Microsoft's September 2024 Patch Tuesday Fixes 79 Vulnerabilities, Including Four Zero-Day Exploits

Microsoft's September 2024 Patch Tuesday addressed 79 security flaws, including four zero-days. Three of these zero-days are actively exploited, and one has been publicly disclosed. Notable vulnerabilities include:

• CVE-2024-38014: An Elevation of Privilege vulnerability in Windows Installer, allowing SYSTEM-level attacks.
• CVE-2024-38217: A Mark of the Web Security Feature Bypass, exploited since 2018 through a technique called LNK stomping.
• CVE-2024-38226: A Publisher flaw that bypasses macro protections.

Additionally, CVE-2024-43491 was marked as exploited, affecting Windows 10 systems, reintroducing vulnerabilities in several components like Active Directory and IIS.

Seven critical vulnerabilities were addressed, mainly involving remote code execution and privilege escalation. For a complete list of updates and affected systems, Microsoft’s advisory provides detailed information.

Lazarus hackers impersonate recruiters to target Python developers with malware in fake coding tests

Members of the North Korean hacker group Lazarus are impersonating recruiters to target Python developers with coding test projects for password management software that contain malware. This activity is part of the 'VMConnect campaign,' first detected in August 2023, where threat actors uploaded malicious Python packages to the PyPI repository.

According to ReversingLabs, which has been monitoring the campaign for over a year, the hackers use GitHub to host these projects, providing professional-looking README files to enhance the scheme's legitimacy. The group often impersonates major U.S. banks, such as Capital One, to lure developers with attractive job offers.

Further investigation revealed that Lazarus actively contacts targets via LinkedIn, a known tactic used by the group. This approach, combined with the fake coding tests, creates a sense of urgency and professionalism, making it harder for victims to identify the threat.

EU sanctions six Russian hackers for cyber attacks on Healthcare and Banking services

The EU has sanctioned six individuals involved in cyber attacks targeting critical infrastructure and essential services, such as healthcare and banking. This marks the first time sanctions have specifically addressed attacks on these sectors. The European Council’s statement emphasised the EU’s commitment to strengthening its response to malicious cyber activities.

Currently, 14 individuals and four entities are sanctioned for cyber crimes against the EU. Sanctions include asset freezes and travel bans, preventing those listed from receiving any funds from EU institutions.

The European Union Agency for Cybersecurity (ENISA) highlighted public administration, healthcare, and digital infrastructure as key targets for cybercriminals in its 2023 threat assessment. Among those sanctioned are leaders of Russian hacker groups, including Oleksandr Skilanko and Mykola Chernykh, who are accused of cyber attacks against Ukraine and EU states via the "Armageddon" group. The EU condemned Russia’s ongoing irresponsible cyber behaviour, which forms part of its wider conflict with Ukraine.

UK government designates Data Centres as Critical National Infrastructure to enhance cyber security and resilience

The UK Government has designated the data centre sector as part of its critical national infrastructure (CNI), placing it on par with essential services like energy and water. This move enables government support during critical incidents, minimising economic impact.

A dedicated CNI data infrastructure team will be established to monitor threats and provide priority access to security agencies, such as the National Cyber Security Centre, and coordinate emergency services if needed. This means that in cases like a cyber attack on data centres hosting sensitive NHS data, the government will intervene to ensure continuity of essential services.

Technology Secretary Peter Kyle highlighted the importance of this decision in improving cooperation between the government and the sector against cyber threats.

TfL confirms no impact on customer data or services following cyber security incident, some systems affected

Transport for London (TfL) has confirmed that the cyber security incident reported last week has not affected customer data or public transport services. In a statement, TfL said it is actively addressing the issue, having taken immediate measures to prevent further system access.

While the transport network remains fully operational, some services are impacted, including:

• Suspended applications for Oyster photocards, including Zip cards
• Unavailable online journey history for contactless users
• Inability to issue refunds for contactless journeys, with Oyster customers needing to self-serve online

Staff also have limited system access, potentially delaying responses to queries and webform submissions.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.