The biggest cyber attacks and vulnerabilities from October 2024
Insights and trends from recent cyber threats and vulnerabilities from October.
Arjun Pednekar
1st November 2024
In October, we witnessed a jailbreak in ChatGPT-4o exposed by Mozilla’s new AI bug bounty program, 0Din, 900 reports of surfaced phishing emails mimicking Starbucks, and Lazarus Group exploiting Chrome Zero-Day via a fake DeFi game, among other developments.
1. New Windows zero-day exploit exposes user credentials via theme spoofing
A significant zero-day flaw in Windows now allows threat actors to capture NTLM hashes, posing a severe risk of exposing user credentials. This flaw, affecting all Windows versions from 7 to 11, leverages Windows Themes spoofing, allowing attackers to exploit theme files and send authentication hashes to malicious systems. Microsoft’s previous patches for similar vulnerabilities have proven insufficient, leaving systems open to further exploitation.
2. Critical Fortinet and SharePoint vulnerabilities enable widespread remote code execution
Another critical development highlights vulnerabilities in Fortinet’s FortiManager. This flaw (CVE-2024-47575) allows unauthenticated remote code execution, letting attackers access sensitive data across up to 100,000 devices managed via FortiManager consoles. This vulnerability, resulting from missing authentication, has been added to CISA’s Known Exploited Vulnerability catalogue due to its potential for extensive damage. Similarly, a severe deserialisation flaw in Microsoft SharePoint (CVE-2024-38094) with a CVSS score of 7.2 poses remote code execution risks, urging immediate patching by administrators to protect against potential exploitation.
3. Mozilla’s 0Din program uncovers AI jailbreak in ChatGPT-4,
In parallel, Mozilla’s new AI bug bounty program, 0Din, uncovered a jailbreak in ChatGPT-4o, showcasing the risk of sophisticated obfuscation techniques like hexadecimal encoding and emojis to bypass AI safeguards. This incident underscores the growing concern around AI vulnerabilities, highlighting the need for advanced protection as AI becomes a core component of cyber security strategies. The program aims to address AI vulnerabilities, offering up to $15,000 for critical findings.
4. Lazarus Group exploits Chrome Zero-Day via fake DeFi game
Moreover, the Lazarus Group’s BlueNoroff subgroup recently exploited a zero-day vulnerability in Google Chrome, granting attackers complete control over affected systems through a fake decentralised finance (DeFi) game site. This exploit, targeting Chrome’s V8 JavaScript engine, bypassed security measures and infected users with Manuscrypt malware, which the group used to gain system control. Google responded with a swift patch, though this incident marks an unusual escalation by Lazarus, which rarely targets individual users directly.
5. Cisco patches actively exploited DoS vulnerability in VPN service
Cisco also responded to several vulnerabilities in its ASA, FMC, and FTD products, including an actively exploited denial-of-service (DoS) vulnerability in the Remote Access VPN (RAVPN) service (CVE-2024-20481). This flaw, stemming from resource exhaustion, enables attackers to overload RAVPN services, potentially causing widespread service disruptions. Additionally, Cisco patched vulnerabilities involving static credentials and command injection but noted that these have yet to be actively exploited.
6. VMware issues second patch for critical vCenter vulnerabilities
A second patch was also required for VMware’s vCenter Server, addressing a critical heap overflow vulnerability (CVE-2024-38812) after an initial fix failed. With a CVSS score of 9.8, this flaw allows for remote code execution via network packets. A related vulnerability (CVE-2024-38813) also enables privilege escalation to root, affecting various vCenter and VMware Cloud Foundation versions. VMware’s rapid response underscores the need for vigilance and immediate remediation of high-impact vulnerabilities.
7. Internet Archive hit by data breach and DDoS Attacks, exposing 800,000 support records
8. Sophisticated spear phishing scams impersonate Starbucks
Alongside technical vulnerabilities, social engineering attacks continue to proliferate. Spear phishing campaigns have become increasingly sophisticated, leveraging psychological tactics to gain unauthorised access. In the UK, over 900 reports surfaced of phishing emails mimicking Starbucks, tricking users into revealing credentials or installing malware under the guise of a “Coffee Lovers Box” offer. Experts stress caution with unsolicited offers, noting that familiar brand names often lull recipients into a false sense of security.
9. NCSC celebrates 10 years of Cyber Essentials
To combat escalating threats, the UK’s National Cyber Security Centre (NCSC) recently marked the 10th anniversary of the Cyber Essentials certification, advocating for broader adoption of its security controls. A recent evaluation found high satisfaction among certified organisations, with Cyber Essentials increasingly used as a benchmark in government contracts to strengthen supply chain security. Dr Richard Horne, the new head of the NCSC, echoed this call for robust defences during Singapore International Cyber Week, urging global collaboration and secure-by-design principles to close the widening cyber security gap.
10. Rising cyber threats highlight the need for stronger global collaboration
Together, these incidents underscore the urgent need for organisations to maintain up-to-date defences, implement comprehensive security policies, and foster cross-border cooperation to mitigate the growing complexity of cyber threats. The surge in vulnerabilities, from Windows NTLM hash exposure to sophisticated phishing attacks, reveals the multifaceted nature of modern cyber security risks and emphasises the importance of technological and human vigilance in the face of evolving digital threats.
With cyber threats becoming increasingly complex, it’s more crucial than ever to remain alert and proactive. Individuals should be wary of unexpected emails and brand impersonations, keep software updated, and use strong security measures like multi-factor authentication. For businesses, adopting security standards and collaborating on cyber security initiatives can enhance protection. By maintaining awareness and taking prompt action, both individuals and organisations can better defend against today’s sophisticated digital threats.
Stay secure, stay informed, and most importantly, stay engaged. Your active participation in the cyber security community is crucial for our collective safety. Why not talk to us about your cyber security requirements?