Oracle's October 2024 Patch update fixes over 300 security flaws, urges immediate deployment

Oracle’s October 2024 Critical Patch Update (CPU) includes 334 new security patches, addressing 220 unique CVEs. Notably, 186 patches resolve remotely exploitable vulnerabilities requiring no authentication.

Oracle Communications received the most attention, with 81 out of 100 patches addressing critical flaws that could be exploited remotely without authentication. MySQL, Fusion Middleware, Financial Services Applications, and E-Business Suite also received significant updates, with MySQL getting 45 patches (12 addressing remotely exploitable issues).

Additional products, like Communications Applications, Analytics, and PeopleSoft, received approximately a dozen patches each. Smaller patch sets were released for Oracle Commerce, Java SE, and various enterprise products.

Oracle advised customers to apply updates promptly, as threat actors have exploited known vulnerabilities for which patches were available. The update includes fixes for non-exploitable CVEs and third-party components. As in previous updates, Oracle continues to stress the importance of timely patch deployment to avoid cyberattacks on unpatched systems.

Company hacked after unknowingly hiring North Korean cyber criminal as remote IT worker

An unnamed company was hacked after unknowingly hiring a North Korean cyber criminal as a remote IT contractor. The individual had faked his credentials and personal details, allowing him access to the firm’s network, where he downloaded sensitive data and issued a ransom demand. The hack was reported by Secureworks to raise awareness of the rising threat of North Korean operatives posing as remote workers.

The contractor, believed to be a man, was hired in the summer and spent four months accessing the company’s systems. He allegedly funnelled his salary back to North Korea, evading sanctions through complex laundering methods. After his dismissal for poor performance, the company received ransom emails demanding cryptocurrency, threatening to leak the stolen data if unpaid.

This case highlights a growing trend of North Korean cyber operatives infiltrating western companies, with reports suggesting such practices have affected even Fortune 100 firms.

Organisations should use Cyberconnect360 to source talent, ensuring thorough background checks and expert vetting.

Microsoft customers face more than 600 million cybercriminal and nation-state attacks every day

Microsoft’s Digital Defense Report reveals that their customers face over 600 million cyber threats daily, from ransomware to identity attacks. Nation-state threat actors are increasingly collaborating with cybercriminal groups, sharing tools and tactics for espionage, influence, and financial gain. This convergence has fueled a surge in attacks, with nation-state groups exploiting geopolitical tensions, such as the conflicts in Ukraine and Israel, to target entities globally.

Protecting against this escalating threat landscape requires a comprehensive cyber defence strategy, not just routine cyber hygiene practices. It’s essential to fortify digital spaces and engage at all levels—from individual users to corporate executives and government leaders—to build resilience.

Additionally, cybercriminals are also harnessing AI for more sophisticated attacks, making it crucial for organisations to adopt agile, robust cybersecurity measures. Microsoft’s report underscores the globalised nature of cyber warfare, emphasising the need for organisations to stay vigilant against these rapidly evolving threats.

Over 200 malicious apps found on Google Play with nearly 8 million downloads, researchers warn

Researchers have found that over 200 malicious apps were distributed via Google Play between June 2023 and April 2024, amassing nearly eight million downloads. These apps belong to malware families like Joker, which steals information and subscribes users to premium services, and Adware, which loads intrusive ads. Facestealer, Coper, and Harly were among other threats identified.

Despite Google Play’s security checks, attackers often bypass them using techniques like ‘versioning,’ where malware is delivered through updates or loaded from attacker-controlled servers. Some malware campaigns, such as Necro and Goldoson, have reached millions of users by embedding malicious code in popular app categories like productivity and lifestyle.

The researchers reported an overall decline in malware attacks on Google Play, with an average of 1.7 million blocks per month.

To stay safe, users should read app reviews, scrutinise permissions, and avoid installing apps that request unnecessary access to sensitive information.

CISA adds critical SolarWinds, Windows, and Firefox vulnerabilities to known exploited list; agencies urged to patch by November 5

The Cybersecurity and Infrastructure Security Agency (CISA) has added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including a critical flaw in SolarWinds Web Help Desk (WHD), addressed in August 2024. This flaw, tracked as CVE-2024-28987, involves hardcoded credentials that could enable attackers to access and manipulate WHD data without authorisation.

SolarWinds issued a hotfix shortly after the flaw was reported, urging users to update to WHD 12.8.3 Hotfix 2 or later. Federal agencies have until November 5, 2024, to secure their systems.

The two other vulnerabilities are a Windows Kernel flaw, CVE-2024-30088, exploited by APT34 to gain SYSTEM privileges, and a Mozilla Firefox flaw, CVE-2024-9680, potentially used for espionage. CISA requires federal agencies to patch these flaws by the same deadline.

North Korean group ScarCruft exploits Windows zero-day to deploy RokRAT malware via compromised ad program

North Korean hacking group ScarCruft, also known as TA-RedAnt, has exploited a now-patched Windows zero-day vulnerability, CVE-2024-38178, to deliver malware named RokRAT. The flaw, rated 7.5 on the CVSS scale, was a memory corruption issue in the Scripting Engine, particularly when using Edge in Internet Explorer Mode. Microsoft fixed the issue in August 2024, but the attack required users to click a malicious link to trigger remote code execution.

The AhnLab Security Intelligence Center and South Korea’s National Cyber Security Center identified the campaign, dubbed Operation Code on Toast. ScarCruft leveraged an unsupported Internet Explorer module within a ‘toast’ ad program to deploy malware. By compromising a local advertising agency’s server, the attackers infected devices via booby-trapped ad content.

RokRAT enables remote access, file enumeration, and process termination, using legitimate cloud services like Dropbox and Google Cloud as command-and-control servers to avoid detection.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.