According to a report by Sansec, no fewer than 110,000 sites using polyfill.io have suffered the effects of a supply chain attack orchestrated by a Chinese-owned company. Details about the incident revealed that after acquiring the domain, the Chinese company now redirects all traffic to a malicious website designed to scam victims through a modified JavaScript library titled “polyfill.js.”
Attackers Leveraging New MOVEit Vulnerability for Malicious Purposes
According to cybersecurity researchers, the vulnerability tracked as CVE-2024-5806 with a CVSS score of 9.1, impacts MOVEit Transfer versions from 2023.0.0 before 2023.0.11, 2023.1.0 before 2023.1.6, and 2024.0.0 before 2024.0.2. This vulnerability allows threat actors to bypass SFTP authentication and gain access to MOVEit Transfer and Gateway systems. More details about the situation revealed that exploitation attempts started almost immediately after the public disclosure of the vulnerability.
A statement confirming the situation stated, “Improper authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to authentication bypass.” Some researchers have also confirmed the possibility of threat actors leveraging the vulnerability to impersonate any user on the server.
“While the more devastating vulnerability, the ability to impersonate arbitrary users, is unique to MOVEit, the less impactful (but still very real) forced authentication vulnerability is likely to affect all applications that use the IPWorks SSH server.”
Progress Software released patches to address the vulnerability and other critical SFTP-associated authentication bypass vulnerabilities and advised users to apply the patches immediately.
Apple Addresses Bluetooth AirPods Eavesdropping Vulnerability
The tech giant has confirmed addressing the vulnerability CVE-2024-27867, an authentication issue affecting all models of AirPods Pro, AirPods Max, second-generation AirPods and later versions, Powerbeats Pro, and Beats Fit Pro, through a firmware update. The vulnerability discovered by Jonas Dreßler suggests adversaries within close range could easily eavesdrop on users’ private conversations.
A statement released by the tech giant confirmed that “When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.”
Global Infrastructures at Risk of Ransomware Attacks From Chinese and North Korean Hackers
A discovery showed that China and North Korean-linked threat actors have been involved in ransomware and data encryption attacks on government and non-government critical infrastructure between 2021 and 2023.
According to Aleksandar Milenkoski and Julian-Ferdinad Vögele, “Threat actors in the cyber espionage ecosystem are engaging in an increasingly disturbing trend of using ransomware as a final stage in their operations for financial gain, disruption, distraction, misattribution, or removal of evidence.”
A joint report shared by SentinelOne and Recorded Future provided more insight into the attack, revealing a cluster of activity associated with ChamelGang (aka CamoFei) and another cluster associated with Chinese and North Korean state-sponsored groups. By leveraging CatB ransomware, ChamelGang directed attacks towards the All India Institute of Medical Sciences (AIIMS), the presidency of Brazil, East Asian governments, and Indian aviation organizations.
Bank Users Across Seven Countries at Risk of New Medusa Android Trojan
Bank users across Canada, France, Italy, Spain, Turkey, the United Kingdom, and the United States must take security measures to avoid falling victim to the newly updated version of an Android banking trojan called Medusa. Reports from Cleafy, a cybersecurity company, indicated that threat actors began the fraud campaign in May 2024, and it has been active since July 2023, implying that several people may have fallen victim to it.
Further details about the new trojan variant revealed it has a lightweight permission set, the ability to uninstall applications remotely, and the capability to display a full-screen overlay.
Ransomware Attacks on Harris Ranch Beef and OCASA
Harris Ranch Beef is a food and beverage company specializing in high-quality beef products, integrated beef production, fresh boxed beef, fresh seasoned beef, fully cooked beef, deli meats, value-added ground beef, cattle sourcing, cattle feeding & processing, sustainability, and animal welfare, has suffered a ransomware attack by RansomHub. The company has over 5,000 employees and a revenue of $507.5 million.
The Akira ransomware group attacked OCASA, a global family-owned business with over four decades of experience in specialized logistics for the pharmaceutical industry. The company, with over 5,000 employees and a revenue of $653.2 million, specializes in patient-driven innovation, temperature-controlled logistics, biopharmaceutical storage and distribution, clinical trial logistics, patient-centric services, clinical supplies depot solutions, GMP depot solutions, packaging & labelling, bio-storage, returns, reconciliation & destruction services, cold chain, and temperature-controlled logistics.