State-Sponsored Hackers Exploit Cisco Zero-Day Vulnerabilities

State-sponsored hackers have exploited two zero-day vulnerabilities in Cisco networking gear, delivering custom malware and facilitating covert data collection in a campaign dubbed ArcaneDoor. Attributed to a sophisticated actor tracked as UAT4356, the attack involves meticulous efforts to hide digital footprints and evade detection. The vulnerabilities, CVE-2024-20353 and CVE-2024-20359, have been added to the US CISA's Known Exploited Vulnerabilities catalog, requiring federal agencies to apply fixes by May 1, 2024. The attack highlights the increased targeting of edge devices and platforms, emphasizing the need for prompt patching and close security monitoring.

North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

The North Korea-linked Lazarus Group has deployed a new remote access trojan (RAT) called Kaolin RAT, targeting specific individuals in the Asia region with fake job lures. The malware, delivered via fabricated job offers, can change file timestamps, load DLL binaries, and act as a pathway to deliver the FudModule rootkit, which exploits a patched admin-to-kernel vulnerability (CVE-2024-21338) to disable security mechanisms. The attack chain involves multiple stages, including the use of a malicious ISO file, side-loading, and communication with command-and-control servers. The Kaolin RAT enables file operations, process management, command execution, and DLL downloads, posing a significant challenge to cybersecurity efforts due to its sophistication and ability to evade detection.

Lockton Re Releases Report on Hypothetical Cyber Catastrophe  

Lockton Re has released a report, entitled "A Kaleidoscope of Possibilities: Preparing for Ivan Wiper," which explores the potential consequences of a major cyber catastrophe. The report introduces a hypothetical scenario involving a self-propagating destructive malware to assess the insurance industry's readiness for such an event  The report challanges industry players to identify potential bottlenecks in claims processing and coverage gaps and stresses the need for collaborative efforts to handle major cyber incidents effectivly. The scenario, dubbed "Ivan Wiper," is meant to raise questions and challenges, rather than fear or anxiety, and is intended to encourage innovation and progress in the cyber insurance industry.

U.S. Treasury Department Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from 2016 to 2021. The sanctioned entities and individuals are accused of targeting over a dozen U.S. companies and government entities through cyber operations, including spear-phishing and malware attacks. The sanctions are accompanied by an indictment from the U.S. Department of Justice (DoJ) against the four individuals for orchestrating cyber attacks targeting the U.S. government. Additionally there is a reward of up to $10 million offered for information leading to their identification or location.