VIEH Daily threat analysis | 18 September 2024

Clipper malware are back in action and the attackers are hunting for cryptocurrency wallets. Binance has issued a warning after detecting a surge in ClipBanker attacks, which swap wallet addresses from clipboards, leading to financial losses for unsuspecting users.

Apple’s Vision Pro headset hit a snag with a vulnerability dubbed GAZEploit, which let attackers infer virtual keyboard inputs by analyzing eye movements. Patched in visionOS 1.3, CVE-2024-40865 allowed bad actors to extract sensitive data like passwords using supervised learning models to detect typing sessions.

WiFi 6 routers are facing a new security storm. D-Link has patched critical vulnerabilities in popular models like COVR-X1870 and DIR-X5460, preventing remote attackers from exploiting flaws like buffer overflows and telnet service issues—users are urged to update their firmware immediately.

Top Malware Reported in the Last 24 Hours

RustDoor attributed to North Korean hackers

North Korean hackers are targeting cryptocurrency users on LinkedIn using the RustDoor malware. The attacks involve pretending to be recruiters for legitimate decentralized cryptocurrency exchanges like STON.fi, aiming to infiltrate networks under the guise of interviews or coding assignments. RustDoor is a macOS malware designed to steal information and operate as a backdoor with two different command-and-control servers. This campaign, detected by Jamf Threat Labs, is significant because it marks the first time RustDoor has been attributed to North Korean threat actors.

Crypto users hit with clipper malware

Cryptocurrency exchange Binance alerted users to a surge in clipper malware attacks targeting cryptocurrency holders. This malware, known as ClipBankers, can intercept clipboard data and replace cryptocurrency wallet addresses with those controlled by attackers. Binance issued a warning on September 13, 2024, after noticing a significant rise in malicious activity, causing financial losses for affected individuals.

Top Vulnerabilities Reported in the Last 24 Hours

D-Link patches critical bugs

D-Link has addressed critical vulnerabilities in select WiFi 6 routers and mesh networking systems that could be exploited by remote attackers to run unauthorized code or gain access with hardcoded credentials. The impacted models are popular choices for consumers seeking high-quality networking equipment. The flaws, including buffer overflow and telnet service issues, were found in COVR-X1870, DIR-X4860, and DIR-X5460 routers. D-Link advises users to update their firmware to resolve the vulnerabilities.

Apple Vision Pro vulnerability revealed

Apple’s Vision Pro headset was affected by a security flaw named GAZEploit, allowing attackers to infer virtual keyboard inputs. The vulnerability, CVE-2024-40865, was patched in visionOS 1.3. Researchers found that analyzing eye movements on a virtual avatar could reveal text entered on the keyboard, compromising user privacy. Threat actors could exploit this to extract sensitive information like passwords, using supervised learning models to differentiate typing sessions from other VR activities.

Java applications at risk

A critical path traversal vulnerability (CVE-2024-38816) in the widely used Spring Framework poses a severe threat to Java applications. Attackers can exploit this flaw to access sensitive files on the server, risking data breaches and system compromise. The vulnerability affects applications using RouterFunctions with FileSystemResource location for static resource handling. Organizations must promptly update their Spring Framework to versions 5.3.40, 6.0.24, or 6. 1.13 to address this risk.

Looking for cybersecurity internship: Click here

Entire post Credit: Jamf, binance, Bleeping Computer, the hackers news, Security Online, Cyware

Leave a Comment

Your email address will not be published. Required fields are marked *