Microsoft shutting down Skype, over 1.6m Android TV's infected worldwide, vulnerabilities for Microsoft, Adobe and Oracle...
Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.
Vulnerabilities and Patches
CISA Adds Microsoft and Zimbra Vulnerabilities to KEV Catalogue
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalogue, based on evidence of active exploitation. CVE-2024-49035 (Microsoft Partner Center privilege escalation) and CVE-2023-34192 (XSS vulnerability in Zimbra Collaboration Suite). U.S. Federal agencies are required to apply necessary updates by March 18, 2025, to protect their networks.
CISA Flags Actively Exploited Vulnerabilities in Adobe and Oracle Products
CISA has also added two more security flaws to its Known Exploited Vulnerabilities catalogue: CVE-2017-3066 in Adobe ColdFusion, and CVE-2024-20953 in Oracle Agile PLM. Both flaws, related to deserialization vulnerabilities, are actively exploited and pose significant risks.
Cyber Attacks
Belarus-Linked Ghostwriter Uses Excel Macros for Malware Delivery
The Belarus-linked Ghostwriter group uses obfuscated Excel macros to deploy PicassoLoader malware, targeting opposition groups and Ukrainian military entities as part of an ongoing cyber-espionage campaign. This campaign is part of a broader espionage operation that has been ongoing since 2016, aiming to promote anti-NATO narratives and conduct cyber-espionage against Ukrainian entities.
Vo1d Malware Botnet Grows to 1.6 Million Infected Android TVs Worldwide
The Vo1d botnet has expanded to over 1.6 million infected Android TVs across 226 countries, with the majority of infections occurring in Brazil. The botnet operates by turning compromised devices into proxy servers for illegal activities, including ad fraud and traffic manipulation. Researchers report that the botnet has advanced encryption and a robust command-and-control infrastructure, making it a significant threat to global cybersecurity.
CERT-UA Warns of UAC-0173 Attacks Using DCRat to Target Ukrainian Notaries
CERT-UA has issued a warning about ongoing attacks by the UAC-0173 group, using phishing emails to deliver the DCRat remote access trojan to Ukrainian notaries. The malware allows attackers to establish RDP sessions, steal data, and send further malicious emails. The attacks utilize tools like FIDDLER and NMAP for credential theft and network scanning.
In Other News...
Microsoft to Shut Down Skype in May After 14 Years
Microsoft confirmed that Skype will be discontinued on 5th May 2025, after 14 years of service. Users will be prompted to migrate to Microsoft Teams, with all contacts and chat history automatically transferred. Skype’s paid features, like Skype Credit, will be discontinued. Users can export their data if they prefer not to switch to Teams.