In this episode of the Retail & Hospitality ISAC podcast, host Luke Vander Linden is joined by Shad Taylor, solution architect for retail & hospitality at Fortinet, to expand upon securing the store of the future. Then, Lee Clark, cyber threat intelligence analyst & writer at RH-ISAC, provides the latest intel briefing. Read More
Apple Safari Remote Code Execution Vulnerability Exploited In The Wild
A critical remote code execution vulnerability in Apple Safari, identified as CVE-2024-44308, has been discovered and actively exploited in the wild.
The flaw affects multiple Apple platforms, including:-
iOS
iPadOS
macOS
visionOS
The vulnerability, which resides in the JavaScriptCore component of WebKit, allows attackers to execute arbitrary code by processing maliciously crafted web content.
While Apple has confirmed that this issue or vulnerability has been actively exploited on Intel-based Mac systems.
Clement Lecigne and Benoit Sevens of Google’s Threat Analysis Group (TAG) discovered and reported the vulnerability. TAG is known for investigating targeted attacks, suggesting that this exploit may have been used in limited, targeted operations.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Technical Analysis
The flaw affects the following versions:-
iOS and iPadOS versions prior to 17.7.2 and 18.1.1
macOS Sequoia versions prior to 15.1.1
visionOS versions prior to 2.1.1
Safari versions prior to 18.1.1
Apple has addressed the vulnerability with improved checks and released patches in the following updates:-
Safari 18.1.1
iOS 17.7.2 and iPadOS 17.7.2
macOS Sequoia 15.1.1
iOS 18.1.1 and iPadOS 18.1.1
visionOS 2.1.1
Technical analysis reveals that the vulnerability stems from a register corruption issue in WebKit’s DFG JIT compiler, specifically related to improper allocation timing of the scratch2GPR register.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-44308 to its Known Exploited Vulnerabilities Catalog, urging users and organizations to apply the necessary patches by December 12, 2024.
Security experts emphasize the importance of promptly updating affected devices to mitigate the risk of unauthorized access, data theft, and system compromise. The vulnerability’s high CVSS score of 8.8 underscores its severity and potential impact.
As Mac-based attacks continue to rise, cybersecurity firms have noted an increase in macOS malware, particularly targeting cryptocurrency-related businesses.
This trend highlights the growing need for enhanced security measures and awareness among macOS users, especially in organizational settings.
Apple users are strongly advised to update their devices immediately to the latest software versions to protect against this and other potential security threats.
Analyse Advanced Malware & Phishing Analysis With ANY.RUN Black Friday Deals : Get up to 3 Free Licenses.
WordPress Plugin Weaponizes Legit Sites To Steal Customer Payment Data
PhishWP, a newly discovered WordPress plugin, is being used by cybercriminals to maliciously convert legitimate websites into phishing traps, putting user data at risk.
Cybercriminals created the WordPress plugin PhishWP. It generates fake payment pages that closely resemble legitimate providers like Stripe.
Threat actors use it to steal sensitive data, including browser metadata, credit card details, and personal information.
Additionally, PhishWP integrates with Telegram, allowing attackers to access stolen data as soon as a victim presses “enter.” This increases the speed and effectiveness of phishing attacks.
How do Attackers use PhishWP?
Attackers can either compromise legitimate WordPress sites or create fraudulent ones to install them. Unaware users are tricked into providing their payment information after the plugin is set up to look like a payment gateway.
PhishWP creates incredibly realistic fake interfaces by simulating payment processors like Stripe with customizable checkout pages.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
Through skillfully crafted phishing emails, social media advertisements, or deceptive search results, victims find their way to the website.
Following the entry of payment and personal data, PhishWP instantly sends all sensitive information, including addresses, credit card details, and even unique security codes, to the attacker, usually via Telegram.
A fake confirmation email is then sent to the victim, leading them to feel their transaction was successful. In the meantime, the attacker sells or uses the stolen data on underground web marketplaces.
“PhishWP uses advanced tricks, like stealing the special OTP sent during a 3D Secure (3DS) check during the checkout process”, SlashNext said in a report shared with Cyber Security News.
3DS is a security feature that sends a short code to the user’s phone or email to verify that they are the actual cardholder.
By obtaining this code, attackers can impersonate users and make their fraudulent transactions appear entirely legitimate.
Official advertisement for PhishWP
It stops sending fake order confirmations to victims, delaying suspicion and detection.
Additionally, it supports many languages, allows for worldwide phishing campaigns, and offers source code for more sophisticated customizations or an obfuscated version of the plugin for stealth.
To mimic user environments for future fraud, it records information, including IP addresses, screen resolutions, and user agents.
Attacker’s view after a successful attack
Therefore, it is more crucial than ever to remain vigilant and use robust security technologies. Advanced browser-based phishing protection tools are advised for quick threat identification and blocking.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Iran and Hezbollah Hackers Launch Attacks to Influence Israel-Hamas Narrative
[[{“value”:”Hackers backed by Iran and Hezbollah staged cyber attacks designed to undercut public support for the Israel-Hamas war after October 2023.
This includes destructive attacks against key Israeli organizations, hack-and-leak operations targeting entities in Israel and the U.S., phishing campaigns designed to steal intelligence, and information operations to turn public opinion against Israel.
Iran”}]] Read More
The Hacker News | #1 Trusted Cybersecurity News Site