Cybersecurity

CyberWednesday: Top 10 Cybersecurity Updates #9

6 min. read
Placeholder for Two men looking at a laptopTwo men looking at a laptop

Share

This week, we uncover critical cybersecurity developments ranging from vulnerabilities in GPU systems and ransomware targeting healthcare to innovative phishing tactics and AI-driven disinformation campaigns. These updates highlight the dynamic nature of cyber threats and the importance of staying informed. Dive into our detailed analysis to understand the risks and solutions shaping the digital landscape.

1. Critical GPU DDK Vulnerabilities Allow Attackers to Execute Arbitrary Code in Physical Memory

Two high-severity vulnerabilities (CVE-2024-47892 and CVE-2024-43704) have been discovered in GPU Driver Development Kits (DDK) that use Unified Memory Architecture (UMA). These flaws, found in versions up to DDK 24.2 RTM1, expose systems to potential physical memory exploitation.

The first vulnerability, a Use-After-Free (UAF) issue, allows non-privileged users to access and manipulate freed physical memory, opening the door to data leaks and complete system compromise. The second flaw, affecting the PowerVR component, enables process handle reuse during PID recycling, further increasing the risk of exploitation.

Given the critical role of GPUs in data centres, AI research, and enterprise IT, organisations must act quickly to apply patches provided by DDK developers. These vulnerabilities underscore the ongoing challenges in securing systems that combine complex memory management with hardware acceleration. (Source: Cybersecuritynews.com)

2. Fintech Giant Finastra Investigates Large-Scale Data Breach

Finastra, a London-based fintech provider serving major global banks, is investigating a breach involving its file transfer platform. Threat actors have reportedly exfiltrated over 400GB of sensitive customer data, which is now being sold on the dark web.

The company detected the suspicious activity on November 7, 2024, but it appears attackers had access for at least a week prior. Initial findings point to compromised credentials as the root cause. While Finastra has assured customers that operations remain unaffected, the stolen data may include wire transfer instructions and other highly sensitive financial information.

This breach highlights the critical importance of securing third-party platforms and underscores the risks associated with supply chain vulnerabilities. Finastra’s proactive communication and transparent approach offer a case study in effective incident response. (Source: Krebsonsecurity.com)

3. BootKitty UEFI Malware Exploits LogoFAIL Vulnerability to Target Linux Systems

The first known Linux UEFI bootkit, dubbed “BootKitty,” has been identified. This malware exploits the LogoFAIL vulnerability (CVE-2023-40238) to bypass Secure Boot protections, enabling the installation of malicious bootloaders.

BootKitty uses manipulated BMP files to exploit firmware flaws, injecting rogue certificates to authorise unauthorised boot processes. Current evidence suggests that the malware targets Lenovo devices running Insyde firmware, but its potential reach is far broader.

While BootKitty’s scope is currently limited to specific Ubuntu versions, its existence underscores the urgent need for enterprises to prioritise firmware security. Organisations should deploy available patches, limit physical access to systems, and implement robust BIOS/UEFI passwords. (Source: Bleepingcomputer.com)

4. AWS Launches Advanced Security Incident Response Service

Amazon Web Services (AWS) has introduced a new service aimed at enhancing incident response capabilities for its cloud customers. The AWS Security Incident Response service leverages automation to triage and analyse security signals, offering real-time alerts and continuous support from AWS’s Customer Incident Response Team (CIRT).

This service simplifies incident management with preconfigured notification rules, investigation tools, and metrics to improve response times and minimise impact. Features include secure data transfer, case tracking, and direct collaboration with third-party security vendors.

As enterprises increasingly rely on cloud infrastructure, AWS’s new service provides a critical tool for addressing ransomware attacks, data breaches, and other security events. This marks another step in AWS’s commitment to strengthening enterprise resilience against cyber threats. (Source: Securityweek.com)

5. Hackers Can Access Laptop Webcams Without Activating LED Indicators

Researchers have identified a vulnerability that allows attackers to access laptop webcams without triggering the LED indicator light. Demonstrated on ThinkPad X230 models, this exploit leverages USB fuzzing and firmware manipulation to inject arbitrary code into the webcam module.

This raises significant privacy concerns for organisations using laptops in sensitive environments. The ability to bypass LED indicators undermines trust in hardware security features and exposes enterprises to potential surveillance risks.

Manufacturers are urged to implement hardware-level connections between camera power and LED indicators, enforce robust firmware signature verification, and conduct comprehensive security audits. Enterprises should also consider physical webcam covers as an interim measure. (Source: Cybersecuritynews.com)

6. AI-Powered Fake News Campaign Targets Western Support for Ukraine and U.S. Elections

A Moscow-based company, previously sanctioned by the U.S., has been linked to Operation Undercut—a disinformation campaign leveraging AI-generated videos and fake news sites to influence public opinion.

The campaign seeks to erode Western support for Ukraine, amplify socio-political tensions in Europe and the U.S., and shape narratives around key geopolitical events such as the Israel-Gaza conflict and the 2024 U.S. elections. By exploiting trusted media brands and trending hashtags, the operation spreads divisive content across platforms like Facebook and 9gag.

This underscores the evolving role of AI in propaganda and highlights the need for enterprises to remain vigilant against misinformation targeting their stakeholders and employees. (Source: TheHackerNews)

7. 8 Million Android Users Hit by SpyLoan Malware on Google Play

Over a dozen malicious loan apps on Google Play, downloaded over 8 million times, have been found to contain SpyLoan malware. These apps exploit users by demanding excessive permissions and collecting sensitive data, later used for extortion or harassment.

Operating in regions like Southeast Asia, Latin America, and Africa, the malware follows a consistent pattern of targeting vulnerable users through deceptive financial assistance. Enterprises with BYOD policies should enforce strict app vetting procedures and educate employees about risks associated with such apps. (Source: TheHackerNews)

8. Source Code of $3,000-a-Month macOS Malware ‘Banshee Stealer’ Leaked

The source code for Banshee Stealer, a macOS malware targeting keychains, browser data, and cryptocurrency wallets, has been leaked online. Previously sold for $3,000/month, this malware’s availability increases the risk of widespread attacks against macOS users.

Enterprises using macOS should ensure endpoint protection tools are updated and remain vigilant against phishing attempts, a common vector for malware deployment. The incident underscores the importance of macOS-specific security strategies, especially in environments with high-value data. (Source: Securityweek.com)

9. Two UK Hospitals Hit by Cyberattacks, One Postpones Procedures

Two NHS hospitals have disclosed cyberattacks, with one involving ransomware. Alder Hey Children’s Hospital reported data theft claims, while Wirral University Teaching Hospital was forced to revert to manual operations, delaying some procedures.

This incident highlights the vulnerabilities in healthcare IT systems and the potential impact on critical infrastructure. Enterprises managing sensitive data should reassess their incident response plans and adopt robust ransomware prevention strategies. (Source: Securityweek.com)

10. Blue Yonder Ransomware Attack Disrupts UK Retailers

A ransomware attack on Blue Yonder, a major supply chain software provider, has disrupted operations for several UK retailers, including Morrisons and Sainsbury’s. The incident, which targeted Blue Yonder’s managed services, forced businesses to implement manual backup processes, impacting deliveries and workforce scheduling.

The timing of the attack, just before the busy holiday season, suggests a calculated move to maximise disruption. While recovery efforts are ongoing, the event underscores the critical importance of securing supply chain systems against ransomware threats. (Source: Computerweekly.com)

This week’s updates underline the growing complexity of cybersecurity challenges across hardware, software, and infrastructure. Enterprises must remain proactive by adopting robust security measures and staying informed about emerging threats. At Nomios, we provide bespoke cybersecurity solutions tailored to large organisations. If you have any questions or need expert guidance, don't hesitate to contact our team. Together, we can fortify your defences and secure your enterprise in this ever-evolving digital landscape.

Get in touch

Do you want to know more about this topic?

Our experts and sales teams are at your service. Leave your contact information and we will get back to you shortly.

Placeholder for Portrait of french manPortrait of french man
Updates

More updates