Cyber Stories Newsletter: Stay Informed on the Latest Cybersecurity News - Week of January 25th 2024
Welcome to another edition of our newsletter, your go-to source for the latest cybersecurity developments and news.
We try to bring you a glimpse into some of the more intriguing stories that have been making headlines in the cyber world this week 🌐.
Be sure to subscribe to our blog to get these latest threat reports and news stories delivered right to your inbox 📬.
As always, be sure to reach out with any questions or concerns you have on these or any recent threats. Your security is our priority!
Stay safe and informed! 🚀
Tesla's Cybersecurity Challenged: 24 Zero-Day Exploits Unveiled at Pwn2Own Automotive 2024
During the Pwn2Own Automotive 2024 event in Tokyo, Japan, security researchers successfully hacked a Tesla Model and demonstrated 24 unique zero-day exploits. On the first day of the event, the Synacktiv Team earned $100,000 by exploiting three zero-day bugs to gain root permissions on a Tesla Modem. They also earned additional rewards for hacking an Ubiquiti Connect EV Station and a JuiceBox 40 Smart EV Charging Station using unique two-bug chains.
Cyber Warfare Escalates: Ukraine's Naftogaz and Other Services Disrupted by Major Cyberattack
Naftogaz, Ukraine's state-owned oil and gas company, has been targeted by a substantial cyberattack. The assault affected one of the company's data centers, leading to the shutdown of its website and call center. Cyberattacks have become a frequent occurrence in the ongoing conflict between Russia and Ukraine, with significant impacts on communication and information systems.
This attack on Naftogaz is part of a broader pattern of cyber warfare that has affected various sectors in Ukraine. For example, Ukrainian postal service Ukrposhta and government agency Ukrtransbezpeka, which provides transport and traffic security, also reported technical issues due to cyber incidents.
The story underlines the growing role of cyberattacks in modern conflicts, particularly in the Russia-Ukraine war, where both sides have experienced significant digital disruptions. These incidents highlight the importance of robust cybersecurity measures for critical infrastructure and the need for constant vigilance in the face of evolving cyber threats.
https://kyivindependent.com/ukraines-oil-giant-naftogaz-under-cyberattack/
Urgent Security Alert: Over 1 Million WordPress Sites at Risk Due to Critical Plugin Vulnerability
A critical vulnerability in the 'Better Search Replace' WordPress plugin, which is actively used in over one million sites, has recently been targeted by hackers. This plugin is typically used for search and replace operations within databases, especially during website migrations. The vulnerability, identified as CVE-2023-6933, arises from the deserialization of untrusted input, allowing unauthenticated attackers to inject a PHP object. This could potentially lead to code execution, access to sensitive data, file manipulation or deletion, and even triggering a denial of service condition.
Although 'Better Search Replace' itself isn't directly vulnerable, it can be exploited in conjunction with other plugins or themes on the same site that contain a Property Oriented Programming (POP) chain. The exploitability of this vulnerability largely depends on the presence of a suitable POP chain.
WP Engine, the vendor of the plugin, has released an updated version (1.4.5) to address this critical-severity PHP object injection vulnerability. WordPress security firm Wordfence reported over 2,500 attempts to exploit this vulnerability within a 24-hour period. Users of the plugin are strongly advised to update to the latest version to safeguard against potential exploits.
CherryLoader: The New Malware Disguised as a Legitimate App, Elevating Cyber Threats
A new malware loader, CherryLoader, has been detected by Arctic Wolf Labs, imitating the legitimate CherryTree note-taking application. This Go-based malware is sophisticated, capable of deploying additional payloads and privilege escalation exploits on compromised hosts. CherryLoader tricks users into installing it through its deceptive icon and name, and then drops either PrintSpoofer or JuicyPotatoNG privilege escalation tools. These tools run a batch file to establish persistence on the victim's device and disarm Microsoft Defender.
CherryLoader's standout feature is its modular design, which allows threat actors to easily swap exploits without needing to recompile the code. The malware and its associated files are typically contained in a RAR archive file, hosted on a specific IP address. It uses a fileless technique known as 'process ghosting' for deployment, enhancing its stealth and evasion capabilities.
The discovery of CherryLoader highlights the evolving sophistication of malware tools and the continuous need for vigilance and robust cybersecurity measures to protect against such threats.
https://thehackernews.com/2024/01/new-cherryloader-malware-mimics.html
.svg)