Warmcookie — The Deceptive Malware
The malware has been found to deliver various payloads, including extensive machine fingerprinting, screenshot capturing, and the deployment of additional payloads. In one of the attack chains, users visiting compromised websites are presented with a fake job offer which then instructs users to download a document by solving a CAPTCHA challenge.
A second attack chain involves injecting an iframe into compromised websites to display another fake job offer. Similar to the first chain, users are directed to run a script, leading to the same malware infections.
A third attack chain utilizes email-based tactics, where HTML attachments resembling job offers prompt users to install the “Word Online” extension. The error message provides “How to fix” and “Auto-fix” options, both leading to the execution of malicious commands or the download of harmful software.
With all of these “fake” actions taking place to catch you off-guard its important to be vigilant and aware at all times when looking through emails and unexpected web prompts.
Microsoft Outlook Critical Vulnerability
Morphisec, a cybersecurity firm, has recently discovered a critical vulnerability in Microsoft Outlook, known as CVE-2024-301031. This remote code execution (RCE) vulnerability affects most Microsoft Outlook clients and can be exploited by attackers to execute arbitrary code on affected systems. The vulnerability is particularly dangerous because it doesn’t require a user to click on anything; the malicious code is executed as soon as an affected email is opened.
This vulnerability is especially concerning due to its high probability of exploitation. It’s a zero-click vulnerability, meaning the user doesn’t need to interact with the content of a malicious email for the exploit to be executed. Once an attacker successfully exploits this vulnerability, they can execute arbitrary code with the same privileges as the user, potentially leading to a full system compromise.
Microsoft acknowledged the issue on April 16, 2024, and by June 11, 2024, they had released a patch for CVE-2024-30103 as part of their regular Patch Tuesday updates. We commend Microsoft for their swift and effective response, especially considering the complexity of the previous patch and the challenges it posed.
We strongly advise all organizations to immediately update their Microsoft Outlook clients to mitigate the risk associated with this vulnerability. Given the ease of exploitation, immediate action is crucial to ensure the security of systems and sensitive data. As a trusted authority in the field, we emphasize the importance of swift action to maintain the security of your systems.
CDK Global Outage
CDK Global, a leading software-as-a-service (SaaS) provider for the automotive retail industry, recently experienced a significant IT outage. This disruption was caused by a massive cyber-attack from the BlackSuit ransomware gang.
The ransomware attack forced CDK Global to initially shut down its IT systems and data centers to halt the spread of the attack. Despite attempts to restore services, a second cyber-attack by the BlackSuit ransomware forced CDK Global to shut down all its IT systems again. This impacted its car dealership platform, causing operational challenges across North America.
CDK Global’s services are crucial for car dealerships, facilitating various operational aspects, including sales, financing, inventory, service, and back-office functions. With the systems offline, dealerships had to resort to manual operations.
Two of the largest public car dealership companies, Penske Automotive Group and Sonic Automotive, revealed that they were also affected by these outages. CDK Global is currently negotiating with the BlackSuit ransomware gang to secure a decryptor and ensure that no stolen data is leaked.
In the wake of this incident, CDK Global has warned that threat actors are calling dealerships posing as CDK agents or affiliates to gain unauthorized systems access.
The CDK Global outage underscores the importance of robust cybersecurity measures in today’s digital landscape. It serves as a reminder for businesses to continually update and fortify their security protocols to safeguard against such threats.
