Weekly Cyber Reports

This Week in Cyber 11th October 2024

Latest news and views from our Cyber Analysts

Written by

Team Nucleus

Content
Written on

3rd October, 2024

SHARE ARTICLE


Analyst Insight


This week, there have been several significant cyber security events:


  • The Internet Archive suffered a breach, exposing 31 million user credentials.
  • A critical zero-day affecting Qualcomm chipsets is patched. LEGO’s official website was hacked to promote a cryptocurrency scam.
  • Microsoft addressed 118 vulnerabilities in their October 2024 Patch Tuesday updates.
  • On a positive note, Cloudflare successfully mitigated the largest-ever recorded DDoS attack.



31 Million User Credentials Exposed in Internet Archive Breach


Hackers have breached the Internet Archive’s “Wayback Machine” user authentication database, compromising 31 million records. The breach was discovered on Wednesday afternoon when a JavaScript alert appeared on the compromised archive.org website, stating:


“Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!” (Have I Been Pwned).


Troy Hunt from HIBP reported that he acquired the stolen data on September 30th, reviewed it on October 5th, and subsequently alerted the Internet Archive on October 6th. Additionally, the Internet Archive has faced multiple DDoS attacks, with the BlackMeta group claiming responsibility. However, the identity of the data breach perpetrator remains unknown.


LEGO’s Official Website Breached to Promote Crypto Scam


The LEGO official website was breached to display a cryptocurrency scam on the home page. The coin was dubbed “LEGO Coin” which prompted users to “buy the new LEGO coin today and unlock secret rewards!”. The link would direct users to Uniswap (a cryptocurrency platform, predominantly tokens) where the user can purchase the scam coin with Ethereum.


LEGO reported to BleepingComputer that “No user accounts have been compromised, and customers can continue shopping as usual. The cause has been identified and we are implementing measures to prevent this from happening again.”


The attack was reported to be a failure, with only a few users falling for the crypto scam.


Critical Zero-Day Vulnerability Affecting Qualcomm Chipsets Patched


A zero-day vulnerability (CVE-2024-43047)  within the Digital Signal Processor (DSP) service that affects approximately 64 Qualcomm chipsets, has been patched. Many large companies use Qualcomm chipsets in their Android devices such as Samsung, Motorola and OnePlus.


The vulnerability was initially reported by Google and Amnesty International Security researchers who identified a "use-after-free" vulnerability which can cause programs to crash, use unexpected values or execute code. This type of vulnerability can be exploited by local, low privileged attackers.


DDoS Halted by CloudFlare


Cloudflare has successfully mitigated the largest-ever recorded DDoS attack, which peaked at an astonishing 3.8 terabits per second (Tbps). This unprecedented attack, targeting a single customer, was part of a month-long campaign that aimed to overwhelm network bandwidth and exhaust computing resources.



Cloudflare’s autonomous systems detected and neutralised the attack without human intervention, showcasing the robustness of their security infrastructure. The attack primarily utilised the UDP protocol and originated from compromised devices across multiple countries, including Vietnam, Russia, Brazil, Spain, and the U.S


Microsoft October 2024 Patch Tuesday Address 118 Vulnerabilities


This month’s Patch Tuesday addresses a total of 118 security vulnerabilities. Among these, five zero-day flaws were identified, with two actively exploited in the wild. The update also includes patches for three critical remote code execution (RCE) vulnerabilities.



  • CVE-2024-43468 (CVSS 9.8) - Microsoft Configuration Manager Remote Code Execution Vulnerability

  • CVE-2024-43488 (CVSS 8.8) - Visual Studio Code extension for Arduino Remote Code Execution Vulnerability

  • CVE-2024-43582 (CVSS 8.1) - Remote Desktop Protocol Server Remote Code Execution Vulnerability


More information about this months “Patch Tuesday” can be found on Microsoft MSRC.

NUCLEUS

Recommended Posts

Subscribe to Nucleus blog updates.

Subscribe to our newsletter and stay updated.

Subscribe to Nucleus