Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)
SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances.

Nuclei: Open-source vulnerability scanner
Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates.

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)
ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East Asian countries. When examining the root cause, ESET discovered another way to exploit the faulty code (CVE-2924-7263).

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)
Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers.

The NIS2 Directive: How far does it reach?
The NIS2 Directive is one of the most recent efforts of the EU legislator to boost cybersecurity across the bloc and to keep up with the challenges of an increasingly digitalized society and growing cyber threats.

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)
Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633).

How RansomHub went from zero to 210 victims in six months
RansomHub, a ransomware-as-a-service (RaaS) outfit that “popped up” earlier this year, has already amassed at least 210 victims (that we know of).

Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites
Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG researchers shared.

GenAI buzz fading among senior executives
GenAI adoption has reached a critical phase, with 67% of respondents reporting their organization is increasing its investment in GenAI due to strong value to date, according to Deloitte.

BlackByte affiliates use new encryptor and new TTPs
BlackByte, the ransomware-as-a-service gang believed to be one of Conti’s splinter groups, has (once again) created a new iteration of its encryptor.

How to prioritize data privacy in core customer-facing systems
Evolving global data privacy regulations are keeping marketers on their toes. In April 2024, the American Privacy Rights Act (APRA) was introduced in the Senate. The proposed bill would create a federal consumer privacy framework akin to the GDPR, which regulates consumer data privacy protections in the EU. If the APRA passes in its current form, US citizens would gain the right to access, correct, delete and export all collected data.

Pioneer Kitten: Iranian hackers partnering with ransomware affiliates
A group of Iranian hackers – dubbed Pioneer Kitten by cybersecurity researchers – is straddling the line between state-contracted cyber espionage group and initial access provider (and partner in crime) for affiliates of several ransomware groups.

Rebrand, regroup, ransomware, repeat
In this Help Net Security video, Shobhit Gautam, Security Solutions Architect at HackerOne, discusses how ransomware tactics have evolved and how organizations and government bodies are having to fight change with change.

Cryptomator: Open-source cloud storage encryption
Cryptomator offers open-source, client-side encryption of your files in the cloud. It’s available for Windows, Linux, macOS and iOS.

Lateral movement: Clearest sign of unfolding ransomware attack
44% of unfolding ransomware attacks were spotted during lateral movement, according to Barracuda Networks.

Behind the scenes of Serious Cryptography
In this Help Net Security interview, Jean-Philippe Aumasson, discusses the writing and research process for Serious Cryptography, his latest book.

Adversaries love bots, short-lived IP addresses, out-of-band domains
Fastly found 91% of cyberattacks – up from 69% in 2023 – targeted multiple customers using mass scanning techniques to uncover and exploit software vulnerabilities, revealing an alarming trend in attacks spreading across a broader target base.

Half of enterprises suffer breaches despite heavy security investments
Data breaches have become an increasingly severe threat, with recent reports highlighting a surge in their frequency and cost. Understanding the latest trends and statistics surrounding data breaches is essential for developing effective strategies to safeguard sensitive information. This article provides an overview of the current state of data breaches, examining key statistics and emerging patterns.

Two strategies to protect your business from the next large-scale tech failure
The CrowdStrike event in July clearly demonstrated the risks of allowing a software vendor deep access to network infrastructure. It also raised concerns about the concentration of digital services in the hands of a few companies. A prescient Reddit post noted CrowdStrike is a threat vector for many of the world’s largest corporations, as well as a gold mine of data.

Deepfakes: Seeing is no longer believing
The threat of deepfakes lies not in the technology itself, but in people’s natural tendency to trust what they see. As a result, deepfakes don’t need to be highly advanced or convincing to effectively spread misinformation and disinformation. While many organizations have begun to take steps to address this issue, confidence in these measures is low, and the public’s ability to recognize deepfakes remains limited.

Why ransomware attackers target Active Directory
In this Help, Net Security video, Craig Birch, Technology Evangelist, and Principal Security Engineer at Cayosoft, discusses the rise of ransomware attacks, why attackers often target Microsoft Active Directory and best practices to limit the impact of such attacks.

Sinon: Open-source automatic generative burn-in for Windows deception hosts
Sinon is an open-source, modular tool for the automatic burn-in of Windows-based deception hosts. It aims to reduce the difficulty of orchestrating deception hosts at scale while enabling diversity and randomness through generative capabilities.

Cybersecurity jobs available right now: August 28, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field.

New infosec products of the week: August 30, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Bitwarden, Dragos, Fortinet, HYCU, and Rezonate.