The biggest cyber attacks and vulnerabilities from June 2024
Insights and trends from recent cyber threats and vulnerabilities from June.
Arjun Pednekar
1st July 2024
Welcome to our monthly update where we delve into some of the most significant cyber attacks and vulnerabilities that have been reported. In June, we saw vulnerabilities in GitLab and also security flaws in Ollama and Magento. Read on to find out more about these incidents and other cyber attacks and vulnerabilities that made the headlines in June.
1. TeamViewer Breach and Microsoft’s Ongoing Challenges
On 26th June, TeamViewer reported an unauthorised access incident involving its IT infrastructure, attributed to the APT29 / Midnight Blizzard threat actor. The breach, confined to the corporate IT environment, triggered immediate incident response measures. TeamViewer and global cyber security experts are actively investigating, however, no evidence suggests access to customer data or the product environment.
Meanwhile, Microsoft disclosed that Russian cyber criminals, identified as Kremlin spies, expanded their earlier breach scope. The incident, initially involving theft from executive emails and US government data, now includes more compromised emails than disclosed. Additionally, Chinese state actors breached Microsoft, highlighting security concerns despite continued US government technology investments.
2. Critical Vulnerabilities in GitLab and MOVEit Transfer
GitLab users are urged to update immediately following the discovery of CVE-2024-5655, a high-severity vulnerability that could allow attackers to execute pipelines as any user. This underlines the critical need for immediate patching to effectively mitigate risks.
MOVEit Transfer, highlighted by Rapid7, faces ongoing security challenges. Recent advisories have underscored vulnerabilities in remote authentication scenarios, with thousands of instances exposed online in the US. Effective patch management and threat mitigation strategies are crucial in defending against such threats.
3. Security Flaws in Ollama and Magento
Ollama, a popular AI model deployment platform, addressed a significant Remote Code Execution vulnerability (CVE-2024-37032) named “Probllama”. Despite mitigation efforts, vulnerable instances remain accessible online, emphasising the need for swift updates to secure deployments against potential exploits.
In a recent advisory, Magento disclosed a severe XML entity injection issue (CVE-2024-34102) affecting Adobe Commerce. This vulnerability allows threat actors to exfiltrate sensitive files, posing severe risks to affected installations. It is crucial to take immediate action to apply the provided patches and bolster security measures to safeguard Magento-based ecommerce platforms.
4. The British Library Ransomware Incident and Barracuda Report
In a devastating ransomware attack, the British Library suffered significant data theft and service disruptions due to compromised privileged accounts. The incident, costing £7 million in recovery expenses, highlights vulnerabilities in legacy infrastructure and underscores the importance of robust security measures, including multi-factor authentication.
The Barracuda report underscores the growing sophistication in social engineering attacks, with a notable shift towards using legitimate services to target employees. Gmail emerged as the most exploited email domain, accounting for 22% of attacks in the past year, with the majority of these Gmail-based attacks (over 50%) aimed at Business Email Compromise (BEC). Other commonly used free webmail services by hackers included Outlook (2%), Hotmail (1%), iCloud (1%), and Mail.com (1%). In comparison, all other domains collectively comprised 73% of the attacks. Additionally, scamming comprised 43% of Gmail attacks in 2023. The report highlights the increasing use of popular commercial URL shortening services by cybercriminals to disguise malicious links, with bit.ly being the most frequently used, appearing in nearly 40% of such attacks, followed by X (formerly Twitter) at 16%.
The research also revealed a significant impact on organisations, with over 92% experiencing an average of six credential compromises due to email-based social engineering attacks in 2023. Scamming and phishing dominated, making up 86% of all social engineering attacks last year. These findings highlight the importance for organisations to remain vigilant and enhance their security measures as attackers continue evolving tactics by leveraging widely trusted services to deceive users and compromise credentials.
The cyber landscape has continued to evolve throughout June 2024, with new global threats and vulnerabilities affecting organisations. Maintaining robust cyber security measures and swift response protocols is paramount as cyber adversaries become more sophisticated. Stay informed, stay vigilant, and ensure your systems are updated to mitigate risks effectively!
Stay secure, stay informed, and most importantly, stay engaged. Your active participation in the cybersecurity community is crucial for our collective safety. Why not talk to us about your cyber security requirements?