Cyber Briefing: 2024.10.16

👉 What’s trending in cybersecurity today?

CISA, SolarWinds, Web Help Desk, HORUS Protector, EDRSilencer, Microsoft, Dataverse, Google Chrome, Vulnerabilities, Westpac, Internet Banking, Wellfleet Group, Germany, Johannesstift Diakonie, Japan, Saizeriya, Ransomware, Texas Spine Consultants, FIDO Alliance, Passkey, White House, AI Chip, Europe, Police Agencies, Darknet Markets, Google Play, Malicious Apps, Netskope, Dasera, Cloud, Data Security

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

🚨 Cyber Alerts

1. CISA Warns of Critical SolarWinds Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the active exploitation of a critical vulnerability in SolarWinds Web Help Desk (WHD) software. Tracked as CVE-2024–28987, this flaw, with a CVSS score of 9.1, stems from hard-coded credentials that allow unauthorized access to modify sensitive data, including help desk ticket details. Cybersecurity firm Horizon3.ai provided technical specifics in September 2024, a month after SolarWinds disclosed the issue.

2. HORUS Protector Used to Spread Malware

The HORUS Protector crypter is currently being leveraged to distribute various Trojan malware families, including AgentTesla, Remcos, Snake, and NjRat. This distribution primarily occurs through archive files that contain VBE scripts, which are encoded Visual Basic scripts designed to evade detection. Upon execution, these scripts decode and launch malicious payloads, utilizing sophisticated obfuscation techniques that complicate detection and prevention efforts.

3. EDRSilencer Tool Used to Bypass Security

EDRSilencer, an open-source red team tool, has been increasingly utilized by cybercriminals to evade detection by Endpoint Detection and Response (EDR)…