Articles of interest from the week of December 2, 2024

Phishing Emails Increasingly Use SVG Attachments To Evade Detection

Phishing attacks are becoming increasingly deceptive as cybercriminals exploit SVG (Scalable Vector Graphics) files to evade detection by security tools. These attachments, often masked as legitimate forms or documents, can execute JavaScript or display phishing forms directly in the browser, stealing credentials or deploying malware. With their minimal detection rates, SVG-based attacks pose a serious threat to email users. Learn how these techniques work and why vigilance is critical when dealing with unexpected email attachments. (Bleeping Computer)

“SVG attachments represent a clever and increasingly used phishing technique that exploits email security gaps by embedding malicious code within seemingly harmless graphic files. Threat actors are able to take action such as hide phishing forms and malware delivery mechanisms within SVG attachments, which often evade traditional security scanners due to their text-based nature and low detection rates. With SVG attachments not common for legitimate business emails, organizations should consider implementing strict email filtering rules that flag or block SVG attachments, complemented by robust user awareness training that emphasizes caution with unexpected file types. The most effective defense in cybersecurity lies in a multi-layered approach that combines technical safeguards with human vigilance, treating every unexpected digital interaction as a potential security risk.” – Hunter Landry, Senior SOC Analyst at Ingalls Information Security

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin for WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. (The Hacker News)

Misconfigurations Can Cause Many Microsoft Power Pages Sites To Expose Sensitive Data

Organizations that develop websites with Microsoft Power Pages can accidentally overprovision database privileges for authenticated or anonymous users, leading to the exposure of sensitive records, a researcher has found. Many websites built with Microsoft Power Pages expose sensitive information from their databases due to a poor understanding of access control configurations and default settings, according to a report from researchers at a SaaS security provider. (CSO)

HC3 Warns Healthcare of Godzilla Web Shell Backdoor

Healthcare organizations are on alert as HC3 warns of the "Godzilla" web shell backdoor, a sophisticated threat attributed to Chinese cyber actors. Designed to bypass detection using encryption, Godzilla enables attackers to execute commands, manipulate files, and conduct reconnaissance within compromised systems. The persistent danger lies in its accessibility, allowing other malicious groups to adopt and adapt its capabilities. Learn how healthcare providers can prepare against this advanced cyber weapon in HC3's detailed analysis. (TechTarget)

APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign

The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. (The Hacker News)

New NachoVPN Attack Uses Rogue VPN Servers to Install Malicious Updates

A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them. Security researchers found that threat actors can trick potential targets into connecting their SonicWall NetExtender and Palo Alto Networks GlobalProtect VPN clients to attacker-controlled VPN servers using malicious websites or documents in social engineering or phishing attacks.. (Bleeping Computer)

Homeland Security Department Releases Framework for Using AI in Critical Infrastructure

The U.S. Department of Homeland Security has introduced a framework to guide the use of artificial intelligence (AI) in critical infrastructure, including power grids and water systems. This living document emphasizes human-centric values, user privacy, and transparency while addressing AI-related risks. It also includes measures for safeguarding cloud computing and data center security. Developed with input from the AI Safety and Security Board, the framework outlines responsibilities for both private industries and government bodies, reflecting a proactive approach to AI integration in essential systems. (SecurityWeek)

U.S. Citizen Sentenced for Spying on Behalf of China's Intelligence Agency

A gripping story of espionage, the article details the sentencing of a U.S. citizen for acting as a covert agent for China's Ministry of State Security. Ping Li, a former Verizon and Infosys employee, shared sensitive information, including data on Chinese dissidents and cybersecurity resources, with Chinese operatives over a decade. His actions highlight growing concerns over China's global intelligence operations and the targeting of U.S. corporations and advocacy groups. This case is part of a broader pattern of state-sponsored espionage examined by U.S. officials. (The Hacker News)

Google AI Platform Bugs Leak Proprietary Enterprise LLMs

Google has fixed two flaws in Vertex AI, its platform for custom development and deployment of large language models (LLMs), that could have allowed attackers to exfiltrate proprietary enterprise models from the system. The flaw highlights once again the danger that malicious manipulation of artificial intelligence (AI) technology present for business users. (Dark Reading)