The biggest cyber attacks and vulnerabilities from August 2024
Insights and trends from recent cyber threats and vulnerabilities from August.
Arjun Pednekar
30th August 2024
Welcome to our August update on cyber attacks and news. This month’s highlights include discovering North Korean-linked malicious npm packages, rising telecom threats, and critical vulnerabilities in enterprise software requiring urgent patches. We also cover a major extortion campaign exploiting exposed environment variables, Microsoft’s zero-click RCE vulnerability patch, and Ivanti’s fix for an authentication bypass. Read on for details on these crucial developments.
1. Phylum uncovers North Korean-linked malicious npm packages
A significant discovery by Phylum has revealed malicious npm packages using advanced obfuscation techniques to deploy malware. These packages, such as `qq-console` and `helmet-validate`, have ties to North Korean operations, including the “Contagious Interview” campaign. The latter package, released on 23rd August 2024, executes malicious code via the `ipcheck[.]cloud` domain, signalling a consistent tactic in North Korean cyber activities.
2. Telecom threats highlight security gaps in messaging channels
Parallel to these developments, messaging channels have surged in importance for customer engagement, with SMS and voice channels maintaining their dominance. This widespread use has, however, attracted telecom-based threats like SMS toll fraud and 2FA hijacking, notably impacting significant companies such as X. These developments highlight the ongoing need for enhanced security protocols to protect against evolving threats.
3. Shifting pressures demand adaptive cyber security strategies
External factors such as economic and geopolitical pressures constantly shape the cyber security field. Consequently, security strategies must adapt, integrating periodic assessments to evaluate and improve the effectiveness of tools, processes, and teams. This iterative process is crucial for maintaining a resilient security posture in a rapidly changing environment.
4. Rising AI data leaks urge stricter security measures
In the field of AI, a concerning trend has emerged: hundreds of open-source large language model servers and vector databases are inadvertently leaking sensitive data due to inadequate security measures. Researcher, Naphtali Deutsch, uncovered vulnerabilities, including the CVE-2024-31621 flaw in Flowise. This highlights the urgent need for stringent security practices in AI deployments to protect sensitive information.
5. AI-enhanced cyber defence key amid a talent shortage
Cyber resilience expands beyond disaster recovery, incorporating proactive and reactive measures enhanced by AI and automation. The 2024 CODB Report underscores the cost-saving potential of integrating AI in proactive security workflows. However, the ongoing talent shortage in cyber security necessitates supporting AI tools to retain skilled professionals and prevent costly turnover.
6. Urgent patches needed for critical enterprise software vulnerabilities
Critical vulnerabilities have also been reported in enterprise software, with Progress Software’s WhatsUp Gold and SolarWinds’ IT help desk software requiring urgent patches. The disclosure of CVE-2024-28987 in SolarWinds software exemplifies the persistent threat landscape and the need for continuous vigilance and timely patch management.
7. Extortion campaign exploits exposed environment variables for data theft
8. Microsoft issues critical patch for zero-click RCE vulnerability
Microsoft’s release of a patch for a critical zero-click RCE vulnerability in the TCP/IP stack marks another significant development. Affecting all Windows systems with IPv6 enabled, this flaw, CVE-2024-38063, poses a high risk of exploitation, necessitating immediate patch application to prevent potential attacks. Additionally, Microsoft patched 90 new CVEs for August’s Patch Tuesday, nine zero-days and six actively exploited in the wild. Five exploited zero days were high-severity, and the other one was medium.
9. Ivanti fixes authentication bypass vulnerability in Virtual Traffic Manager
Finally, Ivanti’s Virtual Traffic Manager has addressed a vulnerability allowing unauthorised access through an authentication bypass. This flaw underscores the importance of robust authentication mechanisms to prevent unauthorised access and potential data breaches.
While significant breaches like those at Equifax or Uber highlight the immediate reputation and financial damage, insecure code has a hidden, long-term cost: technical debt. Quick fixes for vulnerabilities often create lingering issues that bog down engineering teams with ongoing bug fixes and maintenance, stifling productivity and innovation. This technical debt leads to inflated infrastructure costs and prevents teams from pursuing new projects. Insecure code silently drains time, money, and morale, creating a barrier to innovation. Addressing this issue early with better code security practices is crucial for maintaining sustainable engineering velocity.
As we continue to witness these developments, addressing technical debt and implementing secure coding practices are vital for maintaining sustainable engineering efficiency and innovation.
Stay secure, stay informed, and most importantly, stay engaged. Your active participation in the cyber security community is crucial for our collective safety. Why not talk to us about your cyber security requirements?