Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.
Vulnerabilities and Patches
Microsoft Patches Xbox Vulnerability Following Public Disclosure
The vulnerability is tracked as CVE-2024-2891 and it impacts Xbox Gaming Services. According to Microsoft, it has ‘important’ severity and it can easily be exploited by a local attacker with low privileges to escalate permissions to System. “An attacker must have local access to the targeted machine and must be able to create folders and performance traces on the machine, with restricted privileges that normal users have by default,” Microsoft explained in its advisory.
Ivanti Releases Security Updates for Vulnerability Affecting Sentry Standalone
Ivanti has released security updates to address a vulnerability affecting Ivanti Sentry Standalone, an in-line gateway that manages, encrypts, and secures traffic between mobile devices and back-end systems. Designated CVE-2023-41724, the vulnerability has a CVSSv3 score of 9.6 and could allow an unauthenticated attacker to execute arbitrary commands or achieve remote code execution. Affected organisations are encouraged to review the advisory CVE-2023-41724 (Remote Code Execution) for Ivanti Standalone Sentry and apply any relevant security updates.
Atlassian Releases March 2024 Security Bulletin
The Atlassian March 2024 Security Bulletin addresses one critical severity vulnerability in Bamboo Data Center and Server, along with 24 high severity vulnerabilities in Bamboo, Bitbucket, Confluence and Jira Data Centers and Servers. The critical severity vulnerability has been assigned CVE-2024-1597, and could allow an unauthenticated attacker to expose data stored on an affected server. Other vulnerabilities could allow denial-of-service, remote code execution or information exposure on an affected system. Affected organisations are encouraged to review the Atlassian March 2024 Security Bulletin and apply the relevant updates.
Cyber Attacks
New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT
A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the activity under the moniker Operation PhantomBlu. “The PhantomBlu operation introduces a nuanced exploitation method, diverging from NetSupport RAT’s typical delivery mechanism by leveraging OLE (Object Linking and Embedding) template manipulation, exploiting Microsoft Office document templates to execute malicious code while evading detection,” security researcher Ariel Davidpur said.
Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer
Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub, includes 17 repositories associated with 11 different accounts, according to G DATA. The repositories in question have since been taken down by the Microsoft-owned subsidiary. “The repositories look similar, featuring a README.md file with the promise of free cracked software,” the German cybersecurity company said. “Green and red circles are commonly used on Github to display the status of automatic builds. Gitgub threat actors added four green Unicode circles to their README.md that pretend to display a status alongside a current date and provide a sense of legitimacy and recency.”
Articles
1 in 4 Organizations Shut Down OT Operations Due to Cyberattacks: Survey
A survey commissioned by Palo Alto Networks shows that many industrial organizations experience cyberattacks, and in a significant percentage of cases they lead to OT operations getting shut down. The survey was conducted in December 2023 and it targeted nearly 2,000 respondents from across 16 countries in the Americas, Europe and the APAC region. Three-quarters of respondents said they had detected malicious cyber activity in their OT environment, and 24% said they were forced to shut down OT operations due to a successful attack in the past year, either because of actual disruption or as a preemptive measure.