SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
$50 million stolen from Radiant Capital in cryptocurrency heist
Decentralized finance (DeFi) project Radiant Capital has been the target of a cryptocurrency heist that resulted in losses exceeding $50 million. The hack reportedly involved three core developers’ devices getting compromised in what has been described as a sophisticated malware injection.
Critical RCE vulnerability in Trend Micro Cloud Edge
Trend Micro has released patches for a critical-severity command injection vulnerability in the Trend Micro Cloud Edge appliance that could be exploited to achieve remote code execution (RCE). According to the company, successful exploitation of the bug requires that the attacker has physical or remote access to the vulnerable system. Tracked as CVE-2024-48904 (CVSS score of 9.8), the flaw was addressed in Cloud Edge versions 5.6 SP2 build 3228 and 7.0 build 1081.
High-severity flaws patched in Chrome 130
Google has released Chrome versions 130.0.6723.69/.70 for Windows and macOS and 130.0.6723.69 for Linux to resolve three high-severity vulnerabilities, including two type confusion bugs in the V8 JavaScript engine. V8 bugs are attractive targets for threat actors, and North Korean hackers were seen earlier this year exploiting a V8 zero-day in attacks.
OPA vulnerability could lead to credential leakage
Tenable has shared details on CVE-2024-8260, an SMB force-authentication vulnerability in the widely used policy engine Open Policy Agent (OPA), which could allow attackers to leak the NTLM credentials of the local user account. The attacker could then try to crack the password or relay the authentication, Tenable explains. OPA version 0.68.0 resolves the security defect.
ScienceLogic zero-day from Rackspace attack added to CISA’s KEV
The US cybersecurity agency CISA has added to its Known Exploited Vulnerabilities (KEV) catalog CVE-2024-9537 (CVSS score of 9.3), a vulnerability in ScienceLogic’s SL1 monitoring software that was exploited as a zero-day in a recent cyberattack on Rackspace. “SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component packaged with SL1,” a NIST advisory reads. According to Rackspace, however, this was an RCE flaw. Patches were included in SL1 versions 12.1.3+, 12.2.3+, and 12.3+, and backported to version lines 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
CVE Program’s 25th anniversary
The CVE Program has turned 25 and MITRE has published an anniversary report. According to MITRE, there are currently over 400 CVE Numbering Authorities (CNAs) and more than 240,000 CVE identifiers have been assigned as of October 2024.
Henry Schein data breach impacts 166,000 people
Healthcare solutions giant Henry Schein has revealed that a data breach suffered last year has impacted the personal information of 166,000 people. The incident notification is related to a disruptive ransomware attack that hit the company one year ago. The company was targeted by the BlackCat group, which at the time claimed to have stolen 35 GB of information.
Meta unveils encrypted storage system for WhatsApp contacts
Meta has announced a new encrypted storage system for WhatsApp contacts. The storage system, named Identity Proof Linked Storage (IPLS), enables users to create contacts directly within WhatsApp and sync them to their phone or securely save them only to WhatsApp.
Siemens patches unauthenticated remote code execution in InterMesh devices
Siemens has announced patches for multiple vulnerabilities affecting InterMesh Subscriber devices, including a critical vulnerability that can be exploited for unauthenticated remote code execution with root privileges.
$10 million offered for information on Shahid Hemmat hackers
The US Department of State has announced a reward of up to $10 million for information on four individuals believed to be linked to Shahid Hemmat, a hacker group operating on behalf of the Iranian government. The suspects are Manuchehr Akbari, Amir Hosein Hoseini, Mohammad Hosein Moradi, and Mohammad Reza Rafatinezhad. Shahid Hemmat is believed to have targeted the US defense industry and international transportation sectors.
Related: In Other News: China Making Big Claims, ConfusedPilot AI Attack, Microsoft Security Log Issues
Related: In Other News: Traffic Light Hacking, Ex-Uber CSO Appeal, Funding Plummets, NPD Bankruptcy