Data Privacy Weekly: Your Industry News Series

01. Zenbleed Vulnerability Puts AMD Ryzen Users at Risk of Data Theft

The “Zenbleed” vulnerability affects AMD Ryzen users, allowing attackers to steal sensitive data like passwords and encryption keys remotely. It affects all AMD Zen 2 processors, including Ryzen 3000/4000/5000 CPUs and Epyc enterprise processors. The exploit manipulates register files, enabling data theft at speeds of 30KB per second per core, affecting virtual machines, sandboxes, containers, and processes.

A microcode patch has been released for Epyc 7002 processors, but updates for other Zen 2 CPUs are expected between October and December. A software workaround is available, but it may impact system performance. Users are advised to apply the update or use the workaround as a precaution.

US Govt Contractor Maximus Hit by Data Breach 8 Million People Affected

02. US Govt Contractor Maximus Hit by Data Breach: 8 Million People Affected

Around 8 million people were affected by a data breach at US government contractor Maximus. The breach occurred through a zero-day flaw in the MOVEit Transfer application, used by the Clop ransomware gang to steal personal data.

The company found no evidence of further network intrusion, but the hackers accessed sensitive information, including social security numbers and health data. Maximus plans to spend around $15 million on investigation and remediation. The hackers have not yet leaked the stolen data, but they are known for aggressive extortion tactics, targeting multiple companies.

03. Chinese Hackers Compromise Air-Gapped Systems in Eastern Europe

Chinese hackers, identified as APT31, have been conducting a prolonged cyber attack on industrial organizations in Eastern Europe. The hackers used a series of implants to compromise air-gapped systems and steal data. The attack involved three stages, using various malware modules to infiltrate removable drives, exfiltrate data, and establish a connection to command and control servers.

APT31 attempted to evade detection by concealing its payload in binary data files and legitimate application memory. Researchers from Kaspersky have linked this attack to previous campaigns by APT31, making them confident in attributing the breach to the group.

Chinese Hackers Compromise Air Gapped Systems in Eastern Europe
Security Alert Google AMP Exploited for Evasive Phishing Attacks

04. Security Alert: Google AMP Exploited for Evasive Phishing Attacks

Threat actors are misusing Google AMP for evasive phishing attacks, allowing them to bypass email security measures and target enterprise employees. Google AMP, designed to enhance mobile web loading speeds, is being abused to host phishing pages and evade detection. The attackers use Google AMP URLs in phishing emails to exploit the reputation of Google’s domain, making it less likely for emails to be flagged as suspicious. To avoid detection, they also employ techniques like image-based HTML emails, extra redirection steps, and CAPTCHA services. This surge in AMP-based phishing attacks calls for increased vigilance and caution among recipients.

05. Multiple Vulnerabilities Found in Ninja Forms Plugin, 800,000 Sites at Risk

Multiple security vulnerabilities were found in the Ninja Forms plugin for WordPress, affecting versions 3.6.25 and below. These flaws, including a reflected cross-site scripting (XSS) issue (CVE-2023-37979) and broken access control flaws (CVE-2023-38386 and CVE-2023-38393), put over 800,000 sites at risk. Attackers could exploit these flaws to escalate privileges and access sensitive data. Users are advised to update to version 3.6.26 to prevent potential threats. Additionally, Patchstack discovered similar vulnerabilities in Freemius WordPress SDK and the HT Mega plugin.

Multiple Vulnerabilities Found in Ninja Forms Plugin 800000 Sites at Risk

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo