Articles of interest from the week of May 27, 2024

New ShrinkLocker Ransomware Uses BitLocker to Encrypt Your Files

A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker.

ShrinkLocker, named so because it creates the boot volume by shrinking available non-boot partitions, has been used to target a government entity and companies in the vaccine and manufacturing sectors. (BleepingComputer)

“ShrinkLocker brings new tricks, but if ransomware is the digital AK-47, then this is just a new barrel on an old rifle. Key takeaway? Securely store your BitLocker recovery keys. Also, preventing the deployment methods of ShrinkLocker is crucial to avoid the disaster this tool can unleash on your network.” – Jason Ingalls, Founder at Ingalls Information Security

Google Patches Fourth Chrome Zero-Day in Two Weeks

Google recently rolled out a fresh Chrome update to address another exploited vulnerability in the popular web browser, the fourth zero-day to be patched in two weeks.

Tracked as CVE-2024-5274, the high-severity flaw is described as a type confusion in the V8 JavaScript and WebAssembly engine. (SecurityWeek) 

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass

Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections.

Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as any user. (The Hacker News) 

Android Banking Trojan Antidot Disguised as Google Play Update

A banking Trojan impacting Google Android devices, dubbed "Antidot" by the Cyble research team, has emerged, disguising itself as a Google Play update. (Dark Reading)

Why Your Wi-Fi Router Doubles as an Apple AirTag

Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops. (Krebs on Security)

Ransomware Gang Targets Windows Admins via PuTTy, WinSCP Malvertising

A ransomware operation targets Windows system administrators using Google ads to promote fake download sites for Putty and WinSCP.

WinSCP and Putty are popular Windows utilities, with WinSCP being an SFTP client and FTP client and Putty an SSH client. (BleepingComputer)

Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms

Researchers have discovered a severe memory corruption vulnerability inside of a cloud logging utility used across major cloud platforms.

The service, Fluent Bit, is an open-source tool for collecting, processing, and forwarding logs and other types of application data. It's one of the more popular pieces of software out there, with more than 3 billion downloads as of 2022, and a new 10 million or so deployments with each passing day. It's used by major organizations such as VMware, Cisco, Adobe, Walmart, and LinkedIn, and nearly every major cloud service provider, including AWS, Microsoft, and Google Cloud. (Dark Reading)

US AI Experts Targeted in Cyberespionage Campaign Using SugarGh0st RAT

Threat actors use phishing techniques to obtain non-public information about generative artificial intelligence. 

Security researchers have warned about a new cyberespionage campaign that targets artificial intelligence experts working in private industry, government, and academia. The attackers, likely of Chinese origin, are using a remote access trojan (RAT) called SugarGh0st. (CSO)

CISA Warns of Hackers Exploiting Chrome, EoL D-Link Bugs

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. (BleepingComputer)