Cyber Intelligence Weekly

Cyber Intelligence Weekly (August 18, 2024): Our Take on Three Things You Need to Know

By Dan Desko
Posted on Aug 18 / 2024

Welcome to our weekly newsletter where we share some of the major developments on the future of cybersecurity that you need to know about. Make sure to follow my LinkedIn page as well as Echelon’s LinkedIn page to receive updates on the future of cybersecurity!

To receive these and other curated updates to your inbox on a regular basis, please sign up for our email list here: https://echeloncyber.com/ciw-subscribe

Before we get started on this week’s CIW, I’d like to highlight Echelon’s IAM Strategy & Roadmap Services. Identity and Access Management (IAM) is crucial for safeguarding your organization’s assets and ensuring compliance in today’s rapidly evolving digital landscape. At Echelon, we take a collaborative approach to developing a comprehensive IAM strategy and roadmap.

Questions about your defensive cybersecurity strategy? Contact us today! https://lnkd.in/e6fJiPTT

Away we go!

 

1. Iranian Hacker Group Targets Both U.S. Presidential Campaigns, Google Reports

Google's cybersecurity team has revealed that APT42, a hacker group believed to be connected to Iran’s Revolutionary Guard Corps, has targeted both the Trump and Biden presidential campaigns. The group, known for its aggressive espionage activities, attempted to breach the accounts of about a dozen individuals linked to both campaigns in the spring of 2024. This bipartisan targeting underscores Iran's broader interest in influencing U.S. elections rather than favoring a specific candidate.

APT42, which has previously targeted both campaigns during the 2020 election, continues to focus on high-profile figures, including current and former government officials. The group’s tactics include phishing attempts to gain access to personal email accounts and compromising credentials. In one case, the hackers successfully breached the Gmail account of a political consultant. This cyber activity echoes past influence operations, such as Russia's 2016 hack-and-leak campaign against Hillary Clinton.

Although only the Trump campaign has confirmed that sensitive files were leaked, Google and other tech companies have blocked numerous ongoing attempts to access the accounts of campaign officials. The FBI has also launched an investigation into the phishing attacks. APT42’s activities highlight the evolving landscape of political cyberattacks, with multiple foreign actors now vying to influence U.S. elections.

The report serves as a reminder that political espionage has become a persistent threat, with potential implications for national security and democratic processes. As the 2024 election approaches, the U.S. must remain vigilant against these cyber threats from foreign adversaries.

 

2. Microsoft's Summer 6-Pack, Patch Tuesday Addresses Six Zero-Day Vulnerabilities

Microsoft has released its August 2024 security updates, addressing a total of 90 vulnerabilities across its software, including six critical zero-day flaws that are currently being exploited by attackers. These vulnerabilities affect a range of Microsoft products, such as Office, .NET, Visual Studio, Azure, Microsoft Dynamics, Teams, and Windows itself.

Among the six zero-day flaws, three are local privilege escalation vulnerabilities, which allow attackers to gain SYSTEM-level privileges on a compromised machine. Notably, CVE-2024-38106 and CVE-2024-38107 target the Windows Kernel, while CVE-2024-38193 affects another part of the Windows operating system. These vulnerabilities are particularly concerning as they can be combined with other flaws to execute more complex attacks.

Another significant zero-day vulnerability, CVE-2024-38178, is a remote code execution flaw that exploits the Internet Explorer Mode in Microsoft Edge. While this mode is not enabled by default, attackers can still exploit it in organizations or users that have this configuration active. Additionally, CVE-2024-38213 is a zero-day that bypasses the "Mark of the Web" security feature, allowing malware to evade the usual warnings when opening files downloaded from the internet.

Microsoft also addressed CVE-2024-38189, a remote code execution vulnerability in Microsoft Project. However, this flaw only affects users who have disabled security notifications related to VBA Macros, highlighting the importance of keeping security features active.

In addition to Microsoft’s updates, Adobe released security patches for 71 vulnerabilities across multiple products, including Illustrator, Photoshop, and Acrobat. While there are no reports of active exploitation for the Adobe flaws, it's still essential for users to stay updated.

For those managing Windows systems, it's advisable to apply these updates promptly, though waiting a few days to ensure the patches are stable is a reasonable approach. As always, backing up your data before updating is a good practice to mitigate any potential issues.

 

3. Unpatched Flaw in Google Pixel Phones Raises Security Concerns

Researchers at iVerify, a mobile security firm, have uncovered a significant vulnerability in Google Pixel phones that has existed since September 2017. The flaw, tied to a hidden Android app called "Showcase.apk," exposes nearly all Pixel devices to potential attacks, allowing hackers to take control of the devices. The vulnerability, originally designed for in-store demo purposes by software company Smith Micro for Verizon, was found to have deep system privileges, including remote code execution.

Despite being alerted in May, Google has yet to release a patch for the issue. The tech giant stated that the app is no longer used by Verizon and will be removed from supported Pixel devices in upcoming updates. However, the delay in addressing the vulnerability has led some companies, like Palantir, to abandon Android devices altogether due to concerns over Google's response.

Showcase.apk, while turned off by default, poses a serious risk if an attacker gains physical access to the device or exploits another vulnerability to enable the app. Although Google emphasized this limiting factor, iVerify researchers warn that the potential for exploitation remains significant. The discovery has prompted Google to notify other Android manufacturers who may also be affected.

The situation highlights concerns about third-party software being embedded in Android’s firmware without proper testing or disclosure. As the security community awaits a fix, users are advised to stay vigilant and consider additional security measures until the vulnerability is fully resolved.

Thanks for reading!

About us: Echelon is a full-service cybersecurity consultancy that offers wholistic cybersecurity program building through vCISO or more specific solutions like penetration testing, red teaming, security engineering, cybersecurity compliance, and much more! Learn more about Echelon here: https://echeloncyber.com/about

Are you ready to get started?