Articles of interest from the week of August 5, 2024

Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails

An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint's defenses to send millions of messages spoofing various popular companies like Best Buy, IBM, Nike, and Walt Disney, as well as others. (The Hacker News)

“A critical vulnerability was recently uncovered in Proofpoint's email routing settings that was leveraged in a phishing campaign called "EchoSpoofing." This vulnerability enabled attackers to send millions of spoofed emails that seemed to originate from reputable brands like Disney, IBM, and Coca-Cola, utilizing Proofpoint's email relays and Virtual Private Servers. Thankfully, Proofpoint addressed the flaw in March 2024. This EchoSpoofing incident highlights the critical need for secure email configuration and vigilant monitoring to prevent exploitation by attackers. It also underscores the importance of timely patching, user education, and collaboration with security researchers to mitigate risks and enhance overall email security.” – Tadeh Anbarchian, SOC Analyst II at Ingalls Information Security

CrowdStrike Sued by Shareholders Over Global Outage

CrowdStrike is being sued by its shareholders after a faulty software update by the cybersecurity firm crashed more than eight million computers and caused chaos around the world. (BBC)

Ransomware Gang Targets IT Workers With New SharpRhino Malware

The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. (BleepingComputer)

DigiCert to Revoke Thousands of Certificates Following DNS Validation Error

DigiCert, a major certificate authority, to revoke thousands of SSL/TLS certificates because of a Domain Control Verification error. This could affect a lot of websites. (Cyber Security News)

Microsoft Defender Flaw Exploited to Deliver ACR, Lumma, and Meduza Stealers

A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. A security services platform said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1). (The Hacker News)

Switzerland Federal Government Requires Releasing Its Software as Open Source

Several European countries are betting on open-source software. In the United States, eh, not so much. In the latest news from across the Atlantic, Switzerland has taken a major step forward with its "Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks" (EMBAG). This groundbreaking legislation mandates releasing open-source software (OSS) of the Federal government. (ZDNet)

Microsoft’s Windows Hello for Business Flaw Let Attackers Bypass Authentication

A recently discovered vulnerability in Microsoft’s Windows Hello for Business (WHfB) authentication system allowed attackers to bypass the supposedly phishing-resistant login method, raising concerns about the security of this widely adopted passwordless solution. (Cyber Security News)

Meta Removes 63,000 Instagram Accounts Linked to Nigerian Sextortion Scams

Meta Platforms on Wednesday said it took steps to remove around 63,000 Instagram accounts in Nigeria that were found to target people with financial sextortion scams. (The Hacker News)

GitLab Patched XSS Vulnerability that Lets Attackers to Execute Arbitrary Code

GitLab has released new Community Edition (CE) and Enterprise Edition (EE) versions to address multiple vulnerabilities. Among these, a high-severity cross-site scripting (XSS) vulnerability has garnered particular attention due to its potential to allow attackers to execute arbitrary code, (Cyber Security News)

TracFone Will Pay $16 Million to Settle FCC Data Breach Investigation

Following three separate data breaches between 2021 and 2023 which exposed the proprietary information (PI) of TracFone Wireless customers, the Federal Communications Commission (FCC) announced that the Verizon-owned company has agreed to pay a $16 million civil penalty to settle the government investigation, and it has made an agreement to improve its application programming interface  (API) security. (Malwarebytes Labs)