Table of Contents
Nearly 4000 new cyber invasions occur daily, and there’s a recent victim of ransomware every 14 seconds that results in heavy financial losses. In addition, 560,000 new cases of malware are discovered every day.
This article will discuss the recently exploited security vulnerabilities and how they have impacted the overall security scenario.
New Chrome Zero-Day Vulnerability Exploited in the Wild
The Chrome WebRTC framework has a zero-day vulnerability that needs to be fixed to prevent program crashes and arbitrary code execution. To address this problem, Google updated Chrome.
This vulnerability, identified as CVE-2023-7024, is a heap-based buffer overflow. Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group found it.
The CometView parser vulnerability in Google Chrome is the eighth actively exploited zero-day of the year thus far.
Remote code execution is the most often used vulnerability type. It is followed by buffer manipulation, input validation and parsing, privilege escalation, and security feature bypass.
Users can upgrade to Chrome version 120.0.6099.129/130 for Windows and 120.0.6099.129 for macOS and Linux.
New JavaScript Malware Targeted 50,000+ Users at Dozens of Banks Worldwide
Security experts have discovered a new piece of JavaScript malware intended to steal users ‘online banking account credentials in a campaign that has hit almost 40 financial institutions worldwide.
It is estimated that at least 50,000 user sessions in nations throughout North America, South America, Europe, and Japan have been impacted by this activity cluster, which makes use of JavaScript web injections.
IBM Security Trusteer detected the campaign in March 2023.
Malware is most likely to infect some of the widely used banking applications and then gather the credentials used in banking processes to gain access to users’ banking information.
The malware uses scripts loaded from the threat actor-controlled server, explicitly targeting a page structure standard to several banks. The script’s behavior is highly dynamic, continuously querying the command-and-control server and the current page structure and adjusting its flow based on the information obtained.
IBM said it attempts to dissuade victims from logging in to their accounts, allowing the threat actors to seize control of the accounts and perform unauthorized actions.
The malware’s exact origins are unknown, but indicators of compromise suggest a possible connection to a known stealer and loader family known as DanaBot.
Hackers Exploiting Old MS Excel Vulnerability to Spread Agent Tesla Malware
Microsoft Office vulnerability CVE-2017-11882 is used by attackers in phishing campaigns to distribute Agent Tesla, a malware strain. The infection chains use decoy Excel documents in invoice-themed messages to trick potential targets into opening them and activate the exploitation of the vulnerability.
The malware, a.NET-based advanced keylogger and remote access trojan (RAT), harvests sensitive information from compromised hosts and communicates with a remote server to extract the collected data.
This development comes as old security flaws become new attack targets for threat actors. The technology sector is the most impacted by DarkGate attack campaigns, with most domains being 50 to 60 days old.
Phishing campaigns have also targeted the hospitality sector with booking-related email messages to distribute information stealer malware.
Phishing attacks have also taken the form of bogus Instagram “Copyright Infringement” emails to steal users’ two-factor authentication (2FA) backup codes via fraudulent web pages.
Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave
Chinese-speaking hackers, known as the “smishing triad,” send malicious SMS messages to locals and foreigners in UAE using hacked Apple iCloud accounts to obtain sensitive personal data.
They use URL-shortening services like Bit.ly to randomize links and protect the fake website’s domain and hosting location.
Smishing Triad was documented in September 2023, using compromised Apple iCloud accounts for identity theft and financial fraud. They also offer ready-to-use smishing kits for sale to other cybercriminals for $200 a month.
The latest attack wave targets individuals who recently updated their residence visas with harmful messages, targeting Android and iOS devices.
The campaign uses a geofencing mechanism to load the phishing form only when visited from UAE-based IP addresses and mobile devices.
Smishing Triad’s latest campaign coincides with the launch of a new underground market called OLVX Marketplace, which claims to sell tools for online fraud.
MongoDB Suffers Security Breach, Exposing Customer Data
MongoDB is investigating a security incident resulting in unauthorized access to specific corporate systems, exposing customer account metadata and contact information.
The company detected anomalous activity on December 13, 2023, and immediately activated its incident response efforts. MongoDB recommends customers be on the lookout for social engineering and phishing attacks, enforce phishing-resistant multi-factor authentication (MFA), and rotate their MongoDB Atlas passwords.
The company is also experiencing elevated login attempts, causing issues for customers attempting to log in to Atlas and its Support Portal.
MongoDB has found no evidence of unauthorized access to MongoDB Atlas clusters and works with relevant authorities and forensic firms. The malicious actor used Mullvad VPN to conceal their origins.
The company has yet to disclose when the attack occurred, which systems were accessed, and how many customers’ information may be affected by the breach.
How to Avoid Cybersecurity Vulnerabilities
Now, you must know the significant challenges that even large industries face due to cybersecurity threats.
You must take some precautionary measures on a personal level to protect yourself from potential cybersecurity threats. In the following section, we have discussed a few strategies that you can implement to keep the bad guys at arm’s length.
Choose a Strong Password
Choosing a strong password is essential to prevent skilled hackers from guessing your password through brute force. They use password directories to guess your password.
With technological advances, hackers have developed software that cannot be detected while attempting to guess passwords.
Therefore, the best defense against hacking is a distinct, lengthy, and unique password. The best password is at least twelve characters long, including letters, numbers, and symbols.
Avoid using easily guessable personal information such as birth dates or addresses.
Install Firewall
Sometimes, creating resistance between your system and external forces can protect you from adverse consequences. Hackers look for vulnerable websites and attack them using phishing, baiting, etc.
When your system receives malicious attacks, the firewall installed in your system will create a barrier and will not allow it to process the request sent by the hacker.
By installing firewalls, you protect yourself against online malicious attacks as they closely monitor data distribution to prevent accidental penetration and exposure against third parties.
Use HTTPS
The majority of websites need HTTPS to ensure user security. The website you use can retrieve all the information you provide, be it your login credentials or bank account details.
Without HTTPS, this conversation between you as a sender and the website as a receiver is not encrypted, and hackers can easily access it, which they can use for manipulation.
A website that uses https ensures that the data is being exchanged in an encrypted format using Transfer Layer Security (TLS). Hackers will see jumbled data and not human-readable text when they try to attack your website.
Monitor Login Activity
Monitoring login activity will enable you to keep an eye on everything that goes on on your website. Both your account settings and data are included. You can help push notifications to alert you if an unauthorized login attempt is made on your website.
Take this as an example. Hackers who plan targeted attacks are aware of your daily routine. During busy hours, they will attempt to log in to your account. If you have push notifications enabled for login activity on your WordPress, you will be prompted to take action. Emails and text messages are sent to inform you about the unusual activity.
You can determine in which country and on what devices your account is logged in through login activity. You can remove that device and change your password if there is an unauthorized entry.
Two-factor Authentication (2FA)
Two-factor authentication protects your account by asking for an additional code when an unauthorized user tries to log in to your account.
According to Two-factor authentication statistics, it can prevent 99.9% of unauthorized login attempts.
When you enable two-factor authentication on your account, you will receive a code on your mobile number or email address.
Despite guessing your password, hackers cannot enter your account as this additional information will thwart its efforts.
You can also use two-factor authentication apps to turn this feature on in addition to email and text messages.
Update CMS Version and Plugin Regularly
Hackers are less likely to target CMS and plugin versions updated than those that haven’t. Because they are easy targets for hackers, websites running on outdated technology always look for them. Thus, they have authority over websites that depend on poor plugins and software.
Plugin hacking is the first step in over 90% of hacks.
Updating your CMS and Plugins to the latest versions fix all the bugs and problems, making it difficult for hackers to access your website.
Use VPN
VPN will protect you against web hacking by creating a confidential environment as you browse the internet. It creates a tunnel to exchange data from your location to the destination server.
The original data gets encrypted and travels through the tunnel to its final destination.
VPN also generates a new IP address for you by connecting to a different server. It keeps your identity anonymous by displaying the VPN’s server IP address, allowing you to remain untraceable.
With your original IP address hidden, it will become challenging for hackers to gain unauthorized access as they cannot locate you.
We recommend you use PureVPN. It uses 256-bit military-grade encryption to protect your data. Once connected to a VPN, your device becomes a protected gateway that obscures your location and keeps the hackers out.
Staying Secure is the Only Option!
The online world is no longer safe. So many new hacking innovations are coming to the surface every other day. The only way out is to stay secure.
Start with the base level security of a VPN and try new preventive strategies to prevent exploited security vulnerabilities.
Marrium Akhtar
December 27, 2023
4 months ago
