14.04.25 Threat Report

This week has been eventful. Here are the latest updates, highlighting significant vulnerabilities in Adobe ColdFusion and WhatsApp, a complex double-edged email attack, data breaches at Kellogg's and Laboratory Services Cooperative, and exploitable vulnerabilities in Nissan's LEAF vehicles.

1. Adobe Patches 11 Critical ColdFusion Vulnerabilities

Adobe has released emergency patches addressing 11 critical vulnerabilities in its ColdFusion application server. These flaws could enable attackers to execute arbitrary code, escalate privileges, and bypass security features.

How the Attack Happens:

• Exploitation of deserialisation vulnerabilities.

• Arbitrary code execution through crafted requests.

• Privilege escalation enabling full system control.

Potential Impact:

• Remote takeover of servers.

• Data exfiltration and ransomware deployment.

• Breach of sensitive applications and customer data.

Recommendation:

• Immediately apply Adobe's security updates (ColdFusion 2023 and 2021 versions).

• Review application logs for any unusual activity.

• Conduct regular penetration testing on web-facing applications.

2. WhatsApp Vulnerability Could Allow Remote Code Execution

A serious vulnerability in WhatsApp has been uncovered that could allow attackers to execute code remotely by sending a malicious real-time communication (RTC) packet to a target's device.

Attack Details:

• No user interaction required.

• Triggered simply by delivering a crafted packet.

• Affects Android and iOS users.

Potential Impact:

• Device takeover and surveillance.

• Data exfiltration including messages, contacts, and call logs.

Recommendation:

• Update WhatsApp to the latest version immediately.

• Implement Mobile Device Management (MDM) policies for company devices.

• Regularly review application permissions.

3. New Double-Edged Email Attack Targets Businesses

Cybercriminals are using a new double-edged email attack method, sending phishing emails that simultaneously distribute malware and harvest credentials.

Attack Details:

• Emails contain links leading to malware downloads.

• Embedded phishing forms steal user credentials simultaneously.

• Highly targeted at corporate environments.

Potential Impact:

• Compromise of business emails.

• Installation of remote access trojans (RATs).

• Data breaches and financial fraud.

Recommendation:

• Conduct phishing awareness training.

• Implement advanced email security gateways.

• Enable two-factor authentication (2FA) for all accounts.

4. Kellogg's Confirms Data Breach Impacting Staff

Kellogg's has disclosed a data breach following a phishing attack on an employee. Hackers gained access to internal systems, leading to the compromise of personal information.

Attack Details:

• Phishing email tricked an employee into revealing login credentials.

• Information accessed includes employee names, Social Security numbers, and financial details.

Potential Impact:

• Identity theft.

• Financial fraud targeting employees.

Recommendation:

• Reset passwords and audit employee accounts.

• Offer credit monitoring to affected staff.

• Conduct organisation-wide phishing simulations.

5. Nissan LEAF Vulnerability Exploited to Hijack Car Functions

Security researchers have identified vulnerabilities in the Nissan LEAF electric vehicle's app connectivity, allowing attackers to control certain car functions remotely.

Attack Details:

• Exploitation of insecure APIs.

• Attackers can unlock doors, start the engine, and access location data.

Potential Impact:

• Physical security risks.

• Theft or vandalism.

• Privacy violations.

Recommendation:

• Update the NissanConnect EV app immediately.

• Avoid linking vehicle apps to insecure or public Wi-Fi networks.

• Monitor for manufacturer security advisories.

6. 1.6 Million Affected in Laboratory Services Cooperative Breach (Planned Parenthood Partner)

Laboratory Services Cooperative (LSC), a lab partner for Planned Parenthood, has suffered a massive breach affecting 1.6 million people. Sensitive data including medical records, financial details, and employee information was compromised.

Attack Details:

• Hackers accessed and exfiltrated sensitive files.

• No ransom group has yet claimed responsibility.

• Data has not yet been detected on the dark web.

Potential Impact:

• Severe privacy risks for patients and employees.

• Increased risks amid heightened scrutiny of reproductive health data.

Recommendation:

• Implement Dark Web monitoring services.

• Offer extended identity protection and credit monitoring.

• Review third-party risk management policies.

Stay ahead of emerging cyber threats with real-time insights from Periculo's Weekly Threat Feed

Our updates deliver essential insights into the latest vulnerabilities, attacks, and security trends.

Subscribe now and receive our threat intelligence directly in your inbox, ensuring you remain ahead of potential risks.