Today on the Security Bench, here is a quick summary of the major cybersecurity events during the day. It’s no new saying that cybersecurity is worth every penny of investment. The cost of clearing up the mess associated with a cyber incident is usually more than the required investment to maintain a good cybersecurity posture.
- Trending vulnerabilities affecting Apple, Apache, Adobe, D-Link, and Joomla have been added by CISA to the known Exploited Vulnerabilities (KEV) catalogue with evidence of active exploitation. However, there is no walkthrough yet about how the vulnerability is exploited in the wild. The vulnerabilities include CVE-2023-27524 (CVSS score: 8.9), CVE-2023-38203 (CVSS score: 9.8), CVE-2023-29300 (CVSS score: 9.8), CVE-2023-41990 (CVSS score: 7.8), CVE-2016-20017 (CVSS score: 9.8), CVE-2023-23752 (CVSS score: 5.3).
- Tiger Wheel and Tyre – a South African online shopping company, has suffered an attack by the Lockbit3.0 ransomware group. The company is famous for selling tyres and batteries and rendering some automobile services.
- Microsoft has released its January 2024 Monthly patches with 48 new vulnerabilities, among which two (CVE-2024-20674 (CVSS score: 9.0) and CVE-2024-20700) are rated critical. The fixes are in addition to the nine security vulnerabilities resolved in the Chromium-based Edge browser since the December 2023 patch Tuesday updates were released.
- FTC has taken action against Outlogic (X-Mode) for selling sensitive location data. This action is part of the settlement over allegations laid against the company for selling precise location data that could aid in tracking people to sensitive locations such as places of worship, hospitals and places of primary residence.
- A Washington-based carbonated drink company, Corinthcoke, suffered a ransomware attack by the Qilin ransomware group. However, the organization has not confirmed or released any insight into how the attack impacted the company and whether customer data was exposed.
- The internet is buzzing as a decryptor for the Tortilla variant of the Babuk ransomware was released to Cisco Talos, allowing victims targeted by the malware to regain access to their files. Tortilla is famous for basing its file-encrypting malware on the leaked Babuk source code.
Lastly, a new Mirai-based botnet targeting SSH servers for Crypto mining called NoaBot has emerged. The report states that the botnet has been a valuable tool to threat actors for crypto mining campaigns since early 2023. The botnet’s capability includes a wormable self-spreader and an SSH key backdoor to download and execute additional binaries or spread itself to new victims.
