Cyber Security Monthly Recap: April 2024

April is over, but if you want to know what important has happened during the month, check out our selection of major topics from the cyberseucrity world. The past weeks were marked with the release of a number of security updates and reports. So, join us as we review the highlights.

Cyber Security Monthly Recap April-2024
Cyber Security Monthly Recap: April 2024

AT&T with an investigation into a data breach

Due to a data breach that affected 73 million current and past customers and contained personally identifiable information (PII) such as Social Security numbers, AT&T has opened an investigation. The leaked data was found on the dark web in the beginning of April. It’s unclear if AT&T or one of its vendors provided the information directly.

Nevertheless, AT&T has made it clear that there isn’t any proof of illegal access resulting in the exfiltration of data from its systems. Presumably from 2019 or earlier, the leaked data lacks critical information such as specific call history or financial details. An estimated 7.6 million active and 65.4 million past account holders have been impacted.

Sophos report is warning: SMBs are being targeted more than ever

A concerning new trend for 2024 is the increase in malware attacks against small and medium-sized businesses (abbreviated as SMBs). A Sophos report claims that nearly half of all malware incidents discovered on SMB endpoints in the previous year were caused by keyloggers, spyware, and info stealers. The later are pieces of malware that are specifically created to steal sensitive data and login credentials. The difficulties in identifying these cyberthreats, which further compromises authentic accounts and expands the avenues for cybercriminals to operate, are brought to light by the researchers.

The most likely and worst case scenario is the ongoing development of ransomware attacks, which are expected to increase in frequency by over 60% in the next few years with respect to remote encryption. The second most frequent threat variant is business email compromise, which also includes pre-attack phone calls and conversational emails to the target.

While these statistics are exponential, the major issue brought out by the researchers is the fact that these cyberthreats are too hard to spot. This results in more legitimate accounts exploited and victims to the growing opportunism of the cyber criminals.

Adobe with 24 patches for April 2024

Adobe fixed 24 CVEs in Adobe After Effects, Photoshop, Commerce, InDesign, Experience Manager, Media Encoder, Bridge, Illustrator, and Adobe Animate with nine patches that were released in April. The majority of these updates are for Experience Manager, but they are all just fixing basic Cross-site Scripting (XSS) vulnerabilities. Nevertheless, these Important-severity bugs have the potential to cause code execution if they are used maliciously.

The Animate and Commerce patches are the only other patches that address multiple CVEs. There are four bugs fixed in the Animate patch. Two of these have a critical rating and have the potential to cause arbitrary code execution. Two other Critical-rated bugs—one related to improper input validation and one related to XSS—are also fixed by the Commerce patch. Code execution could result from either.

At the time of release, none of the bugs that Adobe fixed this month were known to the public or targeted by active attacks. These updates have a deployment priority rating of 3 according to Adobe.

Microsoft released a whopping 147 new CVEs

Microsoft released 147 new CVEs in April. All are in Microsoft Windows and Windows Components; Office and Office Components and Azure; .NET Framework and Visual Studio; SQL Server; DNS Server; Windows Defender; Bitlocker; Windows Secure Boot. When counting in the third-party CVEs acquired this month, the CVE count comes to 155. Three of these bugs arrived via the ZDI program.

Of the new patches released, three are rated Critical, 142 Important, and two Moderate in severity. This is the biggest release from Microsoft this year and the largest since at least 2017. As far as we can tell, it’s the largest Patch Tuesday release from Microsoft of all time. It’s not clear if this is due to a backlog from the slower months, a surge in vulnerability reporting. It will be interesting to see which trend continues. None of the CVEs are listed as currently under active attack or as publicly known at the time of release.

Hackers Exploiting WP-Automatic Plugin Bug

A high-severity security vulnerability in the ValvePress Automatic plugin for WordPress is being actively exploited. The weakness, cve-2024-27956, has a CVSS rating of 9.9/10 and affects all versions of the plugin before 3.92.0. Although the fault was repaired on February 27, 2024, when version 3.92.1 was revealed, the changelog does not mention it. Bad actors might utilize the fault to access sites without the owner’s permission, persuade admin‐level user accounts, upload malware payloads, and potentially seize control of unprotected systems. The bug arises from a deficiently implemented authentication check associated with the plugin’s user authentication protocol.

Two Cisco Zero-Day Vulnerabilities Exploited for Espionage

A new malware operation used two zero-day vulnerabilities in Cisco networking equipment to distribute custom malware and enable stealth data collection inside the targeted environments. Cisco Talos, who named the campaign ArcaneDoor, claims to have discovered the malware and that the attacker is a sophisticated state-sponsored threat actor known as UAT4356 (also tracked as Storm-1849 by Microsoft). According to a blog post, Talos said that the compromise was discovered and documented in on early January of 2024. 

The adversaries are exploiting:

  • CVE-2024-20353 (CVSS rating: 8.6) – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial-of-Service Vulnerability
  • CVE-2024-20359 (CVSS rating: 6.0) – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability 

This case is a reminder to all of us that a zero-day attack is a powerful weapon that cybercriminals use to exploit a security hole that is not known to the public.

About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment