A recent discovery by cybersecurity researchers revealed an ongoing social engineering campaign targeting and attacking enterprises with massive spam emails aiming to achieve access into the enterprise environment for privilege escalation and further exploitation. The campaign, which was said to have started in April 2024, delivers emails structured as newsletter subscription confirmations from legitimate organizations. A deeper detail by Rapid7 researchers proposed, “The incident involves a threat actor overwhelming a user’s email with junk and calling the user, offering assistance. The threat actor prompts impacted users to download remote monitoring and management software like AnyDesk or utilize Microsoft’s built-in Quick Assist feature to establish a remote connection.”
Two Tech Giants Collaborate to Launch Cross-Platform Feature for Detecting Bluetooth Tracking Devices
Google and Apple, on Monday, notified users about rolling out new features across iOS and Android to help users get informed about stealthy tracking activities. The feature titled DULT (Detecting Unwanted Location Trackers) was initially proposed two years ago before its availability on Android 6.0 and later versions and iOS 17.5 devices. The tech giants claimed “the feature will help mitigate the misuse of devices designed to help keep track of belongings,” the companies said in a joint statement, adding it aims to address “potential risks to user privacy and safety.” Android users will get notification of “Tracker travelling with you”. In contrast, iOS users will receive “item found moving with you” message.
Vulnerabilities in Cacti Framework Might Become the New Goldmine for Hacker
Four now patched vulnerabilities on the Cacti framework listed below would’ve become the entry point for attackers
- CVE-2024-25641(CVSS score: 9.1) – An arbitrary file write vulnerability in the “Package Import” feature that allows authenticated users having the “Import Templates” permission to execute arbitrary PHP code on the web server, resulting in remote code execution
- CVE-2024-29895 (CVSS score: 10.0) – A command injection vulnerability allows any unauthenticated user to execute arbitrary command on the server when the “register_argc_argv” option of PHP is On
- CVE-2024-31445(CVSS score: 8.8) – An SQL injection vulnerability in api_automation.php that allows authenticated users to perform privilege escalation and remote code execution
- CVE-2024-31459(CVSS score: N/A) – A file inclusion issue in the “lib/plugin.php” file that could be combined with SQL injection vulnerabilities to result in remote code execution
These patched vulnerabilities are among the dozen security flaws found by the Cacti open-source network monitoring and fault management framework.
Iddink Group has suffered a ransomware attack resulting in the exposure of 1TB of data by the Cactus ransomware group. The company specializes in Teaching and learning materials, digital learning, personalized learning, student administration systems, digital teaching materials, electronic learning environments (ELO), student tracking systems, Secondary Education, Vocational Education and Training (MBO/BVE), and book distribution. Iddink Group has over 500 employees and a revenue of $80 million.
dAn0n ransomware group hits Semilab with an attack resulting in data exfiltration. The company has over 5000 employees and a revenue of $16.8 million. The company specializes in Optical characterization, Electrical characterization, Metrology, Photovoltaic, Semiconductors, Flat Panel Display, Printed Electronics, Ellipsometry, Photoluminescence, Compound materials, Materials Science, Research & Development, Inspection Systems, Silicon Crystal Defect Measurement, and Innovative Metrology Solutions.