SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Microsoft patches critical Dataverse vulnerability
Microsoft has informed customers that a critical remote code execution vulnerability has been patched in its Dataverse product, which is designed for securely storing and managing data used by business applications. The vulnerability has been assigned CVE-2024-35260, even though users don’t need to take any action. Microsoft took the opportunity to unveil cloud service CVEs for greater transparency.
Levi Strauss credential stuffing attack
Clothing company Levi Strauss is informing 72,000 customers that their passwords have been reset after it detected a credential stuffing attack on their account. Attackers may have obtained information such as name, address, email address, order history, and possibly partial payment card information.
Ventura County Credit Union (VCCU) data breach stemming from email hack
An email account hack has led to a data breach at Ventura County Credit Union (VCCU). The incident occurred in late January and the hacked email account stored personal information such as name, Social Security number, and financial account information. The incident impacts nearly 45,000 individuals. In 2022, the same credit union suffered a data breach impacting 82,000 customers and employees.
South Korean ISP delivered malware to 600,000 users
South Korean ISP KT has been accused of delivering malware to 600,000 customers in an attempt to interfere with BitTorrent traffic. The company was likely trying to ease the burden placed by torrent traffic on its network and save costs.
Ollama AI solution affected by remote code execution vulnerability
Ollama, a popular open source project for running AI models, is affected by a remote code execution vulnerability. The flaw is tracked as CVE-2024-37032 and dubbed Probllama. The project’s developers have taken steps to address the issue, but there have been many vulnerable instances exposed to the internet.
Health sector warned of social engineering and phishing attacks
The FBI, CISA and the HHS have issued a joint security advisory to warn healthcare and public health organizations about attacks involving social engineering and phishing. The social engineering tactics involved calls to the targeted organization’s IT help desk, with the attacker posing as an employee. The goal is to gain access to online accounts and divert ACH payments to bank accounts controlled by the cybercriminals.
New Snowblind Android malware
Promon has conducted an analysis of a new Android banking trojan named Snowblind. Snowblind uses a novel technique to attack Android apps based on a Linux kernel feature. This appears to be the first malware using this attack vector.
Chinese shopping app Temu allegedly used for spying
The company behind the Chinese shopping app Temu has been sued by the Arkansas Attorney General. The lawsuit, which describes the application as ‘dangerous malware’, claims Temu can collect a lot of data from the devices it’s installed on, and points to the risks of providing information to a Chinese company. In response, Temu denied the accusations and said the lawsuit is based on inaccurate information. The company will defend itself against the claims.
Sensor Net Connect and Thermoscan IP vulnerabilities
Nozomi Networks Labs raises the alarm on seven vulnerabilities in the healthcare industry-tailored Sensor Net Connect device and the accompanying Thermoscan IP desktop application that could be exploited to manipulate system settings, install malware, exfiltrate and manipulate sensitive data, and disrupt healthcare services. The vendor has been notified, but it does not appear to have released any patches.
Apple patches AirPods Bluetooth vulnerability
Apple has released AirPods firmware updates to resolve a Bluetooth vulnerability (CVE-2024-27867) that could allow attackers to spoof devices and gain access to a user’s headphones when the headphones are seeking to connect to a previously paired device.
Google updates Chrome Root Store policies
Google on Thursday announced changes to its Chrome Root Store policies that will translate into Chrome 127 not trusting TLS server authentication certificates validating to specific Entrust roots with an earliest Signed Certificate Timestamp (SCT) dated after October 31, 2024. Recent patterns of concerning behavior have eroded confidence in Entrust, Google says.
Related: In Other News: Fuxnet ICS Malware, Google User Tracking, CISA Employee Scams
Related: In Other News: Microsoft Email Spoofing, Snowflake Hack Ransoms, LogoFail Follow-Up
