๐ฌ๐จ๐๐ž ๐Ÿ–

Here are some of the most important cybersecurity updates this week ๐Ÿ‘‡


๐Ÿ” ๐ˆ๐ง๐ญ๐ซ๐ฎ๐ฌ๐ข๐จ๐ง ๐š๐ญ ๐ญ๐ก๐ž ๐๐š๐ง๐ช๐ฎ๐ž ๐๐ž ๐…๐ซ๐š๐ง๐œ๐ž โ€“ ๐๐ซ๐ž๐š๐œ๐ก ๐จ๐ซ ๐๐ฅ๐ฎ๐Ÿ๐Ÿ?

โŸถ Hackers claimed to have accessed sensitive employee and client data from the Banque de France and initially listed the files for $50,000, later dropping to $10,000.

โŸถ The bank denied any breach of its secured information systems, attributing the incident to unauthorized access to an external HR extranet, now disabled.

โŸถ The group behind the attack, Near2tlg, has a record of high-profile breaches, including Direct Assurance and Mediboard.


๐Ÿ›ก๏ธ ๐€๐ฏ๐š๐ฌ๐ญ ๐€๐ง๐ญ๐ข-๐‘๐จ๐จ๐ญ๐ค๐ข๐ญ ๐„๐ฑ๐ฉ๐ฅ๐จ๐ข๐ญ๐ž๐ ๐›๐ฒ ๐‚๐ฒ๐›๐ž๐ซ๐œ๐ซ๐ข๐ฆ๐ข๐ง๐š๐ฅ๐ฌ

โŸถ Researchers discovered a BYOVD (Bring Your Own Vulnerable Driver) attack leveraging an old Avast anti-rootkit driver to disable over 140 security processes.

โŸถ Avast patched the flaw in 2021, and Microsoft has blocked older versions of the driver, but legacy systems remain vulnerable.


โœ‰๏ธ ๐Œ๐ข๐œ๐ซ๐จ๐ฌ๐จ๐Ÿ๐ญ ๐„๐ฑ๐œ๐ก๐š๐ง๐ ๐ž ๐‚๐ก๐š๐จ๐ฌ โ€“ ๐๐š๐ญ๐œ๐ก๐ข๐ง๐  ๐ญ๐ก๐ž ๐๐š๐ญ๐œ๐ก

โŸถ Microsoftโ€™s November 2024 Exchange Server update caused widespread mail flow disruptions due to conflicts with custom mail flow rules.

โŸถ The re-released SUv2 update resolves these issues and addresses spoofing exploits (CVE-2024-49040).


โšก ๐‘๐จ๐ฆ๐‚๐จ๐ฆ ๐’๐ญ๐ซ๐ข๐ค๐ž๐ฌ ๐€๐ ๐š๐ข๐ง ๐ฐ๐ข๐ญ๐ก ๐™๐ž๐ซ๐จ-๐ƒ๐š๐ฒ ๐„๐ฑ๐ฉ๐ฅ๐จ๐ข๐ญ๐ฌ

โŸถ RomCom threat actors exploited two zero-day vulnerabilities:

โ€ข CVE-2024-9680 (Firefox RCE).

โ€ข CVE-2024-49039 (Windows Task Scheduler Privilege Escalation).

โŸถ Fake websites lured victims to deploy RomCom RAT, targeting users across Europe and North America.


๐Ÿง ๐๐จ๐จ๐ญ๐ค๐ข๐ญ๐ญ๐ฒ: ๐”๐„๐…๐ˆ ๐“๐ก๐ซ๐ž๐š๐ญ๐ฌ ๐๐จ๐ฐ ๐“๐š๐ซ๐ ๐ž๐ญ ๐‹๐ข๐ง๐ฎ๐ฑ

โŸถ The first UEFI bootkit for Linux, dubbed Bootkitty, disables kernel signature verification and preloads malicious modules during the init process.

โŸถ Hooks and patches in Secure Boot bypass integrity checks, presenting a new threat landscape.