The biggest cyber attacks and vulnerabilities from August 2024

Insights and trends from recent cyber threats and vulnerabilities from August.

Arjun Pednekar, Technical Director, Cognisys

Arjun Pednekar

30th August 2024

Welcome to our August update on cyber attacks and news. This month’s highlights include discovering North Korean-linked malicious npm packages, rising telecom threats, and critical vulnerabilities in enterprise software requiring urgent patches. We also cover a major extortion campaign exploiting exposed environment variables, Microsoft’s zero-click RCE vulnerability patch, and Ivanti’s fix for an authentication bypass. Read on for details on these crucial developments.

1. Phylum uncovers North Korean-linked malicious npm packages

A significant discovery by Phylum has revealed malicious npm packages using advanced obfuscation techniques to deploy malware. These packages, such as `qq-console` and `helmet-validate`, have ties to North Korean operations, including the “Contagious Interview” campaign. The latter package, released on 23rd August 2024, executes malicious code via the `ipcheck[.]cloud` domain, signalling a consistent tactic in North Korean cyber activities.

2. Telecom threats highlight security gaps in messaging channels

Parallel to these developments, messaging channels have surged in importance for customer engagement, with SMS and voice channels maintaining their dominance. This widespread use has, however, attracted telecom-based threats like SMS toll fraud and 2FA hijacking, notably impacting significant companies such as X. These developments highlight the ongoing need for enhanced security protocols to protect against evolving threats.

3. Shifting pressures demand adaptive cyber security strategies

External factors such as economic and geopolitical pressures constantly shape the cyber security field. Consequently, security strategies must adapt, integrating periodic assessments to evaluate and improve the effectiveness of tools, processes, and teams. This iterative process is crucial for maintaining a resilient security posture in a rapidly changing environment.

4. Rising AI data leaks urge stricter security measures

In the field of AI, a concerning trend has emerged: hundreds of open-source large language model servers and vector databases are inadvertently leaking sensitive data due to inadequate security measures. Researcher, Naphtali Deutsch, uncovered vulnerabilities, including the CVE-2024-31621 flaw in Flowise. This highlights the urgent need for stringent security practices in AI deployments to protect sensitive information.

Our Technical Director presenting on the biggest cyber attacks and vulnerabilities from August 2024

5. AI-enhanced cyber defence key amid a talent shortage

Cyber resilience expands beyond disaster recovery, incorporating proactive and reactive measures enhanced by AI and automation. The 2024 CODB Report underscores the cost-saving potential of integrating AI in proactive security workflows. However, the ongoing talent shortage in cyber security necessitates supporting AI tools to retain skilled professionals and prevent costly turnover.

6. Urgent patches needed for critical enterprise software vulnerabilities

Critical vulnerabilities have also been reported in enterprise software, with Progress Software’s WhatsUp Gold and SolarWinds’ IT help desk software requiring urgent patches. The disclosure of CVE-2024-28987 in SolarWinds software exemplifies the persistent threat landscape and the need for continuous vigilance and timely patch management.

7. Extortion campaign exploits exposed environment variables for data theft

A large-scale extortion campaign has targeted various organisations by exploiting publicly accessible environment variable files (.env) containing sensitive cloud and social media application credentials. According to Palo Alto Networks Unit 42, security failures such as exposing environment variables, using long-lived credentials, and lacking a least privilege architecture were key issues in this campaign. Attackers set up infrastructure within compromised organisations’ AWS environments to scan over 230 million unique targets for sensitive data. The campaign targeted 110,000 domains, capturing over 90,000 unique environment variables, including 7,000 linked to cloud services and 1,500 associated with social media accounts.

8. Microsoft issues critical patch for zero-click RCE vulnerability

Microsoft’s release of a patch for a critical zero-click RCE vulnerability in the TCP/IP stack marks another significant development. Affecting all Windows systems with IPv6 enabled, this flaw, CVE-2024-38063, poses a high risk of exploitation, necessitating immediate patch application to prevent potential attacks. Additionally, Microsoft patched 90 new CVEs for August’s Patch Tuesday, nine zero-days and six actively exploited in the wild. Five exploited zero days were high-severity, and the other one was medium.

9. Ivanti fixes authentication bypass vulnerability in Virtual Traffic Manager

Finally, Ivanti’s Virtual Traffic Manager has addressed a vulnerability allowing unauthorised access through an authentication bypass. This flaw underscores the importance of robust authentication mechanisms to prevent unauthorised access and potential data breaches.

While significant breaches like those at Equifax or Uber highlight the immediate reputation and financial damage, insecure code has a hidden, long-term cost: technical debt. Quick fixes for vulnerabilities often create lingering issues that bog down engineering teams with ongoing bug fixes and maintenance, stifling productivity and innovation. This technical debt leads to inflated infrastructure costs and prevents teams from pursuing new projects. Insecure code silently drains time, money, and morale, creating a barrier to innovation. Addressing this issue early with better code security practices is crucial for maintaining sustainable engineering velocity.

As we continue to witness these developments, addressing technical debt and implementing secure coding practices are vital for maintaining sustainable engineering efficiency and innovation.

Stay secure, stay informed, and most importantly, stay engaged. Your active participation in the cyber security community is crucial for our collective safety. Why not talk to us about your cyber security requirements?

Subscribe to receive the latest cyber insights

RECENT UPDATES

Understanding internal vs. external penetration testing: which is best for your business?

TIPS

Understanding internal vs. external penetration testing: which is best for your business?

In this blog, we will help you understand the differences between internal and external penetration testing and how to choose the best approach for your industry.

Overview of Pulsar Group's platform

CASE STUDY

Friendly people, unfriendly projects: Pulsar Group’s pen testing journey

Learn how Cognisys’ penetration testing services and SmartView portal helped Pulsar Group manage their security assessments more efficiently.

EarthID team celebrating with an award for their cyber security achievements

CASE STUDY

Enabling EarthID to achieve highest standard of cyber security

Learn how EarthID’s identity platform became secure with our penetration testing services.