In the present time, it is a must for users to be aware of the fundamental concept of cyber security. It will help them to excel in their careers. It is a surprising fact that the worldwide cybersecurity market size will reach USD 281.74 billion by 2027. It clearly indicates the urgency of being familiar with the ways to safeguard against potential cyber-attacks.

If you are eager to have an overview of the threats and vulnerabilities in cybersecurity, stay tuned. Let’s explore the blog and stay ahead of the cyber security threats & vulnerabilities.

Threats

In this section, we will provide you with a list of well-explained threats to cyber security. Let’s have an overview of them.

Hackers’ Attack on Notepad++ Plugin

Criminals have aimed at the most commonly used Notepad++ plugin named - “mimeTools.dll.” They also injected malicious code that impacted users’ systems. The AhnLab Security Intelligence Center discovered this attack. Later on, it leveraged DLL Hijacking to implement encrypted malicious Shell Code.

It posed a crucial threat to a range of programmers as well as writers. All of them have a dependence on Notepad++. It is all because of its versatility and plugin support.

Supply Of Byakugan Malware Through Weaponized PDF Files

Each cybersecurity researcher at Fortinet has disclosed a new attack vector. It involved fortified PDF files. The key purpose of utilizing these files is to deliver the multi-functional Byakugan malware.

Hackers exploited the faith and popularity of PDFs and later on infiltrated systems. For this, they used malicious codes. These codes are immersed in evidently harmless documents. As a result, it highlighted the requirement of intensified consciousness and security against all these files.

Counterfeit E-Shopping Attacks Aim at Banking Identities

A highly developed fraudulent e-shop scam crusade has been aimed at users in Southeast Asia. It hijacked banking details through phishing emails and ill-natured APKs. Apart from this, the attackers have inflated their operations.

Besides, they also utilized screen-sharing and exploiting approachability services to acquire more control over the devices of the victims. As a result, this campaign signifies the revolutionary tactics concerned with cybercriminals. It helped them a lot to steal confidential data.

Rhadamanthys Stealer strikes the oil and gas industries

Rhadamanthys Stealer malware targeted the oil and gas sector the most. It is delivered through hazardous PDF files. Simply put, this attack focuses on the ongoing threat to significant infrastructure sectors.

Along with the significance of robust cybersecurity measures. All of these measures help protect individuals against sophisticated threats.

Ransomware targets unfixed flaws

As per the latest report, it has come to notice that the evolving trend of ransomware attacks exploits each unpatched flaw. In the meantime, cyber attackers continue to leverage recognized weaknesses in systems. It helped them in deploying ransomware and also underscored the urgent requirement for timely updates.

This way, it becomes quite easy to prevent such attacks.

Availability Of  Android RAT on the Dark Web

One of the interesting things to be aware of is that an Android Remote Access Trojan (RAT) is available for sale on the dark web. It provides cybercriminals the ability to handle the infected devices remotely.

Ultimately, this development poses a crucial threat to all Android users. Furthermore, it emphasizes the significance of downloading apps cautiously and also the utilization of renowned sources.

Hijack Of Facebook Pages 

Being a user of Facebook, you will come across the latest schemes concerned with its pages. Attackers use the compromised accounts to acquire administrative access and to spread ill-natured content.

So, this tactic highlights the ongoing flaws within the social media platforms and the requirement for leveraged security measures.

Winnti Group’s Upcoming Initiative

The well-renowned Winnti Group has launched the latest campaign. For this, it utilized the Unapimon and Unhook malware. The main target of doing so was to attack organizations across the globe.

So, this campaign reveals the continuous evolution of the groups and their experience in cyber espionage activities.

AI Package Hallucination

Researchers have recognized a new threat dubbed “AI Package Hallucination.” In the meantime, the attackers handle AI systems skillfully to generate malicious code.

Simply put, this creative attack vector indicates a specific challenge to AI-driven security solutions. It is truly a call for advanced identification and mitigation strategies.

Operator Tesla Criminals revealed

A complete analysis has exposed the tactics and techniques that almost all attackers prefer. The main purpose of using these strategies is to deploy the Agent Tesla malware.

So, it enables you to have an insight into cybercriminals’ operations and valuable information for protection against such threats.

Hackers invade the channels on YouTube

It is not a matter to deny that cybercriminals are hijacking YouTube channels. They use these platforms for the promotion of scams and ill-natured content. This is one of the trends that emphasizes the requirement of the strongest security measures.

As an outcome, it generates consciousness among not only viewers but also content creators.

Vulnerabilities

If you have the enthusiasm to know the key vulnerabilities concerned with cyber security, you are in the right place. Let’s scroll down and become familiar with the selected vulnerabilities as follows-

Chinese Hacking Groups’ Attack on Ivanti Connect Secure VPN

There is a range of Chinese nexus espionage groups that exploit flaws in Ivanti Connect Secure VPN appliances. As per the investigation conducted by Mandiant, “CVE-2023-46805 and CVE-2024-21887” exploited vulnerabilities.

As a result, it allowed attackers to compromise Active Directory systems. Plus, it helps perform lateral movements. The most important thing to be aware of is that “UNC5325 and UNC5337” are two groups that deploy malware & TTP.

Magento E-commerce Platform Backdoor Exploitation

Discovery of the sophisticated vulnerability namely - CVE-2024-20720 in the Magento e-commerce platform, allows attackers to inject a never-ending persistent backdoor. This flaw allows attackers to manipulate the layout template system of Magento.

Along with this, they can also insert malicious XML code. Stripe payment skimmer is one of the payloads that steal payment information from customers.

Google Pixel Phone Zero-day vulnerabilities

Simply put, Google has supplied patches for zero-day vulnerabilities. Later on, it was manipulated rapidly, to protect against potential compromise. After that, all users are diverted to upgrade devices.

YubiKey Manager Capability Expansion

You can observe the privilege escalation flaw in YubiKey Manager. It enabled attackers to acquire elevated privileges. For this, it utilized the host machine.

So, being a user you also must be familiar with the significance of updating your software as per the latest version available.

Achievement FlowMon Risk

There is a possibility that a flaw in Flowmon could allow attackers to implement arbitrary code on the installations. The interesting part is that all these installations have already been affected.

Additionally, users ought to apply the patches as soon as they are released. Plus, they should not delay doing it.

Years-Old SS7 Problem in Phone Networks Addressed By Federal Companies

Finally, the great moment has come when the Federal organizations have begun patching a years-old SS7 flaw.  It influences phone networks. Later on, this vulnerability was recognized to enable attackers to interrupt calls and messages.

VMware SD-WAN Risks

VMware has fixed flaws in its SD-WAN appliances. It could enable attackers to unsettle service as well as implement commands. Later on, customers get inspiration to apply the latest updates offered by VMware.

Availability Of Chrome Zero-Day Bug

It has come into consideration that Google has patched a zero-day exploit to influence the Chrome browser. The flaw could permit you to execute the code remotely. So, being a user you should update your browsers promptly.

HTTP/2 Continuation Scam

“CONTINUATION Flood,” a new attack method has come into existence. It targets HTTP/2 protocol implementations. As a result, this can cause refusal of the service. Later on, Apache has labeled this issue in their latest update.

SQL Injection in WordPress Plugins

A SQL injection flaw has been located in the most renowned WordPress plugin. After some time, this vulnerability could enable attackers to approach crucial database information. In the meantime, users ought to make sure that their plugins are up-to-date according to the latest versions.

Bottom-line

Ultimately, after taking a deep dive into this blog post, you will be aware of the key cyber security threats & vulnerabilities. It will definitely be useful for you to safeguard your data and secure your systems.

To be precise, it will be easier for you to prioritize threats and vulnerabilities as soon as you recognize them. This way, you can eliminate such potential hazards

Did you find this post interesting? Join our TTB Community on LinkedIn for more informative blog posts & latest updates.