Cyber Briefing: 2024.10.01

👉 What’s the latest in the cyber world today?

PHP, Nitrogen Malware, Sliver, Cobalt Strike, North Korea, Hackers, LinkedIn, RustDoor, Microsoft, Security Protocols, Edge, SQL Injection, WhatsUp Gold, Critical, Ransomware, UMC Hospital, Dist IT, Disruption, Kimsuky, APT, Germany, Diehl, Cincinnati Public Schools, Compromise, Germany, Digital Service Provider, VBG, White House, Initiatives, Ransomware, CISA, Funding, Medical Communications, T-Mobile, Settlement, Breach, Russia, Ukraine, Energy Sector, ISACA, Staffing, Funding, Crisis, Europe

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

🚨 Cyber Alerts

1. PHP Vulnerabilities Trigger Urgent Updates

The PHP project has recently issued a security advisory regarding multiple vulnerabilities that affect various versions of PHP, emphasizing the urgent need for users to update to the latest patched versions. Among the vulnerabilities, CVE-2024–9026 allows log tampering in PHP-FPM, enabling attackers to manipulate log entries, which can hinder forensic investigations. Another significant vulnerability, CVE-2024–8927, permits attackers to bypass the cgi.force_redirect configuration, potentially leading to arbitrary file inclusion and unauthorized access to sensitive data.

2. Nitrogen Malware Deploys Cobalt Strike

A recent cyberattack involving Nitrogen malware has been discovered deploying Sliver and Cobalt Strike on hijacked servers. The attack began when a user unknowingly downloaded a fake version of the “Advanced IP Scanner” tool, initiating a sophisticated malware campaign. The malware delivered a malicious payload via a ZIP file, exploiting a legitimate Python executable to side-load malicious code. Over eight days, the attackers used reconnaissance tools like PowerView and BloodHound to map the network and performed lateral movements using RDP…