Reports from cybersecurity researchers revealed the active scanning and exploitation of security flaws tracked as CVE-2024-327, with a CVSS score of 9.8, and CVE-2024-3273, with a CVSS score of 7.3. These flaws affect legacy D-Link products and could be exploited by threat actors to execute arbitrary commands on affected D-Link NAS devices. The vulnerability already affects 92,000 internet-exposed D-Link network-attached storage (NAS) devices.
According to one of the statements, “The vulnerability lies within the nas_sharing.cgi URI, which is vulnerable due to two main issues: a backdoor facilitated by hard-coded credentials and a command injection vulnerability via the system parameter.”
Morocco and Western Sahara, Human Rights Activists Become Hackers Target
Cybercrime activities associated with the Sahrawi Arab Democratic Republic (SADR) show that threat actors with the aim of information harvesting are leveraging phishing attacks to lure victims into the installation of bogus Android apps that facilitate credential harvesting pages for Windows users. The activity tracked as Starry Addax by Cisco Talos targets Windows and Android users using cloned social media login pages. The attack vector works by victims either installing a malicious Sahara Press Service application or through direct social media login page harvest. In the situation of an app installation, the FlexStarling malware delivers additional malware components and harvests sensitive information from infected devices.
Flaws in LG Smart TV Becomes Gateway For Root Access by Threat Actors.
The following security flaws in LG webOS running on LG smart televisions have raised concern after cybersecurity researchers discovered the possibility of users gaining root access through it.
CVE-2023-6317 – Allows an attacker to bypass PIN verification and add a privileged user profile to the TV without user interaction.
CVE-2023-6318 – Allows privileges elevation and root access by threat actors to control the device.
CVE-2023-6319 – Allows operating system command injection by manipulating a library named ASM, which is responsible for showing music lyrics.
CVE-2023-6320 – Allows the injection of authenticated commands by manipulating the com.webos.service.connectionmanager/tv/setVlanStaticAddress API endpoint.
The vulnerabilities affects the following webOS versions webOS 4.9.7 – 5.30.40 running on LG43UM7000PLA, webOS 5.5.0 – 04.50.51 running on OLED55CXPUA, webOS 6.3.3-442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB, webOS 7.3.1-43 (mullet-mebin) – 03.33.85 running on OLED55A23LA.
The Blacksuit ransomware group has launched attacks on several businesses, resulting in varying damages. The victims are listed below.
Homeocan: Homeocan is a Canadian pharmaceutical manufacturing company specializing in Homeopathy, Essential Oils, Plant Extracts, Trace Elements, Natural Products, Aromatherapy, Gemmotherapy, Mother Tinctures, Natural Health, and Pharmaceutical Distribution. Homeocan has over 50 employees and a revenue of $5 million.
Olea Kiosks: This is a technological company specializing in Kiosks, Financial, Retail, Loyalty, Health Care, HR, Healthcare, QSR, Restaurant, Casino Gaming, Bill Payment, Bill Pay, Registration, Standard Kiosks, Custom Kiosks, Ticketing, Self-Service, Cyber Security, and Outdoor Kiosks. The company has over 200 employees and a revenue of $11.6 million.
Multi-Fill, Inc: This company offers volumetric fillers and distribution systems for multi-lane horizontal conveyors, vertical form/fill/seal machines for products such as cooked pasta (short and long goods), cooked or IQF rice, various fruits and vegetables, refrigerated salads, and others, into many types of containers at speeds up to 120 containers per minute. The company has over 50 employees and a revenue of $5 million.
Heaford: The company is a global supplier of high-quality mounting and proofing machines and auxiliary equipment dedicated to improving prepress efficiency and productivity in the flexo and gravure industries. The company specializes in gravure, flexo, mounting, proofing, labels, packaging, flexible packaging, narrow web, corrugated, and package printing equipment. Heaford has over 50 employees and a revenue of $5 million.
